F-Engine S2200ME Ethernet Switch Operation Manual (v3.0)

F-ENGINE
S2200ME
Carrier Ethernet Switch

Operation Manual
V3.0
F-Engine S2200ME
Carrier Ethernet Switch
Operation Manual
Product Version
V3.0
FiberHome Networks Co., Ltd. provides customers with comprehensive technical support
and service. Please contact with our local office, customer care center or company
headquarters by any means.
FiberHome Networks Co., Ltd.

Address
Postal code
Tel
Fax
Website
Email
3rd floor,
:
Optical Communication Building
5 DongXin Rd , Hongshan District,
Wuhan, Hubei Province, P. R. China
430074
:
+86 27
: 87693659
+86 27
: 87693257
http://www.fhn.com.cn
:
sale@fhn.com.cn
:
F-Engine S2200ME Carrier Ethernet Switch

Operation Manual
Content
Content
Content ................................................................................................... I
Chapter 1 Accidence .......................................................................... 14
1.1 Introduction .................................................................................... 14
1.1.1 product introduction .................................................... 14
1.1.2 function feature ............................................................ 14
1.2 Log on Ethernet switch................................................................. 17
1.2.1 create Console port environment ........................................... 17
1.2.2 create configuration environemtn through Telnet.................. 22
1.3 CLI interface................................................................................... 25
1.3.1 CLI interface .................................................................. 25
1.3.2 CLI view ............................................................................ 25
1.3.3 CLI feature ...................................................................... 27
1.4 user interface configuration ......................................................... 30
1.4.1 user interface introduction ...................................... 30
1.4.2 user interface configuration..................................... 30
1.4.3 user interface display and debug............................. 31
1.5 system IP configuration ................................................................ 31
1.5.1 system IP introduction ................................................ 31
1.5.2 system IP configuration .............................................. 33
1.5.3 system IP display and debug ...................................... 34
Chapter 2 Port..................................................................................... 35
2.1 Ethernet port configuration . ........................................................ 35
2.1.1 Ethernet port introduction ........................................ 35
2.1.2 Ethernet port configuration ...................................... 35
I

Operation Manual
Content
2.1.3 Ethernet port display and debug............................... 38

2.1.4 Ethernet port configuration instance..................... 38
2.1.5 Ethernet port fault correction................................. 39
2.2 Ethernet port Trunk configuration ............................................... 39
2.2.1 Ethernet port Trunk ...................................................... 39
2.2.2 Ethernet port Trunk configuration........................... 40
Operation .............................................................................................. 40
Command .............................................................................................. 40
2.2.3 Ethernet port Trunk display and debug................... 40
2.2.4 Ethernet port Trunk configuration instance ......... 40
2.2.5 Ethernet port Trunk configuration fault correction
.......................................................................................... 41
2.3 port isolate configuration .............................................................. 42
2.3.1 port isolate introduction .......................................... 42
2.3.2 port isolate configuration ........................................ 42
2.3.3 port isolate display and debug................................. 42
2.3.4 port isolate configuration instance....................... 43
2.4 port security MAC configuration.................................................. 43
2.4.1 port security MAC introduction................................. 43
2.4.2 port security MAC configuration............................... 44
2.4.3 port security MAC display and debug....................... 44
2.4.4 port security MAC configuration instance............. 44
2.5 port static MAC configuration ...................................................... 46
2.5.1 port static MAC introduction..................................... 46
2.5.2 port static MAC configuration................................... 46
2.5.3 port static MAC display and debug........................... 46
2.5.4 port static MAC configuration instance................. 46
2.6 port black hole MAC configuration ............................................. 47
2.6.1 port black hole MAC introduction............................. 47
II

Operation Manual
Content
2.6.2 port black hole MAC configuration........................... 47

2.6.3 port black hole MAC display and debug................... 48
2.6.4 port black hole MAC configuration instance ......... 48
2.7 port user number limit................................................................... 49
2.7.1 port user number limit introduction....................... 49
2.7.2 port user number limit configuration..................... 49
2.7.3 port user number display and debug......................... 49
2.7.4 port user number configuration instance............... 50
2.8 port loopback detection ................................................................ 51
2.8.1 port loopback detection .............................................. 51
2.8.2 port loopback detection configuration................... 51
2.8.3 port loopback detection display and debug ........... 52
2.8.4 port loopback detection configuration instance . 52
2.9 remote mirror ................................................................................. 54
2.9.1remote mirror .................................................................... 54
2.9.2 remote mirror configuration ...................................... 54
Chapter 3 VLAN .................................................................................. 56
3.1 VLAN configuration ....................................................................... 56
3.1.1 VLAN introduction .......................................................... 56
3.1.2 VLAN configuration ........................................................ 57
3.1.3 VLAN display and debug ................................................ 58
3.1.4 VLAN typical configuration instance....................... 58
Chapter 4 Netowrk protocol .............................................................. 60
4.1 DHCP-Relay configuration .......................................................... 60
4.1.1 DHCP-Relay introduction .............................................. 60
4.1.2 DHCP-Relay configuration ............................................ 60
4.1.3 DHCP-Relay display and debug..................................... 60
Chapter 5 COS .................................................................................... 62
III

Operation Manual
Content
5.1 COS configuration......................................................................... 62

5.1.1 COS introduction ............................................................ 62
5.1.2 COS configuration .......................................................... 62
Chapter 6 SGM.................................................................................... 64
6.1 SGM configuration ........................................................................ 64
6.1.1 SGM introduction ............................................................ 64
6.1.2 SGM configuration .......................................................... 66
6.1.3 SGM configuration instance ........................................ 69
Chapter 7 STP ..................................................................................... 72
7.1 STP configuration .............................................................. 72
7.1.1 STP introduction ............................................................ 72
7.2 RSTP configuration ............................................................ 78
7.2.1 RSTP configuration instance ...................................... 78
7.3 MSTP configuration ............................................................ 80
Chapter 8 Security.............................................................................. 82
8.1 AAA and RADIUS protocol configuration................................... 82
8.1.1 AAA and RADIUS protocol introduction..................... 82
8.1.2 AAA configuration .......................................................... 83
8.1.3 RADIUS protocol configuration................................... 84
8.2 ACL configuration .......................................................................... 86
8.2.1 ACL introduction .................................................................... 86
8.2.2 ACL configuration .......................................................... 86
8.2.3 ACL display and debug .................................................. 87
8.2.4 ACL typical configuration instance......................... 87
Chapter 9 ESR .................................................................................... 89
9.1 ESR configuration ......................................................................... 89
9.1.1 ESR introduction ............................................................ 89
9.1.2 ESR configuration .......................................................... 90
IV

Operation Manual
Content
9.1.3 ESR display and debug .................................................. 92

9.1.4 ESR configuration instance ........................................ 93
Chapter 10 Double tag ....................................................................... 95
10.1 double-tag configuration ............................................................ 95
10.1.1 double-tag introduction ............................................ 95
10.1.2 double-tag configuration .......................................... 95
10.1.3 double-tag display and debug................................... 96
10.1.4 double-tag configuration instance......................... 97
Chapter 11 Mutlicast protocol .......................................................... 99
11.1 IGMP Snooping configuration ................................................... 99
11.1.1 IGMP Snooping protocol introduction..................... 99
11.1.2 IGMP Snooping configuration................................... 103
11.1.3 IGMP Snooping display and debug........................... 106
11.1.4 IGMP Snooping typical configuration instance . 106
11.1.5 IGMP Snooping fault diagnose and troubleshooting
........................................................................................ 107
11.2 IGMP-FILTER configuration .................................................... 108
11.2.1 IGMP-FILTER introduction ........................................ 108
11.2.2 IGMP-FILTER configuration ...................................... 108
11.2.3 IGMP-FILTER display and debug............................... 110
11.2.4 IGMP-FILTER typical configuration instance ..... 110
11.3 MLD Snooping configuration .................................................... 111
11.3.1 MLD Snooping configuration .................................... 111
11.3.2 MLD Snooping display and debug............................. 112
11.3.3 MLD Snooping typical configuration instance ... 113
Chapter 12 System management ................................................... 114
12.1 file system management ...........................................................114
12.1.1 configure file management ...................................... 114
V

Operation Manual
Content
12.1.2 FTP configuration ...................................................... 115

12.2 MAC address list management ...............................................118
12.2.1 MAC address list management introduction ......... 118
12.2.2 set MAC address learning mode............................... 119
12.2.3 set system MAC address aging time....................... 119
12.2.4 MAC address management display and debug ......... 120
12.2.5 MAC address list management typical instance . 120
12.2.6 global flush L2 forward MAC address list ......... 122
12.2.7 VLAN-based flush forward MAC address list ....... 122
12.3 device management ................................................................. 122
12.3.1 device management introduction............................. 122
12.3.2 configure device management................................... 122
12.3.3 device management display and debug................... 123
12.4 system maintenance and debug ............................................ 123
12.4.1 system basic configuration .................................... 123
12.4.2 show system status and system information ....... 124
12.4.3 network communication test .................................... 124
12.5 SNMP configuration.................................................................. 125
12.5.1 SNMP protocol introduction .................................... 125
12.5.2 SNMP version and supported MIB............................. 125
12.5.3 configure SNMP ............................................................ 127
12.5.4 SNMP display and debug ............................................ 128
12.5.5 SNMP configuration instance................................... 129
12.6 SNTP configuration .................................................................. 130
12.6.1 SNTP introduction ...................................................... 130
12.6.2 SNTP protocol configuration................................... 132
12.6.3 SNTP display and debug ............................................ 132
12.6.4 SNTP typical configuration instance................... 133
12.7 ARP list management ............................................................... 133
VI

Operation Manual
Content
12.7.1 ARP introduction ........................................................ 133

12.7.2 ARP configuration ...................................................... 133
12.8 IPV6 ............................................................................................ 134
12.8.1 IPV6 introduction ...................................................... 134
12.8.2 IPV6 configuration .................................................... 134
Chapter 13 VLAN mapping .............................................................. 137
13.1 VLAN mapping .......................................................................... 137
13.1.1 VLAN mapping introduction ...................................... 137
13.1.2 VLAN mapping configuration .................................... 137
13.1.3 VLAN mapping display and debug............................. 138
13.1.4 VLAN mapping configuration .................................... 138
13.1.4 Nto1 VLAN mapping configuration........................... 139
Chapter 14 Voice VLAN ................................................................... 140
14.1 Voice VLAN................................................................................ 140
14.1.1 Voice VLAN introduction .......................................... 140
14.1.2 Voice VLAN configuration ........................................ 140
14.1.3 Voice VLAN transmission display debug............... 142
14.1.4 Voice VLAN configuration ........................................ 142
Chapter 15 802.3ah .......................................................................... 144
15.1 802.3ah ...................................................................................... 144
15.1.1 802.3ah introduction ................................................ 144
15.1.2 802.3ah configuration .............................................. 144
15.1.3 802.3ah display and debug ...................................... 147
15.1.4 802.3ah configuration .............................................. 147
Chapter 16 802.1ag .......................................................................... 149
16.1 802.1ag ...................................................................................... 149
16.1.1 802.1ag introduction ................................................ 149
16.1.2 802.1ag configuration .............................................. 149
VII

Operation Manual
Content
16.1.3 802.1ag display and debug ...................................... 152

16.1.4 802.1ag configuration .............................................. 152
Chapter 17 E-LMI .............................................................................. 154
17.1 E-LMI .......................................................................................... 154
17.1.1 E-LMI introduction .................................................... 154
17.1.2 E-LMI configuration .................................................. 154
17.1.3 E-LMI display and debug .......................................... 156
17.1.4 E-LMI configuration .................................................. 157
Chapter 18 LLDP .............................................................................. 158
18.1 LLDP ........................................................................................... 158
18.1.1 LLDP introduction ...................................................... 158
18.1.2 LLDP configuration .................................................... 158
18.1.3 LLDP display and debug ............................................ 162
18.1.4 LLDP configuration .................................................... 163
Chapter 19 UDLD .............................................................................. 164
19.1 UDLD .......................................................................................... 164
19.1.1 UDLD introduction ...................................................... 164
19.1.2 UDLD configuration .................................................... 164
19.1.3 UDLD display and debug ............................................ 165
19.1.4 UDLD configuration .................................................... 165
Chapter 20 Log email notification .................................................. 166
20.1 Log email notification ............................................................... 166
20.1.1 log email notification introduction................... 166
20.1.2 log email notification configuration................. 166
20.1.3 log email notification display and debug ......... 168
20.1.4 SMTP configuration .................................................... 168
VIII

Operation Manual
Figure
Figure
Figure 1-1 create local configuration environment through Console port ................. 17
Figure 1-2 create local configuration environment through LAN ............................. 23
Figure 1-3 operate Telnet .......................................................................................... 24
Figure 1-4 provide Telnet Client service ................................................................... 24
Table1-1 command mode and function feature ......................................................... 25
Table 1-2 function...28
Table 1-3 access history command ............................................................................ 28
Table 1-4 CLI common error information ................................................................. 29
Table 1-5 edit function29
Figure 1-5 Cat.5 IP address ....................................................................................... 32
Figure 1-6 IP address subnet division........................................................................ 33
Figure 2-1 configure port default VLAN ID ............................................................. 39
Figure 2-2 Ethernet port Trunk.................................................................................. 41
Figure 2-3 port isolate group network ....................................................................... 43
Figure 2-4 port security MAC group network ........................................................... 45
Figure 2-5 port static MAC group network ............................................................... 47
Figure 2-6 port static MAC group network ............................................................... 48
Figure 2-7 port user number limit group network ..................................................... 50
Figure 2-8 port loopback detection group network ................................................... 53
Figure 3-1 VLAN configuration ................................................................................ 58
Figure 6-1 SGM..65
Figure 6-2 role switch rule ........................................................................................ 66
Figure 6-3 SGM management network group ........................................................... 70
Figure 7-1 the designated switch and designated port ............................................... 73
Figure 7-2 Ethernet switch network group ................................................................ 74
Figure 7-3 final stable stp .......................................................................................... 77
Figure 7-4 RSTP configuration ................................................................................. 79
Figure 8-1 ACL application ...................................................................................... 88
Figure 9-1 ESR topology structure ............................................................................ 90
IX

Operation Manual
Content
Figure 9-2 relationship between ESR domain and VLAN ........................................ 90

Figure 11-1 multicast message transmission without IGMP Snooping ................... 100
Figure 11-2 realize multicast message transmission during IGMP Snooping ......... 101
Figure 11-3 realize IGMP Snooping ....................................................................... 102
Figure 11-4 configure IGMP Snooping group network ........................................... 107
Figure 11-5 configure IGMP FILTER group network ............................................ 111
Figure 11-6 configure MLD Snooping group network ............................................ 113
Figure 12-1 FTP configuration ................................................................................ 116
Figrue 12-2 FTP configuration ................................................................................ 117
Figure 12-3 Ethernet switch use MAC address list to forward message ................. 119
Figure 12-4 address list management typical configuration network group ............ 121
Figure 12-5 MIB tree structure ................................................................................ 126
Figure 12-6 SNMP configuration instance .............................................................. 129
Figure 12-7 NTP basic principle ............................................................................. 131
Figure 12-8 NTP typical configuration ................................................................... 133
Figure 15-1 802.3ah configuration instance ............................................................ 148
Figure 18-1 configure instance topology structure .................................................. 163

Operation Manual
Preface
Preface
Version
V3.0
Copyright 2002 by FiberHome Networks Co., Ltd.

All Rights Reserved
No part of this document can be reproduced or transmitted in any form or by any
means without prior written consent of FiberHome Networks Co., Ltd.
F-ENGINE
,
are trademarks of FiberHome Networks Co., Ltd.
Notice
The information in this document is subject to change without notice. Every effort
has been made in the preparation of this document to ensure accuracy of the
contents, but all statements, information, and recommendations in this document
don't constitute the warranty of any kind, express or implied.
Content
This manual introduces the installation, usage and maintenance of F-Engine
S2200ME Ethernet switch. The manual is divided into six chapters as follows:
Conventions Used in the Document

Description
Symbol
Warning,
Danger
This symbol means danger. Be aware of all

potential danger before you work on any
equipment and be acquainted with common sense
for preventing accidents.
Caution,
Notice
Notify the special attention that should be given to

the operation.
XI

Operation Manual
Note
Preface
Give further necessary supplement or explanation

for the operation description.
Intended Readers
The manual is intended for the following readers:
Marketing staff
Installation engineers & technicians
Operation & maintenance personnel
Those who are fond of our product
Before installation, read this manual carefully to avoid wrong

operation to damage the device.
Environmental Protection
This product has been designed to comply with the requirements on environmental
protection. For the proper storage, use and disposal of this product, national laws and
regulations must be observed.
XII

Operation Manual
Safety recommendation
Safety recommendation
Please carefully read following safety precautions prior to installing and operating
this product. Wuhan FiberHome Networks Co., Ltd takes no responsibilities to
any loss or damage caused by violating these safety precautions.
1.
when operating, the power module of this switch has powerful

electricity. User is forbidden to open shell when power on.
2.
forbid any change to inner structure and circuit of the switch.
3.
use static protection for installation and maintenance. The equipment

room should keep relative humidity at 4575. The floor should
use the material preventing static.
4.
the power supply of the switch should be reliably grounding. For safety
protection, the switch should be reliably grounding. The communicating
device should be protected from powerful thundering.
5.
the switch should not be operating in burnable and burst gas

environment. When using the switch, should conform to other security
requirement of application environment.
XIII

Operation Manual
Chapter 1
Accidence
Chapter 1 Accidence
1.1 Introduction
1.1.1 product introduction
S2200ME switch is multi-port 100/1000Mbps network management Ethernet switch.
This series switch can reach up to full line speed forwarding, with Tag VLAN, port Trunk,
port address binding, multicast and QOS, ACL, vlan transmission (1:1) which can meet the
fast growing demand for broadband network development, applicable for
small/middle/large-scale enterprise network and MAN access equipment.
Product configuration
Product type
Product name
L2
Ethernet
switch
specificatoin
S2200ME host is including 3
types:
S2208ME
S2216ME
S2224ME
S2208ME support 8100M
electrical port and 21000M
combo port;
combo port;
combo port;
S2200ME -48 is -48V DC
power supply;
S2200ME 220 is 220V AC
power supply;
S2200ME
version
2.0
1.1.2 function feature

Product feature:
Support L2 forward basic function;
Support port rate limit and broadcast control, rate limit granularity is 64kbps;
14

Operation Manual
Chapter 1
Accidence
Support port mirror, support a mirror destination port;

Support port-based VLAN and 802.1Q-based VLAN, the max VLAN number is
4094;
Support static link TRUNK, system can support 14 Trunk at most, each group have 8
members at most, support 6 Trunk algorithm based on mac address or ip address.
Support IGMP-SNOOPING, sum to 1024 multicast groups totally;
Support 4priority queue forward;
Support QoS scheduling algorithm, including wrr, sp1+wrr3, sp2+wrr2, sp
Support in-band management IP address configuration;
Support static arp configuration;
Support CLI network management through local console portRS-232and remote
Telnet and network management of WEB mode;
Support FTP remote upgrading, support upload and download of configuration file;
Support SNMP v1/v2/v3
Support serial port, telnet remote radius authentication;
Support DHCP Relay;
Support port loopback detection;
Support port user number limit, each port limit 100 for the most;
Support port isolation, support 20 isolation group for the most;
Support STP;
Support ARP anti-attack;
Support DOT1X, RADIUS
Support SNTP CLIENT;
Support openssh logging, support serial port, telnet remote radius authentication;
Suppoort SGM;
Support 1:1 vlan transmission, 16 users at most for the common port, which should
configure and designate uplink;
Support acl, the rule can create sign location based on mac, L2 protocol type, vlanm
cos, ip, ttl, L3 protocol No., ip priority, tcp/udp port No., tcp; the action can support
forwarding, discarding, mirroring, redirection, sending cpu, rate limit, change
priority queue; only enable on port, only support ingress direction; the data packet
without any matched rule is forward as default, if certain rule is not configured
corresponding action is discard as default;
Support security mac address, static mac address;
Support basic double-tag, which can modify TPID, support flexible qinq;
Support Ethernet ESR;
Support RSTP
15

Operation Manual
Chapter 1
Accidence
Technique index
Attribtue
Specification
Interface
100M
Ethernet
electrical
port;
10/100/1000M optical electrical Combo
interface
Switch bandwidth
13Gbps
Transmission mode
Storage forward
Packet forward rate
1488100pps
MAC address
8K
VLAN
Multicast
TRUNK
Network management type
SGM
Private VLAN associated with device

ports
802.1q VLAN4K active VLAN
Support IGMP Snooping, support 1024
mutlicast entry
Support 14 group at most, each group
includes 8 port
Support
SNMP,
execute
network
management based on web, telnet, console,
support batch configuration, support auto
download configuration, support easy-do
integrated management platform.
Support SGM, which can manage 128
devices at most
RMON group
1-statistics2-history3-trap9-event
Buffering capacity
64MB
Power
9W
Weight
2.03kg
Working environment
working-10+50
storage
-25+65
humidity
1090% indoors
volume (WDH)
440mm192mm44mm
16

Operation Manual
Chapter 1
Accidence
1.2 Log on Ethernet switch

1.2.1 create Console port environment
Step 1: shown as Figure 1-1, create local configuration environment, only need to
connect PC (or terminal) serial port with Console port of Ethernet switch through Console
cable.
Figure 1-1 create local configuration environment through Console port

Step 2: operate terminal emulation e.g.: Windows 3.X Terminal or Windows 9X
super terminalset terminal communication parameter.
Step (1): turn on PC, operate terminal emulation e.g.: Windows3.1 Terminal,
Windows95/Windows98/Windows NT super terminalon PC.
Step (2): set terminal parameter (take Windows2000 super terminal as an example).
The parameter is: baud rate is 9600, 8 data bit, no parity check, 1 stop bit, no flow control,
select terminal emulation to be VT100. the detailed mode is:
(1) click start-program-accessory-communication-super terminalenter
super terminal window, click
and buildup new connection, the system will show
the following conncetion description.
17

Operation Manual
Chapter 1
Accidence
(2) type new connection name in connection description, click confirm, the
system will show the following interface figure, select the connection serial port in blank
use when connect.
18

Operation Manual
Chapter 1
Accidence
(3) after serial port is selected, clickconfirm, the system will show the following
connection serial port parameter interface. Set baud rate to be 9600, data bit is 8, no parity
check, stop bit is 1, no flow control.
19

Operation Manual
Chapter 1
Accidence
(4) after serial port parameter is set, click confirm, the system will enter the
following super terminal interface.
20

Operation Manual
Chapter 1
Accidence
Select [attribute] in super terminal attribute dialogue box, enter attribute window. Click
[set] in attribute window, enter attribute setting window (shown as below), select terminal
emulation to be VT100, after selection, click [confirm].
21

Operation Manual
Chapter 1
Accidence
1.2.2 create configuration environemtn through Telnet

1.2.2.1 Telnet Ethernet switch through terminal
If user can correctly configure Ethernet switch management VLAN interface IP
address through Console port (use command ip address under VLAN interface vision),
designate the Ethernet port connected with terminal belong to the management VLAN (use
command port under VLAN vision), then use Telnet to log on Ethernet switch and
configure the switch.
Step 1: before logging on Ethernet switch via Telnet, configure Telnet user name and
password on the switch.
22

Operation Manual
Chapter 1
Accidence
S2200ME#
S2200ME#configure
%Enter configuration commands.End with Ctrl+Z or command "quit" & "end"
S2200ME(config)#username XXX group users password XXX
S2200ME(config)#
Step 2: shown as the following figure, buildup configuration environment, only need to
connect PC Ethernet port with Ethernet switch Ethernet port through LAN.
Figure 1-2 create local configuration environment through LAN

Step 3: run Telnet program on PC, input IP address of the Ethernet port VLAN where
switch and PC are connected, shown as below:
23

Operation Manual
Chapter 1
Accidence
Figure 1-3 operate Telnet

Step 4: on terminal, prompt user to input logging password, if the password is correct,
show CLI prompt (S2200ME#).
Step 5: use the corresponding command to configure Ethernet switch or show Ethernet
switch operating state. Input ? when need help. The detailed configuration command can
refer to the content in the following chapter.
1.2.2.2
Telnet Ethernet switch through Ethernet switch
User can Telnet from a switch to another switch, then configure it. This switch is used
as Telnet Client, the peer end switch is used as Telnet Server. If the port connecting two
switches are in identical LAN, the IP address should be configured in identical network
field; otherwise, two switch should have route that is reachable to each other.
Configure environment shown as below, after user Telnet a Ethernet switch, input
command Telnet to log on other Ethernet switch and execute configuration management.
Figure 1-4 provide Telnet Client service

Step 1: configure Telnet user name and password on the switch used as Telnet Server.
Step 2: user log on the Ethernet switch that is used as Telnet Client (the logging course can
refer to the content Telnet Ethernet switch through terminal of this chapter).
Step 3: do the following operation on the Ethernet switch used as Telnet Client:
S2200ME# telnet xxxxxxxx is host name or IP address of the Ethernet switch that is used
as Telnet Server, if it is the host name, it should be the host name passed command ip host
configuration.
Step 4: input the logging password,, then show CLI prompt (e.g.:S2200ME#).
Step 5: use the corresponding command to configure Ethernet switch or show

Ethernet switch operating state. Input ? when need help, the detailed
configuration command can refer to the content in the following chapters.
24

Operation Manual
Chapter 1
Accidence
1.3 CLI interface

1.3.1 CLI interface
S2200ME switch provides a series configuration command and command line
interface, flexible for user to configure and manage Ethernet switch. Command line
interface has the following features:
local configuration through Console port
local or remote logging and configuration through Ethernet port with Telnet.
configure class of protection, assure unauthorized user can not attack the Ethernet
switch.
user can type <?> to get online help.
provide network test command, e.g.: traceroutePing, rapidly disgnose the network.
provide abundant and verbose debugging information, help to diagnose network

fault.
directly log on and manage other Ethernet switch via Telnet.
CLI translator use uncomplete matched searching methos, the user only need to input
the key word without conflict for translation.
1.3.2 CLI view

Table1-1 command mode and function feature
Command
mode
function
Ordinary
user mode
Check device simple

operating state and
statistic
Hint
Fengine>
Privileged
user mode
Show device whole

operating state and
statistics,
and
manage the file and
the system.
Fengine#
Global
configurati
-on mode
Configure
switch
global parameter
Fengine(config)
#
25
Enter
command
Exit
command
Establish
connection
with device
then enter
Type enable
under ordinary
mode
exit is to
disconnect
with the
device
Disable is to
return
ordinary
mode, exit
is to
disconnect
with the
device
exit is to
return
privileged
user mode
Type config
under
privileged
mode

Operation Manual
Chapter 1
Accidence
System
configurati
-on mode
Configure
switch
system parameter
Fengine(configsystem)#
Type system
under global
mode
Terminal
configurati
-on mode
Configure terminal
Fengine(configline)#
Type line vty

under global
mode
Interface
configurati
-on mode
Configure
switch
interface parameter
(N1interface No.)
Including
single
Ethernet interface or
Trunk interface
Switch
VLAN
configuration
N1vlan No.
Fengine(configeth-N1)#
Type
interface
ethernet N1 or
interface trunk
N1 under
global mode
Type
interface vlan
N1 under
global mode
SGM
configurati
-on mode
SGM configuration
Fengine(configsgm)#
Type sgm
under global
mode
STP
configurati
-on mode
Switch
configuration
STP
Fengine(configstp)#
Type stp
under global
mode
COS
configurati
-on mode
Switch
configuration
Cos
Fengine(configcos)#
Type cos
under global
mode
IGMP
Snoping
configurati
-on mode
Switch
IGMP
Snooping
configuration
Fengine(configigmp-snooping)
#
Type
igmp-snoopin
g under global
mode
Igmp-filter
configure
Configure of switch
Igmp filtering (N1
Fengine(configigmp-filter
Enter
igmp-filter
VLAN
configurati
-on mode
Fengine(configvlan- N1)#
26
Exit, quit is
to return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
Exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
exit is to
return
global
configuratio
n mode
Enter exit
to return

Operation Manual
mode
RADIUS
configure
mode
Igmp-filter
No.)
Configure of switch
radius
Chapter 1
Accidence
N1)#
N1 under
global mode
Fengine(configradius)#
Enter radius
under global
mode
global
configure
mode
Enter
exitto
return
global
configure
mode
1.3.3 CLI feature

1.3.3.1 CLI online help
Command line interface provides the following online help:
Full help
Partial help
With online help, get help information, which are described as below:
(1) in any vision, type <?> to get simple description of all command in this vision.
S2200ME#?
cd
clock
cls
configure
copy
debug
dir
dot1x
end
exec-timeout
exit
help
< omit>
Change the default directory

Configure system clock
clear screen
Configuration terminal
Copy file
Debugging functions
List file system
8021 taskdebug levelvalue of level
End current mode and change to enable mode.
Set timeout value
Exit current mode and down to previous mode
Description of the interactive help system
(2) type a command, then follow <?> spacing with a blank, if the position is for the key
word, then list out all key word and simple description.
S2200ME#ping ?
A.B.C.D Destination address or hostname
(3) type a command, then follow <?> spacing with a blank, if the position is for the
parameter, then list out the related parameter description.
S2200ME(config)#interface vlan ?
27

Operation Manual
Chapter 1
Accidence
<1-4094> start vlan index

S2200ME# interface vlan 1 ?
<cr>
<cr> means the position has no parameter, this command is repeated in the following
command line, then directly press enter to execute.
(4) type a character string, then followed with <?>, list out all command with the
beginning as this character string.
S2200ME# pi?
ping
(5) type a command, then follows with a character string then <?>, list out all command
key word with beginning as character string.
S2200ME#show ver?
version
(6) type the beginning letter of the command key word, press <Tab>, if the key word of the
letter is unique, then show complete key word.
1.3.3.2 CLI display feature
If the information of one time is over one screen, provide pause function, at this time, user
has three selection, shown as the following table.
Table 1-2 function
Key-press or command
When pause display, type <Ctrl+C>
When pause display, type Blank
When pause display, type Enter
Function
Stop display and command exection
Continue show next screen information
Continue show next line information
1.3.3.3 CLI history command

Command line interface provides the function like Doskey, auto-discard the history
command typed by the user, the user can use history command saved by CLI at any time,
then repeat execution. CLI interface save 10 history command for each user as default. The
operation is shown as the following table.
Table 1-3 access history command
Operation
Show history command
Key-press or command
show history
Access the last history
or <Ctrl+P>
28
result
Show efficient history
command input by user
If there is the earlier history

Operation Manual
command
or <Ctrl+N>
Access the next history

command
Chapter 1
Accidence
command, then get out the
last history command
If there is the later history
command, then get out the
next history command
1.3.3.4 CLI error information

All users type the command, if they pass the grammar check, then correctly execute,
otherwise, report the user with error information, the general error information can refer to
the following table.
Table 1-4 CLI common error information
English error information
Unknown command
Error cause
Command is not found, key word is not found,
parameter type is error, parameter is beyond the
mark, the input parameter is too much.
Command incomplete
Ambiguous command
The input command is not complete

The input parameter is not clear.
1.3.3.5 CLI edit feature

Command line interface provides basic command edit function, supporting multi-line edit,
each command max length is 256 characters, shown the following table.
Table 1-5 edit function
Key-press
Common key
Backspace
or <Ctrl+B>
or <Ctrl+F>
or <Ctrl+P>
or <Ctrl+N>
Function
If the edit buffer area is not full, insert to the cursor position,
then move cursor to the right
Delete the character in front of the cursor, then move cursor to
the front
The cursor move one character position to the left
The cursor move one character position to the right
Show history command
29

Operation Manual
Tab
Chapter 1
Accidence
Input incompletekey word, then press Tab, the system will

auto-execute partial help: if the matched key word is unique, the
system will use complete key word to substitute the former input
and display in new line;
For command character parameter, matched or unmatched key
word is not unique, the system will not do any modification, and
just change line to show the former input.
1.4 user interface configuration

1.4.1 user interface introduction
S2200ME Ethernet switch support the following configuration modes:
Local configuration through Console port
Use Telnet for local or remote logging configuration with Ethernet port
Two types user interface are corresponding to these configuration mode:
AUX user interfaceAUX

AUX user interface is to access Ethernet switch through Console port, each Ethernet
switch has only one.
VTY user interfaceVTY

VTY user interface is to access Ethernet switch through Telnet.
1.4.2 user interface configuration

User interface configuration is including:
user management
1.4.2.1 user management
This command is to set switch to log on the user.
Set switch to log on the user:
Operation
Set user to log on switch
Command
username USERNAME group
(administrators|operators |users|guests)
password PASSWORD
30

Operation Manual
Chapter 1
Accidence
1.4.3 user interface display and debug

After the above configuration, execute command show to show the operation after
configuration, validate the configuration effect with the displaying information.
Show user interface information:
Operation
Show user interface information
Command
show logging
1.5 system IP configuration

1.5.1 system IP introduction
1.5.1.1 management VLAN
If need to Telnet and execte network management for Ethernet switch, should set switch IP
address for implement. S2200ME L2 Ethernet switch has only one VLAN interface for IP
address configuration, the VLAN is manager VLAN.
1.5.1.2 IP address
1. IP address classification and representation
IP address is the address with 32 bits length that distributed to the device on Internet. IP
address is made by two character field: net-id and host-id. IP address is distributed by
Network Information Center of U.S.A. In order to facilitate the IP address management, IP
address is classified into 5 types, shown as below:
31

Operation Manual
Chapter 1
Accidence
Figure 1-5 Cat.5 IP address

Type ABC address is unicast address; Type D address is multicast address; Type E is
reserved address to future use. Currently, the widely used IP address belong to Type AB
C address. IP address is using dot distribution decimal mode for record. Each IP address
respresents for 4 decimal integer spacing with radix point, each integer is corresponding to
a byte, e.g.: 10.110.50.101.
When using IP address, should know some IP address is reserved for particular use,
generally it is not used.
2. subnet and mask
With the rapid development, IP address become exhausted, and traditional IP address
distribution mode is wasteful to IP address. In order to make fully use of the existing IP
address, the people propose the concept of the address mask and subnet.
Mask is a 32-bit number of IP address, in these number, some is 1 and other is 0. In
principle, these 1 and 0 can be freely combined, but when design the mask, set the
beginning mask bits as 1. The mask can divide the IP address into two parts: subnet
address and host address. Bit 1 in IP address and mask is for subnet-id, the other bit is for
the host-id. When subnet is not divided, the subnet mask is the default, at this time, the 1
32

Operation Manual
Chapter 1
Accidence
length in subnet mask is just the length of the network number. That is, the mask default of
Type A address is 255.0.0.0; the mask default of Type B address is 255.255.0.0; the mask
default of Type C address is 255.255.255.0.
Use mask to divide a Type A network with 16 million host or Type B network with
60 thousand host into many small network, each small network is called subnet. For
example, the Type B network address 138.38.0.0 can use the mask 255.255.224.0 to divide
the network into 8 subnet: 138.38.0.0138.38.32.0138.38.64.0 138.38.96.0
138.38.128.0 138.38.160.0 138.38.192.0 138.38.224.0please refer to the following
figure, each subnet can include 8000 host.
Figure 1-6 IP address subnet division
1.5.2 system IP configuration

System IP configuration is including:
create/delete manager VLAN interface
conifgure host name
configure in-band IP address and out-band IP address
33

Operation Manual
Chapter 1
Accidence
1.5.2.1 modify management VLAN interface

Use the following command to modify and manage VLAN interface so as to Telnet and
Console remote management.
Modify and managw VLAN interface:
Operation
Command
Modify and manage VLAN interface
management vlan <1-4094>
As default, the manager VLAN interface is VLAN 1.

1.5.2.2 configure host name
Use this command to configure host name.
Configure host name:
Operation
Command
Configure host name
hostname WORD
1.5.2.3 configure inband IP address

Use this command to configure in-band IP address.
Configure in-band IP address:
Operation
Command
Configure in-band IP address
ip address (A.B.C.D/M)
ip address (A.B.C.D) (A.B.C.D)
1.5.3 system IP display and debug

After above configuration, execute command show to show system IP operation in any
vision, then check information validation configuration.
System IP display and debug:
Operation
Command
show system
Show system IP
34

Operation Manual
Chapter 2
Port
Chapter 2 Port
2.1 Ethernet port configuration .
2.1.1 Ethernet port introduction
S2200ME switch provides 100M Ethernet electrical interface, and 10/100/1000M
Combo interface.
S2200ME Ethernet switch support Ethernet port features as below:
10/100/1000Base-TX Ethernet port can work in mode of half-duplex, full-duplex
and auto-negotiation, select the most suitable working mode with negotiation with other
network equipment, which can simply system configuration and management.
100/1000Base-FX multimode/singlemode/ middle-distance module Ethernet port is
operating under 100M/1000M full-duplex mode, the user need not configure it.
2.1.2 Ethernet port configuration

Ethernet port configuration is including:
enter Ethernet port vision
enable/disable Ethernet port
describe Ethernet port
set Ethernet port duplex state
set Ethernet port rate
set Ethernet port network cable type
set Ethernet port flow control
set Ethernet port broadcast storm control ratio
set Ethernet port link type
add the current Ethernet port into the designated VLAN
set Ethernet port default VLAN ID
set Ethernet port loop-back detection
set port statistics time interval
set port flow valve

2.1.2.1 enter Ethernet port
Configure Ethernet port, first enter Ethernet port vision.
Configure system vision.
Enter Ethernet port vision:
Operation
Command
35

Operation Manual
Enter Ethernet port vision
Chapter 2
Port
interface ethernet <1- 64>
2.1.2.2 enable/disable Ethernet port

After the port parameter and protocol is configured, use the following command to enable
the port; if certain port need not transmit data, use the following command to disable the
port. Do configuration under Ethernet port vision. Enable or disable Ethernet port.
Enable or disable Ethernet port:

Operation
Shutdown Ethernet port
Enable Ethernet port
Command
shutdown
no shutdown
2.1.2.3 describe Ethernet port

Use the following command to set port description character string to distinguish each
port.
Do configuration under Ethernet port.
Describe Ethernet port:
Operation
Command
Set Ethernet port to describe description STRING
character string
Delete Ethernet port to describe no description
character string
As default, port description character string is vacant character string.
2.1.2.4 set Ethernet port duplex status and rate
If you want the port can receive data packet while sending data packet, set the port to be
full-duplex attribute; If you want the port only send or receive data packet at one time, set
the port to be half-duplex attribute; when set port to be auto-negotiation state, the port
duplex state is decided by auto-negotiation of this port and the peer end port.
Do configuration under Ethernet port vision.
Set Ethernet port duplex state:
Operation
Command
Set Ethernet port duplex state and rate
duplex { auto | full | half } speed { 10 | 100
| 1000 }
Attention:
100M Ethernet electrical port supports full-duplex, half-duplex or auto-negotiation work
mode, which can be set according to the demand. 100M Ethernet optical port work mode is
set to be full-duplex mode by the system, it does not permit user to configure it.
36

Operation Manual
Chapter 2
Port
As default, the port duplex state is autoauto-negotiationstate.

2.1.2.5 set Ethernet port flow control
When local end and the peer end switch are enabled flow control, if local switch is blocked,
it will send information to the peer end switch and notify the peer end switch to stop
sending message for the moment; after the peer end switch received the information, it will
stop sending message to local end for the moment; this method avoids the message lose.
Use the following command to set whether enable or disable flow control for Ethernet
port.
Set Ethernet port flow control:
Operation
Enable Ethernet port flow control
Command
flow-ctrl enable
Disable Ethernet port flow control
flow-ctrl disable
As default, the port flow control is disabled.

2.1.2.6 set Ethernet port broadcast storm control ratio
Use the following command to limit the broadcast flow size permitted to be passing on the
port, when broadcast flow is over the user setting, the system will discard the broadcast
flow, make the broadcast flow ratio reduce to the reasonable range, efficiently control the
broadcast storm and avoid the network choke, assure the normal operation of network
service.
Do configuration under Ethernet port.
Set Ethernet port broadcast storm control ratio:
Operation
Command
Set Ethernet port broadcast storm packet-limit broadcast <0-1000000>
control ratio
As default, the permitted broadcast flow is 64Kbps
2.1.2.7 add Ethernet port into designated VLAN
This configuration task is to add the current Ethernet port into the designated VLAN.
Add Ethernet port into the designated VLAN :
Operation
Command
37

Operation Manual
Add current port into the designated
VLAN
Delete current port from the
designated VLAN
Chapter 2
Port
join vlan VLANLIST (tagged|untagged)

quit vlan VLANLIST
2.1.2.8 set Ethernet port default VLAN ID

If the port default VLAN ID is set, when the port received the message without VLAN Tag,
it will forward the message to default VLAN port; when the port transmit the message with
VLAN Tag, if the message VLAN ID is the same with the port default VLAN ID, the
system will delete the message VLAN Tag, then transmit the messag.
Set Ethernet port default VLAN ID:
Operation
Command
Set port default VLAN ID
pvid <1-4094>
2.1.2.9 port flow valve configuration
With the configuration of the port flow valve, the system will periodically monitor the port
data flow. When the port data flow is over the configured valve, the system will do
treatment with the designated mode to avoid the port choke caused by large flow data
transmission and reduce the effect of vicious user or virus user.
Set Ethernet port flow valve:
Operation
Set receiving rate limit for switch port
Set sending rate limit for switch port
Command
rate-limit rx <0-1000000>
rate-limit tx <0-1000000>
2.1.3 Ethernet port display and debug

After the above configuration, execute command show to show configured Ethernet port
operation state under privileged vision, validate the configuration effect with the
displaying information.
Show Ethernet port configuration:
Operation
Show Ethernet port configuration
Command
show interface <1-64>
2.1.4 Ethernet port configuration instance

1. network group requirement
Switch A is connected with Switch B of the peer end by using port Ethernet 1, configure
38

Operation Manual
Chapter 2
Port
port 1 default VLAN ID, when the port received the message without VLAN Tag, it will
transmit the message to the VLAN port of default VLAN ID; meanwhile, when the Trunk
port is transmitting the message with VLAN Tag, if the message VLAN ID is the same
with the port default VLAN ID, then remove the message the VLAN Tag, and transmit the
message.
2. network group figure
Figure 2-1 configure port default VLAN ID

3. configuration procedure
The configuration of Switch A is shown as below, Switch B is configured as the same:
# create VLAN 2 to 100
S2200ME(config)#interface vlan 2 100
# enter Ethernet 1 Ethernet port vision
S2200ME(config)#interface ethernet 1
# configuration port Ethernet 1 perrmit 2 to 100 VLAN pass
S2200ME(config-eth-1)#join vlan 2-100
# configure port Ethernet 1 default VLAN ID to be 100
S2200ME(config-eth-1)#pvid 100
2.1.5 Ethernet port fault correction

Fault: the configuration of default VLAN ID is failed
Fault remove: execute with the following procedure
use command show vlan to check if the vlan is existing or not. If not existing,
should create the vlan
configure the default VLAN ID
2.2 Ethernet port Trunk configuration

2.2.1 Ethernet port Trunk
Port Trunk is to aggregate multi port together and form a Trunk group, then implement
egress/ingress load sharing in each member port, it can provide latger bandwidth and high
39

Operation Manual
Chapter 2
Port
connection reliability when there is no increase for hardware investment.

S2200ME Ethernet switch can support 14 group Trunk at max, each group contain 8 port
at most. S2208ME Ethernet switch can support 10 group Trunk at max, each group contain
10 port at most. But 100M electrical port and 1000M interface can not be mix into one
Trunk.
2.2.2 Ethernet port Trunk configuration

Ethernet port Trunk configuration is including:
set a group Ethernet port to be Trunk port

2.2.2.1 set a group Ethernet port to be Trunk port
This configuration task is to set or delete Ethernet Trunk port.
Do configuration under system vision.
Configure Ethernet port Trunk:
Operation
Create Trunk group
Designate switch port to be certain Trunk member
Delete port from switch certain Trunk member
Command
interface trunk <1-14>
member PORTLIST
no member PORTLIST
2.2.3 Ethernet port Trunk display and debug

After the above configuration, execute command show to show configured Ethernet port
Trunk operation state under any vision, validate the configuration effect with the
displaying information.
Show Trunk port information:
Operation
Show Trunk port information
Command
Show trunk
2.2.4 Ethernet port Trunk configuration instance

This instance will validate the usage of port Trunk command, it will aggregate the multi
port together, and implement egress/ingress load sharing in each member port. The port
Trunk typical application is to aggregate multi Trunk port together, since Trunk port
permit multi VLAN to pass, Trunk port flow is too large, the flow should be shared in each
port.
Ethernet Switch A use 3 port to Trunk Ethernet Switch B, Switch A access port is Ethernet
1Ethernet 3.
40

Operation Manual
Chapter 2
Port
Figure 2-2 Ethernet port Trunk

The configuration of Switch A is shown as below, Switch B should be configured as the
same for efficient Trunk:
# Trunk Ethernet 1 to Ethernet 3 together
S2200ME#configure
S2200ME(config)#interface trunk 1
S2200ME(config-trunk-1)#member 1-3
#
S2200ME#show trunk
**************************************************
(M=Member,-=None)
**************************************************
Trunk Dis-Policy 1------8 9-----16 17----24
1
srcdst-mac MMM----- -------- -S2200ME#
2.2.5 Ethernet port Trunk configuration fault correction

Fault: when configuration port Trunk, there is prompt information if the configuration is
failed.
Fault remove:
check if the configured port belong to other existing Trunk group, if not, then to next
step.
Check if the configured port rate is the same and if it is full-duplex mode or not, if
41

Operation Manual
Chapter 2
Port
yes, then to next step.
If it is correct, then configure the port Trunk.

2.3 port isolate configuration
2.3.1 port isolate introduction
With the port isolation feature, implement that the different user port belong to identical
VLAN, but the different user can not communicate, so the network security is enhanced,
providing flexible network group solution,saving a lot of VLAN resource.
2.3.2 port isolate configuration

The main configuration of port isolation is including:
Configure Layer 2 isolation among port

2.3.2.1 configure L2 isolate between ports
With the following command to set the Layer 2 isolation among the designated VLAN
port, so the Layer 2 forwarding can not be executed among this VLAN port.
Do configuration under global vision.
Configure L2 isolate between ports
Operation
Command
Create a PVLAN
pvlan <1-64>
Enable Layer 2 isolation among VLAN port
isolate-ports PORTLIST
Delete Layer 2 isolation among VLAN port
no pvlan <1-64>
As default, the port between VLAN is not isolated in L2, the ports can forward in L2.
2.3.3 port isolate display and debug

After the above configuration, execute the command show to show the configured
Ethernet port isolation operation state under any vision, validate the configuration effect
with the displaying information.
Show information of Trunk port:

Operation
Command
show pvlan
Show port isolation
42

Operation Manual
Chapter 2
Port
2.3.4 port isolate configuration instance

The resident user connect with the switch, then the switch communicat with external
network through Ethernt 1 port. The resident user belong to an identical VLAN 1, they can
not communicate with each other.
Figure 2-3 port isolate group network

# enable port L2 isolation within VLAN
S2200ME#configure
S2200ME(config)#pvlan 1
S2200ME(config-pvlan-1)#isolate-ports 2-4
# show port Ethernet 2-4 isolated with each other
S2200ME#show pvlan
PVlan 1 isolate-ports 2-4
2.4 port security MAC configuration

2.4.1 port security MAC introduction
Port security is to only permit the data from certain MAC address (these MAC
address is configured by the administrator) to be forward by the switch, if there is no MAC
address, the switch will discard the received data.
After the port is enabled security MAC function, except for MAC configured by the
administrator, the port will not learn any other MAC, so avoid the illegal user to get online.
43

Operation Manual
Chapter 2
Port
2.4.2 port security MAC configuration

2.4.2.1 enable/disable port security MAC
This configuration task is to add or delete member MAC that is permitted to access the
switch port.
Enable or disable switch port MAC security access control:
Operation
Enable or disable port MAC security access control
Command
security-mac (enable|disable)
2.4.2.2 create/delete port security MAC

This configuration task is to add or delete member MAC that is permitted to access the
switch port.
Create/delete port security MAC
Operation
Create or delete port security MAC
Command
security-mac
(add|delete)
<1-4094> (AA.BB.CC.DD.EE.FF)
2.4.3 port security MAC display and debug

After the above configuration, execute command show to show the configured Ethernet
port security MAC operation state under any vision, validate the configuration effect with
the displayed information.
Show port security MAC information:
Operation
Command
Show port security MAC global enabled
show interface security-mac
Show port security MAC configuration
show
interface
security-mac
<1-64>
2.4.4 port security MAC configuration instance

The resident user connect with the switch, the switch will communicate with external
network through Ethernet 1 port. Each resident user is configured a security MAC.
44

Operation Manual
Figure 2-4 port security MAC group network

#enable switch port MAC security access control
S2200ME#configure
S2200ME(config-eth-1)#security-mac enable
S2200ME(config-eth-1)#security-mac add 1 00:00:00:00:00:01
S2200ME(config-eth-1)#end
#show switch port MAC security access control
S2200ME#show interface security-mac
If MaxMacNum CurrMacNum Status
1
24
1
enable
2
24
0
disable
3
24
0
disable
4
24
0
disable
5
24
0
disable
6
24
0
disable
7
24
0
disable
8
24
0
disable
9
24
0
disable
10 24
0
disable
S2200ME#show interface security-mac 1

Interface Ethernet 1
CurrMacNum : 1
MaxMacNum : 24
MacStatus : Enable
45
Chapter 2
Port

Operation Manual
VlanId
1
Chapter 2
Port
MacAddress
00:00:00:00:00:01
2.5 port static MAC configuration

2.5.1 port static MAC introduction
Port static MAC is to set certain MAC address on the port, these MAC is not aging,
then the user of these MAC always can get online.
2.5.2 port static MAC configuration

2.5.2.1 create/delete port static MAC
The configuration task is to add/delete static
create/delete port static MAC
MAC for switch certain port.
Operation
Create or delete port static MAC
Command
static-mac
(add|delete)
<1-4094>
(AA.BB.CC.DD.EE.FF)
2.5.3 port static MAC display and debug

After the above configuration, execute command show to show the configured Ethernet
port static MAC operation state under any vision, validate the configuration effect with the
displayed information.
Show static port information:
Operation
Command
Show port static MAC global information
show interface static -mac
Show port static MAC port configuration
show interface static -mac <1-64>
2.5.4 port static MAC configuration instance

The resident user connect with the switch, the switch will communicate with the external
network through Ethernet 1 port. Configure a static MAC for resident user.
46

Operation Manual
Chapter 2
Port
Figure 2-5 port static MAC group network

#add switch port static MAC
S2200ME#configure
S2200ME(config-eth-1)#static-mac add 1 00:00:00:00:00:01
#show switch port static MAC
S2200ME#show interface static-mac
If
Vlan
MacAddr
1
1
00:00:00:00:00:01
S2200ME#show interface static-mac 1
If
Vlan
MacAddr
1
1
00:00:00:00:00:01
2.6 port black hole MAC configuration

2.6.1 port black hole MAC introduction
Port black hole MAC is to set MAC address on port, these MAC will not be aging,
and prevent these MAC user to be online.
2.6.2 port black hole MAC configuration

2.6.2.1 create/delete port black hole MAC
47

Operation Manual
Chapter 2
Port
This configuration task is to add or delete black hole MAC for switch port.
Create/delete port black hole MAC:
opreation
Command
Create or delete port black hole MAC
blackhole-mac
(add|delete)
<1-4094>
(AA.BB.CC.DD.EE.FF)
2.6.3 port black hole MAC display and debug

After above configuration, execute show to show operation of configured Ethernet port
black hole in privileged user mode, then show information configuration effect.
Show information of black hole port:
opreation
Command
Show poer black hole MAC global information
show interface blackhole-mac
Show port black hole MAC port configuration
show interface blackhole-mac
<1-64>
2.6.4 port black hole MAC configuration instance

1. group network requirement
The residence user connect switchillegal attack network,switch connect with outer
network through Ethernt 1 port. Configure a black hole MAC on user connected port.
2. group network figure
Figure 2-6 port static MAC group network

#add switch port static MAC
S2100M#configure
48

Operation Manual
Chapter 2
Port

S2100M(config)#interface ethernet 1
S2100M(config-eth-1)#blackhole-mac add 1 00:00:00:00:00:01
S2100M(config-eth-1)#end
#show switch port static MAC
S2100M#show interface blackhole-mac
If
Vlan
MacAddr
1
1
00:00:00:00:00:01
S2100M#show interface blackhole-mac 1
If
Vlan
MacAddr
00:00:00:00:00:01
2.7 port user number limit

2.7.1 port user number limit introduction
When enabled interface access user number limit, if the switch find the learned mac
address number is beyond the configured access user numbeer, then the switch will read
the designated number mac address from this interface, and write them into the interface
security mac address list, then only the data of these users can pass through this interface;
since some PC may power off, then need to update the interface security mac address list,
therefore, the switch should requery after a period of time.
This function is mainly to solve the problem that some users use switch at home or
use HUB to provide LAN to other people, but they only pay one port expense.
2.7.2 port user number limit configuration

2.7.2.1 configure port user number
This command is to set the permitted user number, the limit number 0 means no limit for
user number.
Configure port user number
Operation
Command
Configure port user number
user-limit number <0-100>
2.7.3 port user number display and debug

After the above configuration, execute the command show to show the operation state of
the configured Ethernet port access user number limit under any vision, validate the
configuration effect with the displaying information.
49

Operation Manual
Chapter 2
Port
Show information of the accessing user number limit:

Operation
Show port usr number
Show port usr number configuration
Command
show interface user-limit
show
interface
user-limit
<1-64>
2.7.4 port user number configuration instance

The resident user connect with the switch, the switch will communicate with external
network through Ethernet 1 port. Configure user number limit for resident users accessing
port.
Figure 2-7 port user number limit group network

#configure port user number
S2200ME#configure
S2200ME(config-eth-1)# user-limit number 10
#show port user number configuration
S2200ME#show interface user-limit
If LimitNum CurrNum
1
10
0
2 0
0
3 0
0
50

Operation Manual
4
5
6
7
8
9
10
0
0
0
0
0
0
0
Chapter 2
Port
0
0
0
0
0
0
0
S2200ME#show interface user-limit 1

LimitNum: 10
CurrNum :0
2.8 port loopback detection

2.8.1 port loopback detection
Use the following configuration task to enable port loop-back check and set time
interval for monitoring port external loop-back, monitoring whether each port is enabled
external loop-back. If certain port is found to be loop-back, the switch will make the port
be under controlling state.
2.8.2 port loopback detection configuration

2.8.2.1 global shutdown or auto-comeback loopback detection
This command is used for global shutdown or auto-comeback loop-back check.
The operation mode is permanently shutdown loop-back interface or shutdown for a period
of time then autostart for loop-back check again, this is an isolation mode.
Global shutdown or auto-comeback loop-back check.
Operation
Global shutdown or auto-comeback loopback then
detect
Command
loop-check
(shutdown|isolation)
action
2.8.2.2 set system loopback detection time

Set loopback expire time in shutdown mode.
Operation
Set loopback expire time in shutdown mode
Command
loop-check expire-time <0-65535>
51

Operation Manual
Chapter 2
Port
2.8.2.3 enable/disable loopback detection on port

This command is to enable,disable, restart port loopback detection.
Enable, disable, restart port loopback detection
Operation
Command
Enable, disable, restart port loopback detection
loop-check
(enable|disable|re-check)
2.8.2.4 configure VLAN for loopback detection
This command is to execute loop-check on which VLAN for the designate switch certain
port.
The certain port of the designated switch execute loop-check on which VLAN:
Operation
The certain port of the designated switch execute
loop-check on which VLAN.
Command
loop-check vlan <1-4094>
2.8.3 port loopback detection display and debug

Ethernet port loop-check operation state under any vision, validate the configuration effect
with the displayed information.
Operation
Show port loop-check global information
Show port loop-back port configuration
Coammnd
show loop-check
show interface loop-check
2.8.4 port loopback detection configuration instance

52

Operation Manual
Chapter 2
Port
Figure 2-8 port loopback detection group network

#configure port loopback detection
S2200ME#configure
S2200ME(config)#loop-check action shutdown
S2200ME(config-eth-1)# loop-check enable
S2200ME(config-eth-1)#loop-check vlan 1
#show port loopback detection
S2200ME#show loop-check
LoopCheck Action : isolation
LoopCheck ExpireTime : 0, for shutdown action only.
LoopCheck Trap : disable
S2200ME#show interface loop-check
If Loop-check Vlan Status
1
enable
1
tx-rx loop
2 disable
1
linkdown
3 disable
1
linkdown
4 disable
1
topo-loop
5 disable
1
linkdown
6 disable
1
linkdown
7 disable
1
linkdown
8 disable
1
linkdown
9 disable
1
linkdown
10 disable
1
linkdown
11 disable
1
linkdown
12 disable
1
linkdown
53

Operation Manual
13 disable
1
14 disable
1
15 disable
1
16 disable
1
17 disable
1
18 disable
1
19 disable
1
20 disable
1
21 disable
1
22 disable
1
23 disable
1
24 disable
1
25 disable
1
26 disable
1
27 disable
1
28 disable
1
Chapter 2
Port
linkdown
linkdown
linkdown
linkdown
linkdown
ok
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
linkdown
2.9 remote mirror

2.9.1remote mirror
Remote mirror has no limit for that source port and destination port should be on same
device, make source port and destination port enable to cross multi devices in network,
which is convenient for network management staff to monitor traffic flow of remote device.
In order to implement remote port mirror, a special VLAN should be defined. All mirrored
message will be transmitted to destination switch mirror port from source switch echo port
through VLAN, then monitor message received from source switch port on destination
switch.
2.9.2 remote mirror configuration

2.9.2.1 ingress port enable/disable remote mirror
This command is to enable/disable ingress port remote mirror
Ingress port enable/disable remote mirror:
Operation
Command
Ingress port enable/disable remote mirror
rspan ingress (add|del) src-port
<1-64> reflect-port <1-64> vid
<1-4094>
2.9.2.2 egress port enable/disable remote mirror
54

Operation Manual
Chapter 2
Port
This command is to enable/disable egress port remote mirror.

Egress port enable/disable remote mirror:
Operation
Command
Egress port enable/disable remote mirror
rspan egress (add|del) src-port
<1-64> reflect-port <1-64> vid
<1-4094>
55

Operation Manual
Chapter 3
VLAN
Chapter 3 VLAN
3.1 VLAN configuration
3.1.1 VLAN introduction
With the increasement of network users, the network management become important,
therefore, VLAN (virtual local area network) has the feature of popular switch. VLAN can
reduce the work burden of network engineer. VLAN can permit the network administrator
to delete the former physical limit, and control the users Layer 3 network address no matter
which network position it is in. The other advantage of VLAN is including enhancement of
network security and flexible to control broadcast and distribute communication.
VLAN (Virtual Local Area Network), is a technology that logically divide the device
in LAN into network fields to implement virtual work group. IEEE proposed IEEE 802.1Q
protocol proposal with standard VLAN solution in 1999.
VLAN technology permit network administrator to logically divide a physical LAN
into different broadcast area (or called virtual LAN, that is VLAN), each VLAN contain a
group PC with the same requirement, since VLAN is divided logically, so each PC in the
same VLAN has no need to put in identical physical space, that means these PC may not
belong to identical physical LAN network field.
VLAN advantage is that the inner broadcast and unicast flow of VLAN can not be
forward into other VLAN, helpful to control network flow, reduce device investment,
simplify network management, improve network security.
Use the switch can increase high-end user device feature by LAN division. The
switch is only multi-port net bridge, it uses the hardware constituted by professional
integrated circuit to finish net bridge software realization. Similar to the net bridge, the
switch also use destination MAC address to assure that the data is forward to the correct
port. Compared with the net bridge, this method increased bandwidth. Since each network
field is operating on respective professional port, only the service flow that destination
address is other network field will pass through the switch source port and destination port,
but the port not related with destination address will not be influenced.
However, the above solution has one problem: since the switch is multi-port net
bridge using professional integrated circuit, so it can transmit broadcast service flow too.
But most switch can be configured a broadcast limit. When reaching broadcast limit,
all broadcast message beyond broadcast limit will be discard. Select broadcast limit
properly, then the broadcast message will be discard only when the broadcast storm
happens.
56

Operation Manual
Chapter 3
VLAN
3.1.2 VLAN configuration

When configure VLAN, first configure VLAN scope, then create VLAN.
VLAN configuration is including:
configure VLAN scope
create/delete VLAN
designate Ethernet port for VLAN

3.1.2.1 configure VLAN scope
When VLAN scope is confirmed, the system will delete all VLAN in this scope, and set
the min VLAN in the scope to be new default VLAN, then auto create VLAN interface for
default VLAN, and configure IP address.
Configure VLAN scope:
Operation
Configure VLAN scope
Command
interface vlan <1-4094> [<1-4094>]
3.1.2.2 create/delete VLAN

Use the following command to create/delete VLAN. When creating VLAN, if the VLAN
is existing, then directly enter the VLAN vision; if the VLAN is not existing, the
configuration task is to first create VLAN, then enter VLAN vision.
Create/delete VLAN:
Operation
Command
Create VLAN and enter VLAN
interface vlan vlan_id
vision
Delete the created VLAN
no vlan <1-4094> [<1-4094>]
3.1.2.3 designate Ethernet port for VLAN
Designate Ethernet port for VLAN.
Do configuration under VLAN vision.
Designate port for VLAN:
Operation
Add Ethernet port for the
designated VLAN
Delete certain Ethernet port for the
designated VLAN
Command
member PORTLIST (tagged|untagged)
no member PORTLIST
57

Operation Manual
Chapter 3
VLAN
As default, the system will add all port into default VLAN 1.
3.1.3 VLAN display and debug

After the above configuration, execute the command show to show the configured VLAN
operation state, validate the configuration effect with the displaying information.
VLAN display and debug
Operation
Show VLAN information
Command
show vlan
3.1.4 VLAN typical configuration instance

For existing VLAN2VLAN3, add port Ethernet 1 and Ethernet 2 into VLAN 2, add port
Ethernet 3 and Ethernet 4 into VLAN 3.
Figure 3-1 VLAN configuration

# create VLAN2 and enter the vision
58

Operation Manual
S2200ME#configure
S2200ME(config)#interface vlan 2
# add port Ethernet 1 and Ethernet 2 into VLAN2
S2200ME(config-vlan-2)#member 1,2
# create VLAN3 and enter the vision
S2200ME(config)#interface vlan 3
# add port Ethernet 3 and Ethernet 4 into VLAN3
S2200ME(config-vlan-3)#member 3,4
59
Chapter 3
VLAN

Operation Manual
Chapter 4
Network protocol
Chapter 4 Netowrk protocol

4.1 DHCP-Relay configuration
4.1.1 DHCP-Relay introduction
For the consideration of security, should keep record for IP address of online user,
assure whether the users IP address and host MAC address are corresponding. The switch
can obtain IP address through DHCPRelay user.
When distribute IP address for user, DHCP server transmit DHCPACK message. The
user will get IP address after received DHCPACK message. Monitor DHCPACK message
is a method to get user IP address.
DHCPREQUEST message is broadcast message that user request DHCP Server to
distribute address. IP address applied by user with DHCPREQUEST message is the same
with the IP address distributed to user by Server through DHCPACK message. Monitor
DHCPREQUEST message is another method to get user IP address.
After DHCPRelay is enabled, Ethernet switch can receive DHCPACK or
DHCPREQUEST message and record IP address and MAC address.
4.1.2 DHCP-Relay configuration

DHCP-Relay configuration is including:
enable/disable switch DHCP-Relay function

4.1.2.1 enable/disable switch DHCP-Relay function
Do configuration under management VLAN vision.
enable/disable switch DHCP-Relay function
Operation
Command
disable/enable switch DHCP-Relay
dhcp relay (enable|disable)
function
Configure IP address for the peer
dhcp relay server-ip (A.B.C.D)
end server of Dhcp relay service
As default, Ethernet switch DHCP-Relay function is disabled.
4.1.3 DHCP-Relay display and debug

After the above configuration, execute the command show to show the relationship of user
IP address and MAC address recorded by DHCP-Relay under all vision.
60

Operation Manual
Chapter 4
Network protocol
DHCP-Relay display and debug

Operation
Show DHCP-Relay configuration
Command
show dhcp
61

Operation Manual
Chapter 5
COS
Chapter 5 COS
5.1 COS configuration
5.1.1 COS introduction
The priority defined in 802.1P has 8 types. The network administrator should decide
practical mapping state, but IEEE give many suggestion. The highest priority is 7, which is
applied to key network flow, e.g.: route list update of route information protocol (RIP) and
open shortest path first (OSPF). The priority 6 and 5 are mainly used for delay-sensitive
application program, e.g.: interactive video and audio. The priority 4 ~1 are mainly used
for controlled-load application program, e.g.: streaming multimedia and business-critical
trafficfor example, SAP dataand loss eligible flow. The priority 0 is the default.
S2200ME switch COS has 4 queue in hardware, all support 8 priority of 802.1Q.
5.1.2 COS configuration

5.1.2.1 enable/disable COS
This configuration task is to enable/disable COS function.
enable/disable COS function:
Operation
enable/disable COS
Command
cos (enable|disable)
5.1.2.2 set mapping relationship of data frame priority and priority queue
This configuration task is to set mapping relationship of data frame priority and priority
queue.
Set mapping relationship of data frame priority and priority queue
Operation
Set mapping relationship of data
frame priority and priority queue
Command
cos priority <0-7> queue <0-3>
5.1.2.3 configure switch priority queue weight

The configuration task is to configure switch priority queue weight.
Configure switch priority queue weight
62

Operation Manual
Operation
Configure switch priority queue
weight
Chapter 5
COS
Command
cos queue <0-3> weight <1-31>
5.1.2.4 set switch priority queue mode

This configuration task is to set switch priority queue mode.
Set switch priority queue mode
Operation
Set switch priority queue
mode
Command
cos queue mode
(strict|weighted-round-robin|sp+wrr3|sp2+wrr2)
5.1.2.5 COS display and debug

operation state under any vision, validate the configuration effect with the displayed
information.
Show COS configuration
Operation
Show COS configuration
Command
show cos
63

Operation Manual
Chapter 6
SGM
Chapter 6 SGM
6.1 SGM configuration
6.1.1 SGM introduction
6.1.1.1 introduction
With SGM function, the network administrator can manage multi switch through a
host switch public network IP address. The host switch is called mmonitor device, other
managed switch is called member device. Generally, the member device is not set public
network IP address, implement management and maintenance of member device with
monitor device redirection. The monitor device and member device make a group. The
typical application environment is shown as below:
64

Operation Manual
Chapter 6
SGM
Figure 6-1 SGM
6.1.1.2 switch role

According to the state and function of each switch in SGM, form different role, user
can designate switch role through configuration, different role can be transformed with
certain rule.
The SGM role: monitor device, member device and candidate device.
Monitor device: configure public network IP address, provide the switch with
management interface for all switch in SGM. The monitor device can manage the
member device through command redirection: user send management command to
the monitor device through public network, the management command is dealed
with by the monitor device; If the monitor device find that this command is sent to
certain member device, then forward this command to member device for treatment.
The monitor device has the function of discoverying neighbour information,
collecting whole network topology structure, managing SGM, maintaining SGM
state, supporting all agent.
Member device: the member of SGM, generally not configured with public network
IP address. The user manage member device through the monitor device command
redirection. The member device has the function of discoverying the neighbour
information, receiving management of monitor device, executing the command from
the agent, reporting the fault/log.
Candidate device: the switch that have not add into any SGM, but with the capability
of SGM and be able to be SGM member.
The role transformation rule is shown as below:
65

Operation Manual
Chapter 6
SGM
Figure 6-2 role switch rule
Each SGM should designate one (only one) monitor device. After the monitor deivce
is designated, the monitor device can assure and discover the candidate device with
the collected NDP/NTDP information. The user can add the candidate device into the
SGM with the corresponding configuration.
Afte the candidate device is added into SGM and become member device; the
member device will comeback to be candidate device after it is deleted.
6.1.1.3 function
SGM advantage:
Simplify the the configuration management task: only configure a public network IP
address on monitor device, implement the configuration and management for multi
switch, no need to log on each member device Console port for configuration;
Provide topology discovery and display function, helpful for network monitoring and
debugging;
Save IP address;
Upgrade software and configure parameter for multi switch at the same time;
No restriction by network topology structure and distance.
SGM is including the following function:
Network topology discovery
Network topology collection
Member identification
Member management
The detailed configuration of each function of SGM management is shown as below:
6.1.2 SGM configuration

6.1.2.1 enable/disable port SGM
Use the following command to enable/disable port SGM.
Enable/disable port SGM
operation
command
enable/disable port SGM
sgm (enable | disable)
6.1.2.2 enable SGM configuration interface on designated vlan
This command is configured under interface mode.
Enable/disable port SGM
operation
66
command

Operation Manual
Enable SGM configuration interface
on designated vlan
Chapter 6
SGM
sgm inband enable <1-4094>
6.1.2.3 set interface to join/exit vlan list

This command is configured under interface mode:
Operation
Command
Set interface to join/exit vlan list
sgm vlan (add|remove) VLAN-LIST
6.1.2.4 assign/delete IP address for designated SGM device
This operation is executed under SGM mode. This command is to assign/delete IP address
for designated SGM device. The designated IP should be in ip-pool, the device maybe
member switch or candidate switch. This command is only executed by command switch.
Attention: donot set ip address be in identical network field with member switch or
candidate in-band and out-band address, or SGM will be fail.
Operation
Command
Assign/delete IP address for SGM
sgm member (AA.BB.CC.DD.EE.FF) ip
device
(A.B.C.D/M)
no sgm member (AA.BB.CC.DD.EE.FF) ip
6.1.2.5 set cluster pool
This configuration is executed under SGM mode. This command is to set cluster ip-pool.
When the address distribution policy is set to be auto, the system will distribute a vacant IP
address to the member that new-joined. If certain switch has joined SGM to be member
switch before command switch configure ip-pool, the switch will not be assign address,
then assign IP address in manual mode. For the switch configured ip-pool and need to
reconfigure, configure the switch role to be candidate switch, then switch to command
switch to clear ip-pool for reconfiguration. The IP-pool should meet demand
(address=address&mask). The first address in ip-pool will be auto-assign to command
switch. Only command switch can execute this command. We suggest that: the address
mask can not be configured too large, generally, 24-bits mask is enough (support 253
member). If mask is too large, the IP address initialization will be too slow, this application
is not available in practical operation.
Attention: donot set ip-pool to be in identical network field with command switch or
member switch in-band and out-band address, otherwise, the SGM management will fail.
Operation
Set cluster ip-pool
Command
sgm cluster ip-pool (A.B.C.D/M)
sgm cluster ip-pool (A.B.C.D) (A.B.C.D)
6.1.2.6 set cluster IP allocation policy

67

Operation Manual
Chapter 6
SGM
This configuration is executed under SGM mode. This command is to set cluster IP
allocation policy, ip-pool need to configure for auto-allocation, when a member new joined,
the system will assign a vacant IP from ip-pool for this member. For manual allocation,
use other command to assign address in manual mode. This command is executed by
command switch.
Operation
Command
Set cluster IP allocation policy
sgm ip-allocation (auto|manual)
6.1.2.7 set cluster join policy
This configuration is executed under SGM mode. This command is to set cluster IP join
policy, when auto join, the command will actively sent join message to ask to join cluster,
For manual join, no join message will be sent actively, it need other command to join.
This command is executed by command switch.
operation
command
Set cluster join policy
sgm join-policy (auto|manual)
6.1.2.8 command switch access certain designated member, then configure it
access certain designated member for command switch, then configure it:
Operation
Command switch access certain
designated member, then configure
it
Command
sgm member (AA.BB.CC.DD.EE.FF)
6.1.2.9 configure time interval of topology collection

Use this command to configure time interval of topology collection.
Configure time interval for topology collect:
Operation
Command
Configure time interval for
sgm map-collect time (<1-100>|default)
topology collect
6.1.2.10 manual add/remove certain designated member
This configuration is exeuted under SGM mode. this command is to manual add/remove
ceratin designated member. When cluster adding policy is manual, add certain designated
device to be member with add mode of this command. Remove mode of this command is
to delete certain existing member. This command is only executed by command switch.
This command is used with 6.1.2.7 manaual configuration.
Operation
Command
68

Operation Manual
Add/remove certain designated
member in manual mode
Chapter 6
SGM
sgm member (add|remove) (AA.BB.CC.DD.EE.FF)
6.1.2.11 configure time interval of sending Handshake message

Use this command to configure time interval of sending Handshake message.
Configure time interval of sending handshake message:
Operation
Command
Configure time interval of sending
sgm member handtime (<1-300>|default)
Handshake message
6.1.2.12 set valid holdtime for member switch after entered Connect state
Use the following command to set valid holdtime for member switch after entered Connect
state.
Set valid holdtime for member switch after entered Connect state:
Operation
Command
Set valid holdtime for member
sgm member holdtime (<1-300>|default)
switch after entered Connect state
6.1.2.13 set role for switch in SGM
Use the following command to set role for switch in SGM.
Set role for switch in SGM:
Operation
Command
Set role for switch in SGM
sgm role (independence|candidate|commander)
6.1.2.14 SGM display and debug
operation state under any vision, validate the configuration effect with the displaying
information.
Operation
Show SGM neighbour
Show SGM port information
Show SGM local information
Command
show sgm neighbor (AA.BB.CC.DD.EE.FF)
show sgm interface [<1-64>]
show sgm local
6.1.3 SGM configuration instance

69

Operation Manual
Chapter 6
SGM
Three switches constitute a SGM, the monitor device manage two member devices. The
monitor device is connected with two member switches through port Ethernet 1 and port
Ethernet 2. The monitor device is connected with external network through port Ethernet
1.
Figure 6-3 SGM management network group

(1) configure command switch
# enable port 1 SGM
S2200ME#configure
S2200ME(config-eth-1)#sgm enable
S2200ME(config-eth-1)#sgm enable vlan 1
S2200ME(config-eth-1)#sgm inband enable 1
# configure SGM
70

Operation Manual
Chapter 6
SGM
S2200ME(config)#sgm
S2200ME(config-sgm)#sgm role commander
S2200ME(config-sgm)#sgm join-policy auto
S2200ME(config-sgm)#sgm ip-allocation auto
S2200ME(config-sgm)#sgm cluster ip-pool 4.3.2.0/24
S2200ME(config-sgm)#
(2) configure candidate switch
# enable port 1 SGM
S2200ME#configure
S2200ME(config-eth-1)#sgm enable
S2200ME(config-eth-1)#sgm enable vlan 1
S2200ME(config-eth-1)#sgm inband enable 1
71

Operation Manual
Chapter 7
STP
Chapter 7 STP
7.1 STP configuration
7.1.1 STP introduction
7.1.1.1 STP usage
STP (Spanning Tree Protocol) can be applied to loop network to implement route
redundance with certain algorithm, and clip loop network into tree-shaped network without
loop, avoid message increasement and infinite loop in loop network.
7.1.1.2 STP realization
STP basic principle is to transmit a particular protocol message among switch (this
protocol message is called configuration information in IEEE 802.1D) to assure the
network topology structure. The configuration information contains enough information to
assure the switch to be able to finish STP algorithm.
The configuration information is including the following content:
Tree root ID: made by tree root priority and MAC address;
The shortest path cost to the tree root;
ID of the designated switch: made by the designated switch priority and MAC
address;
ID of the designated port: made by the designated port priority and port serial No.
The lifetime of the configuration information: MessageAge
The max lifetime of the configuration information: MaxAge
The period of transmitting configuration information: HelloTime
Forward Delay of port state: ForwardDelay
The meaning of the designated port and switch can refer to the following description:
72

Operation Manual
Chapter 7
STP
Figure 7-1 the designated switch and designated port

For a switch, the designated switch is the switch that directly connected with the PC
and be responsible to forward data packet to PC, the designated port is the port that the
designated switch forward data to the PC; for a local area network (LAN), the designated
switch is the switch that is responsible to forward data packet to this network field, the
designated port is the port that the designated switch forward data to this network field.
Shown as Figure 7-1, AP1AP2BP1BP2CP1CP2 respectively represent for the port
of Switch A, Switch B, Switch C, Switch A is forwarding data through port AP1 to Switch
B, so the designated switch of Switch B is Switch A, the designated port is the port AP1 of
Switch A; The two switch connecting with LAN are: Switch B and Switch C, if Switch B
is responsible to forward data packet to LAN, the designated switch of LAN is Switch B,
the designated port is BP2 of Switch B.
The detailed procedure of STP algorithm:
The following is the instance to describe the procedure of STP algorithm.
The detailed network group is shown as the figure:
73

Operation Manual
Chapter 7
STP
Figure 7-2 Ethernet switch network group

For convenience of description, the instance only show the first 4 configuration
information: tree root (represent as Ethernet switch priority), root path cost, the designated
switch ID (represent as Ethernet switch priority), the designated port ID (represent as port
No.). Shown as the above figure, the priority of Switch A is 0, the priority of Switch B is 1,
the priority of Switch C is 2, the path cost of each link is shown as the figure: 5, 10, 4.
(1) initial state
Each port of each switch will form the configuration information with root is itself at
initial time, the root path cost is 0, designate switch ID to be its own switch ID, designate
the port to be its own port.
Switch A
Port AP1 configuration information{000AP1}
Switch B
Port BP1 configuration information{101BP1}
Port BP2 configuration information{101BP2}
Switch C
Port CP2 configuration information{202CP2}
Port CP1 configuration information{202CP1}
(2) select the best configuration information
Each switch will send out own configuration information. When certain port received
the configuration information which priority is lower than its own configuration
information priority, the switch will discard the received configuration information and
74

Operation Manual
Chapter 7
STP
doesnot do any treatment for port configuration information. When the port received the
configuration information which priority is higher than this port configuration information
priority, the switch will replace the port configuration information with the received
configuration information. Then the Ethernet switch will compare the port configuration
information with other port configuration information of the switch, select the best
configuration information with the following comparison principle:
If the tree root ID is small, the configuration information priority is high;
If tree root ID is the same, then compare the root path cost, the comparison method is:
use root path cost in configuration information plus the path cost of this port (total is
S), the configuration information with smaller S will have higher priority;
If root path cost is the same, then compare the designated switch ID, the designated
port ID, the port ID that receive the configuration information. For the convenience
of description, the instance is supposed to compare tree root ID to select the best
configuration information.
(3) assure root port, and block redundance link, then update the designated port
configuration information, the port that the swith receive the best configuration
information is root port, port configuration information is not changed; In other port, if
certain port configuration information is updated during the course of select the best
configuration information, the switch will block this port, the port configuration
information is not changed, this port will not forward data, only receive but not transmit
configuration information; If certain port configuration information is not updated during
the course of select the best configuration information, the switch will designate it to be
the designated port, the configuration information will be changed as following: tree root
ID is replaced to be tree root ID of root port configuration information; the root path cost is
replaced to be root port configuration information root path cost and root port path cost;
the designated switch ID is replaced to be own ID; the designated port ID is replaced to be
own port ID.
The comparison of each switch in the instance is shown as below:
Switch A
Port AP1 receive the configuration information of Switch B, if Switch A discover that
the configuration information priority of this port is higher than the received configuration
information priority, it will discard the received configuration information. The port AP2
configuration information treatment is similar to the port AP1. if Switch A discover that
the tree root and the designated switch of each port configuration information are itself, it
will consider that it is tree root, each port configuration information will not be modified,
then periodically send out configuration information. At this time, two port configuration
information is shown as below:
Switch B
75

Operation Manual
Chapter 7
STP
Port BP1 receive the configuration information of Switch A, after comparison, Switch
B discover that the received configuration information priority is higher than port BP1
configuration information priority, then update port BP1 configuration information. Port
BP2 receive the configuration information of Switch C, if Switch B discover that the port
configuration information priority is higher than the received configuration information
priority, it will discard the received configuration information. At this time, each port
configuration information is shown as following: port BP1 configuration information: {0
00AP1}, port BP2 configuration information: {101BP2}.
Switch B will compare each port configuration information, select port BP1 configuration
information to be the best configuration information, then designate port BP1 to be root
port, the whole switch port configuration information is updated as below: root port BP1
configuration information is not changed: {000AP1}. In port BP2 configuration
information, tree root ID is updated to be the best configuration information root ID, root
path cost is updated to be 5, the designated switch ID is updated to be this switch ID, the
designated port ID is updated to be this port ID, the configuration information is changed
to be: {051BP2}. Then each designated port of Switch B will periodically send out
own configuration information.
Switch C
Port CP2 will first receive the configuration information {101BP2} from Switch
B port BP2 before update, SwitchC trigger the update course, the configuration
information after update is shown as following: {101BP2}
Port CP1 receive the configuration information of Switch A {000AP2}, then
Switch C trigger the update too, the configuration information after update is shown as
following: {000AP2}
With comparison, port CP1 configuration information will be selected to be the best
configuration information, port CP1 will be root port, its configuration information will
not be changed; and port CP2 will be blocked, the port configuration information will not
be changed, at the same time, this port will not receive the data forward from Switch B
(not including STP protocol message), until new situation triggered stp reaccounting, e.g.:
link down from Switch B to Switch C, or the port will receive the best configuration
information.
Then port CP2 will receive the configuration information {051BP2} from Switch
B after update, since the received configuration information is better than the former
configuration information, Switch C will trigger update, the updated configuration
information is: {051BP2}. At the same time, port CP1 receive Switch A configuration
information, after comparison, Switch C will not trigger update, the configuration
information is still: {000AP2}.
After comparison, port CP2 configuration information is selected to be the best
configuration information, port CP2 is designated to be root port, its configuration
information will not be changed, but port CP1 will be blocked, the port configuration
information is not changed, at the same time, it will not receive the data forward by Switch
76

Operation Manual
Chapter 7
STP
A until new situation trigger the stp accounting, e.g.: link down from Switch B to Switch
C.
Then STP is made shown as below, the tree root is Switch A:
Figure 7-3 final stable stp

For the convenience of description, simplify much accounting, operation content (e.g.:
tree root and designated switch ID should be constituted by the switch priority and MAC
address during practical accounting, the designated port ID is constituted by the port
priority and port MAC address; During the update of configuration information, besides
the first four items are changed, other configuration information will be changed with
certain rules).
STP configuration information transmission system:

When network initialization, all switch make itself be root. The designated port of
switch transmit the port configuration information in the period of HelloTime; If the port
received configuration information is root port, the switch will increase MessageAge of
configuration information with certain principle, and enable timer for timing of this
configuration information. If certain path is fault, the root port on this path will not receive
the new configuration information, old configuration information will be discard because
of timeout, then stp will be accounting again and get a new path to replace the fault link,
the network connectivity will comeback.
Howeever, the new congiguration information after reaccounting will not transmit
whole network immediately, the old root port and the designated port that havenot
discovered the network topology will still continue forwarding data according to the
former path, if the new selected root port and the designated port begin to forward data
immediately, it may cause temporary path loop. STP is using a state transmission, before
77

Operation Manual
Chapter 7
STP
root port and the designated port transmit data, they will pass through ForwardDelay then
enter data transmission state, this delay assure that the new configuration information have
already transmitted whole network.
7.1.1.3 STP realization in Ethernet switch
RSTP (Rapid Spanning Tree Protocol) of Ethernet switch is the optimization of STP.
It is rapid for root port and the designated port to enter forwarding state, reduce the
ForwardDelay, then shorten the time to make network topology stable.
The condition of root port state rapid transmission is: the old root port of this switch
have stopped forwarding data, the uplink designated port have began to forward data.
The condition for rapid transmission of the designated port state is:
The designated port is edge port, that is, the port is connected with any switch
undirectly. If the designated port is edge port, it can directlt enter forwarding state.
The designated port is connected with point-to-point link. The condition for
connection between the port and the point-to-point link is that the Trunk port is
master port or be working under full-duplex state with auto-negotiation port. The
user also can configure the port to be connected with point-to-point link by force,
but it will cause fault, we suggest user not configure like this. If the designated port
is connected with the point-to-point link, the switch can enter forwarding state by
handshake with downlink switch.
The switch with application of RSTP can be compatible with the switch applied STP,
both two protocol message can be identified by the switch applied RSTP and be applied
to the STP accounting.
7.2 RSTP configuration

7.2.1 RSTP configuration instance
7.2.1.1 network group requirement
In the following network, Switch C is the backup switch of Switch B, when Switch B
has fault, data is forward by Switch C, Switch C and Switch B are connected through two
link, assure that when a link is fault, another link can operate normally; Switch DSwitch
F are hanging with user PC, connected with Switch C, Switch B through a uplink port.
This demand can be implemented by configuration of RSTP on Switch BSwitch F. In
the following configuration procedure, only list RSTP configuration. Switch A will not
take part in RSTP accounting, not configure RSTP, so we will not introduce the
configuration of Switch A, the configuration of Switch DSwitch F are basically same,
we only list RSTP configuration on Switch D.
7.2.1.2. network group figure
78

Operation Manual
Figure 7-4 RSTP configuration
7.2.1.3 configuration procedure

(1) configuration of Switch B
S2100ME(config-stp)#stp enable
S2100ME(config-stp)#stp mode rstp
S2100ME(config-stp)#stp priority 0
S2100ME(config-eth-1)#stp enable
(2) configuration of Switch C
79
Chapter 7
STP

Operation Manual
Chapter 7
STP
(3) configuration of Switch D
Configuration of Swicth E and F are the same with Swicth D.
7.3 MSTP configuration

7.3.1.1 netowrk group requirement
MSTP can forward different VLAN message in same network group, then implement
different VLAN data load sharing and redundant backup. After MSTP calculation, each
VLAN have a redundant backup link, after current working link is invalid, the redundant
backup link will be valid at once, reducing flow lose caused by link fault.
7.3.1.2 network group figure
80

Operation Manual
7.3.1.3 configuration procedure
(1) configuration of Switch B
Switch B(config-stp)#stp enable
Switch B(config-stp)#stp instance 1
Switch B(config-stp)#stp instance 1 vlan 10
Switch B(config-stp)#stp instance 1 priority 0
Switch B(config-stp)#stp instance 3 priority 0
(2) configuration of Switch C

Switch C(config-stp)#stp enable
Switch C(config-stp)#stp instance 1
Switch C(config-stp)#stp instance 1 vlan 10
Switch C(config-stp)#stp instance 2 priority 0
Switch C(config-stp)#stp instance 4 priority 0
(3) configuration of Switch D

Switch D(config-stp) #stp enable
Switch D(config-stp)#stp instance 1
Switch D(config-stp)#stp instance 1 vlan 10
Configuration of Swicth E and F are the same with Swicth D.
81
Chapter 7
STP

Operation Manual
Chapter 8
Security
Chapter 8 Security
8.1 AAA and RADIUS protocol configuration
8.1.1 AAA and RADIUS protocol introduction
8.1.1.1 AAA introduction
AAA is Authentication, Authorization and Accounting, it provides an uniform frame
for authentication, authorization and accounting, it just like a management for network
security.
The network security is mainly for access control, including:
The users who can access network server?
Which service do the users have?
How to account the users who are using network resource?
For the above problem, AAA should provide the following service:
Authentication: authenticate if user get access authority
Authorization: which service can the authorized user use
Accounting: record network resource that user used
AAA generally use client/server structure: the client-end is operating at the side of the
managed resource, the server is for storage of user information. Therefore, AAA frame is
expansible, flexible to implement integrated management of user information.
8.1.1.2 RADIUS protocol introduction
AAA is a management frame, therefore, it can be realized with multi protocol.
Generally, people always use RADIUS protocol to realize AAA.
1. what is RADIUS
RADIUS is Remote Authentication Dial-In User Service, it is a distributed,
client/server structure information interactive protocol, which can protect network from the
interference of unauthorized access, it is often applied to different network environment
that require high security and keep accessing for remote user (e.g.: it is often applied to
manage a lot of distributed dialing users who are using serial port and modem). RADIUS
system is the key subsidiary part of NAS (Network Access Server).
After RADIUS system is enabled, if user need to establish connection with NAS
(dialing access server under PSTN environment or Ethernet switch with accessing function
under Ethernet environment) and get authority to access other network or to get certain
82

Operation Manual
Chapter 8
Security
network resource, NAS, which is RADIUS client-end, will transmit user authentication,
authority and accounting request to RADIUS server. RADIUS server has an user database,
which includes all user authentication and network service access information. After
RADIUS server received the user request from NAS, it will finish corresponding
authentication, authorization and accounting by searching and updating user database, and
return the configuration information and accounting statistics to NAS, NAS can control
access user and connect user, and RADIUS protocol regulate how to transmit user
congifuration information and accounting information between NAS and RADIUS server.
The interactive between NAS and RADIUS is implemented by loading information in
UDP message. During this course, both two will encrypted the message with the key to
assure the user configuration information (e.g.: password) to be transmit in network after
encrypted, avoiding interception and theft.
2. RADIUS operation
The user authentication of RADIUS server generally need the agent authentication of
access server, the whole operation procedure is shown as below: first, the client-end send
request to RADIUS serverthis message is including user name and encrypted password;
then, client-end will receive the response message from RADIUS server, such as ACCEPT,
REJECT, etc.ACCEPT means the user passed the authentication; REJECT means the
user have not passed authentication, user should type user name and password again, or the
access will be rejected.
8.1.2 AAA configuration

8.1.2.1 create local user
Use the following command to add local authentication client for 802.1x, then configure
local authentication user.
Set 802.1x local authentication client:
Operation
Command
Manage 802.1x local
dot1x user <0-63> USERNAME password
authentication user
PASSWORD
dot1x user <0-63> bind-to mac
(AA:BB:CC:DD:EE:FF)
dot1x user <0-63> bind-to port <1-64>
dot1x user <0-63> max-time <1-100>
dot1x user lock (enable|disable)
no dot1x user <0-63>
8.1.2.2 oblige to cut off user connection
83

Operation Manual
Chapter 8
Security
Use the following command to oblige to cut off user connection.

Oblige to cut off user connection:
Operation
Command
Force all user passed 802.1x protocol
no dot1x authenticator user all
on switch to offline
Force the user passed 802.1x protocol
no dot1x interface <1-64> user <0-65535>
on switch certain interface to offline
no dot1x interface <1-64> user all
8.1.3 RADIUS protocol configuration

8.1.3.1 create RADIUS solution
The configuration of RADIUS protocol is executed with unit RADIUS solution.
Threrfore, before other RADIUS protocol configuration, first create RADIUS solution
then enter its vision.
Create/delete RADIUS solution with the following command. Do configuration under
RADIUS vision.
Create RADIUS solution:
Operation
Command
Create RADIUS solution
radius <1-10> name NAME
8.1.3.2 set IP address and port No. of RADIUS server
After create a new RADIUS solution, need to set IP address and UDP port No. of this
solution RADIUS server, these server is including authenticaton/authorization and
accounting server.
Use this command to set RADIUS server IP address and port No., do configuration
under RADIUS solution vision.
Set RADIUS server IP address and port No.:
Operation
Command
Set RADIUS server IP address
radius <1-10> server-address (A.B.C.D)
Set RADIUS server port No.
radius <1-10> server-acc-port (1813|1646)
8.1.3.3 set RADIUS message encrypted key
RADIUS Clientswitch systemand RADIUS server are using MD5 algorithm to
encrypt RADIUS message, both ends use encrypted key to authenticate validity of
message. Only when the encrypted key is uniform, both ends can receive the message from
each other and make response.
Use this command to set encrypted key of RADIUS message. Do configuration under
RADIUS solution vision.
Set encrypted key of RADIUS message:
84

Operation Manual
Operation
Set RADIUS message encrypted key
Chapter 8
Security
Command
radius <1-10> secret SECRET
8.1.3.4 set RADIUS server response timer

If NAS have not received response from RADIUS server after RADIUS request
(authentication/authorization or accounting request) is transmitted for a while, it is
necessary to retransmit RADIUS request to assure user can get RADIUS service.
Set RADIUS server response timeout. Do configuration under RADIUS solution
vision.
Set RADIUS server response timeout:
Operation
Command
Set RADIUS server response timeout
radius <1-10> response-time <2-15>
8.1.3.5 set RADIUS request max transmission times
Since RADIUS protocol is using UDP message for loading data, so its
communication is not reliable. If there is no response for NAS that RADIUS server in
regulated timeout, NAS should retransmit RADIUS request to RADIUS server. If the total
transmission times is beyond the max transmission times but RADIUS server has no
response, NAS will consider that it is disconnected with RADIUS server, then send request
to other RADIUS server.
Use this command to set max transmission of RADIUS request. Do configuration
under RADIUS solution vision.
Set RADIUS request max transmission times:
Operation
Command
Set RADIUS request max transmission
radius <1-10> retransmit <1-255>
times
8.1.3.6 configure service type provided by radius client
Use this command to configure service type of radius client. Do configuration under
RADIUS solution vision.
Configure service type of radius client:
Operation
Command
Configure service type provided by
radius <1-10> type (acc|auth|both)
radius client
8.1.3.7 set RADIUS server state
Use this command to set RADIUS server state. Do configuration under RADIUS solution
vision.
85

Operation Manual
Set RADIUS server state:
Operation
Set RADIUS server state
Chapter 8
Security
Command
radius <1-10> status (enable|disable|destroy)
8.2 ACL configuration

8.2.1 ACL introduction
8.2.1.1 ACL introduction
ACLs full name is access-list, when apllied to switch, then you can implement data
packet filter, control user data forward, guarantee security of network and switch.
8.2.1.2 ACL realization in Ethernet switch
ACL is realizing function by hardware, not influence forwarding, controlled by
software, realizing function variety. The configuration is: create acl, then create rule they
need, create own action for each rule (permitting forward, discard, redirection), apply acl
to the port. ACL application to port is taking the whole acl group as unit, not apply only
one rule. One ACL can be applied to multi port, but one port can only enable one acl. For
data packet not matching any acl execute default rulepermit forwarding. If some rule is
not configured action when some acl is applied to port, then auto execute default
actiondiscard data packet.
8.2.2 ACL configuration

8.2.2.1 create ACL
operation
Create ACL
command
Access-list <1-399>
8.2.2.2 create rule

operation
Create RULE
command
Rule <1-1024>
(ip|tcp|udp|icmp|l2type|mac|tos|ttl|vlan|cos-priori
ty|dscp)
86

Operation Manual
Chapter 8
Security
8.2.2.3 set rule action

operation
Set rule action
command
rule <1-1024> action (mirror|redirect) <1-64>
rule <1-1024> action (permit|deny)
rule <1-1024> action cos change outer <0-7>
rule <1-1024> action dscp DSCP
rule <1-1024> action ratelimit <64-1000000>
rule <1-1024> action sendqueue <0-3>
rule <1-1024> action trapcpu (only|forward)
no rule <1-1024> action
8.2.2.4 acl is applied to port

operation
Acl is applied to port
command
Match access-list <1-399>
8.2.2.5 acl is applied to multi port

Operation
Acl is applied to multi port
command
Port PORTLIST match access-list <1-399>
8.2.3 ACL display and debug

After above configuration, execute command show to show operation in any view,
validate configuration effect with information shown.
Acl display and debug:
Operation
Show all acl information
Show acl global information
Show single acl detail information
Show acl port application
Command
show access-list
show access-list global
show access-list <1-399>
show access-list port [1-64]
8.2.4 ACL typical configuration instance

Shown as below, the working station of certain user is connected with Ethernet switch
87

Operation Manual
portEthernet 0/1.
Figure 8-1 ACL application

S2200ME(config)#access-list 2
S2200ME(config-acl-2)#rule 1 ip any any
S2200ME(config-acl-2)#rule 1 action deny
S2200ME(config-acl-2)#exit
S2200ME(config)#inter eth 3
S2200ME(config-eth-3)#match access-list 2
88
Chapter 8
Security

Operation Manual
Chapter 9
ESR
Chapter 9 ESR
9.1 ESR configuration
9.1.1 ESR introduction
Till now, many MANs and LANs are using Ring technology, ESR is operating well in
these Ring technology. The comeback time of disconnected fiber/cable in ESR technology
is shorter than 1 second, ESR protection switch function is as good as the ring network
constructed with SONET. ESR technology has no limit for node number on the ring, and
the fault comeback time of the ring has no relationship with the node number on the ring.
Of course, this is because ESR ring network topology structure is rather simple. Since ESR
has powerful protection switch function, so the application is widely used, more and more
switch support ESR function.
ESR is a new Layer 2 redundance protocol. ESR has two modes: master mode and
transit mode. The node with master configuration is called master node, the node with
transit configuration is called transit nodeshown as below. An Ethernet ring operating
ESR is called an ESR domain, each ESR domain has unique designated master node, all
other node is called transit node. Each node on the ring has two ports to connect ring. In
two ports of master node, one is designated to be the first port, the other one is designated
to be the second port. Master node send control frame from its first port, so the first port
and the second port of master node decide the transmission direction of the control frame
sent by master node. Transit node configuration also has the first port and the second port,
but the first port and the second port of transit node are useless for protection switch
function. Each EAPS domain has the protection VLAN and Control VLAN of its own. The
protection VLAN is loading the data frame including user data, Control VLAN is loading
EAPS control informationcontrol frame, the node in EAPS domain donot block Control
VLAN, so control frame can pass all port on the ring. Control VLAN is the base for ring
fault detection and function comeback. Control VLAN and EAPS domain are
corresponding, one EAPS domain only has one Control VLAN, but has multi protection
VLAN. One switch can be configured 4094 EAPS VLAN at max.
89

Operation Manual
Chapter 9
ESR
Figure 9-1 ESR topology structure
Figure 9-2 relationship between ESR domain and VLAN
9.1.2 ESR configuration

9.1.2.1 enable/disable ESR
Use this command to enable/disable ESR.
Do configuration under ESR vision.
enable/disable ESR:
Operation
Command
Enable/disable ESR
esr (disable|enable)
9.1.2.2 disable/enable an ESR instance
Use this command to set instance of enable/disable certain Ethernet ring instance.
Set instance of enable/disable certain Ethernet ring instance:
Operation
Set disable/enable/delete ESR
Command
esr <0-5> (disable|enable)
90

Operation Manual
instance
9.1.2.3 set control VLAN of certain instance
Use this command to set certain instance control VLAN.
Set certain instance control VLAN:
Operation
Command
Set control VLAN of certain
esr <0-5> ctrl-vlan <1-4094>
instance
9.1.2.4 set failure time of certain instance
Use this command to set failure time for certain instance.
Set failure time of certain instance:
Operation
Command
Set failure time of certain instance
esr <0-5> failed-time <340-10000000>
9.1.2.5 set hello time of certain instance
Use this command to set hello time for certain instance.
Set hello time for certain instance:
Operation
Command
Set Hello time of certain instance
esr <0-5> hello-time <170-10000000>
9.1.2.6 set mode of certain instance
Use this command to set mode for certain instance.
Set mode for certain instance:
Operation
Command
Set mode for certain instance
esr <0-5> mode (master|transit)
9.1.2.7 set name of certain instance
Use this command to set name for certain instance.
Set name for certain instance:
Operation
Command
Set name of certain instance
esr <0-5> name STRING
9.1.2.8 set master port of certain instance
91
Chapter 9
ESR

Operation Manual
Chapter 9
ESR
Use this command to set master port for certain instance.

Set master port for certain instance:
Operation
Command
Set master port of certain instance
esr <0-5> primary-port <1-64>
9.1.2.9 set master port of certain instance (TRUNK port)
Use this command to set master port for certain instanceTrunk port
Set master port for certain instanceTrunk port
Operation
Command
Set master port of certain instance
esr <0-5> primary-port trunk <1-4>
Trunk port
9.1.2.10 set secondary port of certain instance
Use this command to set secondary port for certain instance.

Set secondary port for certain instance:
Operation
Set secondary port of certain
instance
Command
esr <0-5> secondary-port <1-64>
9.1.2.11 set secondary port TRUNK of certain instance

Use this command to set secondary port Trunk for certain instance.
Set secondary port for certain instance:
Operation
Command
Set secondary port Trunk of
esr <0-5> secondary-port trunk <1-4>
certain instance
9.1.3 ESR display and debug

After above configuration, execute command show to show the operation status after
configuration under any vision, validate the configuration effect with displayed
information.
ESR display and debug:
Operation
Command
92

Operation Manual
Show ESR global configuration
Show ESR instance configuration
show esr
show esr instance [<0-5>]
9.1.4 ESR configuration instance

1. S2200MEs ESR is configured as master:
S2200ME(config)#esr
S2200ME(config-esr)#esr enable
S2200ME(config-esr)#esr 0 ctrl-vlan 1
S2200ME(config-esr)#esr 0 mode master
S2200ME(config-esr)#esr 0 name esr0
S2200ME(config-esr)#esr 0 primary-port 1
S2200ME(config-esr)#esr 0 secondary-port 2
S2200ME(config-esr)#esr 0 enable
S2200ME(config-esr)#end
S2200ME#show esr
esrEnable : enable
S2200ME#show esr instance 0
Name : esr0
Mode : master
PrimaryPort : 1
PrimaryPortState : hello-peer-blocking
SecondaryPort : 2
SecondaryPortState : forwarding
Ctrl VlanId : 1
InstanceStatus : enable
InstanceRunningState : failed
HelloTime : 170
FailedTime : 3000
S2200ME#
2. S2200MEs ESR is configured as transit:
S2200ME(config)#esr
S2200ME(config-esr)#esr enable
S2200ME(config-esr)#esr 0 ctrl-vlan 1
S2200ME(config-esr)#esr 0 mode transit
S2200ME(config-esr)#esr 0 name esr0
S2200ME(config-esr)#esr 0 primary-port 1
S2200ME(config-esr)#esr 0 secondary-port 2
S2200ME(config-esr)#esr 0 enable
S2200ME(config-esr)#end
93
Chapter 9
ESR

Operation Manual
S2200ME#show esr
esrEnable : enable
S2200ME#show esr instance 0
Name : esr0
Mode : transit
PrimaryPort : 1
PrimaryPortState : hello-peer-blocking
SecondaryPort : 2
SecondaryPortState : hello-peer-blocking
Ctrl VlanId : 1
InstanceStatus : enable
InstanceRunningState : failed
HelloTime : 170
FailedTime : 3000
S2200ME#
94
Chapter 9
ESR

Operation Manual
Chapter 10
Double tag
Chapter 10 Double tag

10.1 double-tag configuration
10.1.1 double-tag introduction
Double tag protocol is also called 802.1q tunneling. The purpose of this protocol is to
shield VLAN used in inner users, reducing VLAN number on network of service provider.
For example, when double tag is not used:
After used QinQ, provide a low-cost and simple Layer 2 VPN solution for users:
Suppose Trunk network VLAN ID distributed by service provider to user is:
10.1.2 double-tag configuration

10.1.2.1 enable/disable double-tag
Use this command to enable/disable double tag.
95

Operation Manual
Do configuration under port vision.
enable/disable double tag:
Operation
Enable/disable double tag
Chapter 10
Double tag
Command
dtag (enable|disable)
10.1.2.2 configure outer tag TPID added in egress port

Use this command to configure switch outer tag TPID added in egress port of switch.
Configure switch outer tag TPID added in egress port of switch:
operation
command
Configure outer tag TPID added in
dtag protocol <0-65536>
egress port.
10.1.2.3 enable/disable flexible double-tag
Use this command to enable/disable flexible double tag.
enable/disable flexible double tag:
Operation
Command
Enable/disable flexible double tag
dtag flexible (enable|disable)
10.1.2.4 enable/disable double tag dot1q
Use this command to enable/disable double tag dot1q.
enable/disable double tag dot1q:
Operation
Command
Enable/disable double tag dot1q
dtag dot1q (enable|disable)
10.1.2.5 configure flexible double-tag inner vlan tag
Use this command to configure flexible double-tag inner vlan tag.
configure flexible double-tag inner vlan tag:
Operation
Command
configure flexible double-tag inner
dtag flexible inner <1-4094> outer <1-4094>
tag
no dtag flexible inner <1-4094>
10.1.3 double-tag display and debug

After the above configuration, execute the command show to show the operation state after
96

Operation Manual
Chapter 10
Double tag
configuration under any vision, validate the configuration effect with the displayed
information.
Double tag display and debug:
Operation
Command
Show double tag global
show dtag
configuration
Show double tag port configuration
show interface dtag
Show flexible double tag port
show interface dtag flexible
configuration
10.1.4 double-tag configuration instance

The users accessing from certain DSLAM is including family online user and IPTV
user, the family online user is identified with Vlan100~Vlan512, system Vlan is Vlan1000,
IPTV service multicast Vlan is Vlan2000.
S2200ME switch is connected with DSLAM, with double tag configuration, the
message with user Vlan as Vlan100~Vlan512 is added Vlan1000 external VlanTag, the
message of Vlan2000 only execute Layer 2 forwarding, not additional with external
VlanTag.
97

Operation Manual
Chapter 10
Double tag
Router
Vlan 1000/2000
S2200ME
Vlan 1000
Vlan 2000
Online at home
IPTV
Vlan 100~512
Vlan 2000
Private user
L2 message forwarding procedure is shown as below:

1 uplinkthe packet accessing switch will be tagged with ingress pvid as outer tag, then
forward with this tag inside of switch;
2downlink: the packet accessing switch wll be forward with outer tag, then remove outer
tag on egress port;
98

Operation Manual
Chapter 11
Multicast protocol
Chapter 11 Mutlicast protocol

11.1 IGMP Snooping configuration
11.1.1 IGMP Snooping protocol introduction
11.1.1.1 IGMP Snooping principle
IGMP SnoopingInternet Group Management Protocol Snoopingis multicast
restriction operating on Layer 2 Ethernet switch, which is used for management and
control multicast group.
IGMP Snooping is operating on link layer. When Layer 2 Ethernet switch received
IGMP message transmitting between host and router, IGMP Snooping analyse the
information of IGMP message. When detecting the IGMP host report message from the
host, the switch will add the host into the corresponding multicast list; when detecting
IGMP leave message from the host, the switch will delete the corresponding multicast list.
With the monitoring IGMP message, the switch can establish and maintain MAC multicast
address list on Layer 2. After that, the switch can forward the multicast message from the
router according to MAC multicast address list.
When IGMP Snooping is not operating, multicast message will be broadcast on Layer 2.
shown as below:
99

Operation Manual
Chapter 11
Multicast protocol
Figure 11-1 multicast message transmission without IGMP Snooping

After operating IGMP Snooping, the message will not be broadcast on Layer 2, but
execute Layer 2 multicast. Shown as below:
100

Operation Manual
Chapter 11
Multicast protocol
Figure 11-2 realize multicast message transmission during IGMP Snooping
11.1.1.2 IGMP Snooping realization

1. the concept related with IGMP Snooping
For convenience of description, first introduce the concept related with IGMP Snooping on
Ethernet switch:
Router Port: the port on Ethernet switch directly connecting with multicast router
Multicast member port: the port connected with multicast group member. Multicast
group member is the host adding certain multicast group.
MAC multicast group: multicast group identified with MAC multicast address
maintained by Ethernet switch.
Router port aging time: the time set by router port aging timer, if IGMP general
query have not been received when timeout, the switch will consider this port is
never a router port.
Multicast group member port aging time: when a port is adding into IP multicast
group, enable the port aging timer, the multicast group port member aging time is the
time set by timer. If IGMP report have not been received when timeout, Ethernet
switch will send IGMP particular group query to the port.
Max response query: when send IGMP particular group query to multicast member
pport, Ethernet switch will enable a response query timer, the max response query
time is set by the timer. If IGMP report has not been received within the max
101

Operation Manual
Chapter 11
Multicast protocol
resoponse query time, Ethernet switch will delete the port from the multicast member
port.
2. realize Layer 2 multicast with IGMP Snooping
Ethernet switch realize IGMP detection by operating IGMP Snooping, establish mapping
relationship with corresponding multicast address for host and the port. In order to realize
IGMP Snooping, the procedure that Layer 2 Ethernet switch deal with different IGMP is
shown as below:
Figure 11-3 realize IGMP Snooping
IGMP general query: IGMP general query is the message sent by multicast router to
multicast member, which is used to query which multicast group has member. When
received IGMP general query message, if the port receiving the query is router port,
Ethernet switch will reset the router port aging timer; if the port receiving the query
is not the router port, the switch will notify multicast router that there is member
need to add certain multicast group, meanwhile enable the router port aging timer.
IGMP particular group query: IGMP particular query is the message sent by multicst
router to multicast member, which is used to query if multicast group has member.
When Ethernet switch received IGMP particular group query message, only send
particular group query to the queried IP multicast group.
IGMP report: IGMP report is the report sent from the host to multicast router, which
is used to add into certain multicast group or reponse IGMP query. When Ethernet
switch received IGMP report, first judge if the MAC multicast group that report need
102

Operation Manual
Chapter 11
Multicast protocol
to add is existing or not. If the corresponding MAC multicast group is not existing,
only notify the router that some member will add into certain multicast group, then
create new MAC multicast group, add the port receiving the report into the MAC
multicast group, enable the port aging timer, then add all router port existing in the
port VLAN into this MAC multicast forwarding list, create new IP multicast group,
and add the port receiving the report into the IP multicast group; If the MAC multicst
group of this report is existing, but the port receiving report is not in the MAC
multicast group, then add the port receiving the report into MAC multicast group and
enable the port aging timer, then judge if the IP multicast group of this report is
existing or not; if not existing, create new IP multicast group and add the port
receiving the report into IP multicast group, if existing, then add the port receiving
the report into IP multicast group; if MAC multicast group of this report is existing,
only reset the aging timer of the port receing the report.
IGMP leave message: IGMP leave message is the message sent by multicast group
member to multicast router, which is used to notify that router host has left certain
multicast group. When Ethernet switch received IP multicast group leave message,
then send the particular group query message of the leaving group to the port
receiving this leave message, assure if the host connecting with this port has other
member of this multicast group, meanwhile enable a response query timer. If the
reprt of this multicast group has not been received within the timeout set by the timer,
then delete the port from the MAC multicast group. If MAC multicast group has no
multicast member port, the switch will notify multicast router to delete the tributary
from the multicast tree.
11.1.2 IGMP Snooping configuration

11.1.2.1 global enable IGMP SNOOP
In order to control whether IGMP Snooping establish and maintain MAC multicast
forwarding list, use this command to enable/disable IGMP Snooping.
enable/disable IGMP Snooping
Operation
Command
Enable/disable IGMP Snooping
igmp-snooping (enable|disable)
As default, IGMP Snooping is disabled.
11.1.2.2 configure IGMP SNOOP multicast forwading list aging time
This configuration task is to set router port aging time manually. If not received the router
general query message within the router port aging time, then delete the router port from
all MAC multicast group port member.
Configure port aging time:
103

Operation Manual
Operation
Configure port aging time
Chapter 11
Multicast protocol
Command
igmp-snooping aging <30-3600>
As default, the port aging time is 300 seconds.

11.1.2.3 configure IGMP Snooping Filter filter rule
This configuration task is to configure whether this igmp report can be forward by switch
after the received igmp report is filter by igmp filter.
Configure IGMP Snooping Filter filter rule:
Operation
Command
Configure IGMP Snooping Filter
igmp-snooping drop-filtered (enable|disable)
filter rule
11.1.2.4 configure enable enable fast leave
This configuration task is to configure whether enable fast leave.
Configure whether enable fast leave:
Operation
Command
Configure whether enable fast leave igmp-snooping fast-leave (enable|disable)
11.1.2.5 configure vlan and source IP address of IgmpSnooping sending query
This configuration task is to configure vlan and IP address of IgmpSnooping sending
query.
Configure vlan and IP address of IgmpSnooping sending query:
Operation
Command
Configure vlan and source IP
igmp-snooping query-send add <1-4094>
address of IgmpSnooping sending
(A.B.C.D)
query
11.1.2.6 delete configured agent query configuration
This configuration task is to delete the configured agent query configuration.
Delete the configured agent query configuration:
Operation
Command
Delete configured agent query
igmp-snooping query-send del <1-4094>
11.1.2.7 configure IGMP Snooping static multicast group
This configuration task is to configure IGMP Snoopomg static multicast group on port.
104

Operation Manual
Chapter 11
Multicast protocol
Configure IGMP Snooping static multicast group:

Operation
command
Configure IGMP Snooping static
igmp-snooping static-group
multicast
(AA:BB:CC:DD:EE:FF) vlan <1-4094>
11.1.2.8 delete IGMP Snooping static multicast group
This configuration task is to delete IGMP Snooping static multicast group.
Delete IGMP Snooping static multicast group:
operation
command
Delete IGMP Snooping static
no igmp-snooping static-group
multicast group
(AA:BB:CC:DD:EE:FF) vlan <1-4094>
11.1.2.9 delete all IGMP Snooping static multicast groups
This configuration task is to delete all IGMP Snooping static multicast groups.
Delete all IGMP Snooping static multicast groups:
operation
Delete all IGMP Snooping static
multicast groups
command
no igmp-snooping static-group all
11.1.2.10 configure IGMP Snoopomg static query

This configuration task is to configure certain port IGMP Snooping static query.
Configure IGMP Snooping static query:
Operation
command
Configure IGMP Snooping static
igmp-snooping static-query vlan <1-4094>
query
interface <1-64>
11.1.2.11 delete IGMP Snooping static query
This configuration task is to delete certain port IGMP Snooping static query.
Delete IGMP Snooping static query:
operation
command
Delete IGMP Snooping static query no igmp-snooping static-query vlan <1-4094>
interface <1-64>
11.1.2.12 enable/disable multicast number limit for single user
This configuration task is to enable/disable multicast number limit for single user.
Enable/disable multicast number limit for single user to join:
105

Operation Manual
operation
Enable/disable multicast number
limit for single user to join
Chapter 11
Multicast protocol
command
igmp-snooping max-program (enable|disable)
11.1.2.13 configure number limit for single user to join multicast group
This configuration task is to configure number limit for single user to join multicast group.
Configure number limit for single user to join multicast group:
operation
command
Configure number limit for single igmp-snooping max-program-num <1-8>
user to join multicast group
As default, single user can join 8 multicast group.
11.1.3 IGMP Snooping display and debug

Afte the above configuration, execute the command show to show the operation state after
information.
IGMP Snooping display and debug:
Operation
Command
Show IGMP SNOOP configuration
show igmp-snooping
Show multicast group and member
show igmp-snooping egressport-table
port information learned by IGMP
SNOOP
Show IGMP SNOOP static
show igmp-snooping static-group
multicast group
Show IGMP SNOOP static query
show igmp-snooping static-query
11.1.4 IGMP Snooping typical configuration instance

In order to realize the switch IGMP Snooping function, need to enable IGMP Snooping on
switch.
The router port on switch is connected with router, other non-router port is connected with
user PC.
106

Operation Manual
Chapter 11
Multicast protocol
Figure 11-4 configure IGMP Snooping group network

# when IGMP Snooping IGMP Snooping
S2200ME(config-igmp-snoop)#igmp-snooping enable
11.1.5 IGMP Snooping fault diagnose and troubleshooting

Fault: switch can not realize multicast function.
Troubleshooting:
(1) IGMP Snooping is not enabled
Input command show igmp-snooping to show IGMP Snooping state
If IGMP Snooping is not enabled, inputing the command igmp-snooping enable to
enable IGMP Snooping under IGMP Snooping vision.
(2) the multicast forwarding list established on the bottom is not correct
Use command show igmp-snooping egressport-table to show that whether the
MAC multicst forwarding list established on the bottom under vlanid is uniform with
107

Operation Manual
Chapter 11
Multicast protocol
the MAC multicast forwarding list established by IGMP Snooping.
If not uniform, ask the maintenance staff for help.

11.2 IGMP-FILTER configuration
11.2.1 IGMP-FILTER introduction
igmp filter is proposed by cisco, mainly applied to igmpsnoop protocol and igmp
protocol, its purpose is to efficiently control the report of igmp, such as: the group
permitting device interface to add, the group not permitting device interface to add. It can
control the number of the interface permitted to add into multicast group.
Igmp filter application occasion is the application of enhancing control for multicast
service, e.g.: IPTV.
11.2.2 IGMP-FILTER configuration

11.2.2.1 apply certain igmp filter list to switch port
This configuration task is to apply certain igmp filter list to switch port.
No matched data packet, no operation as default.
Apply certain igmp filter list to switch port:
Operation
Command
Apply certain igmp filter list to
apply-to-ports PORTLIST
switch port
11.2.2.2 not apply igmp filter list to any port
This configuration task is not to apply igmp filter list to any port.
Not apply igmp filter list to any port:
Operation
Not apply igmp filter list to any port
Command
apply-to-ports none
11.2.2.3 create an igmp filter list

This configuration task is to create an igmp filter list.
Create an igmp filter list:
Operation
Command
Create an igmp filter list
igmp-filter <1-26>
108

Operation Manual
Chapter 11
Multicast protocol
11.2.2.4 delete an igmp filter list

This configuration task is to delete an igmp filter list.
Delete an igmp filter list:
Operation
Command
Delete an igmp filter list
no igmp-filter <1-26>
11.2.2.5 enable/disable certain igmp filter list to be apply to switch port
This configuration task is to enable/disable certain igmp filter list to be applied to switch
port.
Enable/disable certain igmp filter list to be applied to switch port:
Operation
Command
Enable/disable certain igmp filter
igmp-filter <1-26> (enable|disable)
list to be applied to switch port
11.2.2.6 configure rule for igmp filter list
This configuration task is to configure rule for igmp filter list.
Configure rule for igmp filter list:
Operation
Command
Configure rule for igmp filter
rule <1-10> (permit|deny) (A.B.C.D) (A.B.C.D)
list
rule <1-10> (permit|deny) (A.B.C.D) (A.B.C.D)
vlan VLANLIST
rule <1-10> (permit|deny) (AA:BB:CC:DD:EE:FF)
rule <1-10> preview (A.B.C.D) (A.B.C.D) (A.B.C.D)
(A.B.C.D) time <1-65535>
rule <1-10> preview (A.B.C.D) (A.B.C.D) (A.B.C.D)
(A.B.C.D) time <1-65535> interval <1-255>
rule <1-10> preview (A.B.C.D) (A.B.C.D) any time
<1-65535> interval <1-255>
rule <1-10> preview (A.B.C.D) (A.B.C.D) any time
<1-65535>
11.2.2.7 delete certain rule of igmp filter list
This configuration task is to delete certain rule of igmp filter list.
Delete certain rule of igmp filter list:
Operation
Command
Delete certain rule of igmp filter list
no rule <1-10>
109

Operation Manual
Chapter 11
Multicast protocol
11.2.3 IGMP-FILTER display and debug

After the above configuration, execute the command show to show the operation state
under any vision, validate the configuration effect with displayed information.
IGMP Snooping display and debug:
Operation
Command
Show igmp filter list configured by
show igmp-filter
switch
Show rule configuration of certain
show igmp-filter <1-26>
igmp filter and port application
11.2.4 IGMP-FILTER typical configuration instance

In order to realize switch IGMP FILTER function, need to enable IGMP FILTER on
switch.
The router port of switch is connected with the router, other non-router port is connected
with user PC.
110

Operation Manual
Chapter 11
Multicast protocol
Figure 11-5 configure IGMP FILTER group network

#enable an IGMP FILTER
S2200ME(config)#igmp-filter 1
S2200ME(config-igmp-filter 1)#apply-to-ports 1,2-4
S2200ME(config-igmp-filter 1)#rule 1 deny 239.0.0.1 239.0.0.254
11.3 MLD Snooping configuration

11.3.1 MLD Snooping configuration
11.3.1.1 global enable MLD Snooping
In order to control whether MLD Snooping is created on L2 and maintain MAC multicast
forward list, enable/disable MLD Snooping with the following command.
Enable/disable MLD Snooping:
Operation
command
Enable/disable MLD Snooping
mld-snooping (enable|disable)
111

Operation Manual
Chapter 11
Multicast protocol
As default, MLD Snooping is disable.

11.3.1.2 configure aging time of MLD Snooping multicast forward list
This configuration task is to set router port aging time in manual mode. If no router gerneal
query is received during aing time of router port, delete this router port from all MAC
multicast group port member.
Configure port aging time:
Operation
command
Configure port aging time
mld-snooping aging <30-3600>
As efault, the port aging time is 300 second.
11.3.1.3 configure whether enable fast leave
This configuration task is to configure whether enable fast leave.
Configure whether enable fast leave:
Operation
command
Configure whether enable fast leave mld-snooping fast-leave (enable|disable)
11.3.1.4 configure MLD Snooping multicast group number
This configuration task is to configure MLD Snooping multicast group number.
Configure MLD Snooping multicast group number:
operation
command
Configure MLD Snooping
igmp-snooping max-group <1-1024>
multicast group number
As default, MLD Snooping multicast group number is 1024.
11.3.2 MLD Snooping display and debug

After above configuration, execute show command to show operation after configuration
in any view. Then configuration effect can be proved.
MLD Snooping display and debug:
operation
command
Show MLD Snooping configuration show mld-snooping
Show multicast group and group
show mld-snooping egress-port
member port information learned by
MLD Snooping
show mld-snooping interface
Show MLD Snooping port enable
112

Operation Manual
Chapter 11
Multicast protocol
status
11.3.3 MLD Snooping typical configuration instance

In order to realize switch MLD Snooping, enable MLD Snooping on switch.
The router port of switch is connected with router, other non-router port is connected with
PC of user.
Figure 11-6 configure MLD Snooping group network

# when MLD Snooping is not enabled, enable MLD Snooping, port enable MLD
Snooping.
S2200ME(config)# mld-snooping enable
S2200ME(config-eth-1)#mld-snooping enable
113

Operation Manual
Chapter 12
System management
Chapter 12 System management

12.1 file system management
12.1.1 configure file management
12.1.1.1 introduction of configuration file management
For convenience of efficient management for flash, Ethernet switch provide file
system module. The file system provides file and directory access management function
for the user, mainly including create, delete, modify, name change for file and directory,
and show file content.
As default, for the command (e.g.: delete or cover the file), the file system will
prompt user for confirmation.
12.1.1.2 show Ethernet switch configuration and beginning configuration
When Ethernet switch is power on, system read configuration file from Flash
Memory and initialize Ethernet switch. The configuration file read from Flash Memory
when Ethernet switch is power on is called saved-configuration file. If there is no
configuration file in Flash Memory, the system will use default parameter for initialization.
Corresponding with saved-configuration, the valid configuration during system operation
is called current-configuration. Use this command to show Ethernet switch
current-configuration and saved-configuration.
Show Ethernet switch configuration:
Operation
Command
Show Ethernet switch
show running-config
current-configuration
Show Ethernet switch
show startup-config
saved-configuration
12.1.1.3 save current configuration
User can use command line interface to modify Ethernet switch current-configuration.
if want to make current-configuration to be saved-configuration for next power on system,
use command write file, save the current-configuration into Flash Memory.
Save the current-configuration:
Operation
Command
Save current configuration
write file
12.1.1.4 erase configuration file in Flash Memory
114

Operation Manual
Chapter 12
System management
Use command erase startup-config to erase configuration file in Flash Memory.

After configuration file is erased, when Ethernet switch is power on next time, the system
will use default configuration parameter for initialization.
Erase configuration file in Flash Memory:
Operation
Command
Erase configuration file in Flash
erase startup-config
Memory
In the following situation, user may erase configuration file in Flash Memory:
After Ethernet switch software is upgraded, the system software and configuration
file are not matched.
The configuration file in Flash Memory is damaged the common reason is that
wrong configuration file is loaded.
12.1.2 FTP configuration

12.1.2.1 FTP introduction
FTP is general method for file transmission on Internet and IP network. Before
WWW, user use CLI to transmit file, the general application procedure is FTP. Though the
most users generally select Email and Web for file transmission, FTP is still widely used.
FTP protocol belong to application layer protocol in TCP/IP protocol stack, it is used
to transmit file between remote server and local host.
FTP service provided by Ethernet switch is including:
FTP Server service, user can run FTP client procedure to log on the serverbefore
accept use logging on, the network administrator should first configure FTP Server
IP address, access the file on server.
FTP Client service, user can use terminal emulation or Telnet to establish connection
with Ethernet switchFTP Clienton PC, input command ftp X.X.X.XX.X.X.X
means remote FTP Server IP address, establish connection between Ethernet switch
and remote FTP Server, access the file on remote FTP Server.
115

Operation Manual
Chapter 12
System management
Figure 12-1 FTP configuration

The configuration that switch is used as FTP Client:
Device
Switch
Configuration
Directly use ftp
command to log on
remote FTP Server
PC
Enable FTP Server,

configure user name,
password and user
authority
default
-
Specification
User first get FTP
user command and
password, then log
on remote FTP
Server. So get
corresponding
authority of
directory and file.
-
The configuration that switch is used as FTP Server:

Device
Configuration
Enable FTP Server function
default
As default,
system disable
FTP server
Configure authentication and

authorization for FTP server
Configure operation parameter

for FTP server
Use FTP client procedure to
log on switch
Switch
PC
Specification
User can use
command show ftp to
show configuration of
FTP Server on switch
Configure FTP users
username, password,
authorized work
directory
Configure timeout for
FTP
-
Attention:
The condition that FTP function can be normally used is the route between switch and PC
is reachable.
12.1.2.2 FTP client introduction
FTP client is additional function by Ethernet switch for user, it is an applicable
module, need not any function configuration. At this time, the switch used as FTP client is
connected with remote server, then input FTP client command to execute the
corresponding operatione.g.: create or delete directory.
116

Operation Manual
Chapter 12
System management
12.1.2.3 instance that switch is used as FTP Client to realize config-file backup and
software upgrading configuration
The switch is used as FTP Client, the remote PC is used as FTP Server, do
configuration on FTP Server: configure a FTP, user name 123, password 123, the user is
authorized read-write weight to Switch directory on PC. The IP address of one VLAN on
switch is 1.1.1.1, IP address of PC is 2.2.2.2, the route between switch and PC is reachable.
Figrue 12-2 FTP configuration

(1) on PC, configure related parameter of FTP Server: configure a FTP with user name 123,
password 123, the user is authorized read-write weight to Swtich directory on PC.
(2) the configuration on switch
# user log on switch. user can log on switch through local Console port, also log on
remote switch through Telnet. The logging mode can refer to Chapter 1.
Attention:
If the switch Flash memory is not large enough, delete former application procedure in
Flash, then download new applicaton procedure to switch Flash.
# input command for FTP connection under user vision, input correct user name and
password to log on FTP Server.
S2200ME(config-system)#ftp get 2.2.2.2 123 123 abc.bin
# upgrade system file, then reboot the switch, realize upgrade of switch application
117

Operation Manual
Chapter 12
System management
procedure.
S2200ME(config-system)#upgrade os
S2200ME(config-system)#end
S2200ME#reboot
12.2 MAC address list management

12.2.1 MAC address list management introduction
In order to forward message fast, Ethernet switch need to maintain MAC address list.
MAC address list is including MAC address of the device connected with Ethernet switch
and port No. of the switch connected with this device. Dynamic list in MAC address list is
learned by Ethernet switch. The method that Ethernet switch learn MAC address is: if the
certain port received a data frame (suppose it is Port A), Ethernet switch will analyse the
source MAC address (suppose it is MAC-SOURCE) of this data frame and consider that
the message with destination MAC address to be MAC-SOURCE can be forward by Port
A; if MAC address list has contained MAC-SOURCE, the switch will update the list, if
MAC address list has not contained MAC-SOURCE, the switch will add this new MAC
address into MAC address list as a new list.
For the message that the destination MAC address can be found in MAC address list,
the system will directly use hardware to forward; for the message that the destination
MAC address can not be found in MAC address list, the system will use broadcast mode to
forward. If the message arrived network device of destination MAC address after
broadcast, the destination network device will respond this broadcast message, the
responding message is including the device MAC address, Ethernet switch will add new
MAC address into MAC address forwarding list by address learning. The sequent message
to the same destination MAC address, can be directly forward with the new added MAC
address list.
118

Operation Manual
Chapter 12
System management
Figure 12-3 Ethernet switch use MAC address list to forward message
Ethernet switch provides MAC address aging function. If not received the network
device message within certain time, the switch will delete the MAC address list of this
device. MAC address aging is invalid for static MAC address list.
User can configure (add or modify) MAC address list according to the network
situation manually, the added or modified list can be static list or dynamic list.
12.2.2 set MAC address learning mode

User can set MAC address learn-mode through command line interface.
Set MAC address learn mode:
Operation
Command
Set MAC address learn-mode
mac learn-mode (share|independence)
12.2.3 set system MAC address aging time

Suitable aging time can efficiently realize MAC address aging function. If the aging
time is too short or too long, it will cause Ethernet switch broadcast can not find
destination MAC address data message, then influence switch operation performance.
If agint ime is too long, Ethernet switch may save much outdated MAC address list,
so MAC address list resource will be exhausted, and the switch can not update MAC
119

Operation Manual
Chapter 12
System management
address list with the network changed. If aging time is too short, Ethernet switch may
delete valid MAC address list. Do configuration under system vision:
Set system MAC address aging:
Operation
Set system MAC address aging time
Command
mac aging-time <0-65535>
This command is system vision command used for all port. Address aging only take
effect to dynamicthe learned or user configuredMAC address list.
Generally, we recommend to use aging time 300 seconds as default.
12.2.4 MAC address management display and debug

After the above configuration, execute command show to show operation state after
information.
MAC display and debug:
Operation
Show
MAC
address
list
configuration
Show port dynamic MAC address
list
Command
show system
show interface dynamic-mac [<1-64>]
12.2.5 MAC address list management typical instance

User log on switch through Console port, configure address list management. The
switch dynamic MAC address list aging time is 500 second. Add a static address
00:00:00:00:00:01 at Ethernet 2 port in vlan1.
120

Operation Manual
Chapter 12
System management
Figure 12-4 address list management typical configuration network group

# set switch dynamic MAC address list aging time is 500 second.
S2200ME#configure
S2200ME(config)#mac aging-time 500
# add a MAC addressVLAN, port, state
S2200ME#configure
S2200ME(config-eth-2)#static-mac add 1 00:00:00:00:00:01
# show MAC address configuration
S2200ME#show system
system anti-attack enable
system mac address 00.04.67.22.16.88
system mac Aging time 500
system address learn mode : share
ip address 192.168.1.1/24
121

Operation Manual
Chapter 12
System management
gateway 0.0.0.0
management vlan 1
out-band ip change disable
arp-request timer 0
S2200ME#show interface static-mac 2
If
Vlan
MacAddr
2
1
00:00:00:00:00:01
12.2.6 global flush L2 forward MAC address list

Configure global flush L2 forward list, the system will completely flush mac address
dynamically learned by all port at one time.
Global flush L2 forward list:
operation
command
Flush global L2 forward list
flush mac-address
12.2.7 VLAN-based flush forward MAC address list

Configure VLAN-based flush L2 forward list, the system will completely flush mac
address dynamically learned in this VLAN at one time.
Global flush L2 forward list:
operation
command
Global flush L2 forward list
flush mac-address vlan <1-4094>
12.3 device management

12.3.1 device management introduction
Device management for Ethernet switch can show user about working status and
event debug of single panel, implementing maintenance and management for physical
device status and communication. Provide commanad reboot to realize system restart,
and use this command to restart when system function is fault.
12.3.2 configure device management

The configuration task of device management is simple. For user, display and debug
device management.
122

Operation Manual
Chapter 12
System management
12.3.2.1 upgrade BootROM and configuration file

Use this command to upgrade BootROM and configuration file.
Configuration under system view.
Upgrade BootROM and configuration file:
operation
Upgrade BootROM
upgrade os
Upgrade configuration file
upgrade config
command
12.3.3 device management display and debug

After above configuration, execute command show to show operation after configuration
under any vision,showing information validation effect.
Device management display and debug:
Operation
Command
Show system software version
Show version
Show system cpu and memory
show memory statistic
statistic
12.4 system maintenance and debug

12.4.1 system basic configuration
System basic configuration and management is including:
Set switch system name
Set system clock
12.4.1.1 set switch system name
Use this command to set switch system name.
Set switch system name:
Operation
Command
Set switch system name
hostname WORD
12.4.1.2 set system clock
Use this command to set system clock.
123

Operation Manual
Set system clock:
Operation
Set system clock
Chapter 12
System management
Command
clock set HH:MM:SS <1-31> <1-12>
<2000-2100>
12.4.2 show system status and system information

After the above configuration, execute the command show to show the operation state after
information.
Show system state and system information:
Operation
command
Show system state and system
show system
information
12.4.3 network communication test

1. ping
Use command ping to check if network connection and host is reachable. The command
ping can be used under any vision.
ping command:
operation
Test network connectivity
command
ping (A.B.C.D)
ping (A.B.C.D) (-n|-l|-w) <1-2048>
ping (A.B.C.D) (-n|-l|-w) <1-2048> (-n|-l|-w) <1-20
48>
ping (A.B.C.D) (-n|-l|-w) <1-2048> (-n|-l|-w) <1-20
48> (-n|-l|-w) <1-2048>
ping (A.B.C.D) (-n|-l|-w) <1-2048> (-n|-l|-w) <1-20
48> -t
ping (A.B.C.D) (-n|-l|-w) <1-2048> -t
ping (A.B.C.D) -t
2. traceroute
Use command traceroute to test the gateway through which the message is sent from the
host to destination. This command is to check if the network connection is reachable,
which can help user analyse network fault.
tracert execution is: the sending host first send a data packet with TTL as 1, so the firsy
hop send back an ICMP error information to designate this data packet can be transmit
124

Operation Manual
Chapter 12
System management
(because TTL is timeout, after that, this data packet is retransmit, TTL is 2, the second
hop return TTL and be timeout, this procedure is repeat until arrive destination. The
purpose of this procedure is to record each ICMP TTL timeout source address, and provide
a path of an IP data packet to arrive destination.
Traceroute command:
operation
command
Traceroute command
traceroute (A.B.C.D) [<1-255>]
12.5 SNMP configuration

12.5.1 SNMP protocol introduction
Currently, the most widely used network management protocol is SNMPSimple
Network ManagementProtocol. SNMP is a widely-used industrial standard, which can
assure the management information to be transmitting between two points, flexible for
network administrator to search and modify information, find fault, diagnose fault ,
capacity schedule and make report at any node in network. SNMP is using polling system,
only provide the basic function, especially suitable for small-scale, fast and low-price
environment. SNMP can implement unconnected transmission layer protocol UDP.
SNMP is divided into two parts: NMS and Agent, NMSNetwork Management
Station, is work station of opearating client procedure, the general network management
platform is Sun NetManager and IBM NetView; Agent is the software operating on
network device server. NMS can send GetRequest, GetNextRequest and SetRequest to
Agent, After Agent received NMS request, execute Read or Write with message type,
forming Response message, then send back the message to NMS. When Agent discover
the abnormal situation like reboot, it also send Trap message to NMS, and report the event
to NMS.
12.5.2 SNMP version and supported MIB

In order to uniquely identify device management variable in SNMP message, SNMP
use layer structure naming solution to identify management object. The management
object integration named with layer structure is like a tree, the tree node represents for the
management object, shown as the following figure. The management object can be
identified from the beginning path of the root.
125

Operation Manual
Chapter 12
System management
Figure 12-5 MIB tree structure

MIBManagement Information Baseia to describe the layer structure of the tree, it is
the integration of the monitored network device standard variable definition. In above
figure, the management object B is uniquely identified with a string number {1.2.1.1}, this
string number is Object Identifier of the management object.
SNMP Agent in Ethernet switch supports SNMP V1, V2C and V3, supporting MIB
shown as below:
126

Operation Manual
Chapter 12
System management
12.5.3 configure SNMP

12.5.3.1 set community name
SNMPV1, SNMPV2C are using community name authentication. SNMP community is
named with a character string, that is called Community Name. SNMP community name is
to define the relationship of SNMP manager and SNMP agent. The community name is
similar to the password, which can control SNMP manager to access SNMP agent of
Ethernet switch.
Use can select one or multi feature related to the community name:
Definition of community can access MIB vision of all MIB object subset;
The community can access read-write or read-only authorization of MIB object. The
community with read-only authorization only can query device information, but the
community with read-write can configure the device.
127

Operation Manual
Chapter 12
System management
Set community name:

operation
Set community name
command
snmp community STRING (ro|rw)
snmp community STRING (ro|rw) view
VIEW-NAME
no snmp community STRING
12.5.3.2 set address of Trap destination host

Use this command to set or delete IP address of destination host which send Trap
information.
Set address of Trap destination host:
operation
Configure IP address and version of
snmp trap server
command
snmp trap-server A.B.C.D <1-65535>
SECURITYNAME (v1|v2|v3)
snmp trap-server A.B.C.D <1-65535>
SECURITYNAME v3 (auth|priv)
snmp trap-server A.B.C.D SECURITYNAME
(v1|v2|v3)
snmp trap-server A.B.C.D SECURITYNAME
v3 (auth|priv)
12.5.4 SNMP display and debug

After above configuration, execute show command to show operation after configuration
in any view, then configuration effect can be proved.
SNMP display and debug:
operation
command
Show snmp current community
show snmp community
configuration information
Show snmp trap server information
show snmp trap-server
Show snmp memory distribution
show memory snmp
information
128

Operation Manual
Chapter 12
System management
12.5.5 SNMP configuration instance

NMS is connected with Ethernet switch through Ethernet, NMS IP address is
129.102.149.23, IP address of Ethernet switch VLAN interface is 129.102.0.1. Configure
the switch as below: set community name and access authority, administrator identifier,
contact method and switch location, permit switch to send Trap information.
Figure 12-6 SNMP configuration instance

# enter global view
S2200ME#configure
S2200ME(config)#
# set community name:
S2200ME(config)#snmp community public rw
# set network management IP address to be 129.102.0.1.
S2200ME(config)#system
S2200ME(config-system)#ip address 129.102.0.1/24
# permit NMS 129.102.149.23 to send Trap message, the community name is public.
S2200ME(config)#snmp trap-server 129.102.149.23 v2
4. configure NMS
The PC of network management need to be set for logging. For Mib-Browser, the setting is:
129

Operation Manual
Chapter 12
System management
SNMPV1, V2 use default community name public to log on.
12.6 SNTP configuration

12.6.1 SNTP introduction
12.6.1.1 SNTP usage
Since the network topology become more and more complex, the device clock
synchronism of whole network will be important. SNTPSimple Network Time Protocol
is to issue TCP/IP protocol of precious time in whole network.
SNTP can provide uniformity for the following application:
When incremental backup between backup server and client, assure clock
synchronism between two systems;
When using multi system to deal with complex event, assure multi system refer to
identical clock, and guarantee the correct order of the event;
Assure RPC among the system can be normally operating;
Provide the user with the time information of the operation such as logging on
system or modify the file.
12.6.1.2 SNTP basic working principle
SNTP basic working principle is shown as below:
130

Operation Manual
Chapter 12
System management
Figure 12-7 NTP basic principle

In above figure, Ethernet switch A is connected with Ethernet switch B through Ethernet
port, they have independent system clock, in order to implement auto synchronism of
system clock, we can suppose:
Before Ethernet A and B system clock synchronism, Ethernet switch A clock is set to
be 10:00:00am, Ethernet switch B clock is set to be 11:00:00am.
Make Ethernet switch B to be NTP time server, that means Ethernet switch A make
its own clock to be synchronous with Ethernet switch B clock.
The time of data packet transmitting between Ethernet A and B in single direction is
1.
The work of system clock synchronism is shown as below:
Ethernet switch A send a NTP information packet to Ethernet switch B, the
information packet has time mark of the time when it left Ethernet switch A, the time
mark is 10:00:00amT1.
131

Operation Manual
Chapter 12
System management
When this NTP information packet reach to Ethernet switch B, Ethernet switch B
add its own time mark, the time mark is 11:00:01amT2.
When this NTP information packet leave Ethernet switch B, Ethernet switch B add
its own time mark, the time mark is 11:00:02amT3.
When Ethernet switch A receive response information packet, add a new time mark,
the time mark is 10:00:03amT4.
Till now, Ethernet switch A has possessed enough information to calculate two key
parameters:
Delay of NTP information one come-and-go period: Delay=T4-T1-T3-T2
Offset of Ethernet switch A compared with Ethernet switch B: offset=T2-T1+
T4-T3/2
Then Ethernet switch A can set its own clock with the information, and make it
synchronous with Ethernet switch B.
The above content is description to NTP work principle, the detailed content can refer to
RFC1305.
12.6.2 SNTP protocol configuration

12.6.2.1 set SNTP role
Use this command to set SNTP role.
Set SNTP role:
Operation
Command
Set SNTP role
sntp (client|none)
12.6.2.2 set switch SNTP client server IP address
Use this command to set switch SNTP client-end server IP address.
Set switch SNTP client-end server IP address:
Operation
Command
Set switch SNTP Client-end Server
sntp peer ip-address (A.B.C.D)
IP address
12.6.3 SNTP display and debug

After the above configuration, execute the command show to show the operation status
132

Operation Manual
Chapter 12
System management
after configuration under any visions, validate the configuration effect with the displayed
information.
SNTP display and debug:
Operation
Show SNTP configuration
Command
show sntp
12.6.4 SNTP typical configuration instance

Switch 1 set local clock to be SNTP master clock. Layer number is 2, Switch 2 is using
Switch 1 to be time server, and make it to be server mode, Switch 2 is client mode.
Attention: Switch 1 is the switch supporting local clock to be master clock
Switch 1
Switch 2
Figure 12-8 NTP typical configuration

(1) configure Ethernet Switch 2
S2200ME#configure
S2200ME(config-vlan-1)#sntp client
12.7 ARP list management

12.7.1 ARP introduction
ARP provide dynamic mapping from IP address to MAC address.
12.7.2 ARP configuration

12.7.2.1 flush ARP list configuration
133

Operation Manual
Chapter 12
System management
Configure flush ARP list, the system will completely flush all ARP list learned in dynamic
mode.
Flush ARP list configuration:
operation
command
Flush ARP list
no ip arp
12.7.2.2 system ARP list aging time configuration
Configure ARP list aging, system will flush learned ARP list.
Configure ARP list aging time:
operation
command
Configure ARP list aging time
ip arp aging-time <60-1200>
12.7.2.3 system static ARP configuration
Configue static ARP list,and this list will not be aging.
operation
command
Configue static ARP list
ip arp (A.B.C.D) (AA:BB:CC:DD:EE:FF)interfa
ce <1-64>
12.8 IPV6
12.8.1 IPV6 introduction
Since IPV4 address become more and more lacking, IPV6 is supported by next
generation switch, providing widely address space, and solve the problem that IP address is
lack. This switch support IPV6 neighbour discover, supporting management with Telnet
IPV6, supporting configuration function such as default gateway.
12.8.2 IPV6 configuration

12.8.2.1 IPV6 debug and display
operation
IPV6pingoperation
Debug IPV6 switch configuration
command
ping6 (X:X::X:X)
ping6 (X:X::X:X) <1-60000>
debug ipv6 ndp
debug ipv6 ndp event
debug ipv6 packet
debug ipv6 packet (in|out)
debug ipv6 packet destination (X:X::X:X)
134

Operation Manual
Disable debug IPV6 switch

configuration
Show IPV6 neighbour information
Chapter 12
System management
debug ipv6 routing

debug ipv6 tcp
debug ipv6 tcp out
debug ipv6 udp
no debug ipv6 all
no debug ipv6 ndp
no debug ipv6 ndp event
no debug ipv6 packet
no debug ipv6 packet (in|out)
no debug ipv6 routing
no debug ipv6 tcp
no debug ipv6 tcp out
no debug ipv6 udp
show ipv6 neighbor
12.8.2. 2 system IPV6 address configuration

Configure system IPV6 address, switch can use IPV6 address for management and access
to network resource.
operation
command
System IPV6 address configuration ipv6 address (X:X::X:X/M)
ipv6 address (X:X::X:X/M) (unicast|anycast)
Delete system IPV6 address
no ipv6 address
no ipv6 address (X:X::X:X)
12.8.2. 3 sysstem IPV6 default gateway configuration
operation
System IPV6 default gateway
configuration
Delete system IPV6 default
gateway
command
ipv6 gateway (X :X ::X :X)
no ipv6 gateway
12.8.2.4 system IPV6 mtu configuration

operation
IPV6 mtu configuration
command
ipv6 mtu (<1000-2000>|default)
12.8.2.5 port IPV6 neighbour configuration

operation
Port IPV6 neighbour configuration
command
ipv6 neighbor (X:X::X:X)
135

Operation Manual
Delete IPV6 neighbour

configuration
Chapter 12
System management
(AA:BB:CC:DD:EE:FF)
no ipv6 neighbor (X:X::X:X)
136

Operation Manual
Chapter 13
VLAN switching
Chapter 13 VLAN mapping

13.1 VLAN mapping
13.1.1 VLAN mapping introduction

This function is to switch vlan tag of user data from accessing vlan into vlan
operated by telecom carriers.
Shown as above figure, data sent by user 1 is vlan tag 1,2,3, data sent by user 2
is vlan tag 1,2,3 too. If you want vlan tag 1 data of user 1 is forward in vlan 101 on
uplink, vlan tag 2 data is forward in vlan 201 on uplink, and vlan tag 3 data is
forward in vlan 301 on uplink; vlan tag 1 data of user 2 is forward in vlan 102 on
uplink, vlan tag 2 data is forward in vlan 202 on uplink, vlan tag 3 data is forward in
vlan 302 on uplink, then you need to connect downlink port of user 1 with switch,
and transmit data of vlan tag 1,2,3 into the data of vlan tag 101,201,301, then
forward them from uplink port; connect downlink port of user 2 with switch, and
transmit data of vlan tag 1,2,3 into the data of vlan tag 102,202,302, then forward
them from uplink port.
VLAN mapping is used not only for uplink, but also for return. For example,
transmit vlan tag 1 into vlan tag 101 when uplink, then transmit vlan tag 101 into
vlan tag 1 for return, then the data of uplink and downlink will keep normal
communicating.
S2200ME single port can support 16 vlan mapping list at most; you should
designate uplink port, not permit to enable vlan mapping on uplink port.
13.1.2 VLAN mapping configuration

13.1.2.1 configure vlan mapping rule list in global mode
137

Operation Manual
Chapter 13
VLAN switching
The first parameter <1-4094> isrule list No., the second and the third is transmission
source and destination vlan No.
S2200ME (config)#translation-vlan <1-4094> <1-4094> mapped <1-4094>
operation
command
Configure vlan mappoing
translation-vlan <1-4094> <1-4094> mapped
<1-4094>
13.1.2.2Enable/disable corresponding vlan transmission rule list on port
The parameter <1-4094> is the corresponding rule list No., it is corresponding to the
first parameter of command 1.2.1, and designate uplink port:
operation
command
Enable port vlan mapping
join translation-vlan VLANLIST uplink <1-64>
Disable port vlan mapping
quit translation-vlan VLANLIST
13.1.2.3Enable/disable Nto1 vlan mappint
operation
Enable/disable Nto1 vlan mappint
command
translation-vlan nto1 (enable|disable)
13.1.3 VLAN mapping display and debug

13.1.3.1 show vlan mapping rule list
operation
Show vlan mapping rule list
command
show translation-vlan mapped
13.1.3.2 show information that port is enable vlan mapping

operation
Show information that port is
enable vlan mapping
command
show interface translation-vlan [<1-64>]
13.1.4 VLAN mapping configuration

13.1.4.1 configure 6 vlan mapping instance
S2200ME(config)#translation-vlan 1 1 mapped 101
13.1.4.2 Port 1 is applied to instance 1-3, adopting batch configuration, Port 2 is applied to
138

Operation Manual
Chapter 13
VLAN switching
instance 4-6, adopting batch configuration, configure vlan mapping uplink to be Port 3:
S2200ME (config-eth-1)#join translation-vlan 1-3 uplink 3
S2200ME(config-eth-1)#int e 2
S2200ME(config-eth-2)#join translation-vlan 4-6 uplink 3
Show vlan translation list
S2200ME#sh translation-vlan mapped
Index VID
Map-VID
1
1
101
2
2
201
3
3
301
4
1
102
5
2
202
6
3
302
13.1.4.3 show whether port is enabled or not
S2200ME#show interface translation-vlan 1
If
Translation-vlan
Uplink Nto1Status
1
1
3
disable
1
2
3
disable
1
3
3
disable
S2200ME#show interface translation-vlan 2
If
Translation-vlan
Uplink Nto1Status
2
4
3
disable
2
5
3
disable
2
6
3
disable
13.1.4 Nto1 VLAN mapping configuration

S2200ME (config-eth-1)#translation-vlan nto1 enable
S2200ME (config-eth-1)#join translation-vlan 1-10 uplink 2
139

Operation Manual
Chapter 14
Voice VLAN
Chapter 14 Voice VLAN

14.1 Voice VLAN
14.1.1 Voice VLAN introduction
VoIP phone become more and more popular, and take place of tranditional PBX, then
L2 switch should support IP phone application and transmit for VoIP message to mark
high priority,assuring voice flow fast forwarding without delay and voice security is
reliable.
Voice VLAN is the VLAN divided for user voice data flow. Then add
theportconnecting with voice device into Voice VLAN by dividing Voice VLAN,
configure QoS for voice data, improve transmission priority of voice flow and assure
communication quality.
The switch supporting Voice VLAN can justify whether data flow is voicedata flow
with source MAC address of entering data message, the message conforming to system
voice device OIU address in source MAC address is considered to be voice data flow,
divided into Voice VLAN and transmitting. OIU address is the front 24 bits of MAC
address, which is Organizationally unique identifier assigned for differenet device
providers, with OIU address, device manufacturer can be guessed.
14.1.2 Voice VLAN configuration

14.1.2.1 global enable Voice VLAN
In order to control whether Voice VLAN forward voice data flow, use the following
command to enable Voice VLAN.
Enable Voice VLAN
operation
command
voice-vlan <2-4094> enable
Enable Voice VLAN
As default, disable Voice VLAN.
14.1.2.2 global disable Voice VLAN
In order to control whether Voice VLAN forward voice data flow, use the following
command to disable Voice VLAN.
Disable Voice VLAN
140

Operation Manual
operation
Disable Voice VLAN
Chapter 13
VLAN switch
command
no voice-vlan <2-4094> enable
14.1.2.3 set OUI address

In order to improve voice data flow transmission priority, use the following command to
set OUT address.
Set OUT address:
operation
command
Set OUI address
voice-vlan mac (AA:BB:CC:DD:EE:FF) mask
(AA:BB:CC:DD:EE:FF) description DESC
14.1.2.4 delete OUI address
In order to delete voice data flow transmission priority, use the following command to
delete related OUT address.
Delete OUT address:
Operation
command
Delete OUI address
no voice-vlan mac (AA:BB:CC:DD:EE:FF) mask
(AA:BB:CC:DD:EE:FF)
14.1.2.5 set Voice VLAN security mode
In order to protect Voice VLAN security, prevent non-OUT address data flow, use the
following command to set Voice VLAN security mode.
Set Voice VLAN security mode:
Operation
command
Set Voice VLAN security mode
voice-vlan security enable
As default, enable Voice VLAN security mode.
14.1.2.6 set Voice VLAN ordinary mode
In order to make all data flow pass through, use this command to set Voice VLAN security
mode
operation
command
Set Voice VLAN security mode
no voice-vlan security enable
14.1.2.7 enable/disable port Voice VLAN
In order to control whether port forward voice data flow, use this command to
enable/diable Voice VLAN.
141

Operation Manual
Chapter 13
VLAN switch
Enable/disable port Voice VLAN:

operation
command
Enable/disable port Voice VLAN
voice-vlan (enable|disable)
As default, disable port Voice VLAN.
14.1.2.8 set port auto mode
In order to control port to join Voice VLAN, use the following command to auto-join Voice
VLAN.
Set port auto mode:
operation
command
Set port auto mode
voice-vlan mode auto
As default, set port to be auto mode.
14.1.2.9 set port auto mode
In order to control port to join Voice VLAN, use the following command to join Voice
VLAN.
Set port auto mode:
operation
command
Set port auto mode
no voice-vlan mode auto
14.1.3 Voice VLAN transmission display debug

After above configuration, execute show command to show operation after configuration.
Display and debug of Voice VLAN:
Operation
command
Show Voice VLAN status
show voice-vlan status
Show OUI address setting
show voice-vlan oui
information
14.1.4 Voice VLAN configuration

14.1.4.1set Voice VLAN security mode, VLAN 2 is used as Voice VLAN
S2200ME(config)#voice-vlan 2 enable
S2200ME(config)#voice-vlan security enable
14.1.4.2 set Voice VLAN ordinary mode, VLAN 2 is used as Voice VLAN
S2200ME(config)#no voice-vlan security enable
142

Operation Manual
14.1.4.3 set port auto mode, VLAN 2 is used as Voice VLAN
S2200ME (config-eth-1)#voice-vlan enable
S2200ME (config-eth-1)# voice-vlan mode auto
S2200ME (config-eth-1)# pvid 2
14.1.4.4 set port manual mode, VLAN 2 is used as Voice VLAN
S2200ME (config-eth-1)#voice-vlan enable
S2200ME (config-eth-1)#no voice-vlan mode auto
S2200ME (config-eth-1)#join vlan 2 tagged
S2200ME (config-eth-1)# pvid 2
14.1.4.4 show Voice VLAN
S2200ME#show voice-vlan status
Voice vlan configuration:
Voice vlan stauts : enable
Voice vlan ID : 2
Voice vlan security mode : enable
Port Information
Interface Mode
1
auto
S2200ME#show voice-vlan oui
OuiMac
Mask
00:02:03:00:00:00 ff:ff:ff:00:00:00
00:03:03:00:00:00 ff:ff:ff:00:00:00
Description
com
143
Chapter 13
VLAN switch

Operation Manual
Chapter 15
802.3ah
Chapter 15 802.3ah
15.1 802.3ah
15.1.1 802.3ah introduction
Ethernet OAM is a protocol to install, monitor and maintain Ethernet and MAN. It
depend on a new and optional SubLayer in data link layer. Ethernet OAM can be operating
on any full-duplex P2P or emulated P2P Ethernet link. The normal link operation does not
need Ethernet OAM, OAM data frame is using slow protocol destination MAC address
0180.c200.0002. They will be intercepted by MAC SubLayer, unable to transmit among
multi hops in one Ethernet.
15.1.2 802.3ah configuration

15.1.2.1 enable/disable port OAM
In order to control port OAM, use the following command to enable/disable OAM.
Enable/disable port OAM:
Operation
command
Enable/disable port OAM
ethernet oam (enable|disable)
As default, port disable OAM.
15.1.2.2 configure port OAM mode
In order to set port role, use the following command to configure OAM mode.
Configure port OAM mode:
Operation
command
Configure port OAM mode
ethernet oam mode (active|passive)
As default, port is active mode.
15.1.2.3 configure max transmission rate of OAM
The max transmission rate limit bandwidth occupied by OAM, assuring only a certain
number OAM will be transmit within a certain interval, the range is 1~10, the default is 10.
operation
command
Configure OAM max transmission
ethernet oam max-rate <1-10>
rate
15.1.2.4 configure min transmission interval of OAM
The min transmission interval is maintaining dialogue between two OAM, that is,
only one OAM can be sent out within this interval. The range is 1~10, the default is 1
144

Operation Manual
Chapter 15
802.3ah
second.
operation
Configure OAM min transmission
interval
command
ethernet oam min-rate <1-10>
15.1.2.5 configure OAM discover timeout

If local OAM has not received the peer end OAMPDU within timeout, we consider
the connection is failed, then discovery again. The range is 2~30, the default is 5 second.
operation
command
Configure OAM discover timeout
ethernet oam timeout <2-30>
As default, OAM discover timeout is 5s.
15.1.2.6 configure loopback response timeout
In order to set OAM loopback response timeout, use this command to set.
Configure loopback response timeout:
Operation
command
Configure loopback response
ethernet oam remote-loopback timeout <2-30>
timeout
As default, loopback response timeout is 1s.
15.1.2.7 enable/disable loopback support
In order to enable loopback, use this command to enable/disable loopback support.
Enable/disable loopback support:
Operation
command
Enable/disable loopback support
ethernet oam remote-loopback
supported|unsupported
As default, not support loopback.
15.1.2.8 enable/disable loopback
In order to enable loopback, use the following command to enable/.disable loopback.
Enable/disable loopback:
operation
command
enable/disable loopback
ethernet oam remote-loopbackstart|stop
As default, disable loopback.
15.1.2.9 enable/disable link detection
145

Operation Manual
Chapter 15
802.3ah
In order to enable link detection, use the following command to enable/disable link
detection.
Enable/disable link detection:
Operation
command
Enable/disable link detection
ethernet oam link-monitor
supported|unsupported
As default, enable link detection.
15.1.2.10 configure window and threshold of error symbol period
The detection of error symbol period is enabled.
operation
command
Configure window and threshold of ethernet oam link-monitor symbol-period
error symbol period
threshold <1-65535> window <1-65535>
Disable detection of error symbol no ethernet oam link-monitor symbol-period
period
As default, the window size is 1000000 symbol as default, the threshold is 1 as default.
15.1.2.11 configure error frame window and threshold
In order to configure error frame window and threshold, use the following command to set.
Configure error frame window and threshold:
operation
command
Configure window and threshold of ethernet oam link-monitor frame threshold
error frame
<1-65535> window <10-600>
Disable detection of error frame
no ethernet oam link-monitor symbol-period
As default, the window size is 10s, threshold is 1.
15.1.2.12 configure window and threshold of error frame period
In order to configure window and threshold of error frame period, use the following
command to set.
Configure window and threshold of error frame period:
operation
command
Configure window and threshold of ethernet oam link-monitor frame-period
error frame period
Disable detection of error frame
period
As default, window size is 10s, threshold size is 1.
146

Operation Manual
Chapter 15
802.3ah
15.1.2.13 configure window and threshold of error second

In order to configure window and threshold of error second, use the following command to
set.
Configure window and threshold of error second:
operation
command
Configure window and threshold
ethernet
oam
link-monitor
frame-second
of error second
Disable detection of error second
period
As default, window size is 100s, threshold is 1 errpr frame second.
15.1.2.14configure action operation for error
In order to configure action operation for error, use the following command to realize.
Configure action operation for error:
operation
command
Configure action operation for
ethernet oam link-monitor high-threshold
error
action disable-on-error | trap | none
15.1.3 802.3ah display and debug

After above configuration, execute show command to show operation after configuration.
802.3ah display and debug:
operation
command
Show two ends discovery
show interface ethernet oam discovery <1-64>
information
Show local OAM entity basic
show interface ethernet oam status <1-64>
information
Show local OAM entity OAMPDU
show interface ethernet oam statistics <1-64>
transmitting and receiving number,
and local and remote error statistics
15.1.4 802.3ah configuration

Port enable OAM function.
147

Operation Manual
Chapter 15
802.3ah
Figure 15-1 802.3ah configuration instance

# enter global view
S2200ME#configure
S2200ME(config)#
# enter port
# port enable OAM function
S2200ME(config-eth-1)# ethernet oam enable
148

Operation Manual
Chapter 16
802.1ag
Chapter 16 802.1ag
16.1 802.1ag
16.1.1 802.1ag introduction
802.1ag is a standard for creating Ethernet OAM, providing carrier operation,
maintenance and management.
16.1.2 802.1ag configuration

16.1.2.1 set aging time of connecting database
In order to set aging time of connecting database, use the following command to realize.
Set aging time of connecting database:
operation
command
Set aging time of connecting
ccdb aging-time (<1-1440>|default)
database
As default, aging time of connecting database is 10 minutes.
16.1.2.2 create md instance
In order to create md instance, use the following command to realize.
Create md instance:
operation
command
Create md instance
md <1-256> name STRING level <0-7>
Delete md instance
no md (<1-256>|all)
16.1.2.3 set packet transmission interval for ma node connection detection

In order to set packet transmission interval for ma node connection detection, use the
following command to realize.
operation
Set packet transmission interval
for ma node connection detection.
command
ma <1-256>/<1-256> cc-interval
(10s|1min|10min|default)
16.1.2.4 create ma instance

In order to create ma instance, use the following command to realize.
Create ma instance:
149

Operation Manual
operation
Create ma instance
Chapter 16
802.1ag
command
ma <1-256>/<1-256> name STRING vlan
<1-4094>
no ma <1-256>/<1-256>
Delete ma instance
16.1.2.5 create mep instance
In order to create mep instance, use the following command to realize.

operation
Create mep instance
Delete mep instance
command
mep <1-256>/<1-256>/<1-8191> direction
(up|down)
no mep <1-256>/<1-256>/<1-8191>
16.1.2.6 set mac address of mep node

In order to set mep node mac address, use the following command to set.
operation
Command
Set mep node mac address
mep <1-256>/<1-256>/<1-8191> mac
(AA:BB:CC:DD:EE:FF)
16.1.2.7 set remote mep index and MAC address of local mep
In order to set remote mep index and MAC address of local mep, use the following
command to realize.
operation
command
Set remote mep index and MAC
mep <1-256>/<1-256>/<1-8191> remote-mepid
address of local mep.
<1-8191> remote-mac (AA:BB:CC:DD:EE:FF)
No remote mep index and MAC
no mep <1-256>/<1-256>/<1-8191> remote-mepid
address of local mep
<1-8191>
16.1.2.8 configure whether mep is valid
In order to configure whether mep is valid, use the following command to realize.
operation
Configure whether mep is valid
command
cc mep <1-256>/<1-256>/<1-8191>
(enable|disable)
16.1.2.9 create mip instance

150

Operation Manual
Chapter 16
802.1ag
Use this command to create mip instance.

operation
Create mip instance
Delete mip instance
command
mip <1-256>/<1-256>/<1-8191>
no mip <1-256>/<1-256>/<1-8191>
16.1.2.10 set mac address of designated mip node

Use this command to set mac address of designated mip node.
operation
command
Set mac address of designated
mip <1-256>/<1-256>/<1-8191> mac
mip node
(AA:BB:CC:DD:EE:FF)
16.1.2.11 configure designated mep to linktrace to destination address
Use this command to configure designated mep to linktrace to destination address.
operation
command
configure designated mep to
linktrace (AA:BB:CC:DD:EE:FF) mep
linktrace to destination address
<1-256>/<1-256>/<1-8191> ttl <1-255>
mipccdb (disable|enable)
linktrace (AA:BB:CC:DD:EE:FF) mep <1-256>/<1-256>
/<1-8191>
linktrace (AA:BB:CC:DD:EE:FF) mep <1-256>/<1-256>
/<1-8191> ttl <1-255>
16.1.2.12 configure designated mep to loopback to destination address
Use this command to configure designated mep to loopback to destination address.
operation
command
Designated mep loopback to
loopback (AA:BB:CC:DD:EE:FF) mep
destination address
<1-256>/<1-256>/<1-8191> -c <1-100> timeout
<1-5>
16.1.2.14 configure window and threshold of error second
Use the following command to configure designated remote mep loopback.
operation
Command
Configure loopback for designated loopback rmepid <1-8191> mep
remote mep
<1-256>/ <1-8191>
151
<1-256>/

Operation Manual
Chapter 16
802.1ag
16.1.3 802.1ag display and debug

After above configuration, execute show command to show operation.
802.1ag display and debug:
operation
command
Query cfm cc attribute
show cfm cc state
Query md
show cfm md <1-256>
Query ma
show cfm ma <1-256>
Query local or remote mep
show cfm mep
Query ccm error information

through mep
Query ccm error information
through special mep
Query local mep information
show cfm errorccm mep
Query remote mep information
show cfm remote mep
Query remote special mep

information
Query local mip information
show
cfm
remote
<1-256>/<1-256>/<1-8191>
show cfm local mip
Query cfm
show cfm
Enable module debug
debug cfm module (ethcc|ethlb|ethlt|main|alarm

|all)
no debug cfm module (ethcc|ethlb|ethlt|main|
alarm|all)
debug
cfm
packet
(ethccsend|ethccrecv|ethlbsend|
ethlbrecv|ethltsend|ethltrecv|all)
no
debug
cfm
packet
(ethccsend|ethccrecv|ethlbsend|
ethlbrecv|ethltsend|ethltrecv|all)
Disable module debug

Enable cfm packet debug
Disable cfm packet debug
show
cfm
errorccm
<1-256>/<1-256>/<1-8191>
show cfm local mep
16.1.4 802.1ag configuration

16.1.4.1 configure mep
S2200ME(config)# interface vlan 300
S2200ME(config)# cfm
S2200ME (config- cfm)# md 3 name ClientMD3 level 3
S2200ME (config- cfm)# ma 3/3 name ClientMA3 vlan 300
152
mep
mep

Operation Manual
S2200ME (config- cfm)#quit
S2200ME (config-eth-1)# join vlan 300 tagged
S2200ME (config-eth-1)# mep 3/3/2 dir down
16.1.4.2 configure mip
S2200ME(config)# interface vlan 300
S2200ME(config)# cfm
S2200ME (config- cfm)# md 3 name ClientMD3 level 3
S2200ME (config- cfm)# ma 3/3 name ClientMA3 vlan 300
S2200ME (config- cfm)#quit
S2200ME (config-eth-1)# join vlan 300 tagged
S2200ME (config-eth-1)# mip 3/3/1
153
Chapter 16
802.1ag

Operation Manual
Chapter 17
E-LMI
Chapter 17 E-LMI
17.1 E-LMI
17.1.1 E-LMI introduction
MEF refers to FR-LMI (frame relay-local management interface), which defined
E-LMI(Ethernet-local management interface). E-LMI is aiming for OAM protocol of user
UNI (ultimate network interface), which is mainly working between user edge device and
provider edge device. E-LMI make service provider auto configure CE with bought service.
The auto configuration of CE reduces the work of service creation, also reduce
harmonization between service provider and enterprise user. Therefore, enterprise user
have no need to know configuration of CE, which is configured and monitored by service
provider, reducing risk of human wrong operation. E-LMI provides EVC status
information, if EVC error is discovered (by 802.1ag), the service provider edge device will
notify CE about error, then the accessing route will be immediately switch.
17.1.2 E-LMI configuration

17.1.2.1 global enable/disable E-LMI protocol
Use the following command to global enable/disable E-LMI protocol.
Global enable/disable ELMI protocol:
Operation
command
Global enable/disable E-LMI
elmi (enable|disable)
protocol
As default, E-LMI protocol is disabled.
17.1.2.2 configure E-LMI mode
Use this command to configure E-LMI mode.
Operation
Configure E-LMI mode
elmi type (pe|ce)
command
17.1.2.3 create EVC

Use this command to create EVC.
Operation
Create EVC
command
elmi evc-identifier NAME
Delete EVC
no elmi evc-identifier NAME

154

Operation Manual
Chapter 17
E-LMI
17.1.2.4 configure UNI number bound by EVC

Use this command to configure UNI number that EVC can bind.
operation
command
Configure UNI number that EVC
evc unicount <2-1024>
can bind
17.1.2.5 configure EVC bandwidth limit
Use this command to configure EVC bandwidth limit.
operation
command
Configure EVC bandwidth limit
evc cir <0-160000> eir <0-160000> cbs
<0-160000> ebs <0-160000> color-mode
(aware|blind) coupling-flag (enable|disable)
match <0-7>
17.1.2.6 enable/disable interface E-LMI protocol
Use this command to enable/disable E-LMI protocol.
operation
command
enable/disable interface E-LMI
elmi (enable|disable)
protocol
17.1.2.7 configure interface UNI ID
Use this command to configure interface UNI ID.
operation
command
Configure interface UNI ID
elmi uni identifier NAME
17.1.2.8 set UNI mapping type

Use this command to set UNI mapping type.
operation
command
Set UNI mapping type
elmi uni map-type
(all-to-one|multiplex|bundling)
17.1.2.9 set UNI bandwidth limit
Use this command to set UNI bandwidth limit.
operation
command
Set UNI bandwidth limit
elmi uni map-type
no elmi uni map-type
UNI
155

Operation Manual
Chapter 17
E-LMI
17.1.2.10 set UNI polling counter

Use this command to set UNI polling counter.
operation
command
Set UNI polling counter
elmi uni pollcnt <1-65000>
As default, UNI polling counter is 4 second.
17.1.2.11 set UNI t391 polling timer
Use this command to set UNI t391 polling timer.
Operation
command
Set UNI t391 polling timer
elmi uni poll-time <5-30>
As default, UNI t391 polling timer is 10 second, only valid on ce.
17.1.2.12 set UNI t392 timer
Use this command to set UNI t392 timer.
operation
command
Set UNI t392 timer
elmi uni poll-v-time <5-30>
As default, UNI t392 polling timer is 10 second, only valid on pe.
17.1.2.13 configure service and evc binding on interface
Use this command to configure service and evc binding on interface.
operation
command
Configure service and evc binding
elmi service-instance <1-4094> (add|remove)
on interface
VLANLIST
No service and evc binding on
no elmi service-instance <1-4094>
interface
17.1.2.14 add/delete vlan on interface
Use this command to add/delete vlan on interface.
operation
command
Add/delete vlan on interface
elmi service-instance <1-4094> (add|remove)
<1-4094>
17.1.3 E-LMI display and debug

After above configuration, execute show command to show opration and prove the
156

Operation Manual
configuration effect.
E-LMI display and debug:
Operation
Show E-LMI global information
Show E-LMI all EVC information
Show designated EVC information
Show all UNI information
Show UNI of designated interface
Show UNI statistics of designated
interface
command
show elmi global
show elmi evc
show elmi evc NAME
show elmi uni
show elmi uni <1-64>
show elmi uni <1-64> statistic
17.1.4 E-LMI configuration

17.1.4.1 configure PE
S2200ME-PE(config)#elmi enable
S2200ME-PE(config)#elmi type pe
S2200ME-PE(config)#elmi evc evc0
S2200ME-PE(config-evc)#evc unicount 2
S2200ME-PE (config-eth-1)#elmi uni map-type multiplex
S2200ME-PE (config-eth-1)#elmi uni poll-v-time 10
S2200ME-PE (config-eth-1)#elmi uni status-cnt 4
S2200ME-PE (config-eth-1)#elmi uni cir 2 eir 2 cbs 2 ebs 2
S2200ME-PE (config-eth-1)#elmi service-instance 1 evc evc0
17.1.4.2 configure CE
S2200ME-CE(config)#elmi enable
S2200ME-CE(config)#elmi type ce
S2200ME-CE (config-eth-1)#elmi uni poll-time 10
S2200ME-CE (config-eth-1)#elmi uni pollcnt 10
S2200ME-CE (config-eth-1)#elmi uni status-cnt 4
157
Chapter 17
E-LMI

Operation Manual
Chapter 18
LLDP
Chapter 18 LLDP
18.1 LLDP
18.1.1 LLDP introduction
LLDP(Link Layer Discovery Protocol)is a new protocol of 802.1AB, which
can make neighbour device send status notification to other device, and each port
of all device can save its own information, even send update information to
connected neighbour device if needed, the neighbour device will save the
information into standard SNMP MIBs. The network management system will
query current connection of L2 from MIB. With the information, network
management system can exactly discover and simulate physical network topology
structure. LLDP will not configure and control network element or flow, it only
report configuration of L2.
Generally speaking, LLDP is a neighbouring discovery protocol. It

defined a standard mothod with Ethernet network device, such as switch,
router and wireless LAN accessing point. It can make device notify its
existing to other node, and save discovery of each neighbour device, for
example, device configuration and device identification can be notify with
this protocol.
18.1.2 LLDP configuration

18.1.2.1 configure LLDP trap frame sending interval
this command is to configure LLDP trap frame sending interval, unit is second, as default,
LLDP trap frame is sent every 5 seconds.
Operation
Command
Set trap frame sending time interval
lldp notification-interval (<5-3600>|default)
18.1.2.2 configure LLDP reinitialization time delay
This command is to configure time delay for LLDP port status from disabled to
reinitialization. The unit is 2 second, the default is 2 second.
Operation
Command
Set restart time delay
lldp reinit-delay (<1-10>|default)
158

Operation Manual
Chapter 18
LLDP
18.1.2.3 configure sending time delay of continuous two LLDP frame

This command is to configure sending time delay of continuous two LLDP frame.
Unit is second, the default sending time delay is 2 second.
Operation
Command
Set sending time delay
lldp tx-delay (<1-8192>|default)
18.1.2.4 configure interval times of sending LLDP frame
This command is to configure interval times of sending LLDP frame. The default is 4.
Operation
Command
Set times of sending frame interval
lldp tx-hold (<2-10>|default)
18.1.2.5 configure interval of sending LLDP
This command is to configure interval of sending LLDP. Unit is second, the default
is 30 second.
Operation
Command
Set interval of sending frame
lldp tx-interval (<5-32768>|default)
18.1.2.6 configure LLDP working mode
Configure interface LLDP working mode, the working mode is only to receive or send
LLDP data packet, and send LLDP data packet or this interface does not support LLDP
function.
Operation
Command
Configure working mode
lldp admin-status
(tx-only|rx-only|rx-tx|disable)
18.1.2.7 configure basic TLVoperation
Configure interface optional operation of basic TLV, control whether these optional
TLLV are included in LLDP data packet.
Operation
Command
Set whether port description TLV is
lldp basic-tlv-tx port-description
included in LLDP packet or not.
(enable|disable)
Set whether system name TLV is
lldp basic-tlv-tx system-name
included in LLDP packet or not.
(enable|disable)
Set system description TLV is included in
lldp basic-tlv-tx system-description
LLDP packet or not.
(enable|disable)
Set system capability TLV is included in
lldp basic-tlv-tx system-capability
LLDP packet or not.
(enable|disable)
Set whether all optional TLV in basic
lldp basic-tlv-tx all (enable|disable)
TLV is included in LLDP packet or not.
18.1.2.8 configure interface management address information
159

Operation Manual
Chapter 18
LLDP
Configure interface LLDP management address information.

Operation
Command
Enable or disable interface IP
lldp management-address (A.B.C.D)
management address
(enable|disable)
Enable or disable interface MAC
lldp management-address
management address
(AA:BB:CC:DD:EE:FF) (enable|disable)
18.1.2.9 configure trap control
Configure interface LLDP trap control
Operation
Set whether enable port trap
Command
lldp notification (enable|disable)
18.1.2.10 configure native information base on coordinate

configure native information base on coordinate
Operaton
configure native information base on
coordinate.
18.1.2.11configure the definion of
Command
lldp location-id
coordinate-address (south|north)
<0-90>.<0-99999999> (east|west)
<0-180>.<0-99999999> altitude
(meters|floors)
<-10000-10000>.<0-99999>
(wgs84|nad83|nad83-mllw)
IETF of Civic address
configure the definion of IETF of Civic address
configure the definion of IETF of Civic

address.
lldp location-id civic-address

<0-2> COUNTRYCODE
<0-255> CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
160

Operation Manual
Chapter 18
LLDP
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
161

Operation Manual
Chapter 18
LLDP
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
<0-2> COUNTRYCODE
<0-255> CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE <0-255>
CA-VALUE
18.1.3 LLDP display and debug

After above configuration, execute show command to show operation, then prove
configuration effect.
LLDP display and debug:
Operation
command
Show LLDP configuration
show lldp config
Show LLDP interface configuration
show lldp config interface
(fastethernet|gigaethernet|xgigaethernet|trunk)
<1-1>/<1-28>
Show LLDP interface
show lldp interface
<1-1>/<1-28>
Show LLDP interface detail
show lldp interface verbose
Show LLDP local information
show lldp local
Show LLDP local interface
show lldp local interface
information
<1-1>/<1-28>
Show LLDP remote information
show lldp remote
Show LLDP any remote information
show lldp remote <1-2147483647>
Show LLDP statistics
show lldp statistics
162

Operation Manual
Show LLDP interface statistics
Show LLDP memory
Chapter 18
LLDP
show lldp statistics interface

<1-1>/<1-28>
show memory lldp
18.1.4 LLDP configuration
s1
s2
Figure 18-1 configure instance topology structure

S1s interface 4 is connecting with S2s interface 1, S1 and S2 are configured as below:
S1s configuration:
S1(config)# interface ethernet 1
S1(config-eth-1)# lldp admin-status rx-tx
S2s configuration:
S2(config-eth-1)# lldp admin-status rx-tx
With above configuration, S1s interface 4 and S2s interface 1 can notify LLDP with each
other. If need to send LLDP trap to network management station and support accessing to
network management station, associated ip address and SNMP configuration are needed.
163

Operation Manual
Chapter 19
UDLD
Chapter 19 UDLD
19.1 UDLD
19.1.1 UDLD introduction
UDLDUniDirectional Link Detection Protoclcan monitor physical configuration of
cable for the device connecting with optical fiber or copper cable (e.g.: Cat.5 cable)
Ethernet cable, check if unidirectional link is exist. If unidirectional link, UDLD protocol
will disable influenced port and send trap to user.
19.1.2 UDLD configuration

19.1.2.1 configure interval of sending UDLD advertisement
This command is to configure interval of sending UDLD advertisement, unit is
second, send once every 10 second.
Operation
Command
Set interval of sending advertisement
udld advertise-interval (<2-15>|default)
19.1.2.2 configure shutdown mode for UDLD unidirectional channel interface
This command is to configure shutdown mode for UDLD unidirectional channel
interface. The default is manual mode.
Operation
Command
Set shutdowm mode for unidirectional udld uni-shutdown (hand|auto)
channel interface
19.1.2.3 configure UDLD working mode
This command is to configure UDLD working mode. The default is common mode.
Operation
Command
Set working mode
udld work-mode (normal|aggressive)
19.1.2.4 enable/disable interface UDLD protocol
This command is to enabledisable interface UDLD protocol. The default is disable.
Operation
Command
Enabledisable interface udld protocol
udld (enable|disable)
19.1.2.5 enable/disable optional TLV
This command is to enabledisable optional TLV. The default is not enable.
Operation
Command
Enable/disable optional TLV
udld optional-tlv (timeout|seq-number)
164

Operation Manual
Chapter 19
UDLD
(enable|disable)
19.1.2.6 restart port shutdown by UDLD protocol
This command is to restart port shutdown by UDLD protocol.
Operation
Command
Restart port shutdown by UDLD
udld reset
protocol
19.1.3 UDLD display and debug

After above configuration, execute show command to show operation in any view, then
prove configuration effect.
Operation
command
Show UDLD local information
show udld local
Show UDLD interface information
show udld interface
Show UDLD memory
Show UDLD interface information
show memory udld

show udld interface
(fastethernet|gigaethernet|xgigaethernet)
<1-1>/<1-28>
19.1.4 UDLD configuration

S1s interface 4 is connecting with S2s interface 1, the configuration of S1 and S2 are:
S1s configuration:
S1(config-eth-1)#udld enable
S2s configuration:
S2(config-eth-1) #udld enable
With above configuration, S1s interfacfe 4 and S2s interface 1 can notify UDLD
information with each other.
165

Operation Manual
Chapter 20
Log email notification
Chapter 20 Log email notification

20.1 Log email notification
20.1.1 log email notification introduction
Log email notification, send operation log to designated mailbox with SMTP protocol, or
send email to designated mailbox in manual mode.
20.1.2 log email notification configuration

20.1.2.1 configuration
SMTP mailbox
This command is to configure SMTP mailbox.

Operation
Command
Configure SMTP mailbox
smtp mailbox REPLIER A.B.C.D
Quit SMTP mailbox
no smtp mailbox REPLIER
20.1.2.2 configure service port of SMTP mailbox

This command is to configure service port of SMTP mailbox
Operation
Command
configure service port of SMTP mailbox
smtp
mailbox
REPLIER
<1-65535>
A.B.C.D
20.1.2.3 configure service port of SMTP mailbox and authentication

This command is to configure service port of SMTP mailbox and authentication.
Operation
Command
configure service port of SMTP mailbox smtp
mailbox
REPLIER
A.B.C.D
and authentication
<1-65535> authentication AUTHUSER
AUTHPWD
20.1.2.4 configure SMTP mailbox service authentication
This command is to configure SMTP mailbox service authenticaiton.
Operation
Command
configure SMTP mailbox service smtp
mailbox
REPLIER
A.B.C.D
authentication
authentication AUTHUSER AUTHPWD
20.1.2.5 configure email address sent by SMTP mailbox
166

Operation Manual
Chapter 20
This command is to configure email address sent by SMTP mailbox.

Operation
Command
Configure email address sent by SMTP smtp
mailto
RECEIVER
mailbox
REPLIER
Delete email address sent by SMTP
mailbox
mailbox
no smtp mailto RECEIVER mailbox

REPLIER
20.1.2.6 logging smtp

This command is to enable log mail notification.
Operation
Command
Enable log mail notification
logging smtp
Disable log mail notification
no logging smtp
20.1.2.7 logging smtp <0-7>
This command is to configure log mail trap level.
Operation
Command
Configure log mail trap level
Logging smtp <0-7>
20.1.2.8 send email
This command is to send email in manual mode.
Operation
Send email in manual mode
send email
Command
20.1.2.9 configure SMTP6 mailbox

This command is to configure SMTP6 mailbox
Operation
Command
Configure SMTP6 mailbox
smtp6 mailbox REPLIER X:X::X:X
Disable SMTP6 mailbox
no smtp6 mailbox REPLIER
20.1.2.10 configure service port of SMTP6 mailbox

This command is to configure service port of SMTP6 mailbox
Operation
Command
This command is to configure service smtp6 mailbox REPLIER
port of SMTP6 mailbox
<1-65535>
X:X::X:X
20.1.2.11 configure service port of SMTP6 mailbox and authentication
This command is to configure service port of SMTP6 mailbox and authentication

167

Operation Manual
Operation
configure service port of
mailbox and authentication
SMTP6
Chapter 20
Command
smtp6 mailbox REPLIER X:X::X:X
<1-65535> authentication AUTHUSER
AUTHPWD
1.2.12 configure SMTP6 mailbox authentication

This command is to configure SMTP6 mailbox authentication
Operation
Command
configure
SMTP6
mailbox smtp6 mailbox REPLIER X:X::X:X
authentication
authentication AUTHUSER AUTHPWD
20.1.3 log email notification display and debug

After above configuration, execute show command to show operation in any view, then
prove configuration effect.
Log email notification display and debug:
operation
command
Show SMTP configuration
show smtp config
Show SMTP mailbox
show smtp mailbox
Show SMTP mailbox sending
address
Enable SMTP mailbox Debug
show smtp mailto
Disable SMTP mailbox Debug
no debug smtp
debug smtp
20.1.4 SMTP configuration

S1(config)# smtp mailbox abc@fhn.com.cn
S1(config)#smtp mailto zde@fhn.com.cn mailbox abc@fhn.com.cn
S1(config)# logging smtp
S1(config)# logging smtp 7
With above simple configuration, when S1 has operation log, send email to
zde@fhn.com.cn.
168
169

F-Engine S2200ME Ethernet Switch Operation Manual (v3.0)

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

F-Engine S2200ME Ethernet Switch Operation Manual (v3.0)

Hochgeladen von

Copyright:

Verfügbare Formate

F-ENGINE

Carrier Ethernet Switch

FiberHome Networks Co., Ltd.

F-Engine S2200ME Carrier Ethernet Switch

F-Engine S2200ME Carrier Ethernet Switch

2.1.3 Ethernet port display and debug............................... 38

F-Engine S2200ME Carrier Ethernet Switch

2.6.2 port black hole MAC configuration........................... 47

F-Engine S2200ME Carrier Ethernet Switch

5.1 COS configuration......................................................................... 62

F-Engine S2200ME Carrier Ethernet Switch

9.1.3 ESR display and debug .................................................. 92

F-Engine S2200ME Carrier Ethernet Switch

12.1.2 FTP configuration ...................................................... 115

F-Engine S2200ME Carrier Ethernet Switch

12.7.1 ARP introduction ........................................................ 133

F-Engine S2200ME Carrier Ethernet Switch

16.1.3 802.1ag display and debug ...................................... 152

F-Engine S2200ME Carrier Ethernet Switch

F-Engine S2200ME Carrier Ethernet Switch

Figure 9-2 relationship between ESR domain and VLAN ........................................ 90

F-Engine S2200ME Carrier Ethernet Switch

Copyright 2002 by FiberHome Networks Co., Ltd.

Conventions Used in the Document

This symbol means danger. Be aware of all

Notify the special attention that should be given to

F-Engine S2200ME Carrier Ethernet Switch

Give further necessary supplement or explanation

Installation engineers & technicians

Operation & maintenance personnel

Those who are fond of our product

Before installation, read this manual carefully to avoid wrong

F-Engine S2200ME Carrier Ethernet Switch

when operating, the power module of this switch has powerful

forbid any change to inner structure and circuit of the switch.

use static protection for installation and maintenance. The equipment

the switch should not be operating in burnable and burst gas

F-Engine S2200ME Carrier Ethernet Switch

1.1.2 function feature

Support L2 forward basic function;

F-Engine S2200ME Carrier Ethernet Switch

Support port mirror, support a mirror destination port;

F-Engine S2200ME Carrier Ethernet Switch

Packet forward rate

Network management type

Private VLAN associated with device

F-Engine S2200ME Carrier Ethernet Switch

1.2 Log on Ethernet switch

Figure 1-1 create local configuration environment through Console port

F-Engine S2200ME Carrier Ethernet Switch

F-Engine S2200ME Carrier Ethernet Switch

F-Engine S2200ME Carrier Ethernet Switch

F-Engine S2200ME Carrier Ethernet Switch

F-Engine S2200ME Carrier Ethernet Switch

1.2.2 create configuration environemtn through Telnet

F-Engine S2200ME Carrier Ethernet Switch

Figure 1-2 create local configuration environment through LAN

F-Engine S2200ME Carrier Ethernet Switch

Figure 1-3 operate Telnet

Telnet Ethernet switch through Ethernet switch

Figure 1-4 provide Telnet Client service

Step 5: use the corresponding command to configure Ethernet switch or show

F-Engine S2200ME Carrier Ethernet Switch