Beruflich Dokumente
Kultur Dokumente
S2200ME
F-Engine S2200ME
Carrier Ethernet Switch
Operation Manual
Product Version
V3.0
FiberHome Networks Co., Ltd. provides customers with comprehensive technical support
and service. Please contact with our local office, customer care center or company
headquarters by any means.
Postal code
Tel
Fax
Website
Email
3rd floor,
:
Optical Communication Building
5 DongXin Rd , Hongshan District,
Wuhan, Hubei Province, P. R. China
430074
:
+86 27
: 87693659
+86 27
: 87693257
http://www.fhn.com.cn
:
sale@fhn.com.cn
:
Content
Content
Content ................................................................................................... I
Chapter 1 Accidence .......................................................................... 14
1.1 Introduction .................................................................................... 14
1.1.1 product introduction .................................................... 14
1.1.2 function feature ............................................................ 14
1.2 Log on Ethernet switch................................................................. 17
1.2.1 create Console port environment ........................................... 17
1.2.2 create configuration environemtn through Telnet.................. 22
1.3 CLI interface................................................................................... 25
1.3.1 CLI interface .................................................................. 25
1.3.2 CLI view ............................................................................ 25
1.3.3 CLI feature ...................................................................... 27
1.4 user interface configuration ......................................................... 30
1.4.1 user interface introduction ...................................... 30
1.4.2 user interface configuration..................................... 30
1.4.3 user interface display and debug............................. 31
1.5 system IP configuration ................................................................ 31
1.5.1 system IP introduction ................................................ 31
1.5.2 system IP configuration .............................................. 33
1.5.3 system IP display and debug ...................................... 34
Chapter 2 Port..................................................................................... 35
2.1 Ethernet port configuration . ........................................................ 35
2.1.1 Ethernet port introduction ........................................ 35
2.1.2 Ethernet port configuration ...................................... 35
I
Content
Content
Content
Content
Content
Content
Content
VIII
Figure
Figure
Figure 1-1 create local configuration environment through Console port ................. 17
Figure 1-2 create local configuration environment through LAN ............................. 23
Figure 1-3 operate Telnet .......................................................................................... 24
Figure 1-4 provide Telnet Client service ................................................................... 24
Table1-1 command mode and function feature ......................................................... 25
Table 1-2 function...28
Table 1-3 access history command ............................................................................ 28
Table 1-4 CLI common error information ................................................................. 29
Table 1-5 edit function29
Figure 1-5 Cat.5 IP address ....................................................................................... 32
Figure 1-6 IP address subnet division........................................................................ 33
Figure 2-1 configure port default VLAN ID ............................................................. 39
Figure 2-2 Ethernet port Trunk.................................................................................. 41
Figure 2-3 port isolate group network ....................................................................... 43
Figure 2-4 port security MAC group network ........................................................... 45
Figure 2-5 port static MAC group network ............................................................... 47
Figure 2-6 port static MAC group network ............................................................... 48
Figure 2-7 port user number limit group network ..................................................... 50
Figure 2-8 port loopback detection group network ................................................... 53
Figure 3-1 VLAN configuration ................................................................................ 58
Figure 6-1 SGM..65
Figure 6-2 role switch rule ........................................................................................ 66
Figure 6-3 SGM management network group ........................................................... 70
Figure 7-1 the designated switch and designated port ............................................... 73
Figure 7-2 Ethernet switch network group ................................................................ 74
Figure 7-3 final stable stp .......................................................................................... 77
Figure 7-4 RSTP configuration ................................................................................. 79
Figure 8-1 ACL application ...................................................................................... 88
Figure 9-1 ESR topology structure ............................................................................ 90
IX
Content
Preface
Preface
Version
V3.0
F-ENGINE
,
are trademarks of FiberHome Networks Co., Ltd.
Notice
The information in this document is subject to change without notice. Every effort
has been made in the preparation of this document to ensure accuracy of the
contents, but all statements, information, and recommendations in this document
don't constitute the warranty of any kind, express or implied.
Content
This manual introduces the installation, usage and maintenance of F-Engine
S2200ME Ethernet switch. The manual is divided into six chapters as follows:
Symbol
Warning,
Danger
Caution,
Notice
XI
Note
Preface
Intended Readers
The manual is intended for the following readers:
Marketing staff
Environmental Protection
This product has been designed to comply with the requirements on environmental
protection. For the proper storage, use and disposal of this product, national laws and
regulations must be observed.
XII
Safety recommendation
Safety recommendation
Please carefully read following safety precautions prior to installing and operating
this product. Wuhan FiberHome Networks Co., Ltd takes no responsibilities to
any loss or damage caused by violating these safety precautions.
1.
2.
3.
4.
the power supply of the switch should be reliably grounding. For safety
protection, the switch should be reliably grounding. The communicating
device should be protected from powerful thundering.
5.
XIII
Chapter 1
Accidence
Chapter 1 Accidence
1.1 Introduction
1.1.1 product introduction
S2200ME switch is multi-port 100/1000Mbps network management Ethernet switch.
This series switch can reach up to full line speed forwarding, with Tag VLAN, port Trunk,
port address binding, multicast and QOS, ACL, vlan transmission (1:1) which can meet the
fast growing demand for broadband network development, applicable for
small/middle/large-scale enterprise network and MAN access equipment.
Product configuration
Product type
Product name
L2
Ethernet
switch
specificatoin
S2200ME host is including 3
types:
S2208ME
S2216ME
S2224ME
S2208ME support 8100M
electrical port and 21000M
combo port;
S2216ME support 16100M
electrical port and 21000M
combo port;
S2224ME support 24100M
electrical port and 21000M
combo port;
S2200ME -48 is -48V DC
power supply;
S2200ME 220 is 220V AC
power supply;
S2200ME
version
2.0
Support port rate limit and broadcast control, rate limit granularity is 64kbps;
14
Chapter 1
Accidence
15
Chapter 1
Accidence
Technique index
Attribtue
Specification
Interface
100M
Ethernet
electrical
port;
10/100/1000M optical electrical Combo
interface
Switch bandwidth
13Gbps
Transmission mode
Storage forward
1488100pps
MAC address
8K
VLAN
Multicast
TRUNK
SGM
RMON group
1-statistics2-history3-trap9-event
Buffering capacity
64MB
Power
9W
Weight
2.03kg
Working environment
working-10+50
storage
-25+65
humidity
1090% indoors
volume (WDH)
440mm192mm44mm
16
Chapter 1
Accidence
17
Chapter 1
Accidence
(2) type new connection name in connection description, click confirm, the
system will show the following interface figure, select the connection serial port in blank
use when connect.
18
Chapter 1
Accidence
(3) after serial port is selected, clickconfirm, the system will show the following
connection serial port parameter interface. Set baud rate to be 9600, data bit is 8, no parity
check, stop bit is 1, no flow control.
19
Chapter 1
Accidence
(4) after serial port parameter is set, click confirm, the system will enter the
following super terminal interface.
20
Chapter 1
Accidence
Select [attribute] in super terminal attribute dialogue box, enter attribute window. Click
[set] in attribute window, enter attribute setting window (shown as below), select terminal
emulation to be VT100, after selection, click [confirm].
21
Chapter 1
Accidence
Chapter 1
Accidence
S2200ME#
S2200ME#configure
%Enter configuration commands.End with Ctrl+Z or command "quit" & "end"
S2200ME(config)#username XXX group users password XXX
S2200ME(config)#
Step 2: shown as the following figure, buildup configuration environment, only need to
connect PC Ethernet port with Ethernet switch Ethernet port through LAN.
23
Chapter 1
Accidence
User can Telnet from a switch to another switch, then configure it. This switch is used
as Telnet Client, the peer end switch is used as Telnet Server. If the port connecting two
switches are in identical LAN, the IP address should be configured in identical network
field; otherwise, two switch should have route that is reachable to each other.
Configure environment shown as below, after user Telnet a Ethernet switch, input
command Telnet to log on other Ethernet switch and execute configuration management.
24
Chapter 1
Accidence
local or remote logging and configuration through Ethernet port with Telnet.
configure class of protection, assure unauthorized user can not attack the Ethernet
switch.
provide network test command, e.g.: traceroutePing, rapidly disgnose the network.
CLI translator use uncomplete matched searching methos, the user only need to input
the key word without conflict for translation.
function
Ordinary
user mode
Hint
Fengine>
Privileged
user mode
Fengine#
Global
configurati
-on mode
Configure
switch
global parameter
Fengine(config)
#
25
Enter
command
Exit
command
Establish
connection
with device
then enter
Type enable
under ordinary
mode
exit is to
disconnect
with the
device
Disable is to
return
ordinary
mode, exit
is to
disconnect
with the
device
exit is to
return
privileged
user mode
Type config
under
privileged
mode
Chapter 1
Accidence
System
configurati
-on mode
Configure
switch
system parameter
Fengine(configsystem)#
Type system
under global
mode
Terminal
configurati
-on mode
Configure terminal
Fengine(configline)#
Interface
configurati
-on mode
Configure
switch
interface parameter
(N1interface No.)
Including
single
Ethernet interface or
Trunk interface
Switch
VLAN
configuration
N1vlan No.
Fengine(configeth-N1)#
Type
interface
ethernet N1 or
interface trunk
N1 under
global mode
Type
interface vlan
N1 under
global mode
SGM
configurati
-on mode
SGM configuration
Fengine(configsgm)#
Type sgm
under global
mode
STP
configurati
-on mode
Switch
configuration
STP
Fengine(configstp)#
Type stp
under global
mode
COS
configurati
-on mode
Switch
configuration
Cos
Fengine(configcos)#
Type cos
under global
mode
IGMP
Snoping
configurati
-on mode
Switch
IGMP
Snooping
configuration
Fengine(configigmp-snooping)
#
Type
igmp-snoopin
g under global
mode
Igmp-filter
configure
Configure of switch
Igmp filtering (N1
Fengine(configigmp-filter
Enter
igmp-filter
VLAN
configurati
-on mode
Fengine(configvlan- N1)#
26
Exit, quit is
to return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
Exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
Enter exit
to return
RADIUS
configure
mode
Igmp-filter
No.)
Configure of switch
radius
Chapter 1
Accidence
N1)#
N1 under
global mode
Fengine(configradius)#
Enter radius
under global
mode
global
configure
mode
Enter
exitto
return
global
configure
mode
Full help
Partial help
With online help, get help information, which are described as below:
(1) in any vision, type <?> to get simple description of all command in this vision.
S2200ME#?
cd
clock
cls
configure
copy
debug
dir
dot1x
end
exec-timeout
exit
help
< omit>
(2) type a command, then follow <?> spacing with a blank, if the position is for the key
word, then list out all key word and simple description.
S2200ME#ping ?
A.B.C.D Destination address or hostname
(3) type a command, then follow <?> spacing with a blank, if the position is for the
parameter, then list out the related parameter description.
S2200ME(config)#interface vlan ?
27
Chapter 1
Accidence
Function
Stop display and command exection
Continue show next screen information
Continue show next line information
Key-press or command
show history
or <Ctrl+P>
28
result
Show efficient history
command input by user
If there is the earlier history
Chapter 1
Accidence
command, then get out the
last history command
If there is the later history
command, then get out the
next history command
Error cause
Command is not found, key word is not found,
parameter type is error, parameter is beyond the
mark, the input parameter is too much.
Command incomplete
Ambiguous command
Function
If the edit buffer area is not full, insert to the cursor position,
then move cursor to the right
Delete the character in front of the cursor, then move cursor to
the front
The cursor move one character position to the left
The cursor move one character position to the right
Show history command
29
Chapter 1
Accidence
Use Telnet for local or remote logging configuration with Ethernet port
Two types user interface are corresponding to these configuration mode:
Command
username USERNAME group
(administrators|operators |users|guests)
password PASSWORD
30
Chapter 1
Accidence
Command
show logging
31
Chapter 1
Accidence
Chapter 1
Accidence
length in subnet mask is just the length of the network number. That is, the mask default of
Type A address is 255.0.0.0; the mask default of Type B address is 255.255.0.0; the mask
default of Type C address is 255.255.255.0.
Use mask to divide a Type A network with 16 million host or Type B network with
60 thousand host into many small network, each small network is called subnet. For
example, the Type B network address 138.38.0.0 can use the mask 255.255.224.0 to divide
the network into 8 subnet: 138.38.0.0138.38.32.0138.38.64.0 138.38.96.0
138.38.128.0 138.38.160.0 138.38.192.0 138.38.224.0please refer to the following
figure, each subnet can include 8000 host.
33
Chapter 1
Accidence
Command
Command
hostname WORD
Command
ip address (A.B.C.D/M)
ip address (A.B.C.D) (A.B.C.D)
Command
show system
Show system IP
34
Chapter 2
Port
Chapter 2 Port
2.1 Ethernet port configuration .
2.1.1 Ethernet port introduction
S2200ME switch provides 100M Ethernet electrical interface, and 10/100/1000M
Combo interface.
S2200ME Ethernet switch support Ethernet port features as below:
10/100/1000Base-TX Ethernet port can work in mode of half-duplex, full-duplex
and auto-negotiation, select the most suitable working mode with negotiation with other
network equipment, which can simply system configuration and management.
100/1000Base-FX multimode/singlemode/ middle-distance module Ethernet port is
operating under 100M/1000M full-duplex mode, the user need not configure it.
Command
35
Chapter 2
Port
Command
shutdown
no shutdown
Chapter 2
Port
Command
flow-ctrl enable
flow-ctrl disable
Command
37
Chapter 2
Port
Command
rate-limit rx <0-1000000>
rate-limit tx <0-1000000>
Command
show interface <1-64>
Chapter 2
Port
port 1 default VLAN ID, when the port received the message without VLAN Tag, it will
transmit the message to the VLAN port of default VLAN ID; meanwhile, when the Trunk
port is transmitting the message with VLAN Tag, if the message VLAN ID is the same
with the port default VLAN ID, then remove the message the VLAN Tag, and transmit the
message.
2. network group figure
use command show vlan to check if the vlan is existing or not. If not existing,
should create the vlan
Chapter 2
Port
Command
interface trunk <1-14>
member PORTLIST
no member PORTLIST
Command
Show trunk
Chapter 2
Port
check if the configured port belong to other existing Trunk group, if not, then to next
step.
Check if the configured port rate is the same and if it is full-duplex mode or not, if
41
Chapter 2
Port
Command
show pvlan
42
Chapter 2
Port
Chapter 2
Port
Command
security-mac (enable|disable)
Command
security-mac
(add|delete)
<1-4094> (AA.BB.CC.DD.EE.FF)
Chapter 2
Port
Chapter 2
Port
MacAddress
00:00:00:00:00:01
Operation
Create or delete port static MAC
Command
static-mac
(add|delete)
<1-4094>
(AA.BB.CC.DD.EE.FF)
Command
Chapter 2
Port
Chapter 2
Port
This configuration task is to add or delete black hole MAC for switch port.
Create/delete port black hole MAC:
opreation
Command
Create or delete port black hole MAC
blackhole-mac
(add|delete)
<1-4094>
(AA.BB.CC.DD.EE.FF)
Chapter 2
Port
00:00:00:00:00:01
Chapter 2
Port
Command
show interface user-limit
show
interface
user-limit
<1-64>
0
0
0
0
0
0
0
Chapter 2
Port
0
0
0
0
0
0
0
CurrNum :0
Command
loop-check
(shutdown|isolation)
action
Operation
Set loopback expire time in shutdown mode
Command
loop-check expire-time <0-65535>
51
Chapter 2
Port
Command
loop-check vlan <1-4094>
Coammnd
show loop-check
show interface loop-check
52
Chapter 2
Port
Chapter 2
Port
linkdown
linkdown
linkdown
linkdown
linkdown
ok
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
Chapter 2
Port
55
Chapter 3
VLAN
Chapter 3 VLAN
3.1 VLAN configuration
3.1.1 VLAN introduction
With the increasement of network users, the network management become important,
therefore, VLAN (virtual local area network) has the feature of popular switch. VLAN can
reduce the work burden of network engineer. VLAN can permit the network administrator
to delete the former physical limit, and control the users Layer 3 network address no matter
which network position it is in. The other advantage of VLAN is including enhancement of
network security and flexible to control broadcast and distribute communication.
VLAN (Virtual Local Area Network), is a technology that logically divide the device
in LAN into network fields to implement virtual work group. IEEE proposed IEEE 802.1Q
protocol proposal with standard VLAN solution in 1999.
VLAN technology permit network administrator to logically divide a physical LAN
into different broadcast area (or called virtual LAN, that is VLAN), each VLAN contain a
group PC with the same requirement, since VLAN is divided logically, so each PC in the
same VLAN has no need to put in identical physical space, that means these PC may not
belong to identical physical LAN network field.
VLAN advantage is that the inner broadcast and unicast flow of VLAN can not be
forward into other VLAN, helpful to control network flow, reduce device investment,
simplify network management, improve network security.
Use the switch can increase high-end user device feature by LAN division. The
switch is only multi-port net bridge, it uses the hardware constituted by professional
integrated circuit to finish net bridge software realization. Similar to the net bridge, the
switch also use destination MAC address to assure that the data is forward to the correct
port. Compared with the net bridge, this method increased bandwidth. Since each network
field is operating on respective professional port, only the service flow that destination
address is other network field will pass through the switch source port and destination port,
but the port not related with destination address will not be influenced.
However, the above solution has one problem: since the switch is multi-port net
bridge using professional integrated circuit, so it can transmit broadcast service flow too.
But most switch can be configured a broadcast limit. When reaching broadcast limit,
all broadcast message beyond broadcast limit will be discard. Select broadcast limit
properly, then the broadcast message will be discard only when the broadcast storm
happens.
56
Chapter 3
VLAN
create/delete VLAN
Command
interface vlan <1-4094> [<1-4094>]
Command
member PORTLIST (tagged|untagged)
no member PORTLIST
57
Chapter 3
VLAN
As default, the system will add all port into default VLAN 1.
Command
show vlan
59
Chapter 3
VLAN
Chapter 4
Network protocol
Chapter 4
Network protocol
Command
show dhcp
61
Chapter 5
COS
Chapter 5 COS
5.1 COS configuration
5.1.1 COS introduction
The priority defined in 802.1P has 8 types. The network administrator should decide
practical mapping state, but IEEE give many suggestion. The highest priority is 7, which is
applied to key network flow, e.g.: route list update of route information protocol (RIP) and
open shortest path first (OSPF). The priority 6 and 5 are mainly used for delay-sensitive
application program, e.g.: interactive video and audio. The priority 4 ~1 are mainly used
for controlled-load application program, e.g.: streaming multimedia and business-critical
trafficfor example, SAP dataand loss eligible flow. The priority 0 is the default.
S2200ME switch COS has 4 queue in hardware, all support 8 priority of 802.1Q.
Command
cos (enable|disable)
5.1.2.2 set mapping relationship of data frame priority and priority queue
This configuration task is to set mapping relationship of data frame priority and priority
queue.
Set mapping relationship of data frame priority and priority queue
Operation
Set mapping relationship of data
frame priority and priority queue
Command
Chapter 5
COS
Command
cos queue <0-3> weight <1-31>
Command
cos queue mode
(strict|weighted-round-robin|sp+wrr3|sp2+wrr2)
Command
show cos
63
Chapter 6
SGM
Chapter 6 SGM
6.1 SGM configuration
6.1.1 SGM introduction
6.1.1.1 introduction
With SGM function, the network administrator can manage multi switch through a
host switch public network IP address. The host switch is called mmonitor device, other
managed switch is called member device. Generally, the member device is not set public
network IP address, implement management and maintenance of member device with
monitor device redirection. The monitor device and member device make a group. The
typical application environment is shown as below:
64
Chapter 6
SGM
65
Chapter 6
SGM
Each SGM should designate one (only one) monitor device. After the monitor deivce
is designated, the monitor device can assure and discover the candidate device with
the collected NDP/NTDP information. The user can add the candidate device into the
SGM with the corresponding configuration.
Afte the candidate device is added into SGM and become member device; the
member device will comeback to be candidate device after it is deleted.
6.1.1.3 function
SGM advantage:
Simplify the the configuration management task: only configure a public network IP
address on monitor device, implement the configuration and management for multi
switch, no need to log on each member device Console port for configuration;
Provide topology discovery and display function, helpful for network monitoring and
debugging;
Save IP address;
Upgrade software and configure parameter for multi switch at the same time;
No restriction by network topology structure and distance.
SGM is including the following function:
Network topology discovery
Network topology collection
Member identification
Member management
The detailed configuration of each function of SGM management is shown as below:
command
Chapter 6
SGM
Command
sgm cluster ip-pool (A.B.C.D/M)
sgm cluster ip-pool (A.B.C.D) (A.B.C.D)
Chapter 6
SGM
This configuration is executed under SGM mode. This command is to set cluster IP
allocation policy, ip-pool need to configure for auto-allocation, when a member new joined,
the system will assign a vacant IP from ip-pool for this member. For manual allocation,
use other command to assign address in manual mode. This command is executed by
command switch.
Operation
Command
Set cluster IP allocation policy
sgm ip-allocation (auto|manual)
6.1.2.7 set cluster join policy
This configuration is executed under SGM mode. This command is to set cluster IP join
policy, when auto join, the command will actively sent join message to ask to join cluster,
For manual join, no join message will be sent actively, it need other command to join.
This command is executed by command switch.
operation
command
Set cluster join policy
sgm join-policy (auto|manual)
6.1.2.8 command switch access certain designated member, then configure it
access certain designated member for command switch, then configure it:
Operation
Command switch access certain
designated member, then configure
it
Command
sgm member (AA.BB.CC.DD.EE.FF)
Command
68
Chapter 6
SGM
Command
show sgm neighbor (AA.BB.CC.DD.EE.FF)
show sgm interface [<1-64>]
show sgm local
Chapter 6
SGM
Three switches constitute a SGM, the monitor device manage two member devices. The
monitor device is connected with two member switches through port Ethernet 1 and port
Ethernet 2. The monitor device is connected with external network through port Ethernet
1.
2. network group figure
Chapter 6
SGM
S2200ME(config)#sgm
S2200ME(config-sgm)#sgm role commander
S2200ME(config-sgm)#sgm join-policy auto
S2200ME(config-sgm)#sgm ip-allocation auto
S2200ME(config-sgm)#sgm cluster ip-pool 4.3.2.0/24
S2200ME(config-sgm)#
(2) configure candidate switch
# enable port 1 SGM
S2200ME#configure
%Enter configuration commands.End with Ctrl+Z or command "quit" & "end"
S2200ME(config)#interface ethernet 1
S2200ME(config-eth-1)#sgm enable
S2200ME(config-eth-1)#sgm enable vlan 1
S2200ME(config-eth-1)#sgm inband enable 1
S2200ME(config-eth-1)#end
71
Chapter 7
STP
Chapter 7 STP
7.1 STP configuration
7.1.1 STP introduction
7.1.1.1 STP usage
STP (Spanning Tree Protocol) can be applied to loop network to implement route
redundance with certain algorithm, and clip loop network into tree-shaped network without
loop, avoid message increasement and infinite loop in loop network.
7.1.1.2 STP realization
STP basic principle is to transmit a particular protocol message among switch (this
protocol message is called configuration information in IEEE 802.1D) to assure the
network topology structure. The configuration information contains enough information to
assure the switch to be able to finish STP algorithm.
The configuration information is including the following content:
Tree root ID: made by tree root priority and MAC address;
The shortest path cost to the tree root;
ID of the designated switch: made by the designated switch priority and MAC
address;
ID of the designated port: made by the designated port priority and port serial No.
The lifetime of the configuration information: MessageAge
The max lifetime of the configuration information: MaxAge
The period of transmitting configuration information: HelloTime
Forward Delay of port state: ForwardDelay
The meaning of the designated port and switch can refer to the following description:
72
Chapter 7
STP
73
Chapter 7
STP
Chapter 7
STP
doesnot do any treatment for port configuration information. When the port received the
configuration information which priority is higher than this port configuration information
priority, the switch will replace the port configuration information with the received
configuration information. Then the Ethernet switch will compare the port configuration
information with other port configuration information of the switch, select the best
configuration information with the following comparison principle:
If tree root ID is the same, then compare the root path cost, the comparison method is:
use root path cost in configuration information plus the path cost of this port (total is
S), the configuration information with smaller S will have higher priority;
If root path cost is the same, then compare the designated switch ID, the designated
port ID, the port ID that receive the configuration information. For the convenience
of description, the instance is supposed to compare tree root ID to select the best
configuration information.
(3) assure root port, and block redundance link, then update the designated port
configuration information, the port that the swith receive the best configuration
information is root port, port configuration information is not changed; In other port, if
certain port configuration information is updated during the course of select the best
configuration information, the switch will block this port, the port configuration
information is not changed, this port will not forward data, only receive but not transmit
configuration information; If certain port configuration information is not updated during
the course of select the best configuration information, the switch will designate it to be
the designated port, the configuration information will be changed as following: tree root
ID is replaced to be tree root ID of root port configuration information; the root path cost is
replaced to be root port configuration information root path cost and root port path cost;
the designated switch ID is replaced to be own ID; the designated port ID is replaced to be
own port ID.
The comparison of each switch in the instance is shown as below:
Switch A
Port AP1 receive the configuration information of Switch B, if Switch A discover that
the configuration information priority of this port is higher than the received configuration
information priority, it will discard the received configuration information. The port AP2
configuration information treatment is similar to the port AP1. if Switch A discover that
the tree root and the designated switch of each port configuration information are itself, it
will consider that it is tree root, each port configuration information will not be modified,
then periodically send out configuration information. At this time, two port configuration
information is shown as below:
Port AP1 configuration information{000AP1}
Port AP2 configuration information{000AP2}
Switch B
75
Chapter 7
STP
Port BP1 receive the configuration information of Switch A, after comparison, Switch
B discover that the received configuration information priority is higher than port BP1
configuration information priority, then update port BP1 configuration information. Port
BP2 receive the configuration information of Switch C, if Switch B discover that the port
configuration information priority is higher than the received configuration information
priority, it will discard the received configuration information. At this time, each port
configuration information is shown as following: port BP1 configuration information: {0
00AP1}, port BP2 configuration information: {101BP2}.
Switch B will compare each port configuration information, select port BP1 configuration
information to be the best configuration information, then designate port BP1 to be root
port, the whole switch port configuration information is updated as below: root port BP1
configuration information is not changed: {000AP1}. In port BP2 configuration
information, tree root ID is updated to be the best configuration information root ID, root
path cost is updated to be 5, the designated switch ID is updated to be this switch ID, the
designated port ID is updated to be this port ID, the configuration information is changed
to be: {051BP2}. Then each designated port of Switch B will periodically send out
own configuration information.
Switch C
Port CP2 will first receive the configuration information {101BP2} from Switch
B port BP2 before update, SwitchC trigger the update course, the configuration
information after update is shown as following: {101BP2}
Port CP1 receive the configuration information of Switch A {000AP2}, then
Switch C trigger the update too, the configuration information after update is shown as
following: {000AP2}
With comparison, port CP1 configuration information will be selected to be the best
configuration information, port CP1 will be root port, its configuration information will
not be changed; and port CP2 will be blocked, the port configuration information will not
be changed, at the same time, this port will not receive the data forward from Switch B
(not including STP protocol message), until new situation triggered stp reaccounting, e.g.:
link down from Switch B to Switch C, or the port will receive the best configuration
information.
Then port CP2 will receive the configuration information {051BP2} from Switch
B after update, since the received configuration information is better than the former
configuration information, Switch C will trigger update, the updated configuration
information is: {051BP2}. At the same time, port CP1 receive Switch A configuration
information, after comparison, Switch C will not trigger update, the configuration
information is still: {000AP2}.
After comparison, port CP2 configuration information is selected to be the best
configuration information, port CP2 is designated to be root port, its configuration
information will not be changed, but port CP1 will be blocked, the port configuration
information is not changed, at the same time, it will not receive the data forward by Switch
76
Chapter 7
STP
A until new situation trigger the stp accounting, e.g.: link down from Switch B to Switch
C.
Then STP is made shown as below, the tree root is Switch A:
Chapter 7
STP
root port and the designated port transmit data, they will pass through ForwardDelay then
enter data transmission state, this delay assure that the new configuration information have
already transmitted whole network.
7.1.1.3 STP realization in Ethernet switch
RSTP (Rapid Spanning Tree Protocol) of Ethernet switch is the optimization of STP.
It is rapid for root port and the designated port to enter forwarding state, reduce the
ForwardDelay, then shorten the time to make network topology stable.
The condition of root port state rapid transmission is: the old root port of this switch
have stopped forwarding data, the uplink designated port have began to forward data.
The condition for rapid transmission of the designated port state is:
The designated port is edge port, that is, the port is connected with any switch
undirectly. If the designated port is edge port, it can directlt enter forwarding state.
The designated port is connected with point-to-point link. The condition for
connection between the port and the point-to-point link is that the Trunk port is
master port or be working under full-duplex state with auto-negotiation port. The
user also can configure the port to be connected with point-to-point link by force,
but it will cause fault, we suggest user not configure like this. If the designated port
is connected with the point-to-point link, the switch can enter forwarding state by
handshake with downlink switch.
The switch with application of RSTP can be compatible with the switch applied STP,
both two protocol message can be identified by the switch applied RSTP and be applied
to the STP accounting.
Chapter 7
STP
Chapter 7
STP
S2100ME(config-eth-24)#stp enable
(3) configuration of Switch D
S2100ME(config-stp)#stp enable
S2100ME(config-stp)#stp mode rstp
S2100ME(config-eth-1)#stp enable
S2100ME(config-eth-2)#stp enable
Configuration of Swicth E and F are the same with Swicth D.
80
81
Chapter 7
STP
Chapter 8
Security
Chapter 8 Security
8.1 AAA and RADIUS protocol configuration
8.1.1 AAA and RADIUS protocol introduction
8.1.1.1 AAA introduction
AAA is Authentication, Authorization and Accounting, it provides an uniform frame
for authentication, authorization and accounting, it just like a management for network
security.
The network security is mainly for access control, including:
The users who can access network server?
Which service do the users have?
How to account the users who are using network resource?
For the above problem, AAA should provide the following service:
Authentication: authenticate if user get access authority
Authorization: which service can the authorized user use
Accounting: record network resource that user used
AAA generally use client/server structure: the client-end is operating at the side of the
managed resource, the server is for storage of user information. Therefore, AAA frame is
expansible, flexible to implement integrated management of user information.
8.1.1.2 RADIUS protocol introduction
AAA is a management frame, therefore, it can be realized with multi protocol.
Generally, people always use RADIUS protocol to realize AAA.
1. what is RADIUS
RADIUS is Remote Authentication Dial-In User Service, it is a distributed,
client/server structure information interactive protocol, which can protect network from the
interference of unauthorized access, it is often applied to different network environment
that require high security and keep accessing for remote user (e.g.: it is often applied to
manage a lot of distributed dialing users who are using serial port and modem). RADIUS
system is the key subsidiary part of NAS (Network Access Server).
After RADIUS system is enabled, if user need to establish connection with NAS
(dialing access server under PSTN environment or Ethernet switch with accessing function
under Ethernet environment) and get authority to access other network or to get certain
82
Chapter 8
Security
network resource, NAS, which is RADIUS client-end, will transmit user authentication,
authority and accounting request to RADIUS server. RADIUS server has an user database,
which includes all user authentication and network service access information. After
RADIUS server received the user request from NAS, it will finish corresponding
authentication, authorization and accounting by searching and updating user database, and
return the configuration information and accounting statistics to NAS, NAS can control
access user and connect user, and RADIUS protocol regulate how to transmit user
congifuration information and accounting information between NAS and RADIUS server.
The interactive between NAS and RADIUS is implemented by loading information in
UDP message. During this course, both two will encrypted the message with the key to
assure the user configuration information (e.g.: password) to be transmit in network after
encrypted, avoiding interception and theft.
2. RADIUS operation
The user authentication of RADIUS server generally need the agent authentication of
access server, the whole operation procedure is shown as below: first, the client-end send
request to RADIUS serverthis message is including user name and encrypted password;
then, client-end will receive the response message from RADIUS server, such as ACCEPT,
REJECT, etc.ACCEPT means the user passed the authentication; REJECT means the
user have not passed authentication, user should type user name and password again, or the
access will be rejected.
Chapter 8
Security
Chapter 8
Security
Command
radius <1-10> secret SECRET
Chapter 8
Security
Command
radius <1-10> status (enable|disable|destroy)
command
Access-list <1-399>
command
Rule <1-1024>
(ip|tcp|udp|icmp|l2type|mac|tos|ttl|vlan|cos-priori
ty|dscp)
86
Chapter 8
Security
command
rule <1-1024> action (mirror|redirect) <1-64>
rule <1-1024> action (permit|deny)
rule <1-1024> action cos change outer <0-7>
rule <1-1024> action dscp DSCP
rule <1-1024> action ratelimit <64-1000000>
rule <1-1024> action sendqueue <0-3>
rule <1-1024> action trapcpu (only|forward)
no rule <1-1024> action
command
Match access-list <1-399>
command
Port PORTLIST match access-list <1-399>
Command
show access-list
show access-list global
show access-list <1-399>
show access-list port [1-64]
88
Chapter 8
Security
Chapter 9
ESR
Chapter 9 ESR
9.1 ESR configuration
9.1.1 ESR introduction
Till now, many MANs and LANs are using Ring technology, ESR is operating well in
these Ring technology. The comeback time of disconnected fiber/cable in ESR technology
is shorter than 1 second, ESR protection switch function is as good as the ring network
constructed with SONET. ESR technology has no limit for node number on the ring, and
the fault comeback time of the ring has no relationship with the node number on the ring.
Of course, this is because ESR ring network topology structure is rather simple. Since ESR
has powerful protection switch function, so the application is widely used, more and more
switch support ESR function.
ESR is a new Layer 2 redundance protocol. ESR has two modes: master mode and
transit mode. The node with master configuration is called master node, the node with
transit configuration is called transit nodeshown as below. An Ethernet ring operating
ESR is called an ESR domain, each ESR domain has unique designated master node, all
other node is called transit node. Each node on the ring has two ports to connect ring. In
two ports of master node, one is designated to be the first port, the other one is designated
to be the second port. Master node send control frame from its first port, so the first port
and the second port of master node decide the transmission direction of the control frame
sent by master node. Transit node configuration also has the first port and the second port,
but the first port and the second port of transit node are useless for protection switch
function. Each EAPS domain has the protection VLAN and Control VLAN of its own. The
protection VLAN is loading the data frame including user data, Control VLAN is loading
EAPS control informationcontrol frame, the node in EAPS domain donot block Control
VLAN, so control frame can pass all port on the ring. Control VLAN is the base for ring
fault detection and function comeback. Control VLAN and EAPS domain are
corresponding, one EAPS domain only has one Control VLAN, but has multi protection
VLAN. One switch can be configured 4094 EAPS VLAN at max.
89
Chapter 9
ESR
Command
esr <0-5> (disable|enable)
90
instance
9.1.2.3 set control VLAN of certain instance
Use this command to set certain instance control VLAN.
Do configuration under ESR vision.
Set certain instance control VLAN:
Operation
Command
Set control VLAN of certain
esr <0-5> ctrl-vlan <1-4094>
instance
9.1.2.4 set failure time of certain instance
Use this command to set failure time for certain instance.
Do configuration under ESR vision.
Set failure time of certain instance:
Operation
Command
Set failure time of certain instance
esr <0-5> failed-time <340-10000000>
9.1.2.5 set hello time of certain instance
Use this command to set hello time for certain instance.
Do configuration under ESR vision.
Set hello time for certain instance:
Operation
Command
Set Hello time of certain instance
esr <0-5> hello-time <170-10000000>
9.1.2.6 set mode of certain instance
Use this command to set mode for certain instance.
Do configuration under ESR vision.
Set mode for certain instance:
Operation
Command
Set mode for certain instance
esr <0-5> mode (master|transit)
9.1.2.7 set name of certain instance
Use this command to set name for certain instance.
Do configuration under ESR vision.
Set name for certain instance:
Operation
Command
Set name of certain instance
esr <0-5> name STRING
9.1.2.8 set master port of certain instance
91
Chapter 9
ESR
Chapter 9
ESR
Use this command to set master port for certain instanceTrunk port
Do configuration under ESR vision.
Set master port for certain instanceTrunk port
Operation
Command
Set master port of certain instance
esr <0-5> primary-port trunk <1-4>
Trunk port
9.1.2.10 set secondary port of certain instance
Command
esr <0-5> secondary-port <1-64>
show esr
show esr instance [<0-5>]
Chapter 9
ESR
94
Chapter 9
ESR
Chapter 10
Double tag
After used QinQ, provide a low-cost and simple Layer 2 VPN solution for users:
Suppose Trunk network VLAN ID distributed by service provider to user is:
Chapter 10
Double tag
Command
dtag (enable|disable)
Chapter 10
Double tag
configuration under any vision, validate the configuration effect with the displayed
information.
Double tag display and debug:
Operation
Command
Show double tag global
show dtag
configuration
Show double tag port configuration
show interface dtag
Show flexible double tag port
show interface dtag flexible
configuration
97
Chapter 10
Double tag
Router
Vlan 1000/2000
S2200ME
Vlan 1000
Vlan 2000
Online at home
IPTV
Vlan 100~512
Vlan 2000
Private user
98
Chapter 11
Multicast protocol
99
Chapter 11
Multicast protocol
100
Chapter 11
Multicast protocol
Chapter 11
Multicast protocol
resoponse query time, Ethernet switch will delete the port from the multicast member
port.
2. realize Layer 2 multicast with IGMP Snooping
Ethernet switch realize IGMP detection by operating IGMP Snooping, establish mapping
relationship with corresponding multicast address for host and the port. In order to realize
IGMP Snooping, the procedure that Layer 2 Ethernet switch deal with different IGMP is
shown as below:
IGMP general query: IGMP general query is the message sent by multicast router to
multicast member, which is used to query which multicast group has member. When
received IGMP general query message, if the port receiving the query is router port,
Ethernet switch will reset the router port aging timer; if the port receiving the query
is not the router port, the switch will notify multicast router that there is member
need to add certain multicast group, meanwhile enable the router port aging timer.
IGMP particular group query: IGMP particular query is the message sent by multicst
router to multicast member, which is used to query if multicast group has member.
When Ethernet switch received IGMP particular group query message, only send
particular group query to the queried IP multicast group.
IGMP report: IGMP report is the report sent from the host to multicast router, which
is used to add into certain multicast group or reponse IGMP query. When Ethernet
switch received IGMP report, first judge if the MAC multicast group that report need
102
Chapter 11
Multicast protocol
to add is existing or not. If the corresponding MAC multicast group is not existing,
only notify the router that some member will add into certain multicast group, then
create new MAC multicast group, add the port receiving the report into the MAC
multicast group, enable the port aging timer, then add all router port existing in the
port VLAN into this MAC multicast forwarding list, create new IP multicast group,
and add the port receiving the report into the IP multicast group; If the MAC multicst
group of this report is existing, but the port receiving report is not in the MAC
multicast group, then add the port receiving the report into MAC multicast group and
enable the port aging timer, then judge if the IP multicast group of this report is
existing or not; if not existing, create new IP multicast group and add the port
receiving the report into IP multicast group, if existing, then add the port receiving
the report into IP multicast group; if MAC multicast group of this report is existing,
only reset the aging timer of the port receing the report.
IGMP leave message: IGMP leave message is the message sent by multicast group
member to multicast router, which is used to notify that router host has left certain
multicast group. When Ethernet switch received IP multicast group leave message,
then send the particular group query message of the leaving group to the port
receiving this leave message, assure if the host connecting with this port has other
member of this multicast group, meanwhile enable a response query timer. If the
reprt of this multicast group has not been received within the timeout set by the timer,
then delete the port from the MAC multicast group. If MAC multicast group has no
multicast member port, the switch will notify multicast router to delete the tributary
from the multicast tree.
Chapter 11
Multicast protocol
Command
igmp-snooping aging <30-3600>
104
Chapter 11
Multicast protocol
command
no igmp-snooping static-group all
Chapter 11
Multicast protocol
command
igmp-snooping max-program (enable|disable)
11.1.2.13 configure number limit for single user to join multicast group
This configuration task is to configure number limit for single user to join multicast group.
Configure number limit for single user to join multicast group:
operation
command
Configure number limit for single igmp-snooping max-program-num <1-8>
user to join multicast group
As default, single user can join 8 multicast group.
106
Chapter 11
Multicast protocol
Chapter 11
Multicast protocol
igmp filter is proposed by cisco, mainly applied to igmpsnoop protocol and igmp
protocol, its purpose is to efficiently control the report of igmp, such as: the group
permitting device interface to add, the group not permitting device interface to add. It can
control the number of the interface permitted to add into multicast group.
Igmp filter application occasion is the application of enhancing control for multicast
service, e.g.: IPTV.
Command
apply-to-ports none
Chapter 11
Multicast protocol
109
Chapter 11
Multicast protocol
110
Chapter 11
Multicast protocol
Chapter 11
Multicast protocol
Chapter 11
Multicast protocol
status
Chapter 12
System management
Chapter 12
System management
115
Chapter 12
System management
Configuration
Directly use ftp
command to log on
remote FTP Server
PC
default
-
Specification
User first get FTP
user command and
password, then log
on remote FTP
Server. So get
corresponding
authority of
directory and file.
-
Configuration
Enable FTP Server function
default
As default,
system disable
FTP server
Switch
PC
Specification
User can use
command show ftp to
show configuration of
FTP Server on switch
Configure FTP users
username, password,
authorized work
directory
Configure timeout for
FTP
-
Attention:
The condition that FTP function can be normally used is the route between switch and PC
is reachable.
12.1.2.2 FTP client introduction
FTP client is additional function by Ethernet switch for user, it is an applicable
module, need not any function configuration. At this time, the switch used as FTP client is
connected with remote server, then input FTP client command to execute the
corresponding operatione.g.: create or delete directory.
116
Chapter 12
System management
12.1.2.3 instance that switch is used as FTP Client to realize config-file backup and
software upgrading configuration
1. network group requirement
The switch is used as FTP Client, the remote PC is used as FTP Server, do
configuration on FTP Server: configure a FTP, user name 123, password 123, the user is
authorized read-write weight to Switch directory on PC. The IP address of one VLAN on
switch is 1.1.1.1, IP address of PC is 2.2.2.2, the route between switch and PC is reachable.
2. network group figure
Chapter 12
System management
procedure.
S2200ME(config-system)#upgrade os
S2200ME(config-system)#end
S2200ME#reboot
118
Chapter 12
System management
Figure 12-3 Ethernet switch use MAC address list to forward message
Ethernet switch provides MAC address aging function. If not received the network
device message within certain time, the switch will delete the MAC address list of this
device. MAC address aging is invalid for static MAC address list.
User can configure (add or modify) MAC address list according to the network
situation manually, the added or modified list can be static list or dynamic list.
Chapter 12
System management
address list with the network changed. If aging time is too short, Ethernet switch may
delete valid MAC address list. Do configuration under system vision:
Set system MAC address aging:
Operation
Set system MAC address aging time
Command
mac aging-time <0-65535>
This command is system vision command used for all port. Address aging only take
effect to dynamicthe learned or user configuredMAC address list.
Generally, we recommend to use aging time 300 seconds as default.
Command
show system
show interface dynamic-mac [<1-64>]
120
Chapter 12
System management
Chapter 12
System management
gateway 0.0.0.0
management vlan 1
out-band ip change disable
arp-request timer 0
S2200ME#show interface static-mac 2
If
Vlan
MacAddr
2
1
00:00:00:00:00:01
Chapter 12
System management
command
Chapter 12
System management
Command
clock set HH:MM:SS <1-31> <1-12>
<2000-2100>
command
ping (A.B.C.D)
ping (A.B.C.D) (-n|-l|-w) <1-2048>
ping (A.B.C.D) (-n|-l|-w) <1-2048> (-n|-l|-w) <1-20
48>
ping (A.B.C.D) (-n|-l|-w) <1-2048> (-n|-l|-w) <1-20
48> (-n|-l|-w) <1-2048>
ping (A.B.C.D) (-n|-l|-w) <1-2048> (-n|-l|-w) <1-20
48> -t
ping (A.B.C.D) (-n|-l|-w) <1-2048> -t
ping (A.B.C.D) -t
2. traceroute
Use command traceroute to test the gateway through which the message is sent from the
host to destination. This command is to check if the network connection is reachable,
which can help user analyse network fault.
tracert execution is: the sending host first send a data packet with TTL as 1, so the firsy
hop send back an ICMP error information to designate this data packet can be transmit
124
Chapter 12
System management
(because TTL is timeout, after that, this data packet is retransmit, TTL is 2, the second
hop return TTL and be timeout, this procedure is repeat until arrive destination. The
purpose of this procedure is to record each ICMP TTL timeout source address, and provide
a path of an IP data packet to arrive destination.
Traceroute command:
operation
command
Traceroute command
traceroute (A.B.C.D) [<1-255>]
125
Chapter 12
System management
126
Chapter 12
System management
Chapter 12
System management
command
snmp community STRING (ro|rw)
snmp community STRING (ro|rw) view
VIEW-NAME
no snmp community STRING
command
snmp trap-server A.B.C.D <1-65535>
SECURITYNAME (v1|v2|v3)
snmp trap-server A.B.C.D <1-65535>
SECURITYNAME v3 (auth|priv)
snmp trap-server A.B.C.D SECURITYNAME
(v1|v2|v3)
snmp trap-server A.B.C.D SECURITYNAME
v3 (auth|priv)
128
Chapter 12
System management
Chapter 12
System management
When incremental backup between backup server and client, assure clock
synchronism between two systems;
When using multi system to deal with complex event, assure multi system refer to
identical clock, and guarantee the correct order of the event;
Provide the user with the time information of the operation such as logging on
system or modify the file.
12.6.1.2 SNTP basic working principle
SNTP basic working principle is shown as below:
130
Chapter 12
System management
Chapter 12
System management
When this NTP information packet reach to Ethernet switch B, Ethernet switch B
add its own time mark, the time mark is 11:00:01amT2.
When this NTP information packet leave Ethernet switch B, Ethernet switch B add
its own time mark, the time mark is 11:00:02amT3.
When Ethernet switch A receive response information packet, add a new time mark,
the time mark is 10:00:03amT4.
Till now, Ethernet switch A has possessed enough information to calculate two key
parameters:
Delay of NTP information one come-and-go period: Delay=T4-T1-T3-T2
Offset of Ethernet switch A compared with Ethernet switch B: offset=T2-T1+
T4-T3/2
Then Ethernet switch A can set its own clock with the information, and make it
synchronous with Ethernet switch B.
The above content is description to NTP work principle, the detailed content can refer to
RFC1305.
Chapter 12
System management
after configuration under any visions, validate the configuration effect with the displayed
information.
SNTP display and debug:
Operation
Show SNTP configuration
Command
show sntp
Switch 1
Switch 2
Chapter 12
System management
Configure flush ARP list, the system will completely flush all ARP list learned in dynamic
mode.
Flush ARP list configuration:
operation
command
Flush ARP list
no ip arp
12.7.2.2 system ARP list aging time configuration
Configure ARP list aging, system will flush learned ARP list.
Configure ARP list aging time:
operation
command
Configure ARP list aging time
ip arp aging-time <60-1200>
12.7.2.3 system static ARP configuration
Configue static ARP list,and this list will not be aging.
operation
command
Configue static ARP list
ip arp (A.B.C.D) (AA:BB:CC:DD:EE:FF)interfa
ce <1-64>
12.8 IPV6
12.8.1 IPV6 introduction
Since IPV4 address become more and more lacking, IPV6 is supported by next
generation switch, providing widely address space, and solve the problem that IP address is
lack. This switch support IPV6 neighbour discover, supporting management with Telnet
IPV6, supporting configuration function such as default gateway.
command
ping6 (X:X::X:X)
ping6 (X:X::X:X) <1-60000>
debug ipv6 ndp
debug ipv6 ndp event
debug ipv6 packet
debug ipv6 packet (in|out)
debug ipv6 packet destination (X:X::X:X)
134
Chapter 12
System management
command
ipv6 gateway (X :X ::X :X)
no ipv6 gateway
command
ipv6 mtu (<1000-2000>|default)
command
ipv6 neighbor (X:X::X:X)
135
Chapter 12
System management
(AA:BB:CC:DD:EE:FF)
no ipv6 neighbor (X:X::X:X)
136
Chapter 13
VLAN switching
Chapter 13
VLAN switching
The first parameter <1-4094> isrule list No., the second and the third is transmission
source and destination vlan No.
S2200ME (config)#translation-vlan <1-4094> <1-4094> mapped <1-4094>
operation
command
Configure vlan mappoing
translation-vlan <1-4094> <1-4094> mapped
<1-4094>
13.1.2.2Enable/disable corresponding vlan transmission rule list on port
The parameter <1-4094> is the corresponding rule list No., it is corresponding to the
first parameter of command 1.2.1, and designate uplink port:
operation
command
Enable port vlan mapping
join translation-vlan VLANLIST uplink <1-64>
Disable port vlan mapping
quit translation-vlan VLANLIST
13.1.2.3Enable/disable Nto1 vlan mappint
operation
Enable/disable Nto1 vlan mappint
command
translation-vlan nto1 (enable|disable)
command
show translation-vlan mapped
command
show interface translation-vlan [<1-64>]
Chapter 13
VLAN switching
instance 4-6, adopting batch configuration, configure vlan mapping uplink to be Port 3:
S2200ME (config-eth-1)#join translation-vlan 1-3 uplink 3
S2200ME(config-eth-1)#int e 2
S2200ME(config-eth-2)#join translation-vlan 4-6 uplink 3
Show vlan translation list
S2200ME#sh translation-vlan mapped
Index VID
Map-VID
1
1
101
2
2
201
3
3
301
4
1
102
5
2
202
6
3
302
13.1.4.3 show whether port is enabled or not
S2200ME#show interface translation-vlan 1
If
Translation-vlan
Uplink Nto1Status
1
1
3
disable
1
2
3
disable
1
3
3
disable
S2200ME#show interface translation-vlan 2
If
Translation-vlan
Uplink Nto1Status
2
4
3
disable
2
5
3
disable
2
6
3
disable
Chapter 14
Voice VLAN
140
Chapter 13
VLAN switch
command
no voice-vlan <2-4094> enable
Chapter 13
VLAN switch
142
Description
com
143
Chapter 13
VLAN switch
Chapter 15
802.3ah
Chapter 15 802.3ah
15.1 802.3ah
15.1.1 802.3ah introduction
Ethernet OAM is a protocol to install, monitor and maintain Ethernet and MAN. It
depend on a new and optional SubLayer in data link layer. Ethernet OAM can be operating
on any full-duplex P2P or emulated P2P Ethernet link. The normal link operation does not
need Ethernet OAM, OAM data frame is using slow protocol destination MAC address
0180.c200.0002. They will be intercepted by MAC SubLayer, unable to transmit among
multi hops in one Ethernet.
Chapter 15
802.3ah
second.
operation
Configure OAM min transmission
interval
command
ethernet oam min-rate <1-10>
Chapter 15
802.3ah
In order to enable link detection, use the following command to enable/disable link
detection.
Enable/disable link detection:
Operation
command
Enable/disable link detection
ethernet oam link-monitor
supported|unsupported
As default, enable link detection.
15.1.2.10 configure window and threshold of error symbol period
The detection of error symbol period is enabled.
operation
command
Configure window and threshold of ethernet oam link-monitor symbol-period
error symbol period
threshold <1-65535> window <1-65535>
Disable detection of error symbol no ethernet oam link-monitor symbol-period
period
As default, the window size is 1000000 symbol as default, the threshold is 1 as default.
15.1.2.11 configure error frame window and threshold
In order to configure error frame window and threshold, use the following command to set.
Configure error frame window and threshold:
operation
command
Configure window and threshold of ethernet oam link-monitor frame threshold
error frame
<1-65535> window <10-600>
Disable detection of error frame
no ethernet oam link-monitor symbol-period
As default, the window size is 10s, threshold is 1.
15.1.2.12 configure window and threshold of error frame period
In order to configure window and threshold of error frame period, use the following
command to set.
Configure window and threshold of error frame period:
operation
command
Configure window and threshold of ethernet oam link-monitor frame-period
error frame period
threshold <1-65535> window <1-65535>
Disable detection of error frame
no ethernet oam link-monitor symbol-period
period
As default, window size is 10s, threshold size is 1.
146
Chapter 15
802.3ah
Chapter 15
802.3ah
148
Chapter 16
802.1ag
Chapter 16 802.1ag
16.1 802.1ag
16.1.1 802.1ag introduction
802.1ag is a standard for creating Ethernet OAM, providing carrier operation,
maintenance and management.
no md (<1-256>|all)
command
ma <1-256>/<1-256> cc-interval
(10s|1min|10min|default)
Chapter 16
802.1ag
command
ma <1-256>/<1-256> name STRING vlan
<1-4094>
no ma <1-256>/<1-256>
Delete ma instance
16.1.2.5 create mep instance
command
mep <1-256>/<1-256>/<1-8191> direction
(up|down)
no mep <1-256>/<1-256>/<1-8191>
command
cc mep <1-256>/<1-256>/<1-8191>
(enable|disable)
Chapter 16
802.1ag
command
mip <1-256>/<1-256>/<1-8191>
no mip <1-256>/<1-256>/<1-8191>
151
<1-256>/
Chapter 16
802.1ag
Query md
Query ma
show
cfm
remote
<1-256>/<1-256>/<1-8191>
show cfm local mip
Query cfm
show cfm
show
cfm
errorccm
<1-256>/<1-256>/<1-8191>
show cfm local mep
mep
mep
153
Chapter 16
802.1ag
Chapter 17
E-LMI
Chapter 17 E-LMI
17.1 E-LMI
17.1.1 E-LMI introduction
MEF refers to FR-LMI (frame relay-local management interface), which defined
E-LMI(Ethernet-local management interface). E-LMI is aiming for OAM protocol of user
UNI (ultimate network interface), which is mainly working between user edge device and
provider edge device. E-LMI make service provider auto configure CE with bought service.
The auto configuration of CE reduces the work of service creation, also reduce
harmonization between service provider and enterprise user. Therefore, enterprise user
have no need to know configuration of CE, which is configured and monitored by service
provider, reducing risk of human wrong operation. E-LMI provides EVC status
information, if EVC error is discovered (by 802.1ag), the service provider edge device will
notify CE about error, then the accessing route will be immediately switch.
command
command
elmi evc-identifier NAME
Delete EVC
Chapter 17
E-LMI
Chapter 17
E-LMI
(all-to-one|multiplex|bundling)
command
show elmi global
show elmi evc
show elmi evc NAME
show elmi uni
show elmi uni <1-64>
show elmi uni <1-64> statistic
157
Chapter 17
E-LMI
Chapter 18
LLDP
Chapter 18 LLDP
18.1 LLDP
18.1.1 LLDP introduction
LLDP(Link Layer Discovery Protocol)is a new protocol of 802.1AB, which
can make neighbour device send status notification to other device, and each port
of all device can save its own information, even send update information to
connected neighbour device if needed, the neighbour device will save the
information into standard SNMP MIBs. The network management system will
query current connection of L2 from MIB. With the information, network
management system can exactly discover and simulate physical network topology
structure. LLDP will not configure and control network element or flow, it only
report configuration of L2.
Chapter 18
LLDP
Chapter 18
LLDP
Command
lldp notification (enable|disable)
Command
lldp location-id
coordinate-address (south|north)
<0-90>.<0-99999999> (east|west)
<0-180>.<0-99999999> altitude
(meters|floors)
<-10000-10000>.<0-99999>
(wgs84|nad83|nad83-mllw)
160
Chapter 18
LLDP
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
lldp location-id civic-address
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
lldp location-id civic-address
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
lldp location-id civic-address
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
lldp location-id civic-address
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
lldp location-id civic-address
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
161
Chapter 18
LLDP
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
lldp location-id civic-address
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
Chapter 18
LLDP
s1
s2
163
Chapter 19
UDLD
Chapter 19 UDLD
19.1 UDLD
19.1.1 UDLD introduction
UDLDUniDirectional Link Detection Protoclcan monitor physical configuration of
cable for the device connecting with optical fiber or copper cable (e.g.: Cat.5 cable)
Ethernet cable, check if unidirectional link is exist. If unidirectional link, UDLD protocol
will disable influenced port and send trap to user.
Chapter 19
UDLD
(enable|disable)
19.1.2.6 restart port shutdown by UDLD protocol
This command is to restart port shutdown by UDLD protocol.
Operation
Command
Restart port shutdown by UDLD
udld reset
protocol
165
Chapter 20
Log email notification
SMTP mailbox
A.B.C.D
Chapter 20
Log email notification
mailbox
Command
X:X::X:X
SMTP6
Chapter 20
Log email notification
Command
smtp6 mailbox REPLIER X:X::X:X
<1-65535> authentication AUTHUSER
AUTHPWD
no debug smtp
debug smtp
168
169