ISCOM2924GF-4GE - 4C Configuration Guide (A - 01) PDF

www.raisecom.
com
ISCOM2924GF-4GE/4C Configuration Guide
Legal Notices
Raisecom Technology Co., Ltd makes no w arranty of a ny ki nd w ith r egard t o t his manual,
including, but not l imited t o, t he i mplied w arranties of merchantability and fitness for a pa rticular
purpose. Raisecom Technology Co., Ltd shall not be held liable for errors contained herein or direct,
indirect, special, incidental or consequential damages in connection with the furnishing, performance,
or use of this material.
Warranty.
A copy of the s pecific warranty terms applicable to your Raisecom product and replacement pa rts
can be obtained from Service Office.
Restricted Rights Legend.

All rights are reserved. No part of this document may b e photocopied, reproduced, or translated to
another language w ithout t he pr ior w ritten c onsent of Raisecom Technology Co., Ltd. The
information contained in this document is subject to change without notice.
Copyright Notices.
Copyright 2007 Raisecom. All rights reserved.
No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any
means, e lectronic or m echanical, i ncluding phot ocopying a nd m icrofilm, w ithout pe rmission i n
Writing from Raisecom Technology Co., Ltd.
Trademark Notices
is the trademark of Raisecom Technology Co., Ltd.
Java is a U.S. trademark of Sun Microsystems, Inc.
Microsoft is a U.S. registered trademark of Microsoft Corporation.
Windows NT is a U.S. registered trademark of Microsoft Corporation.
Windows 2000 is a U.S. registered trademark of Microsoft Corporation.
Windows XP is a U.S. registered trademark of Microsoft Corporation.
Windows and MS Windows are U.S. registered trademarks of
Microsoft Corporation.
Contact Information
Technical Assistance Center
The Raisecom TAC i s av ailable t o all cus tomers w ho need technical as sistance w ith a R aisecom
product, technology, or, solution. You can communicate with us through the following methods:
Address: Building 2, No. 28 of the Shangdi 6th Street, Haidian District, Beijing 100085
Tel:
+86-10-82883305
Fax:
+86-10-82883056
World Wide Web

You c an a ccess t he m ost c urrent R aisecom pr oduct i nformation on t he W orld W ide W eb a t t he
following URL:
http://www.raisecom.com
Feedback
Comments a nd que stions a bout how t he ISCOM2924GF-4GE/4C system sof tware w orks a re
welcomed. Please review the FAQ in the related manual, and if your question is not covered, send
email by using the following web page:
http://www.raisecom.com/en/contact-us.html.
If you have comments on the ISCOM2924GF-4GE/4C specification, instead of the web page above,
please send comments to:
export@raisecom.com
We hope to hear from you!
CONTENTS
Chapter 1
Chapter 2
2.1
Function Overview ------------------------------------------------------------------------- 1

Basic Configuration ----------------------------------------------------------------------- 3
Login device--------------------------------------------------------------------------------------------------------------3
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2
Command line -----------------------------------------------------------------------------------------------------------9

2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3
2.4
Management of BootROM files -------------------------------------------------------------------------------------------------- 16

Management of system files ------------------------------------------------------------------------------------------------------ 17
Management of configuration files ---------------------------------------------------------------------------------------------- 17
Checking configuration ------------------------------------------------------------------------------------------------------------- 18
Upload and upgrade ------------------------------------------------------------------------------------------------- 18

2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5
Overview ------------------------------------------------------------------------------------------------------------------------------- 18
Configure TFTP auto-upload method------------------------------------------------------------------------------------------- 19
Upgrade system software by BootROM --------------------------------------------------------------------------------------- 20
Upgrade system software by FTP/TFTP -------------------------------------------------------------------------------------- 21
Configure clock management ------------------------------------------------------------------------------------ 22

2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.6
Configure time and time zone ---------------------------------------------------------------------------------------------------- 22

Configure daylight saving time --------------------------------------------------------------------------------------------------- 23
Configure NTP ----------------------------------------------------------------------------------------------------------------------- 23
Configure SNTP --------------------------------------------------------------------------------------------------------------------- 24
Configure interface management ------------------------------------------------------------------------------- 25

2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.7
2.8
2.9
2.10
Default configuration of interface ------------------------------------------------------------------------------------------------ 25

Configure basic attributes for interface----------------------------------------------------------------------------------------- 25
Configure interface statistics ------------------------------------------------------------------------------------------------------ 26
Configure interface flow control -------------------------------------------------------------------------------------------------- 27
Configure interface open/shutdown --------------------------------------------------------------------------------------------- 27
Configure basic information for device ----------------------------------------------------------------------- 27

Configure task calling function ---------------------------------------------------------------------------------- 28
Configure watchdog ------------------------------------------------------------------------------------------------- 29
Configuration examples-------------------------------------------------------------------------------------------- 29
2.10.1
Chapter 3
Configure TFTP auto-loading example----------------------------------------------------------------------------------------- 29
Ethernet -------------------------------------------------------------------------------------- 31
Overview----------------------------------------------------------------------------------------------------------------- 31
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.2
Brief introduction ----------------------------------------------------------------------------------------------------------------------- 9

Command line level ------------------------------------------------------------------------------------------------------------------- 9
Command line mode---------------------------------------------------------------------------------------------------------------- 10
Command line shortcut -------------------------------------------------------------------------------------------------------------11
Command line help message ---------------------------------------------------------------------------------------------------- 12
Command line display message ------------------------------------------------------------------------------------------------- 14
Command line history message ------------------------------------------------------------------------------------------------- 15
Restore command line default value ------------------------------------------------------------------------------------------- 15
Manage files ------------------------------------------------------------------------------------------------------------ 16

2.3.1
2.3.2
2.3.3
2.3.4
3.1
Brief introduction ----------------------------------------------------------------------------------------------------------------------- 3

Login the device from Console port ----------------------------------------------------------------------------------------------- 3
Login the device from Telnet ------------------------------------------------------------------------------------------------------- 5
Login the device from SSHv2 ------------------------------------------------------------------------------------------------------ 7
Manage the login user---------------------------------------------------------------------------------------------------------------- 8
Check the configuration -------------------------------------------------------------------------------------------------------------- 9
Ethernet interface-------------------------------------------------------------------------------------------------------------------- 31
MAC address forwarding table --------------------------------------------------------------------------------------------------- 32
VLAN ----------------------------------------------------------------------------------------------------------------------------------- 35
QinQ ------------------------------------------------------------------------------------------------------------------------------------ 36
VLAN mapping ----------------------------------------------------------------------------------------------------------------------- 37
STP/RSTP/MSTP ------------------------------------------------------------------------------------------------------------------- 38
Loopback detection ----------------------------------------------------------------------------------------------------------------- 42
Interface protection------------------------------------------------------------------------------------------------------------------ 43
Interface mirror ----------------------------------------------------------------------------------------------------------------------- 43
Layer-2 protocol transparent transmission ------------------------------------------------------------------------------------ 44
Configure MAC address forwarding table ------------------------------------------------------------------- 44
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.3
Configure VLAN ------------------------------------------------------------------------------------------------------- 47

3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.4
Preparation for configuration ----------------------------------------------------------------------------------------------------- 64

Default configuration for interface protection --------------------------------------------------------------------------------- 64
Configure interface protection ---------------------------------------------------------------------------------------------------- 64
Configure interface mirror----------------------------------------------------------------------------------------- 65

3.10.1
3.10.2
3.10.3
3.10.4
3.11

Default configuration of loopback detection----------------------------------------------------------------------------------- 63
Configure loopback detection function ----------------------------------------------------------------------------------------- 63
Configure interface protection ----------------------------------------------------------------------------------- 64

3.9.1
3.9.2
3.9.3
3.9.4
3.10

Default configuration of MSTP --------------------------------------------------------------------------------------------------- 55
Enable MSTP function-------------------------------------------------------------------------------------------------------------- 55
Configure MST domain and its maximum hop count ----------------------------------------------------------------------- 56
Configure root bridge/backup bridge ------------------------------------------------------------------------------------------- 56
Configure device interface and system priority ------------------------------------------------------------------------------ 57
Configure network diameter for switch network------------------------------------------------------------------------------ 58
Configure inner path overhead for interface ---------------------------------------------------------------------------------- 58
Configure external path cost for interface ------------------------------------------------------------------------------------- 59
Configure maximum transmitting speed for interface ---------------------------------------------------------------------- 59
Configure MSTP timer -------------------------------------------------------------------------------------------------------------- 59
Configure edge port ----------------------------------------------------------------------------------------------------------------- 60
Configure link type ------------------------------------------------------------------------------------------------------------------ 60
Configure root interface protection ---------------------------------------------------------------------------------------------- 61
Configure loopguard for interface ----------------------------------------------------------------------------------------------- 61
Execute mcheck operation -------------------------------------------------------------------------------------------------------- 62
Configure loopback detection ----------------------------------------------------------------------------------- 62

3.8.1
3.8.2
3.8.3
3.8.4
3.9

Default configuration of STP ------------------------------------------------------------------------------------------------------ 53
Enable STP function ---------------------------------------------------------------------------------------------------------------- 53
Configure STP parameter --------------------------------------------------------------------------------------------------------- 54
Configure MSTP------------------------------------------------------------------------------------------------------- 55
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.7.9
3.7.10
3.7.11
3.7.12
3.7.13
3.7.14
3.7.15
3.7.16
3.7.17
3.8

Configure 1:1 VLAN mapping ---------------------------------------------------------------------------------------------------- 52
Configure STP --------------------------------------------------------------------------------------------------------- 53

3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.7

Default configuration of QinQ----------------------------------------------------------------------------------------------------- 50
Configure basic QinQ--------------------------------------------------------------------------------------------------------------- 51
Configure flexible QinQ ------------------------------------------------------------------------------------------------------------ 51
Configure egress interface in Trunk mode ------------------------------------------------------------------------------------ 51
Configure VLAN mapping ----------------------------------------------------------------------------------------- 52

3.5.1
3.5.2
3.5.3
3.6

Default configuration of VLAN ---------------------------------------------------------------------------------------------------- 47
Configure VLAN attributes -------------------------------------------------------------------------------------------------------- 48
Configure interface mode---------------------------------------------------------------------------------------------------------- 48
Configure VLAN over Access interface ---------------------------------------------------------------------------------------- 48
Configure VLAN over Trunk interface ------------------------------------------------------------------------------------------ 49
Configure QinQ-------------------------------------------------------------------------------------------------------- 50
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.5

Default configuration of MAC address forwarding table ------------------------------------------------------------------- 45
Configure static MAC address --------------------------------------------------------------------------------------------------- 45
Configure MAC address learning ------------------------------------------------------------------------------------------------ 45
Configure MAC address learning amount limit ------------------------------------------------------------------------------- 46
Configure MAC address aging time--------------------------------------------------------------------------------------------- 46

Default configuration for interface mirror -------------------------------------------------------------------------------------- 65
Configure mirror function for local interface----------------------------------------------------------------------------------- 66
Configure layer-2 protocol transparent transmission --------------------------------------------------- 66

3.11.1
3.11.2
3.11.3

Default configuration of layer-2 protocol transparent transmission ----------------------------------------------------- 67
Configure transparent transmission parameter ------------------------------------------------------------------------------ 67
3.11.4
3.11.5
3.12
3.13
Maintenance ------------------------------------------------------------------------------------------------------------ 68
Configure examples ------------------------------------------------------------------------------------------------- 69
3.13.1
3.13.2
3.13.3
3.13.4
3.13.5
3.13.6
3.13.7
3.13.8
3.13.9
3.13.10
Chapter 4
4.1
Configure MAC address forwarding table ------------------------------------------------------------------------------------- 69

Configure VLAN and interface protection ------------------------------------------------------------------------------------- 70
Configure basic QinQ--------------------------------------------------------------------------------------------------------------- 73
Configure flexible QinQ ------------------------------------------------------------------------------------------------------------ 75
Configure VLAN mapping --------------------------------------------------------------------------------------------------------- 77
Configure STP ------------------------------------------------------------------------------------------------------------------------ 79
Configure MSTP --------------------------------------------------------------------------------------------------------------------- 83
Configure loopback detection ---------------------------------------------------------------------------------------------------- 88
Configure interface mirror --------------------------------------------------------------------------------------------------------- 90
Configure layer-2 protocol transparent transmission ----------------------------------------------------------------------- 91
Routing --------------------------------------------------------------------------------------- 94
Overview----------------------------------------------------------------------------------------------------------------- 94
4.1.1
4.1.2
4.1.3
4.2
ARP ------------------------------------------------------------------------------------------------------------------------------------- 94
Layer-3 interface --------------------------------------------------------------------------------------------------------------------- 95
Routing --------------------------------------------------------------------------------------------------------------------------------- 95
Configure ARP --------------------------------------------------------------------------------------------------------- 96

4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3

Default configuration of ARP------------------------------------------------------------------------------------------------------ 96
Configure static ARP table entry ------------------------------------------------------------------------------------------------- 96
Configure dynamic ARP table entry --------------------------------------------------------------------------------------------- 96
Configure layer-3 interface ---------------------------------------------------------------------------------------- 97

4.3.1
4.3.2
4.3.3
4.4

Configure layer-3 interface -------------------------------------------------------------------------------------------------------- 97
Configure statistic routing ---------------------------------------------------------------------------------------- 98

4.4.1
4.4.2
4.4.3
4.4.4
4.5
4.6

Configure default gateway -------------------------------------------------------------------------------------------------------- 98
Configure static routing ------------------------------------------------------------------------------------------------------------ 99
Maintenance ------------------------------------------------------------------------------------------------------------ 99
Configuration examples-------------------------------------------------------------------------------------------- 99
4.6.1
4.6.2
4.6.3
Chapter 5
5.1
Configure ARP ----------------------------------------------------------------------------------------------------------------------- 99

Configure layer-3 interface to intercommunicate with host -------------------------------------------------------------- 101
Configure static routing ----------------------------------------------------------------------------------------------------------- 102
DHCP ----------------------------------------------------------------------------------------- 105

Overview--------------------------------------------------------------------------------------------------------------- 105
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.2
DHCP overview --------------------------------------------------------------------------------------------------------------------- 105

DHCP packet ------------------------------------------------------------------------------------------------------------------------ 106
DHCP Option ------------------------------------------------------------------------------------------------------------------------ 107
DHCP client -------------------------------------------------------------------------------------------------------------------------- 108
DHCP Snooping -------------------------------------------------------------------------------------------------------------------- 109
Configure DHCP client -------------------------------------------------------------------------------------------- 110

5.2.1
5.2.2
5.2.3
5.2.4
5.3
Preparation for configuration ---------------------------------------------------------------------------------------------------- 110

Default configuration of DHCP client ------------------------------------------------------------------------------------------ 110
Configure DHCP client ------------------------------------------------------------------------------------------------------------ 111
Checking configuration ------------------------------------------------------------------------------------------------------------ 111
Configure DHCP Snooping -------------------------------------------------------------------------------------- 112

5.3.1
5.3.2
5.3.3
5.3.4
5.4

Default configuration of DHCP Snooping ------------------------------------------------------------------------------------- 112
Configure DHCP Snooping------------------------------------------------------------------------------------------------------- 112
Configure DHCP Option ------------------------------------------------------------------------------------------ 114

5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.5

Default configuration of DHCP Option----------------------------------------------------------------------------------------- 115
Configure DHCP Option field over IPv4--------------------------------------------------------------------------------------- 115
Configure DHCP Option field over IPv6--------------------------------------------------------------------------------------- 116
Configuring applications ---------------------------------------------------------------------------------------- 116

5.5.1
5.5.2
Chapter 6
6.1
(Optional) Configure transparent transmission speed for message ---------------------------------------------------- 68

Configure DHCP clients application-------------------------------------------------------------------------------------------- 116

Configure DHCP Snooping application --------------------------------------------------------------------------------------- 118
QoS ------------------------------------------------------------------------------------------- 120

Overview--------------------------------------------------------------------------------------------------------------- 120
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.2
Configure priority trust ------------------------------------------------------------------------------------------- 127

6.2.1
6.2.2
6.2.3
6.2.4
6.3
6.4
6.5
6.6
6.7
Chapter 7
Multicast ------------------------------------------------------------------------------------ 141

Multicast overview ------------------------------------------------------------------------------------------------------------------ 141
Basic functions of IGMP ---------------------------------------------------------------------------------------------------------- 146
IGMP Snooping --------------------------------------------------------------------------------------------------------------------- 147
IGMP MVR --------------------------------------------------------------------------------------------------------------------------- 147
IGMP Proxy -------------------------------------------------------------------------------------------------------------------------- 147
IGMP filtering ------------------------------------------------------------------------------------------------------------------------ 148
Configure IGMP foundation ------------------------------------------------------------------------------------- 148

7.2.1
7.2.2
Configure basic function of IGMP ---------------------------------------------------------------------------------------------- 148

Check configuration ---------------------------------------------------------------------------------------------------------------- 149
Configure IGMP Snooping--------------------------------------------------------------------------------------- 149

7.3.1
7.3.2
7.3.3
7.3.4
Configuration preparation -------------------------------------------------------------------------------------------------------- 149

Default configuration of IGMP Snooping-------------------------------------------------------------------------------------- 150
Configure IGMP Snooping function -------------------------------------------------------------------------------------------- 150
Configure IGMP MVR ---------------------------------------------------------------------------------------------- 151

7.4.1
7.4.2
7.4.3
7.4.4

Default configuration of IGMP MVR-------------------------------------------------------------------------------------------- 151
Configure IGMP MVR function -------------------------------------------------------------------------------------------------- 152
Configure IGMP Proxy -------------------------------------------------------------------------------------------- 152

7.5.1
7.5.2
7.5.3
7.5.4
7.6
Configure traffic rate limit over traffic policy ---------------------------------------------------------------------------------- 135

Configure queue schedule application ---------------------------------------------------------------------------------------- 137
Configure traffic rate limit over interface application ----------------------------------------------------------------------- 139
Overview--------------------------------------------------------------------------------------------------------------- 141
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.5

Configure traffic rate limit over interface -------------------------------------------------------------------------------------- 133
Configure traffic rate limit over VLAN or QinQ ------------------------------------------------------------------------------ 134
Maintenance ---------------------------------------------------------------------------------------------------------- 134

6.7.1
6.7.2
6.7.3
7.4

Configure mapping relationship between DSCP priority and local priority ------------------------------------------- 131
Configure mapping relationship between CoS priority and local priority --------------------------------------------- 131
Configure internal priority over interface -------------------------------------------------------------------------------------- 132
Configure SP queue schedule--------------------------------------------------------------------------------------------------- 132
Configure WRR or SP+WRR queue schedule ------------------------------------------------------------------------------ 132
Configure DRR or SP+DRR queue schedule ------------------------------------------------------------------------------- 133
Configure traffic rate limit over interface and VLAN --------------------------------------------------- 133
6.5.1
6.5.2
6.5.3
6.5.4
7.3

Default configuration of traffic classification and traffic policy ----------------------------------------------------------- 128
Create and configure traffic classification ------------------------------------------------------------------------------------ 128
Create traffic rate limit rule ------------------------------------------------------------------------------------------------------- 129
Create and configure traffic policy ---------------------------------------------------------------------------------------------- 129
Configure internal priority and queue schedule --------------------------------------------------------- 131

6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
7.2

Default configuration of priority trust ------------------------------------------------------------------------------------------- 127
Configure interface priority trust ------------------------------------------------------------------------------------------------ 127
Configure traffic classification and traffic policy-------------------------------------------------------- 128

6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
7.1
Service model ----------------------------------------------------------------------------------------------------------------------- 120

Priority trust -------------------------------------------------------------------------------------------------------------------------- 122
Traffic classification ---------------------------------------------------------------------------------------------------------------- 122
Traffic policy -------------------------------------------------------------------------------------------------------------------------- 124
Priority mapping --------------------------------------------------------------------------------------------------------------------- 125
Queue schedule -------------------------------------------------------------------------------------------------------------------- 125
Rate limit over interface and VLAN -------------------------------------------------------------------------------------------- 126

Default configuration of IGMP Proxy------------------------------------------------------------------------------------------- 153
Configure IGMP Proxy function ------------------------------------------------------------------------------------------------- 153
Configure IGMP filtering ----------------------------------------------------------------------------------------- 154

7.6.1
7.6.2
7.6.3

Default configuration of IGMP filtering----------------------------------------------------------------------------------------- 154
Configure to enable global IGMP filtering ------------------------------------------------------------------------------------ 154
7.6.4
7.6.5
7.6.6
7.7
7.8
Maintenance ---------------------------------------------------------------------------------------------------------- 156

Configuration application --------------------------------------------------------------------------------------- 156
7.8.1
7.8.2
7.8.3
7.8.4
Chapter 8
8.1
8.2
Security ------------------------------------------------------------------------------------- 165
8.3
8.4

Default configuration of RADIUS ----------------------------------------------------------------------------------------------- 173
Configure RADIUS authentication---------------------------------------------------------------------------------------------- 173
Configure RADIUS accounting -------------------------------------------------------------------------------------------------- 174
Configure TACACS+ ----------------------------------------------------------------------------------------------- 175

8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5

Default configuration of TACACS+ --------------------------------------------------------------------------------------------- 175
Configure TACACS+ authentication ------------------------------------------------------------------------------------------- 175
Configure TACACS+ accountion------------------------------------------------------------------------------------------------ 176
Configure storm suppression ---------------------------------------------------------------------------------- 177

8.5.1
8.5.2
8.5.3
8.5.4
8.6
8.7

Default configuration of storm suppression ---------------------------------------------------------------------------------- 177
Configure storm suppression function----------------------------------------------------------------------------------------- 178
Maintenance ---------------------------------------------------------------------------------------------------------- 178

8.7.1
8.7.2
8.7.3
8.7.4
Chapter 9
Configure ACL application -------------------------------------------------------------------------------------------------------- 178

Configure RADIUS application -------------------------------------------------------------------------------------------------- 179
Configure TACACS+ application ------------------------------------------------------------------------------------------------ 181
Configure storm suppressionapplication-------------------------------------------------------------------------------------- 182
Reliability ----------------------------------------------------------------------------------- 183

Overview--------------------------------------------------------------------------------------------------------------- 183
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
Link aggregation -------------------------------------------------------------------------------------------------------------------- 183

Interface backup -------------------------------------------------------------------------------------------------------------------- 184
ELPS ----------------------------------------------------------------------------------------------------------------------------------- 186
ERPS ---------------------------------------------------------------------------------------------------------------------------------- 186
Ethernet ring ------------------------------------------------------------------------------------------------------------------------- 186
Configure link aggregation-------------------------------------------------------------------------------------- 188

9.2.1
9.2.2
9.2.3
9.2.4
9.2.5

Default configuration of link aggregation ------------------------------------------------------------------------------------- 188
Configure link aggregation in manual mode --------------------------------------------------------------------------------- 189
Configure static LACP link aggregation --------------------------------------------------------------------------------------- 190
Configure interface backup ------------------------------------------------------------------------------------- 191

9.3.1
9.3.2
9.3.3
9.3.4
9.3.5
9.4

Default configuration of ACL ----------------------------------------------------------------------------------------------------- 167
Configure IP ACL ------------------------------------------------------------------------------------------------------------------- 168
Configure IPv6 ACL ---------------------------------------------------------------------------------------------------------------- 168
Configure MAC ACL --------------------------------------------------------------------------------------------------------------- 168
Configure MAP ACL---------------------------------------------------------------------------------------------------------------- 169
ACL application on device -------------------------------------------------------------------------------------------------------- 171
Configure RADIUS ------------------------------------------------------------------------------------------------- 173

8.3.1
8.3.2
8.3.3
8.3.4
8.3.5
9.3
ACL ------------------------------------------------------------------------------------------------------------------------------------ 165

RADIUS ------------------------------------------------------------------------------------------------------------------------------- 165
TACACS+ ----------------------------------------------------------------------------------------------------------------------------- 166
Storm suppression ----------------------------------------------------------------------------------------------------------------- 166
Configure ACL ------------------------------------------------------------------------------------------------------- 167

8.2.1
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.2.7
8.2.8
9.2
Configure IGMP Snooping and IGMP Proxy application ----------------------------------------------------------------- 156

Configure IGMP MVR application ---------------------------------------------------------------------------------------------- 158
Configure IGMP filtering example under the interface -------------------------------------------------------------------- 160
Configure ring network multicast application example -------------------------------------------------------------------- 162
Overview--------------------------------------------------------------------------------------------------------------- 165
8.1.1
8.1.2
8.1.3
8.1.4
9.1
Configure IGMP filtering template ---------------------------------------------------------------------------------------------- 155

Configure the maximum multicast group number restriction ------------------------------------------------------------ 155

Default configuration of interface backup------------------------------------------------------------------------------------- 192
Configure the basic function of interface backup --------------------------------------------------------------------------- 192
(Optional) Configure interface forced switch--------------------------------------------------------------------------------- 193
Configure ELPS ----------------------------------------------------------------------------------------------------- 194

9.4.1
9.4.2
9.4.3
9.4.4
9.4.5
9.4.6
9.5
Configure ERPS ----------------------------------------------------------------------------------------------------- 197

9.5.1
9.5.2
9.5.3
9.5.4
9.5.5
9.5.6
9.5.7
9.6

Default configuration of ERPS -------------------------------------------------------------------------------------------------- 197
Create ERPS protection ring ---------------------------------------------------------------------------------------------------- 198
(Optional) Create ERPS protection sub-ring--------------------------------------------------------------------------------- 200
Configure ERPS fault detection mode ---------------------------------------------------------------------------------------- 201
(Optional) Configure ERPS switching control ------------------------------------------------------------------------------- 201
Configure Ethernet ring ------------------------------------------------------------------------------------------ 202

9.6.1
9.6.2
9.6.3
9.6.4
9.6.5
9.7
9.8
Default configuration of ELPS --------------------------------------------------------------------------------------------------- 194

Create protection line -------------------------------------------------------------------------------------------------------------- 195
Configure ELPS fault detection mode ----------------------------------------------------------------------------------------- 196
(Optional) Configure ELPS switching control -------------------------------------------------------------------------------- 196

Default configuration of Ethernet ring ----------------------------------------------------------------------------------------- 203
Create Ethernet ring --------------------------------------------------------------------------------------------------------------- 203
Configure basic function of ring ------------------------------------------------------------------------------------------------- 203
Maintenance ---------------------------------------------------------------------------------------------------------- 204

9.8.1
9.8.2
9.8.3
9.8.4
9.8.5
9.8.6
9.8.7
9.8.8
Configuring application of link aggregation in manual mode ------------------------------------------------------------ 205

Configuring application of link aggregation in static LACP mode ------------------------------------------------------ 207
Configure interface backup application --------------------------------------------------------------------------------------- 209
Configuring application of ELPS protection in 1:1 mode ----------------------------------------------------------------- 210
Configuring application of ELPS protection in 1+1 mode----------------------------------------------------------------- 212
Configuring application of single ring ERPS protection ------------------------------------------------------------------- 215
Configuring application of double ring ERPS protection ------------------------------------------------------------------ 218
Configure Ethernet ring application -------------------------------------------------------------------------------------------- 222
Chapter 10 OAM ------------------------------------------------------------------------------------------ 225

10.1
Overview--------------------------------------------------------------------------------------------------------------- 225
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.2
EFM ---------------------------------------------------------------------------------------------------------------------- 229

10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
10.3

Default configuration of SLA ----------------------------------------------------------------------------------------------------- 243
Basic information of SLA --------------------------------------------------------------------------------------------------------- 243
Configure SLA schedule information and enable schedule -------------------------------------------------------------- 244
E-LMI -------------------------------------------------------------------------------------------------------------------- 245

10.5.1
10.5.2
10.5.3
10.5.4
10.5.5
10.6
10.7

Default configuration of CFM ---------------------------------------------------------------------------------------------------- 235
Enable CFM -------------------------------------------------------------------------------------------------------------------------- 236
Basic functions of CFM ----------------------------------------------------------------------------------------------------------- 237
Configure fault detection ---------------------------------------------------------------------------------------------------------- 238
Configure fault acknowledgement ---------------------------------------------------------------------------------------------- 239
Configure fault location ------------------------------------------------------------------------------------------------------------ 240
Configure AIS function ------------------------------------------------------------------------------------------------------------ 241
Configure Ethernet signal lockout function ----------------------------------------------------------------------------------- 241
SLA ---------------------------------------------------------------------------------------------------------------------- 242

10.4.1
10.4.2
10.4.3
10.4.4
10.4.5
10.5

Default configuration of EFM ---------------------------------------------------------------------------------------------------- 229
Basic functions of EFM------------------------------------------------------------------------------------------------------------ 230
Active functions of EFM ----------------------------------------------------------------------------------------------------------- 231
Passive functions of EFM -------------------------------------------------------------------------------------------------------- 232
CFM --------------------------------------------------------------------------------------------------------------------- 234

10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.3.7
10.3.8
10.3.9
10.3.10
10.4
OAM overview ----------------------------------------------------------------------------------------------------------------------- 225

EFM ------------------------------------------------------------------------------------------------------------------------------------ 226
CFM ------------------------------------------------------------------------------------------------------------------------------------ 226
SLA ------------------------------------------------------------------------------------------------------------------------------------- 228
E-LMI ---------------------------------------------------------------------------------------------------------------------------------- 229

Default configuration of E-LMI --------------------------------------------------------------------------------------------------- 245
Configure E-LMI function for PE device -------------------------------------------------------------------------------------- 246
Configure E-LMI function for CE device -------------------------------------------------------------------------------------- 248
Maintenance ---------------------------------------------------------------------------------------------------------- 249

10.7.1
10.7.2
10.7.3
10.7.4
Chapter 11
11.1

Default configuration of optical module digital diagnostics --------------------------------------------------------------- 291
Configure to enable optical module digital diagnostics ------------------------------------------------------------------- 291
Configure optical module digital diagnostics alarm sending Trap ------------------------------------------------------ 291
System log ------------------------------------------------------------------------------------------------------------ 292

11.8.1
11.8.2
11.8.3
11.8.4
11.8.5
11.9

Default configuration of LLDP --------------------------------------------------------------------------------------------------- 288
Configure to enable global LLDP function ------------------------------------------------------------------------------------ 289
Configure to enable interface LLDP function -------------------------------------------------------------------------------- 289
Configure basic LLDP function -------------------------------------------------------------------------------------------------- 289
Configure LLDP alarm function ------------------------------------------------------------------------------------------------- 290
Optical module digital diagnostics --------------------------------------------------------------------------- 290

11.7.1
11.7.2
11.7.3
11.7.4
11.7.5
11.8

Default configuration of cluster management ------------------------------------------------------------------------------- 284
Configure RNDP function --------------------------------------------------------------------------------------------------------- 285
Configure RTDP function --------------------------------------------------------------------------------------------------------- 285
Configure cluster management function -------------------------------------------------------------------------------------- 286
LLDP -------------------------------------------------------------------------------------------------------------------- 288

11.6.1
11.6.2
11.6.3
11.6.4
11.6.5
11.6.6
11.6.7
11.7

Default configuration of RMON ------------------------------------------------------------------------------------------------- 282
Configure RMON statistics function-------------------------------------------------------------------------------------------- 282
Configure RMON history statistics function ---------------------------------------------------------------------------------- 283
Configure RMON alarm group -------------------------------------------------------------------------------------------------- 283
Configure RMON event group --------------------------------------------------------------------------------------------------- 283
Cluster management ---------------------------------------------------------------------------------------------- 284

11.5.1
11.5.2
11.5.3
11.5.4
11.5.5
11.5.6
11.6

Defaut configuration of KeepAlive ---------------------------------------------------------------------------------------------- 281
Configure KeepAlive function---------------------------------------------------------------------------------------------------- 281
RMON ------------------------------------------------------------------------------------------------------------------- 282

11.4.1
11.4.2
11.4.3
11.4.4
11.4.5
11.4.6
11.4.7
11.5

Default configuration of SNMP -------------------------------------------------------------------------------------------------- 276
Configure basic function for SNMP v1/v2c ----------------------------------------------------------------------------------- 277
Configure basic function for SNMP v3 ---------------------------------------------------------------------------------------- 278
Configure other information of SNMP ----------------------------------------------------------------------------------------- 279
Configure Trap ---------------------------------------------------------------------------------------------------------------------- 279
KeepAlive ------------------------------------------------------------------------------------------------------------- 280

11.3.1
11.3.2
11.3.3
11.3.4
11.4
SNMP ---------------------------------------------------------------------------------------------------------------------------------- 259

KeepAlive ----------------------------------------------------------------------------------------------------------------------------- 261
RMON --------------------------------------------------------------------------------------------------------------------------------- 261
Cluster management -------------------------------------------------------------------------------------------------------------- 262
LLDP ----------------------------------------------------------------------------------------------------------------------------------- 264
Optical module digital diagnostics ---------------------------------------------------------------------------------------------- 266
System Log -------------------------------------------------------------------------------------------------------------------------- 266
Alarm management ---------------------------------------------------------------------------------------------------------------- 267
Hardware environment monitoring --------------------------------------------------------------------------------------------- 271
Fan monitor -------------------------------------------------------------------------------------------------------------------------- 274
CPU monitor ------------------------------------------------------------------------------------------------------------------------- 274
Ping ------------------------------------------------------------------------------------------------------------------------------------ 274
Traceroute ---------------------------------------------------------------------------------------------------------------------------- 275
SNMP ------------------------------------------------------------------------------------------------------------------- 276

11.2.1
11.2.2
11.2.3
11.2.4
11.2.5
11.2.6
11.2.7
11.3
System Management ------------------------------------------------------------------- 259
Overview--------------------------------------------------------------------------------------------------------------- 259
11.1.1
11.1.2
11.1.3
11.1.4
11.1.5
11.1.6
11.1.7
11.1.8
11.1.9
11.1.10
11.1.11
11.1.12
11.1.13
11.2
Application of EFM ----------------------------------------------------------------------------------------------------------------- 249

Application of CFM ----------------------------------------------------------------------------------------------------------------- 251
Application of SLA ------------------------------------------------------------------------------------------------------------------ 254
Configure E-LMI application ----------------------------------------------------------------------------------------------------- 255

Default configuration of dydtem log -------------------------------------------------------------------------------------------- 292
Configure basic information for system log ---------------------------------------------------------------------------------- 293
Configure system log output ----------------------------------------------------------------------------------------------------- 294
Alarm management ------------------------------------------------------------------------------------------------ 295

11.9.1
11.9.2
11.9.3
11.9.4
Default configuration of alarm management --------------------------------------------------------------------------------- 295

Configure basic alarm function -------------------------------------------------------------------------------------------------- 296
11.10 Hardware environment monitoring --------------------------------------------------------------------------- 297

11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
11.10.8
11.10.9

Default configuration of hardware environment monitoring -------------------------------------------------------------- 298
Configure to enable global hardware environment monitoring ---------------------------------------------------------- 298
Configure power monitoring alarm --------------------------------------------------------------------------------------------- 298
Configure temperature monitoring alarm ------------------------------------------------------------------------------------- 299
Configure voltage monitoring alarm-------------------------------------------------------------------------------------------- 299
Configure interface status monitoring alarm --------------------------------------------------------------------------------- 299
Clear all hareware environments monitoring alarm event manually --------------------------------------------------- 300
11.11 Fan monitor----------------------------------------------------------------------------------------------------------- 300

11.11.1 Preparation for configuration ---------------------------------------------------------------------------------------------------- 300
11.11.2 Configure fan monitor function -------------------------------------------------------------------------------------------------- 301
11.11.3 Check configuration ---------------------------------------------------------------------------------------------------------------- 301
11.12 CPU monitor---------------------------------------------------------------------------------------------------------- 301

11.12.1
11.12.2
11.12.3
11.12.4
11.12.5
11.13
11.14
11.15
11.16
11.17

Defaut configuration of CPU monitor ------------------------------------------------------------------------------------------ 302
Check CPU monitor information ------------------------------------------------------------------------------------------------ 302
Configure CPU monitor alarm --------------------------------------------------------------------------------------------------- 302
Check device information --------------------------------------------------------------------------------------- 303

Ping --------------------------------------------------------------------------------------------------------------------- 303
Traceroute------------------------------------------------------------------------------------------------------------- 303
Maintenance ---------------------------------------------------------------------------------------------------------- 304
11.17.1
11.17.2
11.17.3
11.17.4
11.17.5
11.17.6
11.17.7
11.17.8
Configure SNMP v1/v2c and Trap application ------------------------------------------------------------------------------ 304

Configure SNMP v3 and Trap application ------------------------------------------------------------------------------------ 306
Configure KeepAlive application ------------------------------------------------------------------------------------------------ 307
Configure RMON alarm group application ----------------------------------------------------------------------------------- 308
Configure cluster management and realize remote access ------------------------------------------------------------- 310
Configure LLDP function application------------------------------------------------------------------------------------------- 312
Configure system log output to log host application ----------------------------------------------------------------------- 315
Configure hardware environment monitoring application----------------------------------------------------------------- 316
Appendix A Glossary Table ----------------------------------------------------------------------------- 319

Appendix B Acronym ------------------------------------------------------------------------------------- 320
Preface
About This Manual
This manual introduces primary functions of the configuration management software for RC series
products.
Who Should Read This Manual

This m anual i s a valuable r eference f or s ales and marketing staff, af ter s ervice s taff and
telecommunication ne twork de signers. For those w ho w ant t o ha ve a n ov erview of t he f eatures,
applications, s tructure a nd s pecifications of ISCOM2924GF-4GE/4C device, this is a lso a
recommended document.
Organization
This manual is an introduction of the main functions of ISCOM2924GF-4GE/4C. To ha ve a qui ck
grasp of the using of the ISCOM2924GF-4GE/4C, please read this manual carefully. The manual is
composed of the following chapters:
Chapter 1 Overview
Chapter 2 Basic Configuration
Chapter 3 Ethernet
Chapter 4 Routing
Chapter 5 DHCP
Chapter 6 QoS
Chapter 7 Multicast
Chapter 8 Security
Chapter 9 Reliability
Chapter 10 OAM
Chapter 11 System Management
Appendix A Glossary Table
Appendix B Acronym
Compliance
The RC series products developed by Raisecom are strictly complied with the following standards as
well a s ITU-T, IEEE, IETF and related standards from other international telecommunication
standard organizations:
YD/T900-1997 SDH Equipment Technical Requirements - Clock
YD/T973-1998 SDH 155Mb/s and 622Mb/s Technical conditions of optical transmitter module and
receiver module
YD/T1017-1999 Network node interface for the Synchronous Digital Hierarchy (SDH)
YD/T1022-1999 Requirement of synchronous digital hierarchy (SDH) equipment function
YD/T1078-2000 S DH Transmission N etwork Technique R equirements-Interworking of N etwork
Protection Architectures
YD/T1111.1-2001 Technical R equirements of S DH Optical Transmitter/Optical R eceiver
Modules2.488320 Gb/s Optical Receiver Modules
YD/T1111.2- 2001 Technical Requirements of S HD Optical Transmitter/Optical R eceiver
Modules2.488320 Gb/s Optical Transmitter Modules
YD/T1179- 2002 Technical Specification of Ethernet over SDH
G.703 Physical/electrical characteristics of hierarchical digital interfaces
G.704 Synchronous frame structures used at 1544, 6312, 2048, 84 48 and 44 73 6 kbit/s hierarchical
levels
G.707 Network node interface for the synchronous digital hierarchy (SDH)
G.774 Synchronous di gital hi erarchy ( SDH) - Management i nformation m odel f or t he n etwork
element view
G.781 Synchronization layer functions
G.783 Characteristics of synchronous digital hierarchy (SDH) equipment functional blocks
G.784 Synchronous digital hierarchy (SDH) management
G.803 Architecture of transport networks based on the synchronous digital hierarchy (SDH)
G.813 Timing characteristics of SDH equipment slave clocks (SEC)
G.823 The control of jitter and wander within digital networks which are based on the 2048 kbit/s
hierarchy
G.825 The control of jitter and wander within digital networks which are based on the synchronous
digital hierarchy (SDH)
G.826 E nd-to-end e rror pe rformance pa rameters a nd o bjectives f or i nternational, c onstant bi t-rate
digital paths and connections
G.828 Error performance parameters and objectives for international, constant bit-rate synchronous
digital paths
G.829 Error performance events for SDH multiplex and regenerator sections
G.831 M anagement c apabilities of t ransport ne tworks ba sed on t he s ynchronous di gital hi erarchy
(SDH)
G.841 Types and characteristics of SDH network protection architectures

G.842 Interworking of SDH network protection architectures
G.957 Optical interfaces for equipments and systems relating to the synchronous digital hierarchy
G.691 Optical interfaces for single channel STM-64 and other SDH systems with optical amplifiers
G.664 Optical safety procedures and requirements for optical transport systems
I.731 ATM Types and general characteristics of ATM equipment
I.732 ATM Functional characteristics of ATM equipment
IEEE 802.1Q Virtual Local Area Networks (LANs)
IEEE 802.1p Traffic Class Expediting and Dynamic Multicast Filtering
IEEE 802.3 CSMA/CD Access Method and Physical Layer Instruction
www.raisecom.com
User Manual
Chapter 1 Function Overview
The f eatures, s tandards a nd s pecifications s upported by

aggregation Ethernet switch are shown in the following table:
ISCOM2924GF-4GE/4C e nhanced
Table 1-1 features, standards and specifications

Features
Basic features
Descriptions
Login device (RJ45 Console/USB Console/Telnet/SHHv2)
Command line
Management files (BootROM/system files/configuration files)
Load and upgrade (TFTP autoloading, BootROM upgrade,
FTP/TFTP upgrade)
Time management
Interface management
Basic information (device name, switchover language mode,
save/delete configuration, device restart)
Task scheduling
Ethernet
MAC address (321024)

Jumbo frame (9250 bytes)
VLAN (4094)
QinQ (3000 flexible QinQ)
1:1 VLAN switch
STP/RSTP/MSTP
Loopback detection
Interface protection
Interface image
Layer-2 protocol transparent transmission (Dot1x message, GVRP
message, LACP message, STP message)
Route
ARP
Layer-3 interface
Static route and default gateway
DHCP
DHCP client
DHCP Snooping
DHCP Option82 / DHCP Option61
www.raisecom.com
User Manual
Features
QoS
Descriptions
Trust priority
Flow classification (ToS priority, DSCP priority, CoS priority) and
Flow policy (Flow speed limit based on flow policy, redirection,
heavy label)
Internal priority and queue scheduling
Flow speed limit based on interface and VLAN (The maximum
speed:10Gbps, the minimum step: 8Kbps)
Multicast
Multicast forwarding entries (1024)

IGMP Snooping
IGMP MVR
IGMP Proxy
IGMP filter
Safety
ACL (999)
RADIUS authentication
TACACS+
Storm suppression
Reliability
Link aggregation (8 aggregation groups)

Ethernet loop
Ethernet linear protection switching ELPS (ITU-T G.8031)
Ethernet ring protection switching ERPS (ITU-T G.8032)
OAM
EFM (IEEE 802.3ah)

CFM (IEEE802.1ag/ITU-Y.1731)
E-LMI
SLA
System
SNMP
management
KeepAlive
RMON
Cluster management
LLDP
Extended OAM
Optical module digital diagnosis
System log
Alarm management
Hardware environment monitoring
Fan monitoring
CPU monitoring
Ping and Traceroute
Note: The four functions of STP, loopback detection, interface backup and Ethernet ring on device
may influence each other; it is recommended not to enable them simultaneously.
2
www.raisecom.com
User Manual
Chapter 2 Basic Configuration
This chapter i ntroduces t he ba sic c onfiguration and configuration process about I SCOM2924GF
device and provides the related configuration cases.
Login device
Command line
Manage files
Upload and upgrade
Configure clock management
Configure interface management
Configure basic information for device
Configure task calling function
Configure watchdog
Configuration cases
2.1 Login device

2.1.1
Brief introduction
ISCOM2924GF s witch device can be configured and m anaged by the c ommand l ine C LI
(Command-Line Interface) mode or NView NNM network management mode.
ISCOM2924GF switch command-line mode has a variety of configuration modes:
Console mode: it must use Console mode in the first configuration; the device is in support of
RJ-45 Console port and USB Console port.
Telnet mode: log on through the Console mode, open Telnet service on the switch, configure
Layer-3 interface IP address, set t he us er na me and pa ssword and then take remote Telnet
configuration.
SSHv2 mode: before logging on the device through SSHv2, you need to login the device and
start the SSHv2 service through the Console interface.
When c onfiguring the device i n network management mode, you must f irst configure Layer-3
interface IP address by the command line mode, and then configure the device through NView NNM
network management platform.
Note: The manual configuration steps uses command line mode.
2.1.2 Login the device from Console port

Console port i s a v ery co mmand interface us ed for ne twork device t o connect t erminal e mulation
program w ith P C. Users c an t ake t his i nterface t o configure and manage l ocal de vice. This
management method c an communicate di rect w ithout ne twork, s o i t i s c alled out -of-band
management. User can also perform configuration and management on device through Console port
when network running out of order.
In the below two conditions, user can only login device and configure it by through Console port:
3
www.raisecom.com
User Manual
Device power on and startup for the first time

Unable to login device by Telnet
The device is in support of RJ-45 Console port and USB Console port. The RJ45 Console port on the
device is marked as Console, USB Console port is shown as USB.
Note: R J45 C onsole por t a nd U SB Console port are mutually exclusive and cannot be us ed
simultaneously.
2.1.2.1
Login from RJ45 Console port

If user wants to login device through PC via RJ45 Console port, firstly need to connect Console port
and P C R S-232 s erial por t, a s below Figure 2-1 s hows; t hen ope rate t erminal e mulation pr ogram
such a s W indows X P hy per-terminal pr ogram in PC to configure communication parameters as
shown in Figure 2-2, and then login device.
Figure 2-1 Login the device through PC connected with RJ45 Console port
Figure 2-2 Communication parameters configuration in HyperTerminal

Note: Microsoft Company is not i n s upport of hyper-terminal s ince Windows Vista s ystem, users
operate Windows Vista or Windows 7 system please download HyperTerminal program from internet.
It is free to download HyperTerminal program.
4
www.raisecom.com
2.1.2.2
User Manual
Login from USB Console port

When users want to login the device by connecting PC to USB Console port, they need to install a
driver program on PC to switch USB port to serial port, and then connect the device USB port to PC
USB port by USB line, as shown in Figure 2-3.
Figure 2-3 Login the device by connecting PC to USB Console port

Note: t he de vice doe snt pr ovide dr iver pr ogram t o s witch U SB p ort t o s erial por t, us ers ne ed t o
prepare it on their own.
Run terminal emulation pr ogram on PC, such a s "HyperTerminal" pr ogram, a nd t hen configure
communication parameters on HyperTerminal to login the device. The communication parameters
configuration is shown as below:
Figure 2-4 Communication parameters configuration diagram on HyperTerminal

Note: When configuring communication parameters for "HyperTerminal", users need to choose the
COM port. They can determine the COM port information used in the connection from USB port to
serial port through the "Ports (COM & LPT)" information in PC Device Manager.
2.1.3
Login the device from Telnet

PC can login device from remote through Telnet. User can login a network device from PC at first,
then Telnet other network devices in the network, it is not required every network device to connect
with one PC.
Telnet service provided by ISCOM2924GF device including:
Telnet Server: users run Telnet client program on a PC to login the device, and take device
5
www.raisecom.com
User Manual
configuration and management. Shown in Figure 2-5, I SCOM2924GF is providing Telnet

Server service at this time.
Figure 2-5 ISCOM2924GF as Telnet server networking diagram

Before logging on the device by Telnet, users need to login the device through Console port and start
Telnet service. Please take the following configurations on the devices needed to start Telnet service.
Step
Configuration
Description
Raisecom#config
Enter global configuration mode
Raisecom(config)#interface ip if-number
Enter layer-3 interface configuration mode
Raisecom(config-ip)#ip address
ip-address [ ip-mask ] [ vlan-id ]
Configure the IP address for the device and

bind the VLAN of specified ID, this VLAN
is used to open Telnet service interface.
Raisecom(config-ip)#quit
4
Raisecom(config)#telnet-server accept
port { all | port-list }
(optional) Configure device interface in

support of Telnet function.
Raisecom(config)#telnet-server close
terminal-telnet session-number
(optional) Disconnect the specified Telnet

connection
Raisecom(config)#telnet-server
max-session session-number
(optional) Configure device supports

maximal Telnet sessions.
Telnet Client: When user connects PC terminal emulation program or Telnet client program
with the de vice, then telnet ot her device and configure/manage it. As Figure 2-6 shows,
Switch A is not only performed as Telnet Server but also provides Telnet Client.
Figure 2-6 ISCOM2924GF as Telnet Client device networking diagram

Please configure Telnet Client device as below:
www.raisecom.com
2.1.4
User Manual
Step
Configuration
Description
Raisecom#telnet ip-address [ port port-id ]
Login other devices from Telnet
Login the device from SSHv2

Telnet is l ack of s ecurity a uthentication a nd i t t ransports m essage by T CP ( Transmission C ontrol
Protocol) w hich e xists bi g pot ential s ecurity ha zard. Telnet s ervice m ay caus e D OS ( Deny of
Service), host IP deceive, and routing deceive, etc. hostility attacks.
The traditional T elnet a nd FTP ( File T ransfer P rotocol) tr ansmits pa ssword and data in plaintext
cannot satisfy users security demands.SSHv2 is a network security protocol, which can effectively
prevent the disclosure of information i n remote management through the ne twork da ta e ncryption,
and provides greater security for remote login and other network services in network environment.
SSHv2 allows data to be exchanged via TCP and it builds up a secure channel over T CP. Besides,
SSHv2 is in support of other service ports besides standard port 22, thus to avoid illegal attack from
network.
Before login device via SSHv2, user must login device through Console port and starts up SSH
service.
The default configuration to login the device through SSHv2 is as follows.
Function
Default value
SSHv2 server function status
Prohibit
Local SSHv2 key pair length
512bit
Device authentication method
password
SSHv2 authentication timeout
600s
The allowable failure number for SSHv2 authentication
20
SSHv2 snooping port number
22
SSHv2 session function status
Enable
Please configure SSHv2 service for the device as below:

Step
Configuration
Description
Raisecom#config
Raisecom(config)#generate ssh-key
length
Generate local SSHv2 key pair and designate its length
Raisecom(config)#ssh2 server
Start SSHv2 server

SSHv2 server can be shut down by command of no
ssh2 server.
7
www.raisecom.com
Step
Configuration
Description
authentication {password|rsa-key}
(optional) configure SSHv2 authentication method
authentication public-key
(optional) Use rsa-key authentication method to type

the public key of clients to the device
authentication-timeout period
(optional) Configure SSHv2 authentication timeout.

The device refuses to authenticate and open the
connection when client authentication time exceeds this
upper limit.
authentication-retries times
(optional) Configure the allowable failure number for

SSHv2 authentication. The device refuses to
authenticate and open the connection when client
authentication failure numbers exceeds this upper limit.
Raisecom(config)#ssh2 server port

port-id
(optional) Configure SSHv2 snooping port number
2.1.5
User Manual
session session-list enable
Note: When configuring SSHv2 snooping port number,

the input parameter cannot take effect immediately
without restart.
(optional) Enable SSHv2 session function
This function can be disabled by command of ssh2
server session session-id disable.
Manage the login user

When you start ISCOM2924GF device for the first time, users just need to connect the PC through
Console interface to the device, input the initial user name and password in HyperTerminal to log in
and configure the device.
Note: Initially, the user name and password are both raisecom
If there isnt any privilege restriction, any remote user can login device via Telnet or access network
by bui lding P PP ( Point t o Point Protocol) c onnection w hen t he S NMP ( Simple N etwork
Management Protocol) interface or other service interface of device are configured with IP address.
This is unsafe to the device and network. By creating user for device and setting password and
privilege helps to manage the login users and ensures network and device security.
Please configure login user management for the device of as below:
Step
Configuration
Description
Raisecom#user name user-name

password password
Create or modify the user name and password.
Raisecom#user name user-name

privilege privilege-level
The created user can be deleted by the command of no

username.
Configure login user privilege. The initial user privilege
is 15, which is the highest privilege.
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#user user-name
{ allow-exec | disallow-exec }
first-keyword [ second-keyword ]
Configure the priority rule for login user to perform the

command line.
Specified allow-exec parameters will allow the user to
perform commands higher than the current priority.
Specified disallow-exec parameters only allow the user to
perform commands lower than the current priority.
2.1.6
Check the configuration

Please perform the following command to check the configuration results:
No.
Entry
Description
Raisecom#show user [ detail ]
Check the login user information
Raisecom#show telnet-server
Check Telnet Server configuration
Raisecom#show ssh2 public-key

[ authentication ]
Check the public key used for SSHv2

authentication in the device and client port
Raisecom#show ssh2 { server | session }
Check SSHv2 server or session information.
2.2 Command line

2.2.1 Brief introduction
Command l ine i s t he pa th f or c ommunication be tween user a nd s witch. User c an complete de vice
configuration, monitor and management by executing relative commands.
User can login this device through PC that run terminal emulation program or CPE device, enter into
command line interface once the command prompt appears.
The features of command line interface:
Local configuration via Console port is available;
Local or remote configuration via Telnet, SSHv2 (Secure Shell v2,) is available;
Protection for different command levels, user in different level can only execute command in
related level;
Different command types belong to different command modes, user can only execute a type
of configuration in its related command mode;
User can operate the commands by shortcut keys;
User can view or execute a history command by transferring history record, the device is in
support of saving the latest 20 pieces of history commands;
Online help is available by user inputting ? at anytime;
Smart analysis methods such as incomplete matching and context association, etc. facilitates
user input.
2.2.2 Command line level

ISCOM2924GF uses hierarchy protection method to divide command line into16 levels from low to
high.
9
www.raisecom.com
User Manual
0~4: visitor, users can execute the commands of ping, clear, and history, etc. in this level;
5~10: monitor, users can execute the command of show and so on;
11~14: operator, users can execute commands for different services like VLAN, IP, etc.;
15: administrator, used for system basic running commands.
2.2.3 Command line mode

Command line mode is th e c ommand line int erface environment. All s ystem commands are
registered in one (or some) command line mode, the command can only run under the corresponding
mode.
Establish a c onnection w ith I SCOM2924GF device, i f this de vice i s de fault c onfiguration, it will
enter user EXEC mode, and the screen will show:
Raisecom>
Input enable command and correct password, then enter to privileged EXEC mode. The default
password is Raisecom.
Raisecom>enable
Password:
Raisecom#
In privileged E XEC m ode, i nput t he c ommand of config terminal to e nter gl obal c onfiguration
mode.
Raisecom#config terminal
Raisecom(config)#
Note:
Command line prompt "Raisecom" is the default host name. Users can use the command of
hostname string to modify the host name in privileged EXEC mode.
Some commands can be achieved both in global configuration mode and other modes, but the
accomplished functions are closely related to command line modes.
Generally, i n a c ommand line m ode, y ou c an go ba ck to t he pr evious l evel command line
mode by the com mand of quit or exit, but i n t he privileged EXEC mode, you need to use
disable command to go back to user EXEC mode.
Users can go back to privileged EXEC mode through end command from any command line
mode except the user EXEC mode or privileged EXEC mode.
ISCOM2924GF device is in support of the following command line modes:

Mode
Enter method
Description
User EXEC mode
Log in the device, input correct username

and password
Raisecom>
Privileged EXEC
mode
In user EXEC mode, input enable

command and correct password.
Raisecom#
Global configuration
mode
In privileged EXEC mode, input config

terminal command.
Raisecom(config)#
Physical layer
interface
configuration mode
In global configuration mode, input

interface port port-id command.
Raisecom(config-port)#
10
www.raisecom.com
User Manual
Mode
Enter method
Description
Layer-3 interface
configuration mode

interface ip if-number command.
Raisecom(config-ip)#
VLAN
configuration mode
In global configuration mode, input vlan

vlan-id command.
Raisecom(config-vlan)#
Traffic classification
configuration mode

class-map class-map-name command.
Raisecom(config-cmap)#
Traffic policy
configuration mode

policy-map policy-map-name command.
Raisecom(config-pmap)#
Traffic policy
configuration mode
binding with traffic
classification
In floe policy configuration mode, input

class-map class-map-name command.
Raisecom(config-pmap-c)#
Access control list

configuration mode

access-list-map acl-number
{deny|permit} command.
Raisecom(config-aclmap)#
Aggregation group
configuration mode

interface port-channel
port-channel-number command.
Raisecom(config-aggregator)#
Service instance
configuration mode

service cisid level level command.
Raisecom(config-service)#
EVC configuration
mode

ethernet evc evc-number evc-name
command.
Raisecom(config-evc)#
MST region
configuration mode

spanning-tree region-configuration
command.
Raisecom(config-region)#
Profile configuration
mode
In global configuration mode, input igmp

filter profile profile-number command.
Raisecom(config-igmp-profile)#
Cluster
configuration mode

cluster command.
Raisecom(config-cluster)#
Chinese alert mode
In any configuration mode, input

language chinese command.
Raisecom#
2.2.4 Command line shortcut

ISCOM2924GF device is in support of the following command line shortcuts:
Shortcut
Description
Up cursor key ()
Show pr evious c ommand if t here i s a ny c ommand i nput

earlier; t he di splay ha s no c hange i f t he c urrent c ommand i s
the earliest one in history records.
Down cursor key ()
Show ne xt com mand if t here i s an y ne wer com mand; t he

display ha s no c hange i f t he current com mand is t he ne west
one in history records.
11
www.raisecom.com
User Manual
Shortcut
Description
Left cursor key ()
Move t he cur sor one character t o left; t he di splay ha s no

change if the cursor is at the beginning of command.
Right cursor key ()
Move t he cur sor o ne cha racter t o right; the d isplay h as no

change if the cursor is at the end of command.
Backspace
Delete t he cha racter be fore t he cur sor; t he di splay h as no

change if the cursor is at the beginning of command.
Tab
Click <Tab> after input ting a complete ke yword, c ursor w ill

automatically appe ar a s pace t o the end; cl ick <Tab> again,
the system will show the follow-up inputting keywords.
Click <Tab> after i nputting a n i ncomplete ke yword, s ystem
automatically executes partial helps:
System take the complete keyword to replace input if the
matched keyword is the one and only, and leave one word
space between the cursor and end of keyword;
In case of mismatch or matched keyword is not the one and
only, display prefix at first, then click <Tab> key to check
words circularly, no space from cursor to the end of
keyword, click <Space> key to input the next word;
If input incorrect keyword, click <Tab> key will change to
the next line and prompt error, the input keyword will not
change.
Ctrl+A
Move the cursor to the head of line
Ctrl+C
Break off some running operation, such as ping, traceroute

and so on.
Ctrl+D or Delete
Delete the cursor location characters
Ctrl+E
Move the cursor to the end of line
Ctrl+K
Delete all characters behind the cursor (including cursor

location)
Ctrl+X
Delete all characters before the cursor (except cursor location)
Ctrl+Z
Return to privileged EXEC mode from other modes (except

user EXEC mode)
Space or y
When the terminal printing command line information exceeds

the screen, continue to show the information in next screen.
Enter
When the terminal printing command line information exceeds

the screen, continue to show the information in next line.
2.2.5 Command line help message

2.2.5.1
Complete help
User can get complete help in the below three conditions:
Click ? in a ny c ommand mode to ge t a ll c ommands a nd their brief de scription under the
command view.
Raisecom>?
12
www.raisecom.com
User Manual
Display as below:
clear
Clear screen
enable
Turn on privileged mode command
exit
Exit current mode and down to previous mode
help
Message about help
history
Most recent history command
language Language of help message

list
List command
quit
Exit current mode and down to previous mode
terminal
Configure terminal
test
Test command
Input a c ommand and followed by a ? after one cha racter space, if the position of ? is
keyword, list all keyword and brief description.
Raisecom(config)#ntp ?
Display as below:
peer
Configure NTP peer
refclock-master
Set local clock as reference clock
server
Configure NTP server
Input a c ommand a nd followed by a ? after one cha racter space, if the position of ? is
parameter, list the range and brief description.
Raisecom(config)#interface ip ?
Display as below:
<0-14>
2.2.5.2
IP interface number
Partial help
User can get partial help in the below three conditions:
Input a character string and followed by a ?, the device will list all keywords start with the
character string under current mode.
Raisecom(config)#c?
Display as below:
class-map
Set class map
clear
Clear screen
cpu
Configure cpu parameters
create
Create static VLAN
Input a c ommand a nd f ollowed by a c haracter s tring w ith ?, the de vice w ill lis t a ll
keywords start with the character string in the command of current mode.
Raisecom(config)#show li?
Display as below:
link-aggregation
link-state-tracking
Link aggregation
Link state tracking
Input t he f irst f ew l etters of a c ommand ke yword a nd c lick <Tab> key to s how c omplete
13
www.raisecom.com
User Manual
keyword. The precondition i s the input letters can identify the ke yword clearly, otherwise,
different ke ywords w ill be s hown c ircularly af ter cl ick <Tab> key c ontinued, user c an
choose the right keyword from them.
2.2.5.3
Error prompt message description

The de vice pr ints out t he f ollowing error pr ompt a ccording t o e rror t ype w hen i nput i ncorrect
commands:
Shortcut
Description
% * Incomplete command.
User inputs incomplete command.
% Invalid input at ^ marked.
^ denotes illegal or unknown keyword.
% Ambiguous input at ^ marked,

follow keywords match it.
^ denotes unclear keyword.
% Unconfirmed command.
User inputs unconfirmed command.
% Unknown command.
User inputs unknown command.
% You Need higher priority!
The current user doesnt have priority to

execute the command.
Note: If there is error prompt message mentioned above, please use the command line help message
to solve the problem.
2.2.6 Command line display message

2.2.6.1
Display characteristics
Command line interface provides the following display characteristics:
The help message and prompt message i n command line interface are di splayed in bot h
Chinese and English languages.
Provide pa use function when one time display message exceeds one screen, users have the
following options at this time, as shown in Table 2-1.
Table 2-1 Function keys description for command line message display characteristics
2.2.6.2
Function key
Description
Input Space or y
Continue to display next screen message
Input Enter
Continue to display next line message
Input any letter key(except y)
Stop the display and command execution
Display message filter

ISCOM2924GF device is in support of a series commands starting with show, for checking device
configuration, operation and diagnostic information. Generally speaking, these commands can output
more information, and then user needs to add filter rules to filter out unnecessary information.
14
www.raisecom.com
User Manual
show commands of ISCOM2924GF device is in support of three kinds of filter modes:

| begin string: show all lines starting from the assigned string;
| exclude string: show all lines mismatch with the assigned string;
| include string: show all lines only match with the assigned string.
2.2.6.3
Display message page-break

Display message page-break function refers t o provide pa use function when one t ime display
message exceeds one screen, users can use the display c haracteristics function ke ys in table 2 -1 to
control message display. If suppr essing message page-break function, it w ill not pr ovide pa use
function when display message exceeds one screen; all the messages will be displayed circularly at
one time.
By default, the system display information page-break function is enabled.
Please make the following configuration on the device.
Step
Configuration
Description
Raisecom#terminal page-break enable
Enable display message page-break function
2.2.7 Command line history message

Command line interface can save the user history command automatically; user can use the up cursor
key () or down cursor key () to call the history command saved by command line repeatedly at any
time.
By default, the system saves the recent 20 history commands in the cache. Users can set the number
of system stored history command.
Please make the following configuration on the device.
Step
Configuration
Description
Raisecom>terminal history number
(Optional) Configure the number of

system stored history command
Raisecom>enable
Enter privileged EXEC mode
Raisecom#history
Check the user history commands
2.2.8 Restore command line default value

The default value of command line can be restored by no option or enable | disable option.
no option: providing in the front of command line to restore the default value, disable some
function, delete some setting, etc.; perform some operations opposite to command itself.
Command with no option is also known as reverse command.
enable | disable option: providing in the back or center of command line; enable is to enable
some feature or function, while disable is to prohibit some feature or function.
For example:
15
www.raisecom.com
User Manual
Perform description text c ommand in physical layer interface mode to modify the i nterface
description; perform no de scription command to delete the interface description and restore
the default values.
Perform shutdown command in physical layer interface mode to disable an i nterface;
perform no shutdown command to enable an interface.
Perform vlan vlan-id command in global configuration mode to create a VLAN; perform no
vlan vlan-id command to delete a specified VLAN.
Perform terminal page-break enable command i n global c onfiguration m ode t o e nable
terminal page-break display message function; perform terminal page-break disable
command to prohibit terminal page-break display message function.
Note: Most configuration commands have default values, which often are stored by no option.
2.3 Manage files

2.3.1 Management of BootROM files
BootROM file is us ed to boot I SCOM2924GF de vice a nd f inish device ini tialization. User can
upgrade BootROM file through FTP or TFTP (Trivial File Transfer Protocol). By default, BootROM
file is named as bootrom or bootromfull.
After power on d evice, running BootROM file at first, click <Space> key to enter BootROM menu
when the prompt Press space into Bootrom menu appears:
begin...
ram size:128M
testing...done
Init flash ...Done
Bootstrap_5.0.1. ISCOM2924GF.1.20110825, Raisecom Compiled Aug 25 2011,11:51:11

Base Ethernet MAC address: 00:0e:5e:00:00:00
Press space into Bootstrap menu...

0
Users can perform below operations in this menu:

Operation
Description
List all executable operations.
Quick execution for system bootrom software.
List all executable operations.
List all system startup software name and related information

in the device.
Set MAC (Medium Access Control) address.

16
www.raisecom.com
User Manual
Operation
Description
Reboot the device.
List all system startup software name and related information

in the device and assign system startup software name loaded
at the time of startup device.
Download and replace system startup software by TFTP.
2.3.2 Management of system files

System f iles i ndicate the f iles ne eded for de vice ope ration (like s ystem s tartup software,
configuration file, etc.). These files are usually saved in device memory, the device manages them by
a file s ystem to facilitate us er manage the memory. The file system contains functions of creating,
deleting and modifying file and directory.
Besides, I SCOM2924GF de vice s upports dua l s ystem, that i s t o s ay it c an s tore t wo v ersions of
system software in m emory. User c an shift to the o ther sof tware startup de vice w hen one de vice
cannot use for system upgrading failure.
Please configure system files management for the device as below:
(All the following steps are optional and no sequencing.)
Step
Configuration
Description
Raisecom#download bootstrap { ftp ip-address user-name

password file-name | tftp ip-address file-name }
(Optional) Download system bootstrap

software via FTP or TFTP.
Raisecom#download system-boot { ftp ip-address

user-name password file-name | tftp ip-address file-name }
(Optional) Download system boot

software through FTP or TFTP.
Raisecom#upload system-boot { ftp [ ip-address user-name

password file-name ] | tftp [ ip-address file-name ] }
(Optional) Upload system boot software

by FTP or TFTP.
Raisecom#erase [ file-name ]
(Optional) Delete the files from memory.
2.3.3 Management of configuration files

Configuration files are loaded after starting the system; different files are used in different scenarios
in order t o achi eve di fferent service functions. After s tarting the system, us er can configure the
device and save the configuration files. New configuration will take effect in next boot.
Configuration f ile ha s a n a ffix .cfg, t hese f iles c an b e ope n by text book pr ogram in W indows
system, the contents in the following format:
Saved as Mode+Command format;
Just re serve t he non -defaulted parameters t o save s pace ( refer t o command reference f or
default values of configuration parameters);
Take the command mode for basic frame to organize commands, put commands of one mode
together to form a section, the sections are separated by !.
ISCOM2924GF device s tarts initialization by r eading configuration files f rom m emory a fter
powering on. Thus, the configuration in configuration files are called as initialization configuration,
17
www.raisecom.com
User Manual
if there is no configuration files in memory, the device take the default parameters for initialization.
The device running configuration is called as current configuration.
User can modify device current configuration through command line. The current configuration can
be us ed as ini tial configuration when ne xt t ime pow er on, us er m ust us e c ommand write to save
current configuration into memory and form configuration file.
Please configure the configuration files management for device as below:
(All the following steps are optional and no sequencing.)
Step
Configuration
Description
Raisecom#download startup-config { ftp

ip-address user-name password file-name
[ reservedevcfg ] | tftp ip-address file-name
[ reservedevcfg ] }
(Optional) Download system

startup configuration files
through FTP or TFTP.
Raisecom#erase [ file-name ]
(Optional) Delete the files from

memory.
Raisecom#upload startup-config { ftp

[ ip-address user-name password file-name ] |
tftp [ ip-address file-name ] }
(Optional) Upload system

startup configuration files by
FTP or TFTP.
Raisecom#write
(Optional) Write the configured

file into memory.
2.3.4 Checking configuration

Please use the following commands to check configuration results:
No.
Item
Description
Raisecom#show startup-config
Show configuration information loaded when

device startup.
Raisecom#show running-config
Show the current configuration information.
2.4 Upload and upgrade

2.4.1
2.4.1.1
Overview
Uploading
In traditional, c onfiguration files a re loaded by serial port, it takes a long time to load for the low
speed and remote loading is unavailable. FTP and TFTP loading modes can solve those problems and
make operation more convenient.
ISCOM2924GF device is in support of TFTP auto-loading mode.
TFTP auto-loading means users get the device configuration files from server and then configure the
device. Auto-loading function allows configuration f iles to contain loading r elated c ommands f or
multiple c onfigurations l oading s o a s t o m eet file auto-loading r equirements i n c omplex ne twork
environment.
18
www.raisecom.com
User Manual
ISCOM2924GF provides several methods to confirm configuration file name in TFTP server, such as
input by manual, obtain by DHCP Client, use default configuration file name, etc. Besides, users can
assign certain denomination r ule f or configuration files and then, t he device confirms t he na me
according t o t he r ules a nd combines w ith i tself a ttribution ( device t ype, M AC a ddress, s oftware
version, etc.).
2.4.1.2
Upgrading
The device needs to u pgrade if user needs to i ncrease new features, opt imize functions or solve
current software version BUGs.
ISCOM2924GF device supports the following two upgrade modes:
Upgraded by BootROM
Upgraded by FTP/TFTP
2.4.2
Configure TFTP auto-upload method

User ne eds t o bui ld TFTP e nvironment before c onfiguring T FTP a uto-upload method t o ha ve
ISCOM2924GF device interconnect with TFTP server.
Note:
When performing configuration auto-loading function, the IP address priority configured by
commands is higher than the one obtained by DHCP Client.
When performing configuration auto-loading function, configuration file name obtained from
server in priority turn from higher to lower as file name confirmed b y denomination rule >
file name configured by command > file name obtained by DHCP Client.
Please configure TFTP auto-loading for the device as below:

No.
Item
Description
Raisecom#config
Enter global configuration mode.
Raisecom(config)#service config
tftp-server ip-address
Configure TFTP server IP address. By default, this

address is unavailable.
filename rule [ rule-number ]
Set denomination rule for file name. By default, there

is no denomination rule, system uses default file name
as strartup_config.conf.
filename file-name
Assign configuration file name to upload.
version { system-boot | bootstrap
| startup-config } version
Configuration file version number.
overwrite enable
Enable local configuration file overwrite function. Use

the command service config overwrite disable to
disable overwrite function.
Enable configuration auto-loading function.
19
www.raisecom.com
2.4.3
User Manual
No.
Item
Description
trap enable
Enable Trap function. Use the command service

config trap disable to prohibit this function.
Upgrade system software by BootROM

In the below conditions, user needs to upgrade system software by BootROM:
Device first time startup
System file damaged
The card cannot startup in order
Before upgrading system software b y BootROM, user should build TFTP environment, take PC as
TFTP server, ISCOM2924GF device as client, basic requirements are as below:
ISCOM2924GF connects TFTP server by SNMP interface.
Configure TFTP server, make sure the server is available;
Configure IP a ddress for T FTP server; keep i t i n t he s ame ne twork s egment w ith
ISCOM2924GF IP address.
Steps for upgrading system software by BootROM:
Step
Operation
Log in device through serial port as administrator and enter Privileged EXEC
mode, reboot device by the command of reboot.
Raisecom#reboot
Please input 'yes' to confirm:yes
Rebooting ...
Raisecom#
begin...
ram size:128M
testing...done
Init flash ...Done

Bootstrap_5.0.1.ISCOM2924GF.1.20110825, Raisecom Compiled Aug 25 2011,11:51:11
Base Ethernet MAC address: 00:0e:5e:00:00:00
Press space into Bootstrap menu...
0
Click <Space> key t o enter i nterface of [ raisecom] w hen the di splay s hows
Press space into Bootstrap menu..., then input ? to display command list:
[Raisecom]:?
?
- List all available commands
- List all available commands
- Boot an executable image
- Download both DOS file system
- set ethernet address
- Reboot
Note: The input letters are case sensitive.
20
www.raisecom.com
User Manual
Step
Operation
Input T to download through TFTP and replace system boot file, the display
information shows as below:
[Raisecom]:T
Index
Name
Size
---------------------------------------------------------1
ROS_5.0.0_ISCOM2924GF.1.20110825
-----------
5512f5
0
Current selected version is 0

Please select a version to overwrite: 1
Select system for upgrading.
dev name:ISCOM2924GF
unit num:1
file name: ROS_5.0.0_ISCOM2924GF.1.20110825

local ip: 192.168.18.250
server ip:192.168.18.16
Loading...
Done
Saving file to flash...
Note: Make sure the input file name here is correct, the file name shouldnt be
longer than 80 characters.
4
2.4.4
Input b to qui ck e xecute boot strap f ile, de vice r eboot a nd l oads t he

downloaded system boot file.
Upgrade system software by FTP/TFTP

Before upgrading system software by FTP/TFTP, user should build FTP/TFTP environment, take PC
as FTP/TFTP server, ISCOM2924GF device as client, basic requirements are as below:
ISCOM2924GF connects TFTP server.
Configure FTP/TFTP server, make sure the server is available;
Configure IP address for FTP/TFTP server to make sure that ISCOM2924GF can access the
FTP.
Steps for upgrading system software by FTP/TFTP:
No.
Item
Description
Raisecom#download system-boot { ftp

[ ip-address user-name password
file-name - ] | tftp [ ip-address
file-name ] }
Download system boot software through

FTP or TFTP
Raisecom#write
Write the configured file into memory.
Raisecom#reboot [ now ]
Reboot device, and it will auto-loading

the downloaded system boot file.
21
www.raisecom.com
2.4.5
User Manual
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show service config
Show auto-configured loading information.
Raisecom#show service config

filename rule rule-number
Show denomination rule for configuration files.
Raisecom#show version
Show system version.
2.5 Configure clock management

2.5.1
Configure time and time zone

To ensure ISCOM2924GF works well with other devices, user has to set system time and belonged
time zone accurately.
ISCOM2924GF s upports three t ypes of s ystem time mode, which are time s tamp mode, auxiliary
time mode and default mode from high to low according to timing unit accuracy. User has to select
the most suitable system time mode by manual in accordance with actual application environment.
The default configuration of time and time zone is as below:
Function
Default value
System time
2000-01-01 08: 00:00.000
System time mode
default
System belonged time zone
UTC+8
Time zone offset
+08:00
Functional status of Daylight Saving Time
disable
Please configure time and time zone for the device as below:
Step
Configuration
Description
Raisecom#clock mode
{auxiliary|default|timestamp}
Configure system time mode.
Raisecom#clock set hour

minute second year month day
Configure system time.
Raisecom#clock timezone { + |
- } hour minute timezone-name
Configure system belonged time zone.
22
www.raisecom.com
2.5.2
User Manual
Configure daylight saving time

DST (Daylight Saving Time) is a kind of artificial regulation local time system for saving energy. At
present, t here a re ne arly 110 c ountries o perate DST every s ummer a round t he w orld, but di fferent
country ha s di fferent s tipulation f or D ST, us ers s hould t ake t he a ctual c ondition of l ocal w hen
configuring DST.
Please configure DST for the device as below:
Step
Configuration
Description
Raisecom#clock summer-time enable
Enable DST function.

User can disable this function by the
command of clock summer-time disable.
Raisecom#clock summer-time recurring

{ week | last } { fri | mon | sat | sun | thu |
tue | wed } month hour minute { week |
last } { fri | mon | sat |sun | thu | tue |
wed } month hour minute offset-mm
Configure calculate period for system DST.
Note:
When user set system time by manua, if the system uses DST, such as DST from 2 oclock
on the second Sunday, April to 2 oclock on the second Sunday, September every year, users
have to advance the clock one hour faster during this period, set time offset as 60 minutes and
from 2 oclock to 3 oclock on the second Sunday, April each year is an inexistent time. The
time setting by manual operation during this period shows failure.
The summer time in southern hemisphere is opposite to northern hemisphere, which is from
September to April of next year. If user configures start time later than ending time, system
will suppose it is in the Southern Hemisphere. That is to say, the summer time is the start time
this year to the ending time of next year.
2.5.3
Configure NTP
NTP (Network T ime P rotocol) i s a t ime s ynchronization pr otocol de fined by RFC1305, us ed t o
synchronize time between distributed time servers and clients. NTP transportation is based on UDP,
using port 123.
The pur pose of N TP i s t o synchronize a ll c locks i n a ne twork qui ckly a nd t hen the de vice c an
provide different a pplication over a unified time. Meanwhile, NTP can ensure very high accuracy,
with accuracy of 10ms around.
The device in support of NTP can not only accept synchronization from other clock source, but also
to synchronize other devices as a clock source.
ISCOM2924GF device adopts multiple NTP working mode for time synchronization:
Server/Client mode
In this mode, c lient sends c lock synchronization message to different servers. The server works i n
server m ode b y a utomation a fter r eceiving s ynchronization m essage a nd s end answering m essage.
The client received answering message and perform clock filer and selection, then synchronize it to
privileged server.
In this mode, client can synchronize to server but the server cannot synchronize to client.
Equity mode
23
www.raisecom.com
User Manual
In this mode, active equity send clock synchronization message to passive equity. The passive equity
works in passive mode by automation after receiving message and send answering message back. By
exchange message, the two sides build up equity mode. The active and passive equities in this mode
can synchronize each other.
The NTP default configuration is as below:
Function
Default value
Whether the device is NTP master clock
no
Global NTP server
inexistent
Global NTP equity
inexistent
Reference clock source
0.0.0.0
Please configure NTP for the device as below:

Step
Configuration
Description
Raisecom#config
Raisecom(config)#ntp server
ip-address [ version [ v1 | v2 | v3 ] ]
(Optional) Configure NTP server address for

client device working in server/client mode.
Raisecom(config)#ntp peer ip-address

(Optional) Configure NTP equity address for
[ version [ v1 | v2 | v3 ] ]
ISCOM2924GF device working in equity mode.
Raisecom(config)#ntp reclock-master Configure clock of this device as NTP reference

ip-address [ stratum ]
clock source for ISCOM2924GF device.
Note: If the device is configured as NTP reference clock source, NTP server or NTP equity are not
configurable; and vice versa, the device cannot be configured as NTP reference clock if NTP server
or equity are configured.
2.5.4
Configure SNTP
SNTP (Simple Network Time Protocol) is mainly used to synchronize switch system time with the
SNTP device tim e in the n etwork. The t ime s ynchronized by S NTP protocol i s Greenwich Mean
Time, which can be changed to local time according to system setting of time zone.
The SNTP default configuration is as below:
Function
Default value
SNTP server address
inexistent
Please configure SNTP for the device as below:

Step
Configuration
Description
24
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#sntp server ip-address
(Optional) Configure SNTP server

address for client device working
in server/client mode.
Note: After configuring SNTP server address, the device will try to get clock information from SNTP
server every three seconds, and the maximum timeout for clock information is 10 seconds.
2.5.5
No.
Item
Description
Raisecom#show clock
[ summer-time recurring ]
Check whether the device system time, time

zone and summer time configuration is
correct.
Raisecom#show sntp
Show SNTP configuration.
Raisecom#show ntp status
Show NTP configuration.
Raisecom#show ntp associations
Show NTP connection information.
2.6 Configure interface management

2.6.1
Default configuration of interface

The default configuration of physical layer interface is as below:
2.6.2
Function
Default value
The maximum forward frame length of interface
1526Byte
Duplex mode of interface
Auto-negotiation
Interface speed
Auto-negotiation
Time interval of interface dynamic statistics
2s
Flow control function status of interface
Disable
Interface status
Enable
Configure basic attributes for interface

The interconnected devices cannot communicate normally if their interface attributes (e.g. MTU,
duplex mode, and speed) are inconsistent, and then user has to adjust the interface attribute to make
the devices at two ends match each other.
25
www.raisecom.com
User Manual
Please configure the basic attributes for interface of device:

Step
Configuration
Description
Raisecom#config
Raisecom(config)#system mtu
size
Configure the maximum transmission unit (MTU) for

all interfaces, MTU is the maximum bytes quantity
allowed to pass at the interface (dont fragment).
When the forward message length exceeds the
maximum value, the device will discard this message
automatically.
Raisecom(config)#interface
port port-id
Enter physical layer interface configuration mode.
Raisecom(config-port)#duplex
{ auto|full|half }
Configure interface duplex mode.

Ethernet physical layer has half-duplex, full-duplex
and auto-negotiation modes. In half-duplex mode, the
interface can only receive or transmit message at any
time; in full-duplex mode, the interface can both
receive and transmit message at any time;
auto-negotiation means the two devices in link can
exchange message and select duplex mode by
automation, once negotiation successful, the two
devices can transmit message in the same duplex
mode.
By default, the interface duplex mode is
auto-negotiation.
Raisecom(config-port)#speed
{auto|10|100|1000}
Configure interface speed.

For optical interface, the interface speed depends on
optical module specification.
Note: Ten Gigabit Ethernet interface is in support of
speed 10000.
2.6.3
Configure interface statistics

Please configure interface statistics function for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#dynamic statistics time

period
Configure interface dynamic statistics

time interval.
By default, the interface dynamic
statistic one time every 2 seconds.
Raisecom(config)#clear interface port

port-id statistics
Clear the interface statistic information

stored in device.
26
www.raisecom.com
2.6.4
User Manual
Configure interface flow control

IEEE802.3x is flow control of full-duplex Ethernet data layer. Then client send request to server, the
client send PAUSE frame to server if there is system or network jam, so it delays data transmission
from server to client.
Please configure interface flow control for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Enter physical layer interface

configuration mode.
Raisecom(config-port)#flowcontrol
{ receive | send } { off | on }
Enable/disable interface flow control

on 802.3x message.
By default, it is disabled.
2.6.5
Configure interface open/shutdown

Please configure interface open/shutdown for the device as below:
Step
Configuration
Description
Raisecom#config
port-id

configuration mode.
Raisecom(config-port)#shutdown
Shutdown current interface.

By default, the interface is open.
User can re-open the closed interface
by the command of no shutdown.
2.6.6
No.
Item
Description
Raisecom#show interface port port-id
Show interface status.

statistics dynamic [ detail ]
Show interface statistics.

flowcontrol
Show interface flow control.
Raisecom#show system mtu
Show system MTU.
2.7 Configure basic information for device

Please make the following configuration on device required:
27
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#hostname name
(Optional) Configure device name.

By default, the device name is Raisecom.
The system is in support of changing device name to make
users distinguish different devices in the network. Device
name become effective immediately, which can be seen in
terminal prompt.
Raisecom#language
{ chinese | english }
(Optional) Configure switchover language mode.

By default, the language is English.
The system is in support of both Chinese and English display
in help message and prompt message of command line.
Raisecom#write
Save configuration.
Save configuration information to device after configuration,
and the new saved configuration information will cover the
original configuration information.
Without saving, the new configuration information will lose
after rebooting, and the device will continue working with the
original configuration.
Note: Use the command erase file-name to delete
configuration files, which cannot be restored, so please take
careful operation.
Raisecom#reboot [ now ]
Note: Rebooting the device will interrupt the service, please

take careful operation. Please save the configuration before
rebootingin order to avoid configuration loss.
(Optional) Configure device reboot.
When the device is in failure, please reboot it to solve the
problem according to actual condition.
2.8 Configure task calling function

When the users need periodic or designated time to perform some command line, they can consider
configuring task scheduling function.
ISCOM2924GF device is in support of realizing task scheduling by c ombining the pr ogram lis t to
command line. Users just need to designate the task start time, period and end time in the program
list, and t hen bind the program list to command l ine so as t o r ealize t he pe riodic ope ration of
command line.
Please configure task scheduling function for the device as below:
Step
Configuration
Description
Raisecom#config
28
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#schedule-list list-number start

{ date-time month-day-year hour:minute:second [ every
{ day | week | period hour:minute:second } ] stop
month-day-year hour:minute:second | up-time period
hour:minute:second [ every period hour:minute:second ]
[ stop period hour:minute:second ] }
Create and configure schedule list.
Raisecom(config)#command-string schedule-list
list-number
Bind the command line which needs

periodic execution and is in support
of schedule list to the schedule list.
Raisecom#show schedule-list [ list-number ]
Check whether the schedule list

configuration is correct.
2.9 Configure watchdog

The i nterference of o utside el ectromagnetic f ield will i nfluence t he w orking of single chip
microcomputer, and cause program fleet and de ad circulation so that the s ystem cannot work
normally. Considering the real-time monitoring to the running state of single chip microcomputer, it
generates a program s pecially us ed t o m onitoring t he r unning s tatus of s witch ha rdware de vice,
which is commonly known as the "Watchdog" (Watchdog).
The system will reboot when the switch c an't c ontinue t o w ork for task suspension or dead
circulation, and without feeding the dog within in a feeding dog cycle.
The watchdog function configuration can prevent the system program from dead circulation caused
by uncertainty fault so as to improve the stability of system.
Please configure watchdog for the device as below:
Step
Configuration
Desription
Raisecom#watchdog enable
Enable watchdog function.

Use the command of watchdog
disable to prohibit this function.
Raisecom#show watchdog
Check watchdog function status.
2.10 Configuration examples

2.10.1
Configure TFTP auto-loading example
2.10.1.1
Networking requirement
As Figure 2-7 s hows be low, c onnect T FTP s erver with switch, configure auto-loading f unction i n
switch to let switch auto-loading configuration file f rom T FTP se rver. Hereinto, TFTP se rver IP is
192.168.1.1 and the denomination rule for configuration file name satisfies following conditions:
Device model is included in configuration file name
Integrated MAC address is included in configuration file name
Software version higher 2 bits is included in configuration file name
No in support of extension rule
29
www.raisecom.com
User Manual
Figure 2-7 Networking sketch map of configuring auto-loading function
2.10.1.2
Configuration steps
Step 1
Configure IP address for TFTP server:
Raisecom#config
Raisecom(config)#service config tftp-server 192.168.1.1
Step 2
Configure denomination rule for file name:
Raisecom(config)#service config filename rule 81650
Step 3
Configure file name:
Raisecom(config)#service config filename ABC
Step 4
Enable local configuration file overwrite function:
Raisecom(config)#service config overwrite enable
Step 5
Enable auto-loading configuration function:
2.10.1.3
Show result
To view auto-loading configuration by the command of show service config:
Raisecom(config)#show service config
Auto upgrade :
Config server IP address:
Config filename rule:
enable
192.168.1.1
81650
Config file name:
ABC
System boot file version:
1107290
Bootstrap flie version :
:48:050
Startup-config file version:

Overwrite local configuration file:
Send Completion trap:
0000000
enable
disable
Current File Type:
none
Operation states:
done
Result:
none
30
www.raisecom.com
User Manual
Chapter 3 Ethernet
This c hapter i ntroduces pr inciple a nd configuration procedure of E thernet f eatures, a lso pr oviding
related configuration applications:
Overview
Configure MAC address forwarding table
Configure VLAN
Configure QinQ
Configure VLNA conversion
Configure STP
Configure MSTP
Configure loopback detection
Configure interface protection
Configure interface mirror
Configure layer-2 protocol transparent transmission
Maintenance
Configuration Applications
3.1 Overview
3.1.1
Ethernet interface
With the highly f lexible, relatively s imple, easy t o i mplement f eatures, Ethernet has be come an
important LAN networking technology. Ethernet int erface is di vided into: E thernet e lectrical
interface and Ethernet optical interface.
ISCOM2924GF device i s n s upport of Ethernet electrical interface and Ethernet o ptical i nterface.
The s pecific interface mode depends on t he de vice, support s ituation of chip and achievement
situation of drive.
3.1.1.1
Auto-negotiation function
The m ain f unction of a uto-negotiation i s t o m ake t he devices i n both e nds of physical link to
automatically s elect the s ame working parameters through i nteraction information. The c ontent of
auto-negotiation mainly i ncludes dupl ex m ode, operating speed and flow cont rol p arameters, etc.
Once the negotiation is passed, the devices in both ends of link will be locked in the same duplex
mode and operating speed.
ISCOM2924GF-4C 10GE interface is only in support of full-duplex mode; ISCOM2924GF Combo
electrical interface and 10/100/1000BASE-T photoelectric conversion module auto-negotiation is in
support of 10M/100M/1000M operating s peeds, f ull-duplex a nd ha lf-duplex working mode
configuration.
31
www.raisecom.com
3.1.1.2
User Manual
Connecting cable
General standard Ethernet cabl e is di vided into direct-through cable MDI ( Medium D ependent
Interface) and cross-over cable MDI-X (Medium Dependent Interface cross-over). MDI provides
physic a nd c ircuit connections from terminal end to network trunk device. MDI-X offers the sa me
device (terminal to terminal) connection. The interface type of host and router is MDI, the port type
of hub a nd s witch is MDI-X. Generally, heterogeneous de vices i nterconnect with direct-through
cable, while similar devices interconnect with cr oss-over cable. Adaptive connection need not to
consider direct-through cable or cross-over cable.
ISCOM2924GF Ethernet connection is in support of adaptive MDI / MDI-X.
3.1.2
3.1.2.1
MAC address forwarding table

MAC address forwarding table
Ethernet device implements Ethernet message fast forwarding through MAC address forwarding rule;
each device ha s a MAC address f orwarding table t hat associate t he M AC ad dress and forwarding
interface. A ll of the ingress interface message will be forwarded according to the MAC address
forwarding table, it is the base for Ethernet device realizing layer-2 message fast forwarding. MAC
address forwarding table is saved in device cache, the capacity of cache decides saved MAC address
amount.
Item of MAC address forwarding table contains the below information:
Destination MAC address
Destination MAC address related interface ID
Interface belonged VLAN ID
ISCOM2924GF de vice can check MAC addres s t able i nformation based on device, interface and
VLAN.
3.1.2.2
MAC address forwarding mode

Ethernet device adopts following forwarding modes according to MAC address table items:
Unicast m ode: If the M AC a ddress f orwarding t able c ontains i tem r elated t o message
destination M AC a ddress, t he de vice di rect transmits fr om t he f orwarding egress i nterface.
As shown in Figure 3-1:
32
www.raisecom.com
User Manual
1
Message purpose
MAC D
Local MACMAC A
Local portPort 1
2
Search MAC address table
MAC
D
Interface
Port 4
VLAN
1
PC A
PC C
Switch
PC B
PC D
3
Forward message according to
the interface in MAC address
forwarding table
Figure 3-1 Sketch map of MAC address forwarding table

Multicast mode: when device receives message with multicast MAC address as destination,
forwarding the message from the outer interface if there is item related to destination address
in the MAC address forwarding table; or else, discard the message.
Broadcast mode: If device receives message with destination address is all F, or there is no
destination MAC a ddress i n t he M AC a ddress f orwarding t able, t he de vice w ill br oadcast
message to all interfaces except the receiving interface. As shown in Figure 3-2:
1
Message purpose
MAC C
Local MACMAC A
Local portPort 1
Search MAC address

table, finding no MAC C
record, then send
broadcast to the whole
broadcast demain.
3
Receive message
correctly
PC A
PC C
Switch
PC D
Figure 3-2 Sketch map of MAC address broadcast
3.1.2.3
Classification of MAC address table entry

MAC address forwarding table is divided into static address table entry and d ynamic address table
33
www.raisecom.com
User Manual
entry.
Static MAC address table entry: also called permanent address, added and removed by the
user manually, does not age with time. For a network with small device change, adding static
address table entry manually can reduce the network broadcast traffic, improve the security of
the i nterface a nd prevent ta ble e ntry f rom losing after the system re set, interface b oard hot
swapping or interface board reset.
Dynamic M AC addres s t able entry: the switch can add dynamic M AC address t able ent ry
through MAC address learning mechanism or manual establishment by users. The table entry
will be aged according to the aging time configuration, and be empty after he system reset,
interface board hot swapping or interface board reset.
ISCOM2924GF i s i n s upport of t he m aximum 32k dy namic M AC addresses a nd 1 00 s tatic M AC
addresses.
3.1.2.4
Aging time of MAC address

There i s capa city r estriction to the MAC a ddress forwarding table of Ethernet s witch. I n or der t o
maximize the use of address forwarding table resources, Ethernet switch uses the aging mechanism
to update M AC a ddress f orwarding table, i.e. in the meantime of cr eating a cer tain dynamic table
entry, ope n the aging timer, if the re is n o MAC a ddress m essage from t he t able e ntry dur ing t he
aging time, the switch will delete the MAC address table entry.
ISCOM2924GF device is in support of MAC address auto-aging. The range of aging time is 10s~1
000000s.
Note:
When opening the "destination MAC address update" function, if the switch has transmitted
some destination MAC address message during aging time, the MAC table entry will also be
triggered update and restarted aging.
MAC address aging mechanism is only valid to dynamic MAC address table entry.
3.1.2.5
MAC address forwarding strategy

MAC address forwarding table has two kinds of forwarding strategies:
When message e nters de vice i nterface, the device w ill s earch interface associated with
destination M AC a ddress i n t he M AC a ddress ta ble, if the re is de stination MAC in M AC
address table, and forwarding the message from it; the source MAC address of message will
be r ecorded and save i n MAC addr ess t able related to i ngress m essage i nterface I D an d
VLAN ID. When ot her i nterface ha s message t o t he M AC ad dress, the i nformation can be
forwarded to associated interface directly.
If there i s no de stination M AC f or t he message i n MAC a ddress t able, a ddress a ssociation
relationship will f orward data pa ckets to all int erfaces w ith same br oadcast do main and
record source MAC address to device MAC address table.
3.1.2.6
MAC address learning amount limit

MAC address learning amount limit function is mainly to restrict the number of MAC address entries,
avoid extending the checking time of forwarding table entry caused by too large MAC address table
and degrading the forwarding performance of Ethernet switch, and it is an effective way to manage
MAC address table.
34
www.raisecom.com
User Manual
MAC address learning amount limit is mainly used to restrict the size of MAC address forwarding
table and improve the forwarding speed of switch chip.
You can control the MAC address forwarding table entry number maintained by Ethernet switch by
setting the maximum nu mber of MAC address learnt in the Ethernet interface or sp ecified VLAN.
When the number of MAC address learnt in interface or specified VLAN reaches the threshold set by
the user, the interface will no longer take the restriction to the MAC address learning or other VLAN
messages.
3.1.3
3.1.3.1
VLAN
VLAN overview
VLAN (Virtual Local Area Network) is a protocol to solve Ethernet broadcast and security problem.
It is a layer-2 isolation technique that divides a LAN into different broadcast domains by logic but
not by ph ysics, t hen t he different br oadcast dom ains can w ork a s v irtual gr oups w ithout a ny
influence from one another. Looking from the function, VLAN has the same features as LAN, but
members in one VLAN can access one another without restriction by physical location. As shown in
Figure 3-3:
Figure 3-3 VLAN division sketch map

VLAN technique can divides a physical LAN i nto different br oadcast dom ain b y logic. Hosts
without intercommunication requirements can be isolated by VLAN and then, i mprove ne twork
security, reduce broadcast flow and broadcast storm.
ISCOM2924GF is in support of VLAN division based on interface.
ISCOM2924GF de vice i s c ompliance w ith IEEE 802 .1Q standard VLAN a nd i s s upport of 4094
concurrent VLAN.
35
www.raisecom.com
3.1.3.2
User Manual
Interface mode and message forwarding

ISCOM2924GF has two interface modes: Access mode and Trunk mode. The method of dealing with
message for the two modes shows as below.
Table 3-1 Interface mode and message transportation
Interface
type
Deal with Ingress message

Untag message
Access
Add default VLAN Tag for

message
Deal with Egress message
Tag message
VLAN IDdefault
VLAN ID, receive the
message
VLAN IDdefault VLAN ID,

remove Tag and transmit the
message.
VLAN IDdefault
VLAN ID, discard the
message
Trunk
3.1.4
Default VLAN ID is
included in interface permit
passing VLAN ID list,
receiving the message and
adding default VLAN Tag.
Receive the message if

the message VLAN ID is
included in the permit
passing VLAN ID list.

permit passing from interface,
remove Tag and transmit the
message
Discard the message if

the message VLAN ID is
not included in the permit
passing VLAN ID list.

permit passing from interface,
transmit the message with Tag
QinQ
QinQ ( also know n a s Stacked VLAN or Double V LAN) technique is a n e xtension f or 802. 1Q
defined in IEEE 802.1ad standard.
3.1.4.1
Basic QinQ
Basic QinQ is a simple layer-2 VPN tunnel technique, which encapsulate outer VLAN Tag for user
private network message at carrier access end, then the message takes double VLAN Tag to transmit
through ba ckbone ne twork ( public ne twork) of c arrier. In publ ic ne twork, m essage j ust be
transmitted in accordance with outer VLAN Tag (namely the public network VLAN Tag), the user
private network VALN Tag is transmitted as data in message.
Figure 3-4 Typical networking of basic QinQ

36
www.raisecom.com
User Manual
Typical networking of basic QinQ is shown as Figure 3-4, ISCOM2924GF is PE (Provider Edge).
The message is transmitted to PE device from user device, and the VLAN ID of message tag is 100.
The message will be printed outer tag with V LAN 200 when pa ssing through PE device user side
interface and then enter PE network.
The VLAN 200message is transmitted to PE device on the other end by PE, and then the other PE
will strip the outer tag VLAN 200 and send it to user device. So the message returns to VLAN 100
tag.
This technique can s ave pu blic ne twork V LAN I D r esource. Users can m ark out pr ivate ne twork
VLAN ID to avoid conflict with public network VLAN ID.
3.1.4.2
Flexible QinQ
Flexible Q inQ i s an enhancement of ba sic Q inQ, which classifies f low accor ding to user da ta
features, then encapsulate d ifferent t ypes f low into different outer V LAN t ag. This technique is
realized by combination of interface and VLAN. Besides the functions of basic QinQ, flexible QinQ
can perform different action on different VLAN Tag received by one interface and add different outer
VLAN ID for different inner VLAN ID. According to configure mapping rule for inner and outer Tag,
users can encapsulate different outer Tag for different inner Tag message.
Flexible QinQ function makes c arrier ne twork structure m ore f lexible. Customers can classify
different t erminal us ers at a ccess de vice i nterface accor ding to VLAN Tag and then, encapsulate
different outer Tag for different class users. In public network, customer can configure QoS pol icy
according t o out er T ag a nd configure data t ransmission priority f lexibly so as to m ake us ers i n
different class receive the corresponding services.
3.1.5
VLAN mapping
The main function of VLAN mapping is to replace private network VLAN Tag in Ethernet service
message b y car rier V LAN Tag, m ake t he m essage be t ransmitted i n c arrier V LAN m apping r ule.
When the message is mapped from carrier network to peer customer private network, restore VLAN
mapping to original pr ivate network VLAN Tag by t he s ame r ule so t hat the m essage can ar rive
destination correctly. The VLAN mapping principle is shown in Figure 3-5:
Figure 3-5 Sketch map of VLAN mapping principle

After receiving VLAN Tag with user private ne twork message, the s witch will match VLAN Tag
according to the VLAN m apping configuration rule and replace i t i f matching successfully.
37
www.raisecom.com
User Manual
ISCOM2924GF i s i n s upport of 1: 1 VLAN m apping t o r eplace VLAN T ag c arried by a c ertain

VLAN message to new VLAN Tag.
Different from QinQ function, VLAN mapping neednt to take multi-layer VLAN Tag encapsulation
to message, but change VLAN Tag to make it transmit according to VLAN mapping forward rule.
3.1.6
3.1.6.1
STP/RSTP/MSTP
STP
With the increasing complexity of network structure and growing number of switches in the network,
the E thernet ne twork l oops become t he most prominent pr oblem. Because of the packet broadcast
mechanism, network loop will make the network generate network storm, exhaust network resources,
and have serious impact to the normal data forwarding. The network storm caused by network loops
is shown in Figure 3-6.
Figure 3-6 Sketch map of network storm caused by network loops circuit
STP (Spanning Tree P rotocol) is c ompliant to IEEE 802.1d s tandard and us ed t o r emove da ta
physical loop in data link layer in LAN.
STP running device can interact BPDU (Bridge Protocol Data Unit) packet with each other for the
election of root switch and selection of root port and designated port. It also can block loop interface
in the de vice logically according to the selection results, eventually trimming the loop ne twork
structure to t ree ne twork s tructure without l oop w hich t akes a de vice a s r oot, s o a s t o pr event the
continuous proliferation and limitless circulation of packet in loop network from causing broadcast
storm a nd a void declining packet pr ocessing capacity caused by ceceiving the s ame packets
repeatedly.
The loop network diagram running STP is shown in Figure 3-7.
38
www.raisecom.com
User Manual
Figure 3-7 Loop network diagram running STP protocol

Although S TP can eliminate loop ne twork a nd pr event br oadcast s torm w ell, i ts shortcomings a re
still gradually exposed with thorough application and development of network technology.
The major disadvantage of STP is the slow convergence speed.
3.1.6.2
RSTP
For i mproving the low c onvergent speed of STP, IEEE 802.1w e stablishes RSTP (Rapid Spanning
Tree Protocol), which increase the mechanism to change interface blocking state to forwarding state,
speed up the topology convergence rate.
The purpose of S TP/RSTP is t o s implify a br idge c onnection L AN t o a uni tary s panning t ree i n
logical topology and so as to avoid broadcast storm.
The di sadvantages of S TP/RSTP e xposed w ith t he r apid de velopment of V LAN t echnology. The
unitary spanning tree simplified from STP/RSTP leads the below problems:
The w hole s witched network ha s onl y one s panning t ree, w hich w ill le ad to longer
convergence time in a larger network.
Waste of bandwidth since a link doesnt carry any flow after it is blocked;
Message of partial VLAN cannot be forwarded when network structure is unsymmetrical. As
shown in Figure 3-8, Switch B is root switch, RSTP protocol blocks the link between Switch
A and Switch C logically and make that the VLAN 100 message cannot be transmitted and
Switch A and Switch C cannot communicate.
39
www.raisecom.com
User Manual
Figure 3-8 RSTP protocol causes VLAN message forward failure
3.1.6.3
MSTP
MSTP (Multiple Spanning Tree Protocol) is defined by IEEE 802.1s. Recovering the disadvantages
of S TP a nd RSTP, t he M STP realizes fa st convergence and distributes different VLAN flow
following its own path to provide an excellent load sharing mechanism.
MSTP di vides a s witch ne twork i nto m ultiple dom ains, c alled MST dom ain. Each M ST dom ain
contains s everal s panning t rees but t he t rees ar e i ndependent o ne an other. Each s panning t ree i s
called a MSTI (Multiple Spanning Tree Instance).
MSTP protocol introduces CST (Conmon Spanning Tree) and IST (Internal Spanning Tree) concepts.
CST refers to take MST domain as a w hole to calculate and generate a spanning tree. IST means to
generate spanning tree in internal MST domain.
Compared with STP and RSTP, MSTP also introduces total root (CIST Root) and domain root (MST
Region Root) concepts. The total root is a global concept; all switches running STP/RSTP/MSTP can
only ha ve one total r oot, which is the CIST R oot. T he domain root i s a l ocal c oncept, which is
relative to an instance in a domain. As Figure 3-9, all connected devices only have one total root, and
the number of domain root contained in each domain is associated with the number of instances.
40
www.raisecom.com
User Manual
Figure 3-9 Basic concept sketch map of MSTI network

There can be different M ST instance in each MST de main, which associates VLAN and MSTI b y
setting V LAN mapping table (relationship table of VLAN a nd MSTI). The concept sketch map of
MSTI is shown in the Figure 3-10.
Figure 3-10 Concept sketch map of MSTI

Note: Each VLAN can only corresponding to one MSTI; that is to say, data of one VLAN can only
be transmitted in one MSTI; while one MSTI may correspond to several VLAN.
41
www.raisecom.com
User Manual
Compared with the previous STP and RSTP, MSTP has obvious advantages, including cognitive
ability of VLAN, load balance sharing ability, similar RSTP port status switching ability as well as
binding multiple VLAN to one MST instance to reduce resource occupancy rate. In addition, MSTP
running devices in network are also compatible with the STP and RSTP running devices.
Figure 3-11 Networking of multiple spanning trees instances in MST domain

Applying MSTP in the network as Figure 3-11 above, after calculation, there are two spanning trees
generated at last (two MST instances):
MSTI1 takes B as root switch, forwarding message of VLAN100;
MSTI2 takes F as root switch, forwarding message of VLAN200.
By this w ay, all V LAN can com municate at i nternal, different V LAN m essages are f orwarded in
different path to share loading.
3.1.7
Loopback detection
The i nterface l oopback de tection f unction s olves i nfluence o n ne twork caused by s elf-loop or
external loop, and then improves network error-detection, error tolerance and stability.
Procedure of loopback detection:
Each i nterface of device sends loopback-detection message by interval (the interval is
configurable, by default is 4 seconds);
The device check source MAC field for interface received loopback detection packets, if the
source M AC i s i dentical t o device M AC, some i nterfaces of t he de vice form a l oop;
otherwise, discard the message;
It is self-loop if the sending interface ID is identical to receiving interface ID, shutdown the
interface;
It is external loop if the sending interface ID is identical to receiving interface ID, shutdown
42
www.raisecom.com
User Manual
the interface with bigger ID, and leave the smaller interface ID in UP status.
3.1.8
Interface protection
User needs to take layer-2 data isolation among different interface and add the interface to different
VLAN. S ometimes i nterfaces i n the s ame VLAN al so n eed to be t aken data is olation by interface
protection feature, which can isolate interfaces in one VLAN.
Through interface protection festure, user can enable the protection feature to interfaces needed to be
controlled to achieve the layer-2 data isolation and reach physical isolation effect among interfaces,
which improve network security and provide flexible networking solution to cutomer.
The packets among interfaces in a protection group cannot communicate after configuring interface
protection, but the communication between i nterfaces enabling interface protection and disabling
interface protection wont be influenced.
3.1.9
Interface mirror
Interface mirror func tion refers t o assign some packets m irror of s ource i nterface t o de stination
interface, i.e. the m onitoring i nterface without a ffecting t he nor mal pa cket f orwarding f unction.
Switch user can monitor the pa ckets s ending a nd r eceiving of one interface by t his f unction a nd
analyze the relevant network conditions.
Figure 3-12 Sketch map of interface mirror function priciple

The basic principle of interface mirror is shown in Figure 3-12. PC 1 connects outside network via
the Port 1; PC 3 is monitoring PC, connecting outside network through the Port 12.
When m onitoring packets from t he PC 1, user ne eds to assign Port 1 co nnected to PC1 as mirror
source i nterface, enable m irror f unction of ingress i nterface and a ssign Port 12 as m oniroring
interface, i.e. mirror destination interface.
When the service pa ckets f rom PC 1 enter switch, the s witch will forward the pa cket an d c opy to
monitoring interface (Port 12). The monitoring device connected to mirror monitoring interface can
43
www.raisecom.com
User Manual
receive and analyze these mirrored packets.

ISCOM2924GF is in support of the da ta stream mirror over ingress interface and egress interface.
The packets in ingress/egress mirror interface will be copied to the monitor interface after enabling
the mirror function. Monitoring interface and mirror interface cannot be the same one.
3.1.10
Layer-2 protocol transparent transmission

Transparent t ransmission f unction i s one of t he m ain Ethernet device f unctions, usually the e dge
network devices of car rier take i n charge of l ayer-2 pr otocol m essage transparent transmission.
Transparent transmission function is e nabled a t the interface that c onnects e dge ne twork de vice of
carrier a nd us er ne twork. The i nterface i s i n A ccess m ode, c onnecting t o Trunk i nterface on us er
device. The layer-2 protocol message of user network enters from transparent transmission interface,
encapsulated by edge network device (ingress end of message) and then enter carrier network. The
message is transmitted through carrier network to arrive edge device (egress end of message) at the
other end or carrier network. The edged device decapsulates outer layer-2 protocol message and
transparent transmits it to customer network.
The t ransparent t ransmission f unction i ncludes m essage e ncapsulation a nd de capsulation f unction,
the basic implementing principle as below:
Message en capsulation: at t he m essage i ngress end, de vice m odifies de stination MAC
address from user network layer-2 protocol message to special multicast MAC address (it is
010E.5E00.0003 by default). In carrier network, the modified message is forwarded as data in
user VLAN.
Message d ecapsulation: at t he m essage egr ess end, t he device s enses m essage w ith special
multicast M AC a ddress ( it i s 010 E.5E00.0003 by de fault) a nd r evert the destination MAC
address t o D MAC of l ayer-2 pr otocol m essage, t hen send t he m essage t o a ssigned us er
network.
Layer-2 protocol transparent transmission function can be ope rated a t the s ame time w ith QinQ or
operated i ndependently. In practice a pplication, a fter m odifying pr otocol message M AC a ddress,
need to add outer Tag for transmit through carrier network.
ISCOM2924GF de vice is i n support of transparent transmission of BPDU m essage, DOT1X
message, LACP message, CDP message, VTP message and PVST message.
3.2 Configure MAC address forwarding table

3.2.1
3.2.1.1
Preparation for configuration

Networking situation
Configure static MAC address forwarding table in the following situations:
Static MAC address can be set for fixed server, special persons (manager, financial staff, etc.)
fixed and important hosts to make sure all data flow forwarding to these MAC addresses are
forwarded from static MAC address related interface in priority.
For the interface with fixed static MAC address, user can disable MAC address learning to
avoid other hosts visiting LAN data from the interface.
Configure aging t ime f or d ynamic M AC a ddress f orwarding t able t o avoid the explosive
growth of MAC address forwarding table.
44
www.raisecom.com
3.2.1.2
User Manual
Preconditions
N/A
3.2.2
Default configuration of MAC address forwarding table

The default configuration of MAC address forwarding table is as below:
3.2.3
Function
Default value
MAC address learning function status
Enable
MAC address aging time
300s
MAC address learning amount limit
unlimited
Configure static MAC address

Please configure static MAC address as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mac-address-table static
unicast mac-address vlan vlan-id port port-id
Configure static unicast MAC address.
Raisecom(config)#mac-address-table static
multicast mac-address vlan vlan-id port
port-list
Configure static multicast MAC address.
Raisecom(config)#mac-address-table
blackhole mac-address vlan vlan-id
Configure black hole MAC address.
multicast filter { all | vlan vlan-list }
(Optional) Set multicast filter mode for

MAC address table.
Note:
MAC address, multicast address, FFFF.FFFF.FFFF and 0000.0000.0000 of the device cannot
be configured as static unicast MAC address.
At present, the configurable static unicast MAC address amount of ISCOM2924GF device is
100.
3.2.4
Configure MAC address learning

Please configure MAC address learning as below:
Step
Configuration
Description
Raisecom#config
learning { enable | disable } { port-list
{ all | port-list } | vlanlist vlan-list }
Enable or disable MAC address

learning function.
45
www.raisecom.com
3.2.5
User Manual
Configure MAC address learning amount limit

Please configure MAC address learning amount limit as below:
3.2.6
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface port port-id

configuration mode.
Raisecom(config-port)#mac-address-table
threshold threshold-value
Configure MAC address learning

amount.
Raisecom(config-port)#mac-address-table
threshold threshold-value vlan vlan-id
Configure specified VLAN MAC

address learning amount.
Configure MAC address aging time

Please configure MAC address aging time as below:
Step
Configuration
Description
Raisecom#config
3.2.7
Raisecom(config)#mac-address-table Set MAC address aging time. The time

aging-time { 0 | period }
range: 10~1000000, unit: second. Set
the aging time 0 for non-aging.
No.
Item
Description
Raisecom#show mac-address-table static

[ port port-id | vlan vlan-id ]
Show static unicast MAC address.
Raisecom#show mac-address-table multicast

[ vlan vlan-id ] [ count ]
Show layer-2 multicast address.
Raisecom#show mac-address-table blackhole
Show black hole MAC address.
Raisecom#show mac-address-table l2-address

[ count ] [ vlan vlan-id | port port-id ]
Show all layer-2 unicast addresses and

the learning MAC address amount.
Raisecom#show mac-address-table threshold

[ port-list { all | port-list } ]
Show MAC address learning amount

limit value.
Raisecom#show mac aging-time
Show MAC address aging time.
46
www.raisecom.com
User Manual
3.3 Configure VLAN

3.3.1
3.3.1.1

Main f unction of V LAN i s t o c arve up l ogic network s egments. There are 2 typical application
modes:
One ki nd is in s mall s ize L AN, one de vice is c arved up to several VLAN, the hosts tha t
connect to the device are carved up by VLAN. So hosts in the same VLAN can communicate,
but hosts be tween di fferent VLAN cannot communicate. For example, the f inancial
department ne eds t o di vide f rom ot her de partments a nd t hey c annot a ccess e ach ot her.
Generally, the interface to connect host is in Access mode.
The other kind is in bigger LAN or enterprise network, multiple devices connect to multiple
hosts and t he de vices ar e concatenated, da ta m essage t akes VLAN Tag for f orwarding.
Identical VLAN interface of multiple devices can communicate, but hosts between different
VLAN cannot communicate. This mode is used in enterprise that has many people and need a
lot of hosts, in the s ame department but different p osition, the hosts in one department can
access one another, so customer has to carve up V LAN in multiple devices. Layer-3 devices
like r outer i s r equired if us ers want t o c ommunicate a mong di fferent V LAN. The
concatenated interfaces among devices are set in Trunk mode.
When configuring IP address for V LAN, user can associate a l ayer-3 interface for it. Each layer-3
interface is corresponding to one IP address and one VLAN.
3.3.1.2
Preconditions
Before configuring VLAN, users need to configure physical parameter for the interface to make the
status Up.
3.3.2
Default configuration of VLAN

The default configuration of VLAN is as below:
Function
Default value
Create VLAN
Has VLAN 1
Active status of static VLAN
suspend
Interface mode
Access
Access VLAN
VLAN 1
Native VLAN of Trunk interface
VLAN 1
Allowable VLAN in Trunk mode
All VLAN
Allowable Untag VLAN in Trunk mode
VLAN 1
47
www.raisecom.com
3.3.3
User Manual
Configure VLAN attributes

Please configure VLAN attributes as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#create vlan vlan-list { active |

suspend }
Create VLAN.
The command can also be used to
create VLAN in batch.
Raisecom(config)#vlan vlan-id
Enter VLAN configuration mode.
Raisecom(config-vlan)#name vlan-name
(Optional) Configure VLAN name.
Raisecom(config-vlan)#state { active | suspend }
Configure VLAN in active or

suspend status.
Note:
The V LAN created by command vlan vlan-id is i n s uspend s tatus, us ers need t o us e
command state active to activate VLAN if they want to make it effective in system.
By default, there are two VLAN in system, the default VLAN (VLAN 1) and cluster VLAN
(VLAN 2) , a ll i nterfaces i n A ccess m ode be longed t o default V LAN. Both VLAN 1 and
VLAN 2 cannot be created and deleted.
By de fault, the de fault V LAN ( VLAN 1) is c alled Default; cluster VL AN ( VLAN 2) i s
called Cluster-Vlan. Other V LAN i s na med as VLAN plus 4 di gits V LAN ID, f or
example, VLAN10 is named VLAN0010 by default, VLAN4094 is named as VLAN4094
by default.
All configurations of VLAN are not effective until the VLAN is activated. When VLAN is in
suspend s tatus, us er can also configure the VLAN, s uch as d elete/add interface, s et V LAN
name, etc. The system w ill ke ep t he c onfigurations, once the V LAN is activated, the
configurations will take effect in the system.
3.3.4
Configure interface mode

Please configure interface mode as below:
3.3.5
Step
Configuration
Description
Raisecom#config
port-id

configuration mode.
Raisecom(config-port)#switchport
mode { access | trunk }
Configure interface in Access or

Trunk mode.
Configure VLAN over Access interface

Please configure VLAN over Access interface for the device as below:
Step
Configuration
Description
Raisecom#config

48
www.raisecom.com
User Manual
Step
Configuration
Description

configuration mode.
Raisecom(config-port)#switchport mode access
Configure interface in Access

mode and add Access interface into
VLAN.
Raisecom(config-port)#switchport access vlan vlan-id

Raisecom(config-port)#switchport access
egress-allowed vlan { all | [ add | remove ] vlan-list }
(Optional) Configure Access

interface permitted VLAN.
Note:
The interface permits Access VLAN packets passing regardless of configuration for VLAN
permitted by Access interface, the forwarded packets dont take with VLAN TAG.
When s etting Access VLAN, system w ill cr eate an d activate VLAN by a utomation if us er
hasnt created and activated VLAN in advance.
If us er de letes or s uspends Access VLAN by manual, system w ill s et t he i nterface A ccess
VLAN as default VLAN by automation.
When c onfiguring interface Access VL AN as no n-default Access V LAN, default Access
VLAN 1 is Access egress interface permitted VLAN, user can delete Access VLAN 1 from
permitted VLAN list of Access egress interface by deleting this VLAN.
If the configured Access V LAN is not default VLAN and there i s n o default V LAN in
permitted VLAN list of Access interface, the interface doesnt permit default VLAN packets
passing.
Permitted VLAN list of Access interface is only effective to static VLAN, and inefficient to
cluster VLAN, GVRP dynamic VLAN, etc.
3.3.6
Configure VLAN over Trunk interface

Please configure VLAN over Trunk interface for the device as below:
Step
Configuration
Description
Raisecom#config

configuration mode.
Raisecom(config-port)#switchport mode trunk
Configure interface in Trunk mode.
Raisecom(config-port)#switchport trunk native

vlan vlan-id
Configure interface Native VLAN.
Raisecom(config-port)#switchport trunk
allowed vlan { all | [ add | remove ] vlan-list }
(Optional) Configure Trunk

interface permitted VLAN.
Raisecom(config-port)#switchport trunk
untagged vlan { all | [ add | remove ] vlan-list }
(Optional) Configure Trunk

interface unTag VLAN.
Note:
The interface permits NATIVE VLAN packets passing regardless of configuration on Trunk
interface pe rmitted V LAN l ist a nd Untagged VLAN l ist, t he f orwarded pa ckets do nt ta ke
with VLAN TAG.
System will create and activate the VLAN if there is no VLAN was created and activated in
advance when setting Native VLAN.
System set the interface Trunk Native VLAN as default VLAN if user has deleted or blocked
Native VLAN by manual.
49
www.raisecom.com
User Manual
Interface pe rmits in a nd out of T runk A llowed VLAN m essage, i f t he V LAN i s T runk

Untagged V LAN, the packets r emove V LAN T AG at egr ess i nterface, otherwise, dont
modify the packets.
If the configured Native VLAN is not default VLAN, and there is no default VLAN in Trunk
interface permitted VLAN list, the interface wont permit default VLAN packets passing.
When s etting T runk Untagged V LAN l ist, s ystem a utomatically a dds a ll U ntagged V LAN
into Trunk permitted VLAN.
Trunk permitted VLAN list and Trunk Untagged VLAN list are only effective to static VLAN,
and ineffective for cluster VLAN, GVRP dynamic VLAN, etc.
3.3.7
No.
Item
Description
Raisecom#show vlan [ vlan-list | static ]
Show VLAN configuration.
Raisecom#show interface port [ port-id ]

switchport
Show interface VLAN configuration.
3.4 Configure QinQ

3.4.1
3.4.1.1

The basic QinQ configuration and flexible QinQ configuration for the device are based on di fferent
service requirements.
Basic QinQ:
With application of basic QinQ, user can add outer VLAN Tag to layout Private VLAN ID freely so
as to make the user device data at both ends of carrier network take transparent transmission without
conflicting with VLAN ID in service provider network.
Flexible QinQ:
Different f rom ba sic Q inQ, out er V LAN T ag of f lexible Q inQ c an be selectable according t o
different services. There are multiple services and different private VLAN ID in user network which
are divided by adding different outer VLAN Tag for voice, video, and data services etc., then realize
different distributaries and inner and outer VLAN mapping for different services forwarding.
3.4.1.2
Preconditions
Users must finish below operations before configuring QinQ.
Connect interface and configure interface physical parameters to make the physical layer Up.
Create VLAN
3.4.2
Default configuration of QinQ

The default configuration of QinQ is as below:
50
www.raisecom.com
3.4.3
User Manual
Function
Default value
Outer TAG TPID value
0x8100
Basic QinQ function status
Disable
Flexible QinQ function status
Disable
Configure basic QinQ

Please configure basic QinQ at device ingress interface as below:
3.4.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mls double-tagging tpid tpid
(Optional) Configure TPID.

configuration mode.
Raisecom(config-port)#switchport qinq
dot1q-tunnel
Enable interface basic QinQ

function.
Configure flexible QinQ

Please configure flexible QinQ at device ingress interface as below:
3.4.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mls double-tagging tpid tpid
(Optional) Configure TPID.

configuration mode.
vlan-mapping cvlan vlan-list add-outer vlan-id
Configure interface flexible QinQ

rule.
Configure egress interface in Trunk mode

Please configure basic QinQ or flexible QinQ at device egress interface as below:
Step
Configuration
Description
Raisecom#config
port-id

configuration mode.
mode trunk
Configure interface trunk mode,

permit double Tag message passing.
51
www.raisecom.com
3.4.6
User Manual
No.
Item
Description
Raisecom#show switchport qinq
Show configuration of basic QinQ.
Raisecom#show interface port

Show configuration of flexible QinQ.
[ port-id ] vlan-mapping add-outer
3.5 Configure VLAN mapping

3.5.1
3.5.1.1

Differentiated f rom Q inQ, V LAN m apping onl y changes V LAN tag but not i ncrease additional
multilayer VLAN T ag e ncapsulation. U sers j ust ne ed t o c hange VLAN Tag t o m ake i t t ransmit
according to carrier VLAN mapping rule and which wont increase frame length of original packet.
VLAN mapping is also used in below conditions:
Mapping user service to one carrier VLAN ID
Mapping multi-users service to one carrier VLAN ID
3.5.1.2
Preconditions
Users must finish below operations before configuring VLAN mapping.
Connect interface and configure interface physical parameters to make the physical layer Up.
Create VLAN
3.5.2
Configure 1:1 VLAN mapping

Please configure 1:1 VLAN mapping for the device as below:
3.5.3
Step
Configuration
Description
Raisecom#config

configuration mode.
vlan-mapping { ingress | egress } vlan-list
translate vlan-id
Configure 1:1 VLAN mapping

rule over interface ingress or
egress direction.
52
www.raisecom.com
User Manual
No.
Item
Description

vlan-mapping { ingress | egress } translate
Show configuration information

of 1:1 VLAN mapping.
3.6 Configure STP

3.6.1
3.6.1.1

In big LAN, multiple devices are concatenated for inter-access among hosts. It needs to enable STP
to a void l oop a mong t he d evices, MAC a ddress l earning f ault, and br oadcast s torm a nd ne twork
down caused by quick copy and transmission of data frame. STP calculation can block one interface
in a broken loop and make sure that there is only one path from data flow to destination host, which
is also the best path.
3.6.1.2
Preconditions
Configure interface physical parameters to make it Up before configuring STP.
3.6.2
Default configuration of STP

The default configuration of STP is as below:
3.6.3
Function
Default value
Global STP function status
Disable
Interface STP function status
Enable
STP priority of device
32768
STP priority of interface
128
The path cost of interface
max-age timer
20s
hello-time timer
2s
forward-delay timer
15s
Enable STP function

Please configure STP on the device as below:
Step
Configuration
Description
53
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree mode stp Configure spanning tree for STP mode.
Raisecom(config)#spanning-tree enable
3.6.4
Enable spanning tree protocol.
Configure STP parameter

Please configure STP enable for the device as below:
Step
Configuration
Description
Raisecom#config
3.6.5
Raisecom(config)#spanning-tree priority (Optional) Configure device priority.

priority-value
Raisecom(config)#spanning-tree root
{ primary | secondary }
(Optional) Configure the device as

root or backup device.

Raisecom(config-port)#spanning-tree
priority priority-value
(Optional) Configure device

interface priority.
inner-path-cost cost-value
(Optional) Configure path cost for

device interface.
Raisecom(config)#spanning-tree
hello-time value
(Optional) Configure Hello Time.
transit-limit value
(Optional) Configure maximum

transmitting speed of interface.
forward-delay value
(Optional) Configure Forward

Delay.
max-age value
(Optional) Configure Max Age.
No.
Item
Description
Raisecom#show spanning-tree
Show basic configuration

information of S TP.
port-list port-list
Show STP configuration

under interface.
54
www.raisecom.com
User Manual
3.7 Configure MSTP

3.7.1
3.7.1.1

In big LAN or residential region aggregation, the aggregation devices will make up a ring for link
backup, at the same time avoid loop and realize service load sharing. MSTP can select different and
unique forwarding path for each one or a group of VLAN.
3.7.1.2
Preconditions
Configure interface physical parameters to make it Up before configuring MSTP.
3.7.2
Default configuration of MSTP

The default configuration of MSTP is as below:
3.7.3
Function
Default value
Global MSTP function status
Disable
Interface MSTP function status
Enable
The maximum hop count of MST domain
20
MSTP priority of device
32768
MSTP priority of interface
128
The path cost of interface
The biggest transmitting message count

within each Hello time
max-age timer
20s
hello-time timer
2s
forward-delay timer
15s
The revision level of MST domain
Enable MSTP function

Please configure MSTP for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree mode mstp Configure spanning tree for MSTP

mode.
55
www.raisecom.com
3.7.4
User Manual
Step
Configuration
Description
Raisecom(config)#spanning-tree enable
Enable spanning tree protocol.
Configure MST domain and its maximum hop count

User can set domain information for the device when it is running in MSTP mode. The device MST
domain is decided by domain name, VLAN mapping table and configuration of MSTP revision level.
User can set current device in a specific MST domain through following configuration.
MST dom ain scale i s r estricted by t he maximum hop count. S tarting f rom the r oot bridge of
spanning tree in the domain, the configuration information (BPDU) reduces 1 hop count once it is
forwarded passing a device; the device discards the configuration information with hop count 0. The
device out of maximum hop count cannot j oin spanning tree calculation and then restrict MST
domain scale.
Please configure MSTP domain and its maximum hop count for the device as below:
Step
Configuration
Description
Raisecom#config
region-configuration
Enter MST domain configuration mode.
Raisecom(config-region)#name name
Configure MST domain name.
4
5
Raisecom(config-region)#revision-level Set revision level for MST domain, it is 0

level-value
by default.
Raisecom(config-region)#instance
instance-id vlan vlan-id
Set mapping relationship from MST

domain VLAN to instance.
Raisecom(config-region)#exit
6
max-hops hops-value
Configure the maximum hop count for

MST domain.
Note: The maximum hop count is M ST domain maximum hop count if and onl y if the configured
device is root of the domain; other roots cannot configure this item effectively.
3.7.5
Configure root bridge/backup bridge

Two m ethods for MSTP root s election: one is configure device pr iority and calculated by S TP to
confirm S TP root bridge or backup bridge; the ot her is to a ssign directly by this c ommand. W hen
root bridge has f ault or po wer off, the backup bridge can take t he pl ace of r oot bridge for re lated
instance. In this cast, if user has set new root bridge, the backup bridge wont become root bridge. If
user has configured several backup bridges for a spanning tree, once the root bridge stops working,
MSTP will choose the backup root with the smallest MAC address as new root bridge.
Note: Users ha d better not modify the priority of any device i n the ne twork i f adopting direct
56
www.raisecom.com
User Manual
assigning root bridge method, otherwise, the assigned root bridge or backup bridge may be invalid.
Please configure root bridge or backup bridge for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree [instance
instance-id] root {primary|secondary}
Set device as root bridge or

backup bridge for a STP instance.
Note:
User can confirm the effective instance of root bridge or backup bridge through the parameter
instance instance-id. The current device will be assigned as root bridge or backup bridge of
CIST if instance-id is 0 or parameter instance instance-id is omitted.
The roots in device instances are independent mutually, that is to say, they can not only be the
root bridge or ba ckup bridge of on e i nstance, but also the root bridge or ba ckup bridge of
other spanning tree instances. However, in the same spanning tree instance, the same device
cannot be used as root bridge and backup bridge at the same time.
User cannot assign two or more root bridges for one spanning tree instance, but can assign
several backup bridges for one spanning tree. Generally speaking, users had better assign one
root bridge and several backup bridges for a spanning tree.
3.7.6
Configure device interface and system priority

Whether t he i nterface i s s elected as r oot i nterface ca n be j udged by i nterface pr iority. Under the
identical condition, the smaller priority interface will be selected as root interface. An interface may
have different priorities and play different roles in different instances.
The device Bridge ID decides whether it can be selected as root of spanning tree. Configure smaller
priority can get smaller device Bridge ID and designate the device as root. If priority is identical, the
device with smaller MAC address will be selected as root.
Similar to configuring root and backup root, priority is independent mutually in different instances.
User can confirm priority instance through parameter instance instance-id. Configure bridge priority
for CIST if instance-id is 0 or parameter instance instance-id is omitted.
Please configure interface priority and system priority for the device as below:
Step
Configuration
Description
Raisecom#config

configuration mode.
instance-id] priority priority-value
Set interface priority for a STP

instance.
Raisecom(config-port)#exit
4
instance-id] priority priority-value
Set system priority for a STP

instance.
Note: Value of priority must be multiples of 4096, like 0, 4096, 8192, etc. it is 32768 by default.
57
www.raisecom.com
3.7.7
User Manual
Configure network diameter for switch network

Network di ameter i ndicates t he no des num ber o n t he path ha s t he m ost de vice num ber i n s witch
network. In MSTP, network diameter is valid only to CIST, and invalid to MSTI instance. No matter
how m any node s i n a pa th i n one domain, i t i s c onsidered a s j ust o ne no de. Actually, ne twork
diameter s hould be de fined a s t he domain num ber i n the pa th c rossing t he m ost dom ains. The
network diameter is 1 if there is only one domain in the whole network.
The maximum hop count of MST domain is used to restrict domain scale, while network diameter is
a parameter to denote the whole network scale. The b igger the network diameter is, the bigger the
network scale is.
Similar to the maximum hop c ount of MST domain, if and only if configuring the device as CIST
root device, this configuration is effective. MSTP will automatically set Hello Time, Forward Delay
and Max Age parameters to a privileged value by calculation when configuring network diameter.
Please configure network diameter for switch network for the device as below:
3.7.8
Step
Configuration
Description
Raisecom#config
bridge-diameter bridge-diameter-value
Configure diameter for switch

network.
Configure inner path overhead for interface

When selecting root port and designated port, the smaller the interface path cost is, the easier it is to
be selected as root port or designated port. Inner path costs of interface are independently mutually in
different i nstances. User ca n configure inner p ath cost for instance through pa rameter instance
instance-id. Configure inner path cost of interface for CIST if instance-id is 0 or parameter instance
instance-id is omitted.
By default, interface cost often depends on the physical features:
10Mbps is 2000000
100Mbps is 200000
1000Mbps is 20000
10Gbps is 2000
Please configure inner path cost for the device as below:
Step
Configuration
Description
Raisecom#config

configuration mode.
Raisecom(config-port)#spanning-tree [ instance
instance-id ] inter-path-cost cost-value
Configure inner path cost for

interface.
58
www.raisecom.com
3.7.9
User Manual
Configure external path cost for interface

External path cost is the cost from device to CIST root, which is equal in the same domain.
Please configure external path cost for the device as below:
Step
Configuration
Description
Raisecom#config
port-id

configuration mode.
3.7.10
Raisecom(config-config)#spanning-tree Configure external path cost for interface.

extern-path-cost cost-value
Configure maximum transmitting speed for interface

Interface maximum transmitting speed means MSTP permitted transmitting maximum BPDU
number in each Hello Time. This parameter is a relative value and no unit. The bigger the parameter
is configured, the more messages are permitted to transmit in a Hello Time, the more device resource
it takes up. The same to time parameter, only root device configuration is valid.
Please configure interface maximum transmitting speed for the device as below:
3.7.11
Step
Configuration
Description
Raisecom#config
transit-limit value
Configure interface maximum

transmitting speed.
Configure MSTP timer

Hello Time: The device sends the time interval of bridge configuration information (BPDU)
regularly to check whether there is failure in detection link of device. The device sends hello
packets to other devices around in Hello Time to check if there is fault in the link. The default
value i s 2 s econds, a nd u ser c an a djust t he i nterval value a ccording t o ne twork c ondition.
Reduce the interval when network link changes frequently to enhance the stability of STP; by
contrary, increasing interval value will reduce system CPU resource occupation rate for STP.
Forward Delay: time parameter to ensure the safe remove of device status. Link fault leads to
network re-calculate spanning tree, but the new configuration information recalculated cannot
be transmitted to the whole network immediately. There may be temporary loop if the new
root port and de signated p ort start transmitting data a t once. This protocol a dopts status
remove system: before root port and designated interface starting data forwarding, it needs a
medium s tatus ( learning status), after de lay f or the i nterval of Forward Delay, it enters
forwarding status. The delay guarantees the new configuration information to be transmitted
through whole network. User can adjust the delay value according to real condition, reduce it
when network topology changes infrequently and increase it in opposite.
Max Age: t he br idge c onfiguration information used by S TP has a l ife time tha t is used to
judge whether t he configuration i nformation is out dated. The d evice will di scard outdated
information and STP will r ecalculate spanning t ree. The default value i s 20 s econds. Too
small age value may cause the frequent re-calculation of spanning tree, while too bigger age
value will make STP not adapt network topology change timely.
All de vices i n t he w hole s witch ne twork a dopt t he t hree t ime pa rameters on C IST r oot de vice, s o
59
www.raisecom.com
User Manual
only the root device configuration is valid.

Please configure timer for the device as below:
3.7.12
Step
Configuration
Description
Raisecom#config
hello-time value
Set Hello Time.
forward-delay value
Set Forward Delay.
max-age value
Set Max Age.
Configure edge port

Edge port indicates the interface neither direct connects to any devices nor indirect conne ct to any
device via network.
Edge por t c an change the int erface status t o f orward q uickly w ithout a ny w aiting t ime. You ha d
better set the Ethernet interface connected to user client as edge port to make it quick to change to
forward status.
The edge port attribute depends on actual condition when it is in auto-detection mode; the real port
will change to false edge port after receiving BPDU when it is in force-true mode; when the interface
is i n force-false mode, w hether it is t rue or false e dge por t i n r eal ope ration, i t will m aintain the
force-false mode until the configuration is changed.
By default, all interfaces in Ethernet device are set in auto-detection attribute.
Please configure edge port for the device as below:
3.7.13
Step
Configuration
Description
Raisecom#config

configuration mode.
edged-port { auto | force-true | force-false }
Configure edge port attributes.
Configure link type

The poi nt-to-point link connected interface can qui ckly c hanges to f orward s tatus by tr ansmitting
synchronous message. By default, M STP s et i nterface l ink t ype a ccording t o duplex m ode.
Full-duplex i nterface i s c onsidered a s poi nt-to-point l ink, ha lf-duplex interface i s consi dered as
shared link.
User can configure current Ethernet interface to connect point-to-point link b y force, but it will go
wrong if the link is not point-to-point. Generally, user had better set this item in auto status and the
system will automatically detect whether the interface is connected to point-to-point link.
60
www.raisecom.com
User Manual
Please configure link type for the device as below:

Step
Configuration
Description
Raisecom#config

configuration mode.
link-type { auto | point-to-point | shared }
Configure link type for interface.
3.7.14
Configure root interface protection

Network will select bridge again when it receives message from higher priority, which will influent
network connectivity and also consume CPU resource. For MSTP network, if someone sends higher
priority B PDU pa ckets, t he network m ay be come uns table for t he c ontinuous election. Generally,
each bridge priority has already configured in network programming. The nearer to edge, the lower
the bridge priority is. So the down-bound interface cannot receive the messages higher than bridge
priority only if someone attacks. For these interfaces, user can enable rootguard function to refuse to
deal with message higher t han br idge priority and meanwhile bl ock t he i nterface f or a pe riod t o
prevent other attacks from attack source to damage the upper layer link.
Please configure root interface protection for the device as below:
Step
Configuration
Description
Raisecom#config
port-id

configuration mode.
3.7.15
Raisecom(config-port)#spanning-tree Configure root interface protection

rootguard { enable | disable }
attributes for interface.
Configure loopguard for interface

The s panning t ree ha s t wo functions: l oopguard a nd l ink ba ckup. Loopguard requires c arving up
topology network i nto t ree s tructure. T here m ust be r edundant l ink i n t opology i f r equiring link
backup. Spanning t ree c an a void l oop by bl ocking the r edundant l ink and e nable link ba ckup
function by opening redundant link when the link breaks down.
Spanning t ree m odule e xchanges packets pe riodically, and the l ink ha s failed if it hasnt received
message in a pe riod. Then s elect a ne w link and enable backup interface. In actual ne twork
application, the message cannot be received not only for link fault, then at this time, enable backup
interface may lead to loop link.
Purpose of loopguard i s t o keep the or iginal interface s tatus w hen it cannot r eceive message in a
period. NOTE: Loopguard and link backup functions are exclusive, loopguard requires disabling link
backup to avoid loop.
Please configure interface loop protection for the device as below:
61
www.raisecom.com
3.7.16
User Manual
Step
Configuration
Description
Raisecom#config
port-id

configuration mode.
loopguard { enable | disable }
Configure interface loopguard

attributes.
Execute mcheck operation

Interface on M STP de vice ha s t wo w orking m odes: STP c ompatible mode a nd M STP m ode.
Suppose the interface of MSTP device in a switch network is connected to device running STP, the
interface will c hange t o w ork i n S TP compatible m ode automatically. But t he i nterface cann ot
change to w ork i n MSTP mode i f S TP device i s r emoved, i.e. the int erface s till w orks in STP
compatible mode. User can execute command mcheck to force the interface working in MSTP mode.
Of course, if the interface receives new STP message again, it will return to STP compatible mode.
Please configure the device to execute mcheck operation as below:
Step
Configuration
Description
Raisecom#config

configuration mode.
Raisecom(config-port)#spanning-tree mcheck Execute mcheck operation, force to

remove interface to MSTP mode.
3.7.17
No.
Item
Description
Show basic configuration information of STP.
[ instance instance-id ] port
port-list [ detail ]
Show configuration of spanning tree under

interface.
region-operation
Show MST domain configuration

information.
3.8 Configure loopback detection

3.8.1
3.8.1.1

In ne twork, t he hos ts or l ayer-2 devices unde r acces s devices m ay f orm l oop b y ne twork c able
62
www.raisecom.com
User Manual
intentionally or i nvoluntary. Enable loopback de tection function at dow nlink i nterface of access
device to av oid the network jam formed by unlimited copies of data traffic caused by downlink
interface loop. Block the loop interface once there is a loop.
3.8.1.2
Preconditions
Configure interface physical parameters to make it Up before configuring loopback detection.
3.8.2
Default configuration of loopback detection

The default configuration of loopback detection is as below:
3.8.3
Function
Default value
Loopback detection function status
Disable
The automatic recovery time for interface block
No automatic recovery
The loop process mode of loopback detection
trap-only
Loopback detection period
4s
Loopback detection mode
VLAN mode
The automatic open blocked interface time for

loopback detection
infinite
Configure loopback detection function

Please configure loopback detection function as below:
Note:
Loopback detection function and STP are exclusive, only one can be enabled at one time.
The straight connection device cannot enable loopback detection in both ends simultaneously;
otherwise the interfaces at both ends will be blocked.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#loopback-detection
{ enable | disable } port-list port-list
Configure loopback detection function for

interface.
hello-time period
Configure message transmitting period for

loopback detection.
Raisecom(config)#loopback-detection mode
{ port-based | vlan-based }
(Optional) Configure loopback detection

mode.
Raisecom(config)#loopback-detection loop
{ discarding | trap-only } port-list port-list
(Optional) Configure the port process mode

after receiving loopback detection message
from other devices.
63
www.raisecom.com
3.8.4
User Manual
Step
Configuration
Description
down-time { time-value | infinite }
(Optional) Configure the automatic open

blocked interface time for loopback
detection
Raisecom(config)#no loopback-detection
discarding port-list port-list
Enable the port blocked by loopback

detection.
No.
Item
Description
Raisecom#show loopback-detection
[ port-list port-list ]
Show interface loopback detection
Raisecom#show loopback-detection
block-vlan [ port-list port-list ]
Show the VLAN information blocked by

loopback detection.
configuration.
3.9 Configure interface protection

3.9.1
3.9.1.1

Users need to configure the interface protection to realize layer-2 data isolation in the same VLAN
and get the physical isolation effect among interfaces.
The i nterface pr otection function can realize m utual i solation of interfaces i n the s ame V LAN,
enhance network security and provide flexible networking solutions for user.
3.9.1.2
Preconditions
N/A
3.9.2
Default configuration for interface protection

The default configuration for interface protection is as below:
3.9.3
Function
Default value
Interface protection function status of each interface
Disable
Configure interface protection

Please configure interface protection for the device as below:
64
www.raisecom.com
3.9.4
User Manual
Step
Configuration
Description
Raisecom#config

configuration mode.
Raisecom(config-port)#switchport protect
Enable interface protection.
No.
Item
Description
Raisecom#show switchport
protect
Show interface protection

configuration.
3.10 Configure interface mirror

3.10.1
3.10.1.1 Networking situation

Interface m irror f unction i s m ainly us ed t o m onitor n etwork data t ype and t raffic r egularly f or
network administrator.
Interface mirroring function is to copy the interface traffic monitored to a monitor interface or CPU
so as to obtain the ingress/egress interface failure or abnormal flow of data to analyze, discover the
root cause and solve them timely.
3.10.1.2 Preconditions
N/A
3.10.2
Default configuration for interface mirror

The default configuration for interface mirror is as below:
Function
Default value
Interface mirror function status
Disable
Mirror source interface
N/A
Mirror monitoring interface
Port 1
Mirror source interface ingress/egress

message filter source MAC address
0000.0000.0000
65
www.raisecom.com
User Manual
Function
Default value
Mirror source interface ingress/egress

message filter destination MAC
address
0000.0000.0000
Note: The mirror monitoring interface displays empty when configuring message mirror to CPU.
3.10.3
Configure mirror function for local interface

Note:
The mirror source interfaces can be multiple, but the monitoring interface can only be one.
The ingress/egress mirror interface message will be copied to monitoring interface after the
mirror function takes effect. The monitoring interface cannot be set to mirror interface again.
Please configure local interface mirror for the device as below:
3.10.4
Step
Configure
Description
Raisecom#config
Raisecom(config)#mirror { monitor-cpu |
monitor-port port-id }
Configure the message mirror of

interface mirror to CPU or
specified monitoring interface.
Raisecom(config)#mirror source-port-list { both

port-list | egress port-list | ingress port-list [ egress
port-list ] }
Configure the mirror source

interface of interface mirror
function and designate the mirror
rule for interface mirror.
Raisecom(config)#mirror enable
Enable interface mirror function.
No.
Item
Description
Raisecom#show mirror
Show interface mirror configuration.
3.11 Configure layer-2 protocol transparent transmission

3.11.1
3.11.1.1 Networking situation

This function enables layer-2 protocol packets of one user network cross through carrier network to
make one user network unified operating one layer-2 protocol at different region.
66
www.raisecom.com
User Manual
3.11.1.2 Preconditions
Configure physical pa rameters f or t he i nterface to set it in Up status be fore configuring layer-2
protocol transparent transmission function.
3.11.2
Default configuration of layer-2 protocol transparent transmission

The default configuration of layer-2 protocol transparent transmission is as below:
3.11.3
Function
Default value
layer-2 protocol transparent

transmission function status
Disable
Egress interface and belonged VLAN

of layer-2 protocol message
NULL
TAG CoS value of transparent

transmission message
Destination MAC address of

transparent transmission message
010E.5E00.0003
Packet loss threshold and ban threshold

of transparent transmission message
NULL
Configure transparent transmission parameter

Please configure transparent transmission parameter for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#relay
destination-address mac-address
(Optional) Configure destination

MAC for transparent transmission
message, default as
010E.5E00.0003.
Raisecom(config)#relay cos cos-value
(Optional) Configure CoS value for

transparent transmission message.

configuration mode.
Raisecom(config-port)#relay port port-id
Configure specified egress interface

for transparent transmission
message.
Raisecom(config-port)#relay vlan vlan-id
Configure specified VLAN for

The specified VLAN configuration
can transmit the message according
to specified VLAN, but not VLAN
configuration of ingress interface.
Raisecom(config-port)#relay { all | cdp |

gvrp | dot1x | lacp | pvst | stp | vtp }
Configure transparent transmission

packets type on interface and
disable related protocol.
67
www.raisecom.com
3.11.4
User Manual
(Optional) Configure transparent transmission speed for message

Please configure transparent transmission speed limit for the device as below:
Step
Configuration
Description
Raisecom#config

configuration mode.
Raisecom(config-port)#relay
drop-threshold { cdp | dot1x | lacp | pvst |
stp | vtp } packet
Configure packet loss threshold for

Raisecom(config-port)#relay
shutdown-threshold { cdp | dot1x | gvrp
|lacp | pvst | stp | vtp } value
Configure interface shutdown

threshold for transparent
transmission message.
Note: The range packet loss threshold and interface shutdown threshold of transparent transmission
message are bot h 1 -4096. G enerally, please configure packet l oss threshold smaller tha n interface
shutdown threshold.
3.11.5
No.
Item
Description
Raisecom#show relay [ port-list

port-list ]
Show configuration and status of

transparent transmission.
Raisecom#show relay statistics

Show the statistics of transparent

transmission packets.
3.12 Maintenance
Users can maintain Ethernet features by the following commands:
Commands
Description
Raisecom(config)#clear mac-address-table
{ all | blackhole | dynamic | static }
Clear MAC address.
Raisecom(config)#search mac-address
mac-address { all | dynamic | static } [ port
port-id ] [ vlan vlan-id ]
Search MAC address.
Raisecom(config-port)#spanning-tree clear
statistics
Clear interface spanning tree

statistics information.
Raisecom(config-port)#clear
loopback-detection statistic
Clear loopback detection statistics

information.
Raisecom(config)#clear relay statistics

Clear statistics information of

68
www.raisecom.com
User Manual
3.13 Configure examples

3.13.1
Configure MAC address forwarding table
3.13.1.1 Networking requirement

As the Figure 3-13 s hows be low, ope rating on S witch A , configure a s tatic uni cast M AC a ddress
0001.0203.0405 at Port 2, t he belonged VLAN is VLAN 10; configure MAC address aging time as
500 seconds.
Figure 3-13 MAC application networking
3.13.1.2 Configuration steps

Step 1
Create VLAN 10 and active it, add Port 2 into VLAN 10:
Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport mode access
Raisecom(config-port)#switchport access vlan 10
Step 2
Configure a static unicast MAC address 0001.0203.0405 at Port 2, belonged to VLAN10:
Raisecom(config)#mac-address-table static unicast 0001.0203.0405 vlan 10 port 2
Step 3
Configure MAC address aging time as 500 seconds:
Raisecom(config)#mac-address-table aging-time 500
3.13.1.3 Show result

Show M AC a ddress c onfiguration by t he c ommand of show mac-address-table l2-address port
port-id:
Raisecom#show mac-address-table l2-address port 2
69
www.raisecom.com
User Manual
Aging time: 500 seconds
Mac Address
Port
Vlan
Flags
------------------------------------------------------0001.0203.0405
3.13.2
port2
10
Static
Configure VLAN and interface protection

As the Figure 3-14 shows below, PC1, PC2, and PC5 belong to VLAN 10, PC3 and PC4 belong to
VLAN 20; t he t wo de vices a re c onnected by T runk i nterface, PC3 a nd PC4 cannot c ommunicate
because VLAN20 is not permitted passing in the link; PC1 and PC2 under the same Switch B enable
interface protection function so that they cannot communicate with each other, but can respectively
communicate with PC5.
Figure 3-14 VLAN and interface protection networking

Step 1
Create VLAN10 and VLAN20 on the two devices respectively and activate them.
Configure Switch A:
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 10,20 active
Configure Switch B:
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 10,20 active
Step 2
Add Access mode interface Port 2 and Port 3 of Switch B into VLAN 10, add Access mode
70
www.raisecom.com
User Manual
interface Port 4 into VLAN20, interface Port 1 is in Trunk mode and permits VLAN 10 passing.
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 10
SwitchB(config-port)#exit
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 10 confirm
Step 3 Add Access mode interface Port 2 of Switch A into VLAN 10, add Trunk mode interface
Port 3 into VLAN20, interfacePort1 is in Trunk mode and permits VLAN 10 passing.
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 10
SwitchA(config-port)#exit
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 20
SwitchA(config-port)#switchport trunk allowed vlan 10 confirm
Step 4
Enable interface protection function for interface Port 2 and Port 3 of Switch B:
SwitchB(config-port)#switchport protect
SwitchB(config-port)#switchport protect

Check whether the VLAN configuration information is correct by the command of show vlan.
71
www.raisecom.com
User Manual
Take Switch B for example:

SwitchB#show vlan
Switch Mode: -VLAN Name
State
Status Priority Member-Ports
------------------------------------------------------------------------------1
Default
active static --
1-6
10
VLAN0010
active
static --
1,3-4
20
VLAN0020
active
static --
Check whether the interface VLAN configuration is correct by the command of show interface port
port-id switchport.
Take Switch B for example:
SwitchB#show interface port 2 switchport
Interface: port2
Administrative Mode: access
Operational Mode: access
Access Mode VLAN: 10
Administrative Access Egress VLANs: 1
Operational Access Egress VLANs: 1,10
Trunk Native Mode VLAN: 1
Administrative Trunk Allowed VLANs: 1-4094
Operational Trunk Allowed VLANs: 1,10,20
Administrative Trunk Untagged VLANs: 1
Operational Trunk Untagged VLANs: 1
Check whether the interface protection configuration is correct by the command of show switchport
protect
SwitchB#show switchport protect
Port
Protected State
-------------------------P1
enable
P2
enable
P3
enable
P4
enable
P5
disable
P6
disable
P7
disable
Check whether Trunk interface permitting VLAN passing is correct by operating PC1 ping PC5, PC2
ping PC5, PC3 ping PC4:
PC1 ping PC5, ping successfully, VLAN 10 communication is normal;
PC2 ping PC5, ping successfully, VLAN 10 communication is normal;
PC3 ping PC4, ping unsuccessfully, VLAN 20 communication is abnormal.
72
www.raisecom.com
User Manual
Check whether the interface protection function is correct by operating PC1 ping PC2:
PC1 ping PC2, ping unsuccessfully, interface protection function takes effect.
3.13.3
Configure basic QinQ

As the Figure 3-15 shows below, Switch A and Switch B are connected to VLAN 100 and VLAN
200 r espectively. If de partment E a nd de partment C , de partment F a nd de partment D w ant t o
communicate through carrier network, they must set outer Tag as VLAN 1000. Configure interface
Port 2 a nd Port 3 i n d ot1q-tunnel m ode on S witch A a nd S witch B, r espectively c onnect t o t wo
different VLAN. Interface Port 1 is uplink carrier network interface, set it in Trunk mode and permit
double Tag message passing, carrier TPID is 9100.
Figure 3-15 Basic QinQ application networking

Step 1
Create VLAN 100, VLAN 200, and VLAN 1000 and activate them, TPID is 9100.
Configure Switch A.
SwitchA#config
SwitchA(config)#mls double-tagging tpid 9100
SwitchA(config)#create vlan 100,200,1000 active
73
www.raisecom.com
User Manual
Configure Switch B.
SwitchB#config
SwitchB(config)#mls double-tagging tpid 9100
SwitchB(config)#create vlan 100,200,1000 active
Step 2
Set interface Port 2 and Port 3 in dot1q mode.
Configure Switch A.
SwitchA(config-port)#switchport qinq dot1q-tunnel
SwitchA(config-port)#switchport qinq dot1q-tunnel
Configure Switch B.
SwitchB(config-port)#switchport trunk native vlan 1000
SwitchB(config-port)#switchport qinq dot1q-tunnel
SwitchB(config-port)#switchport qinq dot1q-tunnel
Step 3
Set interface Port 1 permitting double Tag message passing.
Configure Switch A.
Configure Switch B.
SwitchB(config-port)#switchport trunk allowed vlan 1000 confirm
74
www.raisecom.com
User Manual

Check QinQ configuration by the command of show switchport qinq.
Take Switch A for example:
SwitchA#show switchport qinq
Outer TPID: 0x9100
Interface
QinQ Status
---------------------------P1
--
P2
Dot1q-tunnel
P3
Dot1q-tunnel
P4
--
P5
--
P6
--
3.13.4
Configure flexible QinQ

As the Figure 3-16 shows below, carrier network contains common PC Internet service and IP phone
service, PC Internet service is assigned to VLAN 1000, IP phone service is assigned to VLAN 2000.
Configure Switch A a nd Switch B l ike t his: a dd outer T ag V LAN 10 00 f or PC Internet s ervice
VLAN 100-VLAN 150, a dd out er Tag 2000 f or V LAN 300 -Vlan 400 f or IP phone s ervice, make
client and server communicate in order through carrier network. The carrier TPID is 9100.
IP Phone sever
VLAN 300-400
Port 3
Port 1
VLAN 1000
VLAN 2000
Switch B
Port 1
Port 2
Port 2
Switch A
PC Internet
server
VLAN 100-150
Port 3
Switch C
Switch D
IP
PC Internet user
VLAN 100-150
IP
IP Phone user
VLAN 300-400
Figure 3-16 Flexible QinQ application networking

75
www.raisecom.com
User Manual

Step 1
Create VLAN 100, VLAN 200, and VLAN 1000 and activate them, TPID is 9100.
Configure Switch A.
SwitchA#config
SwitchA(config)#mls double-tagging tpid 9100
SwitchA(config)#create vlan 100-150, 300-400, 1000, 2000 active
Configure Switch B.
SwitchB#config
SwitchB(config)#mls double-tagging tpid 9100
SwitchB(config)#create vlan 100-150, 300-400, 1000, 2000 active
Step 2
Set interface Port 2 and Port 3 in dot1q mode.
Configure Switch A.
SwitchA(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000
SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchA(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000
SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm
Configure Switch B.
SwitchB(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000
SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchB(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000
SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm
Step 3
Set interface Port 1 permitting double Tag message passing.
Configure Switch A.
76
www.raisecom.com
User Manual
SwitchA(config-port)#switchport trunk allowed vlan 1000,2000 confirm
Configure Switch B.
SwitchB(config-port)#switchport trunk allowed vlan 1000,2000 confirm

Check QinQ c onfiguration b y t he c ommand of show interface port port-id vlan-mapping
add-outer.
SwitchA#show interface port 2 vlan-mapping add-outer
Based outer VLAN QinQ mapping rule:
Original
Port
Original Add-outer Add-outer Hardware Hardware
Outer VLAN
COS
VLAN
COS
Status
ID
Enable
------------------------------------------------------------------------P2
100-150
--
1000
--
SwitchA#show interface port 3 vlan-mapping add-outer

Based outer VLAN QinQ mapping rule:
Original
Port
Original Add-outer Add-outer Hardware Hardware
Outer VLAN
COS
VLAN
COS
Status
ID
-------------------------------------------------------------------P3
3.13.5
300-400
--
2000
--
Enable
Configure VLAN mapping

As the Figure 3-17 shows below, Port 2 and Port 3 of Switch A respectively connect to department E
by VLAN 100 and to department F by VLAN 200, Port 2 and Port 3 of Switch B respectively
connect to department C by VLAN 100 and to department D by VLAN 200. Assigning VLAN 1000
for department E and C transmission in carrier network, assign VLAN 2008 for department F and D
transmission.
Configure 1:1 VLAN mapping for Switch A and Switch B to realize normal communication between
PC user and terminal user with servers.
77
www.raisecom.com
User Manual
Figure 3-17 VLAN mapping application networking

Configuration of Switch A is identical to Switch B, here just describe Switch A configuration.
Step 1
Create VLAN and activate it.
SwitchA#config
SwitchA(config)#create vlan 100,200,1000,2008 active
Step 2
Configure interface Port 1 in trunk mode, permit VLAN 1000 and VLAN 2008 passing.
SwitchA(config-port)#switchport trunk allowed vlan 1000,2008 confirm
Step 3 Configure interface Port 2 in Access mode, permit VLAN 100 passing and enable VLAN
mapping.
SwitchA(config-port)#switchport vlan-mapping ingress 100 translate 1000
SwitchA(config-port)#switchport vlan-mapping egress 1000 translate 100
78
www.raisecom.com
User Manual
Step 4 Configure interface Port 3 in t runk mode, pe rmit VLAN 200 pa ssing a nd e nable VLAN
mapping.
SwitchA(config-port)#switchport vlan-mapping ingress 200 translate 2008
SwitchA(config-port)#switchport vlan-mapping egress 2008 translate 200

Check 1:1 V LAN m apping c onfiguration by t he c ommand of show interface port port-id
vlan-mapping {ingress | egress} translate.
SwitchA(config)#show interface port 2 vlan-mapping ingress translate
Direction: Ingress
Original
Original
Interface Inner VLANs Outer VLANs Mode
Outer-tag
New
Inner-tag
Outer-VID Mode
New
Inner-VID Hw-ID
---------------------------------------------------------------------------------P2
100
Translate
1000
--
--
3.13.6
Configure STP

As the Figure 3-18 shows below, the three devices Switch A, Switch B and Switch C make up a ring,
user has to solve loop in ring network link. Enable STP on the three devices, set Switch A priority as
0, change overhead from Switch B to Switch A to 10.
Figure 3-18 STP application networking

Step 1
Enable STP function on the three devices.
Configure Switch A.
79
www.raisecom.com
User Manual
SwitchA#config
SwitchA(config)#spanning-tree enable
SwitchA(config)#spanning-tree mode stp
Configure Switch B.
SwitchB#config
SwitchB(config)#spanning-tree enable
SwitchB(config)#spanning-tree mode stp
Configure Switch C.
Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#spanning-tree enable
SwitchC(config)#spanning-tree mode stp
Step 2
Configure interface mode for the three devices.
Configure Switch A.
Configure Switch B.
Configure Switch C.
SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
Step 3
Configure priority and interface path overhead for spanning tree.
Configure Switch A.
SwitchA(config)#spanning-tree priority 0
SwitchA(config-port)#spanning-tree inter-path-cost 10
Configure Switch B.
80
www.raisecom.com
User Manual
SwitchB(config-port)#spanning-tree inter-path-cost 10

Show bridge status by the command of show spanning-tree.
Switch A:
MSTP Admin State: Enable
Protocol Mode: STP
BridgeId:
Root:
Mac 000E.5E7B.C557 Priority 0

RootCost 0
Operational:
HelloTime 2, ForwardDelay 15, MaxAge 20
Configured:
HelloTime 2, ForwardDelay 15, MaxAge 20 TransmitLimit 3
Switch B:
Protocol Mode: STP
BridgeId:
Root:
Mac 000E.5E83.ABD1
Priority 32768
RootCost 10
Operational:
Configured:
Switch C:
Protocol Mode: STP
BridgeId:
Root:
Mac 000E.5E83.ABD5
Priority 32768
RootCost 200000
Operational:
Configured:
Show interface status by the command of show spanning-tree port port-list.

Switch A:
Raisecom#show spanning-tree port 1, 2
Port ID:1
PortEnable: admin: enable
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:10
Partner MSTP Mode: stp
Bpdus send:
279
Bpdus received:13
State:forwarding
(TCN<0>
(TCN<13>
Role:designated
Config<279>
Config<0>
RST<0> MST<0>)
RST<0>
Priority:128
MST<0>)
Cost: 200000
81
www.raisecom.com
User Manual
Root:
RootCost 0
DesignatedBridge: Mac 000E.5E7B.C557 Priority 0
DesignatedPort 32777
Port ID:2
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:200000
Bpdus send:
279
(TCN<0>
Config<279>
Bpdus received:6
(TCN<6>
State:forwarding
Role:designated
Root:
Config<0>
RST<0> MST<0>)
RST<0>
MST<0>)
Priority:128
Cost: 200000
RootCost 0
Switch B:
Port ID:1
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:10
Bpdus send:
279
Bpdus received:13
State:forwarding
Root:
(TCN<0>
Config<279>
(TCN<13>
Config<0>
Role:designated
RST<0> MST<0>)
RST<0>
Priority:128
MST<0>)
Cost: 200000
RootCost 0
Port ID:2
Rootguard:
oper: enable
disable
Loopguard: disable
Bpdus send:
279
(TCN<0>
Config<279>
Bpdus received:6
(TCN<6>
State:forwarding
Role:designated
Root:
Config<0>
RST<0> MST<0>)
RST<0>
Priority:128
MST<0>)
Cost: 200000
RootCost 0
Switch C:
82
www.raisecom.com
User Manual
Port ID:1
Rootguard:
oper: enable
disable
Loopguard: disable
Bpdus send:
22
Bpdus received:390
(TCN<12>
Config<10>
RST<0>
MST<0>)
(TCN<0>
Config<390>
RST<0>
MST<0>)
State:blocking
Role:non-designated
Priority:128
Root:
DesignatedBridge: Mac 000E.5E83.ABD1
Cost: 200000
RootCost 200000
Priority 32768
Port ID:2
Rootguard:
oper: enable
disable
Loopguard: disable
Bpdus send:
38
(TCN<6>
Config<32>
Bpdus received:368
(TCN<0>
Config<368>
State:forwarding
Root:
Role:root
Priority:128
RST<0>
RST<0>
MST<0>)
Cost: 200000
3.13.7
MST<0>)
RootCost 200000
Configure MSTP

As the Figure 3-19 shows below, three ISCOM2924GF devices make up a ring network, run MSTP
protocol, domain name is aaa. Switch B and Switch C respectively connect to two PC, which belong
to VLAN 3 a nd VLAN 4 r espectively. Instance 3 associates with VLAN3 and instance 4 associates
with VLAN4. Configure Switch B instance 3 path cost, make message of the two VLAN forward at
the two paths, and then remove the loop and realize load sharing.
83
www.raisecom.com
User Manual
Figure 3-19 MSTP application networking

Step 1
Create VLAN 3 and VLAN 4 on the three switches respectively and activate them.
Configure Switch A.
SwitchA#config
SwitchA(config)#create vlan 3-4 active
Configure Switch B.
SwitchB#config
SwitchB(config)#create vlan 3-4 active
Configure Switch C.
SwitchC#config
SwitchC(config)#create vlan 3-4 active
Step 2 Set Switch A interface Port 1, Port 2 in trunk mode and permit all VLAN passing, Switch
B interface Port 1, Port 2 in trunk mode and permit all VLAN passing, Switch C interface Port 1,
Port 2 in trunk mode and permit all VLAN passing. Interface Port 3 and Port4 of Switch B and
Switch C are in Access mode and permit VLAN3 and VLAN4 passing respectively.
Configure Switch A.
84
www.raisecom.com
User Manual
Configure Switch B.
Configure Switch C.
SwitchC(config-port)#switchport access vlan 3
SwitchC(config-port)#switchport access vlan 4
Step 3 Set MSTP mode for Switch A , Switch B, Switch C, enable spanning tree protocol. Enter
MSTP configuration m ode a nd s et dom ain na me as aaa, revision version is 0, instance 3
mapping to VLAN 3, instance 4 mapping to VLAN 4, exit mst configuration mode.
Configure Switch A.
SwitchA(config)#spanning-tree mode mstp
SwitchA(config)#spanning-tree region-configuration
SwitchA(config-region)#name aaa
SwitchA(config-region)#revision-level 0
SwitchA(config-region)#instance 3 vlan 3
SwitchA(config-region)#instance 4 vlan 4
Configure Switch B.
SwitchB(config)#spanning-tree mode mstp
85
www.raisecom.com
User Manual
SwitchB(config)#spanning-tree region-configuration
SwitchB(config-region)#name aaa
SwitchB(config-region)#revision-level 0
SwitchB(config-region)#instance 3 vlan 3
SwitchB(config-region)#instance 4 vlan 4
SwitchB(config-region)#exit
Configure Switch C.
SwitchC(config)#spanning-tree mode mstp
SwitchC(config)#spanning-tree region-configuration
SwitchC(config-region)#name aaa
SwitchC(config-region)#revision-level 0
SwitchC(config-region)#instance 3 vlan 3
SwitchC(config-region)#instance 4 vlan 4
Step 4 The inner path cost of spanning tree instance 3 interface Port 1 modified from Switch B is
500000.
SwitchB(config-port)#spanning-tree instance 3 inter-path-cost 500000

Show MST domain configuration by the command of show spanning-tree region-configuration.
Raisecom#show spanning-tree region-operation
Operational Information:
----------------------------------------------Name: aaa
Revision level: 0
Instances running: 3
Digest: 0X7D28E66FDC1C693C1CC1F6B61C1431C4
Instance
--------
Vlans Mapped
----------------------
1,2,5-4094
Check whether the basic information of spanning tree instance 3 is correct by the command of show
spanning-tree instance 3.
Switch A:
SwitchA#show spanning-tree region-operation
86
www.raisecom.com
User Manual
Protocol Mode: MSTP
MST ID: 3
----------------------------------------------------------BridgeId:
Mac 0000.0000.0001 Priority 32768
RegionalRoot: Mac 0000.0000.0001

PortId
PortState
PortRole
Priority 32768
PathCost
InternalRootCost 0
PortPriority LinkType
TrunkPort
------------------------------------------------------------------------1
forwarding designated 200000
128
point-to-point
no
128
point-to-point
no
Switch B:
SwitchB#show spanning-tree instance 3
Protocol Mode: MSTP
MST ID: 3
----------------------------------------------------------BridgeId:
Mac 0000.0000.0002 Priority 32768

PortId
PortState
PortRole
Priority 32768
PathCost
InternalRootCost 400000
TrunkPort
------------------------------------------------------------------------1
discarding
alternate 500000
forwarding
root
128
200000
point-to-point no
128
point-to-point no
128
point-to-point
no
Switch C:
Switch C#show spanning-tree instance 3
Protocol Mode: MSTP
MST ID: 3
----------------------------------------------------------BridgeId:
Mac 0000.0000.0003 Priority 32768

PortId
PortState
PortRole
Priority 32768
PathCost
TrunkPort
------------------------------------------------------------------------2
forwarding
root
200000
128
point-to-point no
128
point-to-point
no
128
point-to-point
no
Check whether the basic information of spanning tree instance 4 is correct by the command of show
spanning-tree instance 4.
Switch A:
SwitchA#show spanning-tree instance 4
Spanning-tree admin state: enable
87
www.raisecom.com
User Manual
Spanning-tree protocol mode: MSTP
MST ID: 4
----------------------------------------------------------BridgeId:
Mac 000E.5E00.0000 Priority 32768
RegionalRoot: Mac 000E.5E00.0000 Priority 32768

Port
PortState
PortRole
PathCost
InternalRootCost 0
TrunkPort
-------------------------------------------------------------------------------P1
discarding
disabled
200000
128
point-to-point
yes
P2
disabled
disabled
200000
128
point-to-point
yes
Switch B:
SwitchB#show spanning-tree instance 4
Protocol Mode: MSTP
MST ID: 4
----------------------------------------------------------BridgeId:
Mac 0000.0000.0002 Priority 32768

PortId
PortState
PortRole
Priority 32768
PathCost
TrunkPort
------------------------------------------------------------------------1
forwarding
root
128
discarding
128
disabled
200000
200000
128
point-to-point
no
point-to-point no
point-to-point no
Switch C:
SwitchC#show spanning-tree instance 4
Protocol Mode: MSTP
MST ID: 4
----------------------------------------------------------BridgeId:
Mac 0000.0000.0003 Priority 32768

PortId
PortState
PortRole
Priority 32768
PathCost
TrunkPort
-------------------------------------------------------------------------
3.13.8
forwarding
root
200000
discarding
alternate 200000
128
point-to-point no
discarding
disabled
128
point-to-point no
200000
128
point-to-point
no
Configure loopback detection

As the Figure 3-20 s hows be low, S witch A Port 1 c onnects t o c ore ne twork, Port 2 a nd Port 3 of
Switch A connect to user network. There is loop in user network. Enable loopback detection function
88
www.raisecom.com
User Manual
in Switch A to detect loop in user network and block related interface.
Figure 3-20 Loopback detection application networking

Create VLAN 3 and add interface Port 1 and Port 2 into VLAN 3.
Raisecom#config
Enable loopback detection for assigned interface.

Raisecom(config)#loopback-detection enable port-list 2-3
Raisecom(config)#loopback-detection hello-time 3

Show interface loopback detection status by the command of show loopback-detection.
Raisecom#show loopback-detection port-list 2
Destination address: ffff.ffff.ffff
Mode:Vlan-based
Period of loopback-detection:3s
Restore time:infinite
Port
State
Status
loop
vlanlist
-------------------------------------------------------------89
www.raisecom.com
User Manual
port2
3.13.9
Ena
no
trap-only --
Configure interface mirror

As the Figure 3-21 shows below, network administrator hope to monitor the message of user network
1 onl y through da ta m onitoring de vice s o a s t o obt ain t he da ta t raffic f or f ailure a nd a bnormal t o
analyze, find root cause and solve it timely.
Switch prohibits all the spontaneous packet function and storm suppression function. User network 1
connects switch via Port 1; user network 2 connects switch via Port 2; the data monitoring device is
connected to Port 3 on switch.
Figure 3-21 Interface mirror application networking

Enable interface mirror function on switch.
Raisecom#config
Raisecom(config)#mirror monitor-port 3
Raisecom(config)#mirror source-port-list ingress 1
Raisecom(config)#mirror enable

Show whether the interface mirror configuration is correct by the command of show mirror.
Raisecom#show mirror
Mirror: Enable
Monitor port: port3
-----------the ingress mirror rule----------Mirrored ports: port-list 1
-----------the egress mirror rule----------90
www.raisecom.com
User Manual
Mirrored ports: --
3.13.10
Configure layer-2 protocol transparent transmission

As the Figure 3-22 shows below, Switch A a nd Switch B connect to two user networks VLAN 100
and VLAN 2 00 respectively. User needs to configure layer-2 pr otocol t ransparent t ransmission
function on Switch A and Switch B in order to make the same user network in different regions run
STP entirely.
Figure 3-22 Layer-2 protocol transparent transmission application networking

Step 1
Create VLAN 100, 200 and activate them.
Configure Switch A.
Raisecom#hostname SwitchASwitchA#config
SwitchA(config)#create vlan 100,200 active
Configure Switch B.
SwitchB#config
SwitchB(config)#create vlan 100,200 active
Step 2 Configure interface port 2 in Access mode, Access VLAN is 100, enable STP transparent
transmission, and set STP message transparent transmission threshold as 1500.
Configure Switch A.
SwitchA(config-port)#relay stp
SwitchA(config-port)#relay port 1
SwitchA(config-port)#relay drop-threshold stp 1500
91
www.raisecom.com
User Manual
Configure Switch B.
SwitchB(config-port)#relay stp
SwitchB(config-port)#relay port 1
SwitchB(config-port)#relay drop-threshold stp 1500
Step 3 Set i nterface por t 2 in Access m ode, Access VLAN is 200, enable STP transparent
transmission, and set STP message transparent transmission threshold as 1000.
Configure Switch A.
SwitchA(config-port)#relay stp
SwitchA(config-port)#relay port 1
SwitchA(config-port)#relay drop-threshold stp 1000
Configure Switch B.
SwitchB(config-port)#relay stp
SwitchB(config-port)#relay port 1
SwitchB(config-port)#relay drop-threshold stp 1000
Step 4
Set interface 1 in Trunk mode.
Configure Switch A.
Configure Switch B.

Check whether the l ayer-2 pr otocol t ransparent t ransmission c onfiguration i s c orrect by the
command of show relay:
92
www.raisecom.com
User Manual
SwitchA#show relay port-list 1-3
COS for Encapsulated Packets: 5
Destination MAC Address for Encapsulated Packets: 010E.5E00.0003
Port
vlan
Egress-Port
Protocol
Drop-Threshold Shutdown-Threshold
------------------------------------------------------------------------port1(up)
--
--
stp
-dot1x
port2(up)
--
port1
---
--
gvrp
--
--
cdp
--
--
vtp
--
--
pvst
--
--
stp(enable)
1500
port1
---
lacp
--
--
lacp
dot1x
port3(up)
--
--
--
--
gvrp
--
--
cdp
--
--
vtp
--
--
pvst
--
--
stp(enable)
1000
--
dot1x
--
--
lacp
--
--
gvrp
--
--
cdp
--
--
vtp
--
--
pvst
--
--
93
www.raisecom.com
User Manual
Chapter 4 Routing
This chapter introduces basic principle and configuration of routing features, and provides the related
configuration examples.
Overview
Configuring ARP
Configuring layer-3 interface
Configuring static routing
Maintenance
Configuration examples
4.1 Overview
4.1.1
ARP
In TCP/IP network e nvironment, e ach h ost w as assigned with a 32 -bit I P a ddress that is a lo gical
address us ed t o i dentify ho st be tween ne tworks. To t ransmit message i n ph ysical l ink, us er m ust
know the physical address of destination host, which requires mapping IP address to physical address.
In Ethernet environment, physical address is 48-bit MAC address. Users have to transfer the 32-bit
destination hos t I P a ddress to 48 -bit E thernet a ddress for t ransmitting message t o destination hos t
correctly. Then ARP (Address Resolution Protocol) is applied to analyze IP address to MAC address
and set mapping relationship between IP address and MAC address.
ARP address mapping table includes the following two types:
Static table entry: bi nd I P a ddress and MAC address to avoid A RP dy namic learning
cheating.
Static ARP address table entry needs to be added / deleted manually.
No aging to static ARP address.
Dynamic table entry: MAC address automatically learned through ARP.
This dynamic ta ble e ntry is a utomatically generated by switch. User can adjust pa rtial
parameters of it manually.
The dynamic ARP address table entry will age at the aging time if no use.
The d evice i s i n s upport of two ki nds of dynamic l earning modes f or ARP a ddress mapping t able
entry: learn-all and learn-reply-only.
ARP request packets and answer packets both learning when in learn-all mode. When device
A s ends ARP r equest f or g rouping, it writes the mapping relationship of IP address and
physical address into ARP request packets. After receiving ARP request packets from device
A, Device B w ill le arn the address mapping relationship to its own a ddress mapping table.
Then the device B can send packets to device A later without ARP request.
Only learn A RP a nswering packets w hen d evice is in learn-reply-only mode. Just answer
ARP pa ckets f or t he A RP r equest f rom ot her de vices without ARP a ddress m apping t able
learning. This m ode i ncreases network l oad but a voids some ne twork a ttack ove r ARP
request packet.
94
www.raisecom.com
4.1.2
User Manual
Layer-3 interface
Layer-3 interface refers t o IP i nterface, is the v irtual int erface c onfiguration based on V LAN.
Configuring L ayer-3 interface is generally us ed in the need for device network management or
routing link c onnection of multiple de vices. Associate a l ayer-3 interface to VLAN r equired
configuring IP address; each layer-3 interface will correspond to an IP address and associate with one
VLAN at least.
4.1.3
Routing
Routing function is required for communication among different devices in one VLAN, or different
VLAN. Routing is to transmit packets through network to destination, which adopts routing table for
packets forwarding.
There are three modes to execute routing function:
Default routing: f orwarding t he packets w ithout destination address to a n assigned de fault
router.
Static routing: configure routing manually to f orward packets f rom t he a ssigned i nterface.
This is suitable to simple network topology.
Dynamic routing: learning routing dynamically through routing protocol which can calculate
the best route for packets forwarding. This mode will take up more bandwidth and network
resource. Now, there are two dynamic routing protocols available:
Distance v ector pr otocol: ea ch device m aintains a vector t able, which lists the known
best di stance and pa th to other de stination devices. By e xchanging i nformation w ith
neighbor devices, the device can update internal vector table continuously.
Link s tatus pr otocol: the devices bui ld l ink s tatus da tabase t hrough ne twork i nterface
status notification; the database contains all links status straight-connected to all devices.
All devices share the same network topology, but each device can judge the best path to
each node in network topology. Link status protocol can response on topology changes
quickly, but ne ed more b andwidth a nd r esources c ompared w ith di stance vector
protocol.
The ISCOM2924GF device is only in support of default routing and static routing, dynamic routing
function is unavailable at present.
4.1.3.1
Default routing
Default Routing is a special routing that only be used when there is no matched item searched from
routing t able. Default r outing a ppears a s a r oute t o n etwork 0.0.0. 0 ( with mask 0.0.0.0) i n r outing
table. User can show default routing configuration by the command of show ip route. If destination
address of pa cket c annot m atch w ith a ny i tem i n t he r outing t able, t he pa cket w ill c hoose d efault
routing. If t he de vice ha snt configured de fault r outing a nd the destination I P of pa cket i s not i n
routing t able, t he de vice w ill di scard t he p acket a nd r eturn an IC MP p acket t o transmitting end to
inform that the destination address or network is unavailable.
4.1.3.2
Static routing
Static routing is routing configured manually. It is available to simple, small and stable network. The
disadvantage is it cannot a dapt t o n etwork t opology c hanges a utomatically and ne eds m anual
intervention.
95
www.raisecom.com
User Manual
4.2 Configure ARP

4.2.1
4.2.1.1
The mapping relation of IP address and MAC address is stored in ARP address mapping table.
Generally, A RP a ddress m apping table i s d ynamic maintained by de vice. The de vice searches the
mapping r elation between IP ad dress and M AC addres s automatically a ccording t o A RP pr otocol.
Users jus t ne ed to configure the de vice manually for pr eventing A RP dynamic l earning f rom
cheating and adding static ARP address mapping table entry.
4.2.1.2
Preconditions
N/A
4.2.2
Default configuration of ARP

The default configuration of ARP is as below:
4.2.3
Function
Default value
Static ARP table entry
N/A
Aging time of dynamic ARP table entry
1200s
Configure static ARP table entry

Note:
The IP address in static ARP table entry must belongs to the IP network segment of switch
layer-3 interface.
The static ARP table entry needs to be added and deleted manually.
Please configure static ARP table entry for the device as below:
4.2.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#arp ip-address
mac-address
Configure static ARP table entry.
Configure dynamic ARP table entry

Please configure dynamic ARP table entry for the device as below:
Step
Configuration
Description
96
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#arp
aging-time second
(Optional) Configure aging time for ARP

dynamic table entry. The entries over
aging time will be deleted by device.
Note: The ARP dynamic table entry wont be aged if setting the aging time as 0s.
4.2.5
No.
Item
Description
Raisecom#show arp
Check whether all information in ARP

address mapping table is correct.
Raisecom#show arp ip-address
Check whether the ARP table information

related to specified IP address is correct.
Raisecom#show arp ip if-number
Check whether the ARP table information

related to layer-3 interface is correct.
Raisecom#show arp static
Check whether the static ARP table

information is correct.
4.3 Configure layer-3 interface

4.3.1
4.3.1.1
User can connect a l ayer-3 interface f or V LAN w hen configuring IP a ddress for i t. Each layer-3
interface will correspond to an IP address and connect a VLAN.
4.3.1.2
Preconditions
Configure VLAN associated with interface and activate it before configuring layer-3 interface.
4.3.2
Configure layer-3 interface

Please configure layer-3 interface for the device as below:
Step
Configuration
Description
Raisecom#config
Enter layer-3 interface configuration

mode.
97
www.raisecom.com
User Manual
Step
Configuration
Description
ip-address [ ip-mask ] [ sub ] [ vlan-list ]
Configure IP address for layer-3

interface and interconnect to VLAN.
Note:
Configure VLAN associated with layer-3 interface and activate it. User can use the command
state {active | suspend} to activate the suspending VLAN before configuring it.
Configure VLAN a ssociated with layer-3 interface, and user can specify m ore t han on e
VLAN. I f configuring f or m any t imes, t he ne w configuration w ill cover the or iginal
configuration, not to accumulate.
ISCOM2924GF device can be configured 15 Layer-3 interfaces with range from 0 to 14.
4.3.3
No.
Item
Description
Raisecom#show interface ip
Check IP address configuration

for layer-3 interface.
Raisecom#show interface ip vlan
Check the binding relation of

layer-3 interface and VLAN.
4.4 Configure statistic routing

4.4.1 Preparation for configuration
4.4.1.1
Configure static r outing f or s imple ne twork t opology manually to build a n i ntercommunication
network.
4.4.1.2
Preconditions
Configure IP address for layer-3 interface correctly.
4.4.2 Configure default gateway

Please configure default gateway on the device as below.
Step
Configuration
Description
Raisecom#config
98
www.raisecom.com
User Manual
Step
Configuration
Raisecom(config)#ip
default-gateway
ip-address
Description
Configure IP address for default gateway.
Note: W hen message required to forward doesnt ha ve
related r outing i n t he d evice, t he c ommand of ip
default-gateway can configure default ga teway, and
forward this message to default gateway. The IP address of
default ga teway must i n the s ame ne twork segment w ith
the IP address of any local IP interface..
4.4.3 Configure static routing

Please configure static routing for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ip route
ip-address ip-mask next-hop
Configure next hop address related to

ip-address network as nexthop.

No.
Item
Description
Raisecom#show ip route
Check whether device routing

table information is correct.
4.5 Maintenance
Use the following command to maintain IP feature:
Command
Description
Raisecom(config)#clear arp
Clear all table entries in ARP address mapping table.
4.6 Configuration examples

4.6.1
4.6.1.1
Configure ARP
As t he Figure 4-1 shows below, ISCOM2924GF connects to host, connects to upstream R outer by
interface Port 1. IP address of Router is 192.168.1.10/24, MAC address is 0050-8d4b-fd1e.
User ne eds t o configure dynamic A RP ta ble entry aging t ime a s 600 s econds. To i mprove
communication security between ISCOM2924GF and Router, user needs to configure related static
ARP table entry on ISCOM2924GF device.
99
www.raisecom.com
User Manual
Figure 4-1 Network sketch map of configuring ARP
4.6.1.2
Configuration steps
Configure device dynamic ARP table entry aging time as 600 seconds:
Raisecom#config
Raisecom(config)#arp aging-time 600
Increase a piece of ARP static table entry:

Raisecom(config)#arp 192.168.1.10 0050.8d4b.fd1e
4.6.1.3
Show result
Check whether al l the table e ntry information i n A RP a ddress m apping t able i s correct by t he
command of show arp:
Raisecom#show arp
ARP table aging-time: 600 seconds(default: 1200s)
Ip Address
Mac Address
Type
Interface ip
------------------------------------------------------192.168.1.10
0050.8d4b.fd1e
192.168.100.1
000F.E212.5CA0
static
dynamic
-1
Total: 2
Static: 1
Dynamic: 1
100
www.raisecom.com
4.6.2
4.6.2.1
User Manual
Configure layer-3 interface to intercommunicate with host

As the Figure 4-2 shows below, configure layer-3 interface to the switch device so that the host and
device can Ping each other.
Figure 4-2 Layer-3 interface configuration networking
4.6.2.2
Configuration steps
Create VLAN and add the interface into VLAN.
Raisecom#config
Configure layer-3 interface on ISCOM2924GF device, and make the IP address interconnect VLAN.
Raisecom(config)#interface ip 10
Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 10
Raisecom(config-ip)#exit
4.6.2.3
Show result
Check whether the binding relation of VLAN and physical interface is correct b y the command of
show vlan:
Raisecom(config-port)#show vlan 10
Switch Mode: -VLAN Name
State
------------------------------------------------------------------------1
Default
10
VLAN0010
active static -active
1-6
static --
Check whether the layer-3 interface configuration is correct by the command of show interface ip.
Raisecom(config-ip)#show interface ip
IF
Address
NetMask
Source
Catagory
---------------------------------------------------------10
192.168.1.2
255.255.255.0
assigned
primary
101
www.raisecom.com
User Manual
Check w hether t he bi nding relation of l ayer-3 i nterface a nd V LAN i s c orrect by t he c ommand of

show interface ip vlan:
Raisecom#show interface ip vlan
Ip Interface
Vlan list
---------------------------0
10
10
Check whether the device and PC can ping each other by the command of ping:
Raisecom#ping 192.168.1.3
Type CTRL+C to abort
Sending 5, 8-byte ICMP Echos to 192.168.18.119, timeout is 3 seconds:
Reply from 192.168.1.3: time<1ms
---- PING Statistics---5 packets transmitted, 5 packets received,

Success rate is 100 percent(5/5),
round-trip (ms)
4.6.3
4.6.3.1
min/avg/max = 0/0/0.
Configure static routing

Configure static r outing to make any two hosts or ISCOM2924GF devices in Figure 4-3 can Ping
each other successfully.
102
www.raisecom.com
User Manual
Figure 4-3 Static routing configuration networking
4.6.3.2
Configuration steps
Configure IP address for each device.
Enable routing function and configure static routing on Switch A.
SwitchA#config
SwitchA(config)#ip routing
SwitchA(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.4
SwitchA(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.4
Enable routing function and configure default gateway on Switch B.

SwitchB(config)#ip routing
SwitchB(config)#ip default-gateway 10.1.2.3
Enable routing function and configure default gateway on Switch C:

SwitchC(config)#ip routing
SwitchC(config)#ip default-gateway 10.1.3.3
Configure default gateway for 10.1.5.3 on PC A, 10.1.1.3 on PC B, 10.1.4.3 on PC C respectively.
103
www.raisecom.com
4.6.3.3
User Manual
Show result
Check whether all the devices can ping successfully with one another by the command of ping:
SwitchA#ping 10.1.1.3
Type CTRL+C to abort
Sending 5, 8-byte ICMP Echos to 192.168.18.119, timeout is 3 seconds:
---- PING Statistics---5 packets transmitted, 5 packets received,

Success rate is 100 percent(5/5),
round-trip (ms)
min/avg/max = 0/0/0.
104
www.raisecom.com
User Manual
Chapter 5 DHCP
This c hapter i ntroduces b asic pr inciple a nd c onfiguration of D HCP and pr ovides r elated
configuration applications.
Overview
Configure DHCP Client
Configure DHCP Snooping
Configure DHCP Option
Configuring Applications
5.1 Overview
5.1.1
DHCP overview
DHCP (Dynamic Host Configuration Protocol) refers to assign IP address configuration information
dynamically for user in TCP/IP network. It is based on BOOTP (Bootstrap Protocol) protocol, and
adds automatically specified available network address, network address re-use, and other extended
configuration options over BOOTP protocol.
With enlargement of ne twork s cale a nd de velopment of ne twork c omplexity, qua ntity of PC i n
network usually exceeds available distributing IP address amount. Meanwhile, the widely use of
notebook and wireless network lead PC position changes frequently and also the related IP address
must update frequently. As a result of that, network configuration becomes more and more complex.
DHCP is developed to solve these problems.
DHCP adopts client/server communication mode. Client applies configuration to server (including IP
address, Subnet mask, default gateway etc.) and server replies IP address for client and other related
configuration information to realize dynamic configuration of IP address, etc.
It us ually includes a s et of DHCP s erver and s everal c lients in typical a pplication of DHCP (for
example PC or Notebook), as the Figure 5-1 shows below.
Figure 5-1 DHCP typical application networking

Under n ormal ci rcumstances, use DHCP se rver to f inish IP a ddress distribution in following
105
www.raisecom.com
User Manual
situations:
Network is large. It requires a lot of work for manual configuration, and is difficult to manage
the entire network intensively.
The number of hosts in ne twork is greater than the number of IP a ddresses, which make it
unable t o a ssign a fixed IP a ddress, and restrict t he nu mber of us ers c onnected t o network
simultaneously (Such as Internet access s ervice pr oviders). A large num ber of users must
obtain their own IP address dynamically through DHCP service.
Only the minority of hosts in ne twork need fixed I P addresses, most of hosts have no
requirement for fixed IP address.
DHCP technology ensures the rational allocation, avoid the waste and improve the utilization rate of
IP addresses in the entire network.
5.1.2
DHCP packet
DHCP packets format shows in the Figure 5-2. DHCP packets are encapsulated in UDP data packet.
Figure 5-2 Structure of DHCP Packet

Meaning of different fields in DHCP packets shows as below Table:
Tablev5-1 Fields definition of DHCP packet
Field name
OP
Length
1
Description
Packet type.
Value at 1: it is request packet;
Value at 2: it is reply packet.
Hardware type
Hardware address type of DHCP client.
Hardware length
Hardware address size of DHCP client.
Hops
DHCP hops number passed from DHCP packet.

This field increases 1 every time DHCP request packet
passes a DHCP hop.
Transaction ID
Client chooses number at random when starts a request,

used to mark process of address request.
106
www.raisecom.com
User Manual
Field name
Length
Description
Seconds
DHCP client passed time after starting DHCP request. It

is unused now, fixed as 0.
Flags
Bit 1 is broadcast reply flag, used to mark DHCP server

reply packet is transmitted in unicast or broadcast mode.
0: unicast;
1: broadcast.
Bit 2 is reserved.
5.1.3
Client IP address
DHCP client IP address, only be filled when client is

bound, updated or re-bind status, can be used to reply
ARP request.
Your(client) IP
address
Client IP address distributed by DHCP server.
Server IP address
IP address of DHCP server
Relay agent IP
address
The first DHCP hop IP address after DHCP client sends

request packet.
Client hardware
address
16
Hardware address of DHCP client
Server host name
64
DHCP server name
File
128
DHCP client start up configuration file name and path

assigned by DHCP server.
Options
Modifiable
A modifiable option field, including packet type,

available leased period, DNS (Domain Name System)
server IP address, WINS (Windows Internet Name
Server) IP address, etc. information.
DHCP Option
DHCP transmits control information and network configuration parameters through Option field in
packet t o r ealize a ddress dy namical di stribution s o a s t o pr ovide a bundant network c onfiguration
information for c lient. DHCP protocol ha s 2 55 ki nds of opt ions, t he f inal opt ion i s 255. Common
used DHCP options are:
Options
Description
Router option, to assign gateway for DHCP client.
DNS server option, to assign DNS server address distributed by DHCP client.
18
DHCP client flag option over IPv6, to assign interface information for DHCP client.
51
IP address lease option

107
www.raisecom.com
User Manual
Options
Description
53
DHCP packet type, to mark type for DHCP packets
55
Request parameter lis t option. Client uses this optical to indicate ne twork
configuration pa rameters ne ed t o obt ain f rom s erver. The c ontent of t his opt ion i s
values corresponding to client requested parameters.
61
DHCP client flag option over IPv6, to assign device information for DHCP client.
66
TFTP server na me, t o a ssign dom ain na me f or T FTP s erver di stributed b y D HCP
client.
67
Start up file name, to assign start up file name distributed by DHCP client.
82
DHCP client flag option over IPv4, user-defined, mainly used to mark position o f
DHCP client.
150
TFTP server address, to assign TFTP server address distributed by DHCP client.
184
DHCP reserved opt ion, a t present Option184 is m ainly used t o carry i nformation
required by voice calling. Through Option184 it can distribute IP address for DHCP
client with voice function and meanwhile provide voice calling related information.
255
Complete option
Fields 18, 37, 61 a nd 82 i n DHCP Option are r elay age nt information options i n DHCP packets.
When r equest pa ckets f rom DHCP client a rrive D HCP s erver, if ne ed DHCP relay or DHCP
Snooping, DHCP relay or DHCP Snooping increase Option field into request packets.
Fields Option18, 37, 61 and 82 implement r ecord DHCP client i nformation on DHCP server. By
cooperating with other software, it can realize IP address distribution restriction and accounting, etc.
functions. Such as cooperate with IP Source Guard to defend deceive of IP address+MAC address.
Field Option82 can i nclude a t m ost 255 s ub-options. If de fined f ield Option82, at l east one
sub-option m ust be de fined. The d evice supports two s ub-option t ypes c urrently: Sub-Option 1
(Circuit ID) and Sub-Option 2 (Remote ID).
Sub-Option 1 contains interface ID of DHCP client request packet, interface VLAN and the
additional information.
Sub-Option 2 is interface MAC address (DHCP relay) or device bridge MAC address (DHCP
Snooping device) for receiving DHCP client request packets.
5.1.4
DHCP client
ISCOM2924GF de vice can be us ed as DHCP cl ient t o get I P addr ess f rom D HCP s erver and
management in future, as the Figure 5-3 shows below.
108
www.raisecom.com
User Manual
Figure 5-3 DHCP client networking
5.1.5
5.1.5.1
DHCP Snooping
DHCP Snooping overview
DHCP Snooping is a security feature of DHCP with the below functions:
Guarantee DHCP client gets IP address from legal DHCP server;
If there is false DHCP server existing in network, DHCP client may get error IP address and network
configuration pa rameters, b ut c annot c ommunicate nor mally. As the Figure 5-4 shows be low, i n
order to make DHCP client get IP address from legal DHCP server, DHCP Snooping security system
permits to set interface as trust interface and untrust interface: trust interface forwards DHCP packets
normally; untrust interface discard the reply packets from DHCP server.
Figure 5-4 DHCP Snooping networking
Record corresponding relationship between DHCP client IP address and MAC address.
DHCP S nooping records e ntries t hrough m onitor r equest a nd r eply pa ckets r eceived b y t rust
interface, including client MAC address, obtained IP address, DHCP client connected interface and
VLAN of the interface, etc. Then implement following by the record information:
109
www.raisecom.com
User Manual
ARP Detection: judge legality of user that sends ARP packet and avoid ARP attack from
illegal user.
IP Source G uard: filter i nterface f orwarded packets b y d ynamically ge tting DHCP
Snooping entry to avoid illegal packets pass the interface.
VLAN mapping: packets s ent to user modify mapped V LAN to original VLAN b y
searching m apped V LAN r elated D HCP c lient I P a ddress, M AC a ddress a nd or iginal
VLAN information in DHCP Snooping entry.
5.1.5.2
DHCP Snooping supporting Option function

Option f ield in DHCP packet r ecords pos ition information of D HCP client. Administrator c an us e
this option to locate DHCP client and control client security and accounting.
If the device configured DHCP Snooping to support Option function:
When device r eceives D HCP r equest p ackets, deal w ith packets acc ording to Option field
included or not a nd f illing m ode a s w ell a s pr ocessing pol icy configured by us er, t hen
forwards the processed packet to DHCP server;
When device receives DHCP reply packets, if the packet doesnt contain Option field, delete
the field and forward to DHCP client; if the packet doesnt contain Option field, forwarded
directly.
5.2 Configure DHCP client

5.2.1.1
As DHCP client, ISCOM2924GF device will get IP address from assigned DHCP server to manage
the device in future.
The IP a ddress a ssigned by D HCP c lient is li mited with a cer tain lease pe riod w hen a dopting
dynamic address distribution mode. DHCP server will t ake back the IP address when it is expired.
DHCP client has to relet IP address foe continuous using. DHCP client can release IP address if it
doesnt want to use it any more before its expiration.
We suggest that the number of DHCP relays is less than 4 if DHCP client needs to obtain IP address
from DHCP server from multiple DHCP relays.
5.2.1.2
Preconditions
Finish the following tasks before configuring DHCP client:
Create VLAN and add layer-3 interface to it.
The DHCP Snooping function is disabled.
5.2.2 Default configuration of DHCP client

The default configuration of DHCP client is as below:
Function
Default value
110
www.raisecom.com
User Manual
Function
Default value
hostname
raisecom
class-id
raisecom-ROS
client-id
raisecom-SYSMAC- IF0
5.2.3 Configure DHCP client

Only the interface IP 0 on switch is in support of DHCP client function.
When applying for IP address, DHCP client needs to create VLAN firstly, and add the interface with
the IP address to VLAN, and at the same time, configure DHCP server, or the interface will fail to
obtain IP address via D HCP.
For interface IP 0, the IP addresses obtained through DHCP and configured manually can overwrite
each other.
Note:
If the switch starts DHCP Server or DHCP Relay, the DHCP client will not be enabled. If the
switch starts DHCP client, DHCP Server or DHCP Relay will not be enabled.
By default, the device enables DHCP client function. The command of no ip address dhcp
can disable it.
If t he device obtained IP address fr om a DHCP s erver t hrough D HCP previously, it w ill
restart the application pr ocess for I P a ddress i f user modified DHCP se rver address by t he
command of ip address dhcp.
Please configure DHCP client on the device as below.
Step
Configuration
Description
Raisecom#config
Enter layer-3 interface configuration mode.
Raisecom(config-ip)#ip address dhcp

[ server-ip ip-address]
Apply for IP address by DHCP.
Raisecom(config-ip)#ip dhcp client

{ class-id class-id | client-id client-id |
hostname hostname }
(Optional) Configure DHCP client information,

including class ID, client ID and host name.
Raisecom(config-ip)#ip dhcp client renew
(Optional) Relet IP address. If the layer-3

interface of device has obtained IP address by
DHCP, the IP address will automatically renew
when the lease expires.
Raisecom(config-ip)#no ip address dhcp
(Optional) Release IP address.

111
www.raisecom.com
User Manual
No.
Item
Description
Raisecom#show ip dhcp client
Show DHCP client configuration.
5.3 Configure DHCP Snooping

5.3.1.1
DHCP Snooping is a security feature of DHCP, being used to guarantee DHCP client gets IP address
from legal DHCP server and record corresponding relationship between DHCP client IP and MAC
address.
Option field of DHCP packet records location of DHCP client. Administrator can locate DHCP client
through Option field and control client security and accounting. ISCOM2924GF device configured
with D HCP S nooping a nd Option c an pe rform related process a ccording to Option field e xistence
status in packet.
5.3.1.2
Preconditions
N/A
5.3.2 Default configuration of DHCP Snooping

The default configuration of DHCP Snooping is as below:
Function
Default value
Global DHCP Snooping status
Disable
Interface DHCP Snooping status
Enable
Interface trust/untrust atatus
Untrust
DHCP Snooping is in support of Option 82
Disable
5.3.3 Configure DHCP Snooping

Generally, make sure that the device interface connected t o D HCP server is in trust state, while
interface connected to user is in distrust state.
If e nabling DHCP S nooping without c onfiguring DHCP S nooping supporting Option f unction, t he
device will do nothing to Option fields in the packets. For packets without Option fields, the device
still doesnt do insertion operation.
By default, the DHCP Snooping function of all interfaces is enabled, but only to enable the global
DHCP Snooping function, the interface DHCP Snooping function can take effect.
112
www.raisecom.com
5.3.3.1
User Manual
Configure DHCP Snooping over IPv4

Please configure DHCP Snooping function on the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ip dhcp
snooping
Configure to enable global DHCP Snooping function

over IPv4.
By default, the device hasnt be configured to enable
global DHCP Snooping function over IPv4.
snooping port-list { all |
port-list }
(Optional ) Configure to enable interface DHCP

Snooping function over IPv4.
By default, the device has enabled interface DHCP
port port-id
Raisecom(config-port)#ip
dhcp snooping trust
Configure trust interface over IPv4.

By default, the device distrusts the DHCP packet over
IPv4 received by interface.
Raisecom(config-port)#ipv4
dhcp option option-id
(Optional ) Configure DHCP Snooping to support

Option function defined by IPv4.
By default, the DHCP Snooping is not in support of
Option function defined by IPv4.
snooping option client-id
5.3.3.2
snooping information
option

Option61 function.
Option82 function.
Configure DHCP Snooping over IPv6

Please configure DHCP Snooping function on the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ipv6
dhcp snooping
Configure to enable global DHCP Snooping

function over IPv6.
By default, the device hasnt be configured to enable
global DHCP Snooping function over IPv6.
113
www.raisecom.com
User Manual
Step
Configuration
Description
dhcp snooping port-list
{ all | port-list }
(Optional ) Configure to enable interface DHCP

By default, the device has enabled interface DHCP
port port-id
Raisecom(config-port)#ipv6
dhcp snooping trust
Configure trust interface over IPv6.

By default, the device distrusts the DHCP packet
over IPv6 received by interface.
dhcp snooping option
interface-id

Option18 function.
dhcp snooping option
remote-id

Option37 function.

No.
Item
Description
Raisecom#show ip dhcp
snooping [ binding ]
Show DHCP Snooping function configuration over IPv4.
Raisecom#show ipv6
dhcp snooping [ binding ]
Show DHCP Snooping function configuration over IPv6.
5.4 Configure DHCP Option

5.4.1.1
Fields 18, 61, 82 of DHCP Option are r elay pr oxy i nformation opt ions i n D HCP pa cket. When
DHCP Client sends request packet to DHCP Server, DHCP Snooping or DHCP relay will add Option
field into request packet if it requires for DHCP Snooping or DHCP relay.
DHCP Option18 field is used t o r ecord DHCP c lient i nformation ov er IPv6, DHCP Option61, 82
fields a re us ed t o r ecord DHCP c lient ov er I Pv4. DHCP server c ooperates w ith other sof tware t o
implement IP address distribution restriction and accounting, etc. functions over these information.
5.4.1.2
Preconditions
N/A
114
www.raisecom.com
User Manual
5.4.2 Default configuration of DHCP Option

The default configuration of DHCP Option is as below:
Function
Default value
attach-string in global configuration mode
Null
remote-id in global configuration mode
switch-mac
circuit-id in interface configuration mode
Null
5.4.3 Configure DHCP Option field over IPv4

Please configure DHCP Snooping function over IPv4 on the device as below.
(All the following steps are optional and hasnt sequencing)
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ip dhcp information option

attach-string attach-string
(Optional) Configure additional

information for Option82 field.
(Optional) Configure circuit ID sub-option

information for Option82 field in interface.
Raisecom(config-port)#ip dhcp information

option circuit-id circuit-id [ prefix-mode ]
Raisecom(config)#ip dhcp information option
remote-id { client-mac | client-mac-string |
hostname | switch-mac | switch-mac-string |
string string }
3
Raisecom(config)#ipv4 dhcp option option-id

{ ascii ascii-string | hex hex-string | ip-address
ip-address }
(Optional) Create Option field information

defined by IPv4.
(Optional) Create Option field information

defined by IPv4 in interface.
Raisecom(config-port)#ipv4 dhcp option

option-id { ascii ascii-string | hex hex-string |
ip-address ip-address }
4
(Optional) Configure remote ID sub-option

information for Option82 field.
Raisecom(config)#ipv4 dhcp option client-id
{ ascii ascii-string | hex hex-string | ip-address
ip-address }
Raisecom(config-port)#ipv4 dhcp option
client-id { ascii ascii-string | hex hex-string |
ip-address ip-address }
(Optional) Configure Option61field

information.
(Optional) Configure Option61 field

information in interface.
115
www.raisecom.com
User Manual
5.4.4 Configure DHCP Option field over IPv6

Please configure DHCP Option function over IPv6 on the device as below.
(All the following steps are optional and hasnt sequencing)
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ipv6 dhcp option interface-id { ascii

ascii-string | hex hex-string | ipv6-address ipv6-address }
(Optional) Configure Option18

field information.
(Optional) Configure Option18

field information in interface.
Raisecom(config-port)#ipv6 dhcp option interface-id

{ ascii ascii-string | hex hex-string | ipv6-address
ipv6-address }
3
(Optional) Create Option field

information defined by IPv6.
Raisecom(config)#ipv6 dhcp option option-id { ascii

Raisecom(config-port)#ipv6 dhcp option option-id { ascii
(Optional) Create Option field

information defined by IPv6 in
interface.

No.
Item
Description
Raisecom#show ip dhcp
information option
Check whether DHCP Option

field configuration is correct.
5.5 Configuring applications

5.5.1 Configure DHCP clients application
5.5.1.1
As the Figure 5-5 s hows be low, Switch is us ed as D HCP cl ient, host na me i s r aisecom, access t o
DHCP server and NMS platform through SNMP interface. DHCP server should assign IP address to
SNMP interface of Switch and make NMS platform to manage Switch.
116
www.raisecom.com
User Manual
Figure 5-5 DHCP client networking
5.5.1.2
Configuration steps
Configure DHCP client information.
Raisecom#config
Raisecom(config-ip)#ip dhcp client hostname raisecom
Configure to apply for IP address by DHCP.

Raisecom(config-ip)#ip address dhcp server-ip 192.168.1.1
5.5.1.3
Show result
Check whether DHCP client configuration is correct by the command of show ip dhcp client.
Raisecom#show ip dhcp client
Hostname:
raisecom
Class-ID:
Raisecom-ROS
Client-ID:
Raisecom-000e5e000000-IF0
DHCP Client is requesting for a lease.

Assigned IP Addr:
0.0.0.0
Subnet mask:
0.0.0.0
Default Gateway:
--
Client lease Starts:

Client lease Ends:
Client lease duration:
Jan-01-1970 08:00:00
Jan-01-1970 08:00:00
0(sec)
DHCP Server:
Tftp server name:
0.0.0.0
--
Tftp server IP Addr:
--
Startup_config filename:
--
NTP server IP Addr:

Root path:
---
117
www.raisecom.com
User Manual
5.5.2 Configure DHCP Snooping application

5.5.2.1
As the Figure 5-6 s hows be low, S witch i s us ed a s DHCP Snooping device. The n etwork r equires
DHCP c lient ge ts I P a ddress f rom l egal D HCP s erver a nd s upports O ption82 to facilitate c lient
management; user can configure circuit ID sub-option information on interface Port 3 as raisecom,
remote ID sub-option as user01.
Figure 5-6 DHCP Snooping networking
5.5.2.2
Configuration steps
Configure global DHCP Snooping function.
Raisecom#config
Raisecom(config)#ip dhcp snooping
Configure trust interface.

Raisecom(config-port)#ip dhcp snooping trust
Raisecom(config-port)#quit
Configure DHCP relay in support of Option82 function and configure field Option82.
Raisecom(config)#ip dhcp snooping information option
Raisecom(config)#ip dhcp information option remote-id string user01
Raisecom(config-port)#ip dhcp information option circuit-id raisecom
5.5.2.3
Show result
Check whether DHCP client configuration is correct by the command of show ip dhcp information
option.
Raisecom#show ip dhcp information option
DHCP Option Config Information
118
www.raisecom.com
User Manual
Circuit-ID : default
Remote-ID Mode:
string
Remote-ID String:
user01
P3
Circuit ID:
raisecom
ipv4Global
ipv4Port
P1:
P2:
P3:
P27:
P28:ipv6Global
ipv6Port
P1:
P2:
P3:
P27:
P28
119
www.raisecom.com
User Manual
Chapter 6 QoS
This chapter introduces basic principle and configuration of QoS and provides related configuration
applications.
Overview
Priority trust
Traffic classification and traffic policy
Priority mapping and queue schedule
Traffic rate limit over interface and VLAN
Maintenance
Configuring applications
6.1 Overview
User br ings f orce di fferent service qua lity de mands f or ne twork a pplication, t hen network s hould
distribute a nd schedule resource for different ne twork application a ccording to user de mands. QoS
(Quality of Service) can ensure s ervice i n real-time and i ntegrity w hen network overload or
congested and guarantee the whole network runs high-efficiently.
QoS is composed by a group of traffic management technology:
Service model
Priority trust
Traffic policy
Priority mapping
Queue schedule
Rate limit over interface and VLAN
6.1.1
Service model
QoS technical service contains three models:
Best-effort Service
Integrated Services (IntServ)
Differentiated Services (DiffServ)
6.1.1.1
Best-effort
Best-effort service is the most basic and simplest service model over store and forward mechanism
Internet (IPv4 standard). In Best-effort service model, the application program can send any number
of pa ckets at any time without permitting in advance and notifying the ne twork. F or B est-effort
service, the network will send packets as possible as it can, but cannot guarantee the delay time and
reliability.
Best-effort is the default Internet service model now, applying to most network applications, such as
120
www.raisecom.com
User Manual
FTP, E -mail, etc. which is achieved by first in first out (FIFO) queue.
6.1.1.2
IntServ
IntServ model is a comprehensive service model, which can meet a variety of QoS requirements and
needs t o s end specific s ervice r equest to ne twork b efore s ending m essages. This r equest is
accomplished through signaling. Firstly, the application program need to apply for service quality it
required f rom ne twork by s ignaling, s uch a s bandwidth, de lay time, pr iority, e tc. The a pplication
program w ill s end messages onc e r eceiving t he c onfirmation f rom ne twork, w hich m eans t he
network has already pr eset i ts corresponding s ervice qua lity r esource. At t he same t ime, the
messages se nt b y program s hould be c ontrolled w ithin t he range described i n t he application
parameters.
After r eceiving service qua lity application messages f rom a pplication pr ogram, t he ne twork w ill
check r esource di stribution, i .e. w hether t he current network resource can m eet appl ication from
application pr ogram, once m eeting the a pplication, network will return a ne twork r esource
confirmation and allocate corresponding network resource for application program. In the process of
sending messages, as l ong a s t he a pplication pa cket traffics a re controlled within the range of
application parameters, the network will undertake to meet QoS requirements. In order to fulfill the
commitment f or t ransmitting traffics, the ne twork will maintain a s tate for t hem, classifying
messages, monitoring traffics and taking queue scheduling over the state.
In the IntServ service model, the signaling transmitting QoS request is RSVP (Resource Reservation
Protocol), w hich i s r esponsible f or not ifying t he Q oS r equirements of application program to
network. RSVP applies for network resource before the application program sending messages, so it
is out of band signaling.
Intserv service model diagram is shown in Figure 6-1.
Figure 6-1 Sketch map of IntServ service model

The b iggest adv antage of IntServ model is to pr ovide end-to-end QoS service, while the bi ggest
disadvantage is its poor scalability. Network node must maintain all reserved resource information.
These m aintenance ope rations w ill consum e more pr ocessing time and memory requirements of
121
www.raisecom.com
User Manual
network nodes. A fter expanding network scale, there will be a substantial increasing in the
maintenance cost, which will have a serious impact to the packet wire-speed processing performance
of the network nodes, especially the core nodes.
6.1.1.3
DiffServ
DiffServ model is a multi-service model, which can satisfy different QoS requirements. The largest
difference from Intserv model is tha t it does not require R SVP signaling. In other words, DiffServ
model doesnt need to notify the network to reserve resources before sending messages.
DiffServ model does not need t o maintain state for each f low. I t provides differentiated s ervices
according t o the QoS cl assification of each packet. Many different methods can be used for Q oS
packet cl assification, such as I P pa cket pr iority ( IP precedence), t he pa cket s ource addres s or
destination address and so on.
Generally, DiffServ i s us ed to pr ovide end t o e nd Q oS s ervices for a num ber of i mportant
applications, which is achieved mainly through the following techniques:
CAR (Committed Access Rate): CAR refers to classify the messages according to the pre-set
messages m atching rules, s uch a s IP m essages pr iority ( IP pr ecedence), t he pa cket s ource
address or destination address, etc. Continue to send the messages if the flow is in line with
the rules of token bucket. If it is beyond the specified flow, discard the messages or remark IP
precedence, DSCP, EXP, etc. CAR not only can control the traffics, but also mark and remark
the messages.
Queue t echnology: the queuing t echnologies of SP, WRR, DRR, SP + WRR, SP + DRR
cache and schedule the congestion messages to achieve congestion management.
6.1.2
Priority trust
Priority trust re fers to the de vice us es pr iority of pa ckets f or classification and pe rforms Q oS
management. Generally speaking, the bigger the packet priority field is, the higher the priority is.
ISCOM2924GF device is in support of packet priority trust over interface, including:
DSCP (Differentiated Services Code Point) priority over IP packets.
CoS (Class of Service) priority over VLAN packets.
6.1.3
Traffic classification denotes recognizing packets of certain cl ass by setting rules, pe rforming
different Q oS pol icy f or the pa ckets m atch w ith di fferent r ules. It i s pr emise a nd base of di verse
service.
ISCOM2924GF device is in support of traffic classification of ToS (Type of Service) priority over IP
packets, DSCP priority and CoS priority over VLAN packets, as well as the classification over ACL
rule. The traffic classification procedure is shown as the following Figure 6-2:
122
www.raisecom.com
User Manual
Figure 6-2 Sketch map of traffic classification
6.1.3.1
ToS priority and DSCP priority

Structure of IP packet head shows as Figure 6-3 below, the head contains 8bit ToS field. RFC1349
defines the f irst 3 bits of ToS f ield, indicating ToS pr iority with value r ange of 0~7; R FC2474
defines ToS again, the first 6 bits (0~5) indicates priority of IP packet, named DSCP priority, value
range i s 0 ~63, t he l ast 2 bi ts ( bit-6 a nd bi t-7) a re re served. The st ructure of t wo priority t ypes is
shown as the following Figure 6-4:
Figure 6-3 Structure of IP packet head
Figure 6-4 Structure of ToS priority and DSCP priority
6.1.3.2
CoS priority
VLAN pa cket ov er IEEE 802.1 Q standard m akes m odification on E thernet pa cket, i ncrease 4
bytes802.1Q t ag between s ource a ddress f ield a nd pr otocol t ype f ield, a s Figure 6-5 shows be low.
The tag includes field of 2 bytes TPID (Tag Protocol Identifier, value at 0x8100) and field of 2 bytes
TCI (Tag Control Information).
123
www.raisecom.com
User Manual
Figure 6-5 Structure of VLAN packets

CoS priority locates at the first 3 bits of TCI field, value range is 0~7, as Figure 6-6 shows below. It
is available to guarantee service quality in layer-2 network.
Figure 6-6 Structure of CoS priority packets
6.1.4
Traffic policy
Perform di fferent ope ration for di fferent pa ckets a fter classifying packets t raffic, the t raffic
classification and operation binding form the traffic policy.
6.1.4.1
Rate limit
Rate limit is to control network traffic, by monitoring traffic rate enters network to discard overflow
part a nd c ontrol t he e ntering t raffic in a r easonable r ange, t hus t o pr otect ne twork r esource a nd
carrier interest.
ISCOM2924GF device is in support of rate limit at packet ingress direction over traffic policy.
6.1.4.2
Re-direction
Re-direction means to forward packets in the original corresponding relation between destination and
interface, it forwards packet to assigned interface to implement policy routing.
ISCOM2924GF device supports forwarding ingress packets to assigned interface.
6.1.4.3
Re-mark
Re-mark means to set some priority fields in packet again and then classify packets according to self
standard. Besides, downstream node i n ne twork c an pr ovide di verse Q oS s ervice a ccording t o
re-marked information.
ISCOM2924GF device is in support of re-mark for below priority fields:
IP packets ToS priority
IP packets DSCP priority
VLAN packets CoS priority
6.1.4.4
Traffic statistics
Traffic statistics is used for data messages statistics of specified service traffic, which is the number
of messages and bytes passed through matching traffic classification or discarded.
Traffic statistics itself is not QoS control measure, but can be used in combination with other QoS
124
www.raisecom.com
User Manual
actions to improve the security of network and messages.
6.1.5
Priority mapping
When packets enter device, priority mapping function sends them to queues with different internal
priority i n a ccordance w ith m apping r elationship f rom e xternal t o i nternal, t hus t he pa ckets c an
perform queue schedule at packets egress direction.
Note: I nternal pr iority is a ki nd of i nternal pr iority de vice di stributed t o pa ckets, corresponding to
interface queue No. Packets with bigger internal priority value will be processed precedent.
ISCOM2924GF device supports DSCP priority over IP packets or CoS priority over VLAN packets
to perform priority mapping.
By default, the mapping relationship among ISCOM2924GF device internal priority, DSCP priority
and CoS priority is shown in the table 6-1 below:
Table 6-1 Mapping relationship of internal priority, DSCP priority, CoS priority
6.1.6
Internal
DSCP
0~7
8~15
16~23
CoS
24~31 32~39
3
40~47 48~55 56~63

5
Queue schedule
Queue s chedule i s necessary when t here i s i ntermittent c ongestion i n ne twork a nd de lay s ensitive
services require higher QoS service than non-sensitive services.
Queue s chedule adopts different s chedule a lgorithm t o t ransport pa ckets f low i n que ue.
ISCOM2924GF de vice is in s upport of SP ( Strict-Priority), W RR (Weight R ound R obin), DRR
(Deficit Round Robin), SP+WRR and SP+DRR algorithm to solve network flow problem and have
different influences on distribution, delay, and jitter of bandwidth resource:
SP: t o s chedule s trictly a ccording t o que ue pr iority order. Lower pr iority queue cannot
perform s chedule unt il t he packets i n higher priority que ue a ll f inished s chedule, as Figure
6-7 shows below.
Figure 6-7 Sketch map of SP schedule

125
www.raisecom.com
User Manual
WRR: on basis of round schedule each queue according to queue priority, schedule packets in
various queues according to weight of each queue, as Figure 6-8 shows below.
Figure 6-8 Sketch map of WRR schedule

DRR: on basis of round schedule each queue according to queue priority, schedule packets in
each queue according to weight of each queue. Besides, lending the redundant bandwidth of a
queue in one schedule to other queue, in the later schedule, the queue borrowed bandwidth
will return it back, as Figure 6-9 shows below.
Figure 6-9 Sketch map of DRR schedule

SP+WRR: di viding que ues on i nterface i nto t wo gr oups, us er c an assign some que ues
perform SP schedule and other queues perform WRR schedule.
SP+DRR: dividing queues on interface into two groups, user can assign some queues perform
SP schedule and other queues perform DRR schedule.
6.1.7
Rate limit over interface and VLAN

ISCOM2924GF not onl y s upports r ate lim it ov er tr affic pol icy but a lso supports r ate lim it ov er
interface and VLAN I D. Similar t o rate l imit over t raffic pol icy, device di scards the exceeding
traffics.
126
www.raisecom.com
User Manual
6.2 Configure priority trust

6.2.1.1
User c an c hoose pr iority for t rusted pa ckets f rom ups tream de vice, unt rusted pr iority pa ckets a re
processed by traffic classification and traffic policy. After configuring priority trust, device operates
packets according to their priorities and provides related service.
6.2.1.2
Preconditions
N/A
6.2.2 Default configuration of priority trust

The default configuration of priority trust is as below:
Function
Default value
Global QoS function status
Enable
Interface trust priority type
Trust CoS priority
6.2.3 Configure interface priority trust

Please configure interface priority trust for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mls qos enable
Global enable QoS function.

By default, the device enables global QoS
function.
The command mls qos disable can disable the
function.
port-id
Raisecom(config-port)#mls qos
trust { cos | dscp }
Configure interface trust priority type.

By default, interface trusts CoS priority.

No.
Item
Description
127
www.raisecom.com
User Manual
No.
Item
Description
Raisecom(config)#show mls qos

priority [ port port-id ]
Show priority trust rule

configuration under interface.
6.3 Configure traffic classification and traffic policy

6.3.1.1
Traffic cl assification is t he ba se of QoS, user can classify pa ckets f rom upst ream de vice i n
accordance with priorities or ACL rule.
Traffic classification c onfiguration w ont ta ke e ffect unt il us er bi nds i t to traffic policy. Applying
traffic policy is related to network current loading condition and period. Usually, packets traffic rate
is limited according to configured speed when it enters network, and re-mark priority according to
packet service feature.
6.3.1.2
Preconditions
N/A
6.3.2 Default configuration of traffic classification and traffic policy

The default configuration of traffic classification and traffic policy is as below:
Function
Default value
Actions for the traffic over the rate limit and sudden value
drop
6.3.3 Create and configure traffic classification

Please create and configure traffic classification on the device as below.
Step
Configuration
Description
Raisecom#config

By default, the device enables global QoS function.
The command mls qos disable can disable the
function.
Raisecom(config)#class-map
class-map-name { match-all |
match-any }
Create traffic classification and enter traffic

classification configuration mode.
128
www.raisecom.com
Step
User Manual
Configuration
Description
Raisecom(config-cmap)#match
{ access-list-map | ip-access-list |
ipv6-access-list | mac-access-list }
acl-number
(Optional) Configure traffic classification over ACL

rule.
Raisecom(config-cmap)#match
class-map class-map-name
(Optional) Configure traffic classification over

traffic classification rule.
Raisecom(config-cmap)#match ip
dscp dscp-value

DSCP priority of IP packet.
Raisecom(config-cmap)#match ip
precedence ip-precedence-value
(Optional) Configure traffic classification over ToS

priority of IP packet.
Raisecom(config-cmap)#match vlan
vlan-id [ double-tagging inner ]

VLAN ID rule of VLAN packet.
6.3.4 Create traffic rate limit rule

When user wants to limit rate over traffic policy, it is necessary to configure rate limit rule and apply
the rule under traffic class binding to traffic policy.
Please create traffic rate limit rule on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mls qos
aggregate-policer policer-name rate
burst [ exceed-action { drop |
policed-dscp-transmit marked-dscp |
policed-localpriority-transmit
localpriority-value } ]
(Optional) Create traffic rate limit rule in type of

aggregate. This rule is used together with traffic
policy in the future for restrict speed of traffic
classification packets bound with matched policy.
class-policer policer-name rate burst
[ exceed-action { drop |

class. This rule is used together with traffic
classification for restrict speed of matched traffic
classification packets.
single-policer policer-name rate burst
[ exceed-action { drop |

single. This rule is used together with a type of
packet for restrict speed of it.
6.3.5 Create and configure traffic policy

Please configure traffic policy on the device as below.
Step
Configuration
Description
129
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#policy-map
policy-map-name
Create traffic policy and enter traffic policy

configuration mode.
Raisecom(config-pmap)#description
string
(Optional) Configure description for traffic

policy.
Raisecom(config-pmap)#class-map
class-map-name
Bind traffic classification into traffic policy;

only apply policy for packets match with
traffic class.
Note: At least one rule type is necessary for
binding traffic class for policy, otherwise
cannot bind successfully.
Raisecom(config-pmap-c)#police
policer-name
(Optional) Configure rate limit rule under

traffic class to form rate limit policy.
Raisecom(config-pmap-c)#redirect-to
port port-id
(Optional) Configure re-direct rule under

traffic class, forwarding classified packets
from assigned interface.
Raisecom(config-pmap-c)#set { cos
cos-value | ip dscp ip-dscp-value | ip
precedence ip-precedence-value | vlan
vlan-id }
Raisecom(config-pmap-c)#statistics
enable
Raisecom(config-pmap-c)#quit
(Optional) Configure re-mark rule under

traffic class, modify packet ToS, DSCP, CoS
or VLAN ID of matched traffic class.
(Optional) Configure traffic statistic rule
under traffic class, statistic packets for
matched traffic class.
Raisecom(config-pmap)#quit
Raisecom(config)#service-policy
policy-name { egress port-id | ingress
port-id [ egress port-id ]}
Bind the configured traffic policy to

interface.

No.
Item
Description
Raisecom(config)#show mls qos
Show QoS configuration of

assigned interface.
Raisecom(config)#show class-map
[ class-map-name ]
Show assigned traffic

classification rule.
Raisecom(config)#show mls qos policer

[ policer-name | aggregate-policer |
class-policer | single-policer ]
Show assigned rate limit rule.
Raisecom(config)#show policy-map
[ policy-map-name [ class class-map-name ]
| class class-map-name | port port-id ]
Show assigned traffic policy

configuration.
130
www.raisecom.com
User Manual
No.
Item
Description
Raisecom(config)#show service-policy
statistics [ port port-id ]
Show the applied policy

statistic information.
6.4 Configure internal priority and queue schedule

6.4.1.1
When network has congestion, user want to balance delay and delay jitter of various packets, packets
of key services (like video and voice) can be processed preferentially; packets of secondary services
(like E-Mail) w ith identical pr iority can be fairly pr ocessed, different priority can be pr ocessed
according t o i ts weight value. User c an configure queue schedule i n t his situation. Selection of
schedule algorithm is depended on service condition and customer requirements.
Priority mapping is precondition for queue schedule. User can map priority of packets from upstream
device t o di fferent local pr iority, a nd de vice pe rform q ueue s chedule f or t he pa ckets a ccording t o
local priority. Generally speaking, IP packets need to configure mapping relationship between DSCP
priority a nd l ocal pr iority; VLAN packets ne ed t o configure mapping r elationship be tween CoS
priority and local priority.
6.4.1.2
Preconditions
N/A
6.4.2 Configure mapping relationship between DSCP priority and local priority
Please configure mapping r elationship be tween DSCP priority a nd l ocal pr iority o n t he d evice a s
below.
Step
Configuration
Description
Raisecom#config

The command of mls qos disable can disable it.
mapping dscp dscp-value to
localpriority local-priority
Configure mapping relationship between DSCP priority

and local priority.
6.4.3 Configure mapping relationship between CoS priority and local priority
Please configure mapping relationship be tween CoS pr iority a nd local pr iority on t he device a s
below.
131
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
enable

The command of mls qos disable can disable it.
mapping cos cos-value to
localpriority local-priority
Configure mapping relationship between CoS priority

and local priority.
6.4.4 Configure internal priority over interface

Please configure internal priority over interface for the device as below:
Step
Configuration
Description
Raisecom#config
port-id

configuration mode.
Raisecom(config-port)#mls qos
port-priority port-priority
Configure internal priority for

packet over interface.
6.4.5 Configure SP queue schedule

Please configure SP queue schedule for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mls
qos queue scheduler sp
Configure packet queue schedule

mode as SP.
6.4.6 Configure WRR or SP+WRR queue schedule

Please configure WRR or SP+WRR on the device as below.
Step
Configuration
Description
Raisecom#config
queue scheduler wrr
Configure queue schedule mode for

packets as WRR.
queue wrr weight1 weight2
weight3 weight4 weight5
Configure priority for various queues.

Perform SP schedule when priority of a
queue is configured at 0.
132
www.raisecom.com
User Manual
6.4.7 Configure DRR or SP+DRR queue schedule

Please configure DRR or SP+DRR on the device as below.
Step
Configuration
Description
Raisecom#config
queue scheduler drr
Configure queue schedule mode for

packets as DRR.
queue drr weight1 weight2
Configure priority for various queues.

Perform SP schedule when priority of a
queue is configured at 0.

No.
Item
Description
Raisecom#show mls qos mapping [ cos

| dscp | localpriority ]
Show mapping relationship

configuration for assigned priority.
Raisecom(config)#show mls qos queue
Show queue schedule configuration.
6.5 Configure traffic rate limit over interface and VLAN

6.5.1.1
When ne twork h as c ongestion, us er c an configure rate li mit o ver int erface or V LAN if w ant to
restrict burst traffic flow at an interface or a VLAN to make it transports in a well-proportioned rate,
so as to remove network congestion.
6.5.1.2
Preconditions
Related VLAN must be created before configuring rate limit over VLAN or QinQ.
6.5.2 Configure traffic rate limit over interface

Please configure rate limit over interface on the device as below.
Step
Configuration
Description
Raisecom#config
133
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#rate-limit port-list { all | Configure rate limit over interface.

port-list }{ both rate-value | egress
rate-value [ burst-value ]| ingress
rate-value [ burst-value ]}
6.5.3 Configure traffic rate limit over VLAN or QinQ

Please configure rate limit over VLAN or QinQ on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rate-limit vlan vlan-id

rate-value burst-value [ statistics ]
(Optional) Configure rate limit over

VLAN.
Raisecom(config)#rate-limit
double-tagging-vlan outer { outer-vlan-id |
any } inner { inner-vlan-id | any } rate-value
burst-value [ statistics ]
(Optional) Configure rate limit over QinQ.

No.
Item
Description
Raisecom(config)#show rate-limit
port-list [ port-list ]
Show rate limit configuration over

interface.
Raisecom(config)#show rate-limit vlan
Show rate limit configuration over

VLAN or QinQ.
6.6 Maintenance
User can maintain QoS feature by the following commands.
Command
Description
Raisecom(config)#clear service-policy statistics [ egress |

ingress | port ] port-list [ class-map class-map-name ]

QoS packets.
Raisecom(config)#clear rate-limit statistics vlan [ vlan-id ]

VLAN rate limit packet loss.
134
www.raisecom.com
User Manual

6.7.1 Configure traffic rate limit over traffic policy
6.7.1.1
As the Figure 6-10 s hows below, U ser A , User B , User C a re r espectively be longed t o V LAN1,
VLAN2, VLAN3, and connected to ISCOM2924GF through Switch A, Switch B, Switch C.
User A provides voice and video services, User B provides voice, video and data services, User C
provides video and data services.
According to service requirements from users, make rules as below:
For U ser A, m ust pr ovide 2 5M ba ndwidth, burst t raffic f low p ermit 100K B, di scarding r edundant
traffic;
For U ser B , m ust pr ovide 35M ba ndwidth, bur st t raffic f low pe rmit 100 KB, di scarding r edundant
traffic;
For U ser C , m ust pr ovide 30M ba ndwidth, bur st t raffic f low pe rmit 100 KB, di scarding r edundant
traffic.
Figure 6-10 Traffic rate limit over traffic policy
6.7.1.2
Configuration steps
Create and configure traffic classification, classify different users according to VLAN ID.
Raisecom#config
Raisecom(config)#class-map usera match-any
Raisecom(config-cmap)#match vlan 1
Raisecom(config-cmap)#quit
Raisecom(config)#class-map userb match-any
135
www.raisecom.com
User Manual
Raisecom(config)#class-map userc match-any
Create traffic rate limit rule.

Raisecom(config)#mls qos single-policer usera 25000 100 exceed-action drop
Raisecom(config)#mls qos single-policer userb 35000 100 exceed-action drop
Raisecom(config)#mls qos single-policer userc 30000 100 exceed-action drop
Create and configure traffic policy.

Raisecom(config)#policy-map usera
Raisecom(config-pmap)#class-map usera
Raisecom(config-pmap-c)#police usera
Raisecom(config)#service-policy usera ingress 2
Raisecom(config)#policy-map userb
Raisecom(config-pmap)#class-map userb
Raisecom(config-pmap-c)#police userb
Raisecom(config)#service-policy userb ingress 3
Raisecom(config)#policy-map userc
Raisecom(config-pmap)#class-map userc
Raisecom(config-pmap-c)#police userc
Raisecom(config)#service-policy userc ingress 4
6.7.1.3
Show result
Show traffic classification configuration by the command of show class-map.
Raisecom#show class-map usera
Class Map match-any usera (id 0)
Match vlan 1
Raisecom#show class-map userb
Class Map match-any userb (id 1)
Match vlan 2
Raisecom#show class-map userc
Class Map match-any userb (id 2)
Match vlan 3
Show rate limit rule configuration by the command of show mls qos policer.
Raisecom(config)#show mls qos policer
single-policer usera
25000
136
www.raisecom.com
User Manual
100
exceed-action drop
Used by policy map usera
single-policer userb
35000
100
exceed-action drop
Used by policy map userb
single-policer userc
30000
100
exceed-action drop
Used by policy map userc
Show traffic policy configuration by the command of show policy-map.

Raisecom(config)#show policy-map
Policy Map usera
Class usera
police usera
Policy Map userb

Class userb
police userb
Policy Map userc

Class userc
police userc
6.7.2 Configure queue schedule application

6.7.2.1
As Figure 6-11 shows below, User A provides voice and video services, User B provides voice, video
and data services, User C provides video and data services.
CoS priority of voice service is 5, CoS priority of video service is 4, CoS priority of data service is 2.
The internal priorities for these three kinds service are respectively 6, 5, and 2.
Make below rules for different service type:
For voice service, need to perform SP schedule, make sure this part of traffic passes preferentially;
For video service, need to perform WRR schedule, weighted at 50;
For data service, need to perform WRR schedule, weighted at 20;
137
www.raisecom.com
User Manual
Figure 6-11 Configure queue schedule
6.7.2.2
Configuration steps
Configure interface priority trust.
Raisecom#config
Raisecom(config-port)#mls qos trust cos
Configure mapping relationship between CoS priority and local priority.

Raisecom(config)#mls qos mapping cos 5 to localpriority 6
Configure queue schedule of SP+WRR.

Raisecom(config)#mls qos queue wrr 1 1 20 1 1 50 0 0
6.7.2.3
Show result
Show m apping r elationship c onfiguration of a ssigned priority b y t he c ommand of show mls qos
138
www.raisecom.com
User Manual
mapping
Raisecom(config)#show mls qos mapping cos
CoS-LocalPriority Mapping:
CoS:
-------------------------------------------------LocalPriority:
Show queue schedule configuration by the command of show mls qos queue.
Raisecom(config)#show mls qos queue
Queue
Weight(WRR)
------------------------1
20
50
Queue
Weight(DRR)
------------------------1
6.7.3 Configure traffic rate limit over interface application

6.7.3.1
As the Figure 6-12 shows below, User A, User B, User C are respectively connected to Switch A,
Switch B, Switch C and ISCOM2924GF.
User A provides voice and video services, User B provides voice, video and data services, User C
provides video and data services.
According to service requirements from users, make rules as below:
For U ser A, m ust p rovide 2 5M ba ndwidth, burst t raffic f low pe rmit 100K B, di scarding r edundant
traffic;
139
www.raisecom.com
User Manual
For U ser B , m ust pr ovide 35M ba ndwidth, bur st t raffic f low pe rmit 100 KB, di scarding r edundant
traffic;
For U ser C , m ust pr ovide 30M ba ndwidth, bur st t raffic f low pe rmit 100KB, di scarding r edundant
traffic.
Figure 6-12 Networking sketch map of traffic rate limit over interface
6.7.3.2
Configuration steps
Configure rate limit over interface.
Raisecom#config
Raisecom(config)#rate-limit port-list 2 ingress 25000 100
6.7.3.3
Show result
Show rate limit configuration over interface by the command of show rate-limit port-list.
Raisecom(config)#show rate-limit port-list 2-4
I-Rate:
Ingress Rate
I-Burst: Ingress Burst

E-Rate:
Egress Rate
E-Burst: Egress Burst

Port
I-Rate(kbps)
I-Burst(kB)
E-Rate(kbps)
E-Burst(kB)
---------------------------------------------------------------------P2
25000
100
3448
34
P3
35000
100
3448
34
P4
30000
100
1048576
512
140
www.raisecom.com
User Manual
Chapter 7 Multicast
This c hapter i ntroduces b asic pr inciple a nd c onfiguration of m ulticast a nd provides r elated

Overview
Configure IGMP foundation
Configure IGMP Snooping
Configure IGMP MVR
Configure IGMP Proxy
Maintenance
7.1 Overview
7.1.1 Multicast overview
With t he c ontinuous d evelopment of I nternet ne twork, the various interacting network data, v oice
and video will become more and more; the other hand, the emerging e-commerce, online meetings,
online a uctions, v ideo on d emand, di stance l earning a nd ot her s ervices also rise gradually. These
services come up w ith higher r equirements for ne twork ba ndwidth, i nformation security and pa id.
Traditional unicast and broadcast cannot meet these requirements well, while multicast has met them
timely.
Multicast is a poi nt to m ultipoint data transmission m ethod. The m ethod can effectively s olve t he
single point sending and multipoint receiving problems. During the network packet transmission, it
can save network resources and improve information security.
7.1.1.1
Comparison among unicast, broadcast and multicast

Multicast is a kind of packets transmission which is parallel with unicast and broadcast.
Unicast: T he s ystem e stablished a data transmission path f or e ach us er w ho ne eds t he
information, a nd s ent s eparate c opy i nformation f or them. Through unicast, t he a mount o f
information transmitted over the network is proportional to the number of user, so when the
number of users becomes huge, there will be more identical information in network. At this
point, bandwidth will become an important bottleneck, and unicast will not be conducive to
large-scale information transmission.
Broadcast: The system sends information to all users, whether they need or not, any user will
receive it. Through broadcast, the information source delivers information to all users in the
network s egment, w hich m ade t he i nformation s ecurity a nd paid s ervice l ose gua rantee. In
addition, w hen the num ber of us ers w ho re quires this kind of information decreases, the
utilization of network resources will be very low, the bandwidth will be wasted seriously.
Multicast: When some users in the network need specific information, the sender only sends
one piece of information, then the transmitted information can be reproduced and distributed
in fork junction as far as possible.
As shown in the Figure 7-1, assume that User B and User C need information, you can use multicast
141
www.raisecom.com
User Manual
transmission to combine User B and User C to a receiver set, then the information source just needs
to s end one piece of information. E ach switch in t he network will establish their m ulticast
forwarding t able a ccording t o IGMP pa ckets, a nd f inally transmit the information to the a ctual
recipient B and C.
Figure 7-1 Multicast transmission networking

In summary, the unicast is for sparse network users and broadcast is for dense network users. When
the number of users in the network is uncertain, unicast and broadcast will present a low efficiency.
When t he num ber of us ers are doubl ed a nd r edoubled, the m ulticast mode ne eds not t o increase
backbone bandwidth, but sends information to the user in need. These advantages of multicast make
itself become a hotspot in the current network technology study.
7.1.1.2
The advantages and application of multicast

Comparing with unicast and broadcast, the advantages of multicast are as below:
Improve efficiency: reduce network traffic, relieve server and CPU load.
Optimize performance: reduce redundant traffic and guarantee the information security.
Distributed applications: solve the problem of point-point data transmission.
The multicast technology is mainly used in the following aspects:
multimedia, s treaming media a pplications, s uch a s: n etwork t elevision, ne twork r adio,
real-time video / audio conferencing;
training, cooperative operations communications, such as: distance education, telemedicine;
data warehousing, financial applications (stock);
any other "point-to-multipoint" applications
7.1.1.3
Basic concept in multicast

Multicast group
Multicast gr oup refers t o the recipient s et using the s ame IP m ulticast addres s identification. Any
user host (or other receiving device) will become a member of the group after joining the multicast
group. They can identify and receive multicast da ta with t he de stination a ddress of IP m ulticast
address.
142
www.raisecom.com
User Manual
Multicast group members

All hos ts joi ned a multicast gr oup will be come a member of t he multicast gr oup. M ulticast gr oup
members are dynamic, hosts can join or leave multicast group at any time. Group members may be
widely distributed in any part of the network.
Multicast source
Multicast source refers to a server which regards multicast group address as the destination address
to send IP packet. A multicast source can send data to multiple multicast groups; multiple multicast
sources can send to a multicast group.
Multicast router
Router in the network that supports layer-3 multicast function is called the multicast router. Multicast
router can achieve multicast routing, guide multicast packet forwarding and provide multicast group
management function to distal network segment connecting with users.
Router interface
Router interface refers to the interface toward multicast router between multicast router and the host.
The device receives multicast packets from this interface.
Member interface
Known as the receiving interface, member interface is the interface toward host be tween multicast
router and the host. The device sends multicast packets from this interface.
The locations of multicast router interface and the receiving interface are shown in Figure 7-2.
Figure 7-2 Sketch map of basic concepts in multicast
7.1.1.4
Multicast address
In or der to make multicast s ource and multicast group members communicate across the I nternet,
you ne ed t o pr ovide network-layer m ulticast address a nd l ink-layer multicast a ddress, i.e. IP
multicast a ddress a nd m ulticast M AC a ddress. Note: m ulticast a ddress onl y can be de stination
address, but not source address.
IP multicast address
143
www.raisecom.com
User Manual
IANA (Internet Assigned Numbers Authority) assigns Class D address space to IPv4 multicast; the
range of IPv4 multicast address is from 224.0.0.0 to 239.255.255.255.
Multicast MAC address
When Ethernet transmits unicast IP packet, the destination MAC address will use the recipient MAC
address. However, when multicast packets are in transmission, the destination is no longer a specific
receiver, but a group with uncertain member, so it needs to use multicast MAC address.
Multicast MAC address for link layer identifies the receiver of the same multicast group.
According to IANA, the high 24-bit of multicast MAC address are 0x01005E, the 25-bit is fixed 0,
the 23-bit corresponds to the low 23-bit of IPv4 multicast address.
The mapping relation between IP multicast address and MAC address is shown in Figure7-3
Figure 7-3 Mapping relation between IPv4 multicast address and multicast MAC address
Since the first 4 bits of IP multicast address are 1110, indicating multicast identification. In the last
28bits, only 23 bits are mapped to the multicast MAC address. And the missing 5 bits information
will make 32 IP multicast addresses map to the same multicast MAC address. Therefore, in Layer 2,
the device may receive some other data out of IP v4 multicast group, and these extra multicast data
need to be filtered by the upper device.
7.1.1.5
Basis of multicast protocol

It needs to deploy a variety of multicast protocols for interworking and operating in various positions
of network to achieve a complete set of multicast services.
Typically, IP m ulticast w orking at n etwork layer is c alled "Layer-3 multicast", t he c orresponding
multicast pr otocol is called " Layer-3 multicast pr otocol," i ncluding I GMP ( Internet G roup
Management Protocol), etc.; IP multicast working at data link layer is called "layer 2 multicast", the
corresponding m ulticast f eature is called "layer-2 multicast protocol", i ncluding IGMP S nooping
(Internet Group Management Protocol Snooping) and so on.
The operating positions of IGMP and Layer-2 multicast features are shown in Figure 7-4.
144
www.raisecom.com
User Manual
Figure 7-4 The operating positions of IGMP and Layer-2 multicast features
IGMP i s t he pr otocol r esponsible f or I Pv4 multicast member management in TCP / IP protocol
family. IGMP r uns b etween m ulticast r outer a nd hos t, de fines t he establishment a nd maintenance
mechanism of multicast gr oup m embership be tween host and multicast r outer. IGMP d oes not
contain the transmission and maintenance of group membership between multicast routers, which is
completed by multicast routing protocol.
IGMP manages group members by I GMP messages interaction be tween host and multicast router.
IGMP messages are encapsulated in IP messages, including Query messages, Report messages and
Leave messages. The basic functions of IGMP are:
Host sends Report messages joining multicast group, sends Leave messages leaving multicast group,
and automatically decides which multicast group messages to receive.
The multicast rout er se nds Query messages periodically and receives Report messages and Leave
messages from hosts to understand the multicast group members in connected network segment. The
multicast data will be forwarded to the network segment if there are multicast group members; not
forward if no multicast group members.
Up to now, IGMP has three versions: IGMPv1 version, IGMPv2 version and IGMPv3 version, the
new version is fully compatible with old version. Currently the most widely used version is IGMPv2,
while Leave messages only apply to IGMPv2 and IGMPv3.
Layer-2 multicast manages a nd c ontrols multicast gr oups by monitoring a nd a nalyzing IGMP
messages be tween hosts a nd multicast r outers as s o to achieve multicast data f orwarding a nd
suppress multicast data diffusion in layer-2 network.
7.1.1.6
The supported multicast performance

The device is in support of the following multicast features:
Basic function of IGMP
IGMP Snooping
IGMP MVR
IGMP Proxy (IGMP Proxy)
IGMP filtering
Note:
The functions of IGMP Snooping and IGMP MVR on ISCOM2924GF device can be enabled
simultaneously.
ISCOM2924GF device is in support of IGMPv1and IGMPv2 simultaneously.
145
www.raisecom.com
User Manual
7.1.2 Basic functions of IGMP

The basic functions of IGMP are shown below:
Assign multicast router interface;
Enable instant-leaving function;
Set multicast forwarding entries and router interface aging time;
Enable IGMP ring network forwarding function.
The basic function of IGMP provides Layer-2 multicast common features, which can be used when
the device enables IGMP Snooping or IGMP MVR function.
Note: The basic function configuration is valid to IGMP Snooping or IGMP MVR simultaneously.
The concepts description related to IGMP basic functions is as below:
Multicast router interface
The r outer i nterface can be l earnt dynamically (need t o e nable multicast routing protocol on
multicast routers, learn by IGMP query messages) on layer-2 multicast switch, or set manually so as
to forward downstream multicast report and leave messages to the router interface.
Router interface learnt dynamically has aging time, while the router interface c onfigured manually
will not be aged.
Aging time
Set the aging time applying to both of multicast forwarding entry and router interface.
On layer-2 switch running multicast function, every router interface learnt dynamically will enable a
timer; the timer timeout is "IGMP Snooping aging time." The router interface will be deleted without
receiving IGMP Query messages at aging time; Update timeout for router interface when receiving
IGMP Query messages.
Each multicast forwarding entry will enable a timer, that is, the aging time of multicast member; the
timer tim eout is "IGMP S nooping a ging t ime". The m ulticast member w ill be deleted without
receiving IGMP Report messages at aging time; Update timeout for multicast forwarding entry when
receiving IGMP Report messages.
Instant-leaving function
On layer-2 s witch r unning m ulticast function, us er w ill not de lete t he c orresponding multicast
forwarding entry immediately, but wait until the entry is aged when sending Leave messages. Enable
this function to delete the corresponding multicast forwarding entry quickly when there are a large
number of downstream users and adding leaving is more frequent.
Note: Instant-leaving function only applies to IGMP v2/v3 versions.
IGMP ring network forwarding function
On layer-2 s witch r unning multicast f unction, t he IGMP r ing ne twork f orwarding function c an be
enabled to any type of interfaces.
Enabling IGMP ring ne twork forwarding can achieve multicast ba ckup protection in ring ne twork,
make the m ulticast service m ore stable, and prevent l ink failure from causing multicast s ervice
failure.
IGMP ring network forwarding function applies to Ethernet ring, STP / RSTP / MSTP ring and
G.8032 ring, etc.
146
www.raisecom.com
User Manual
7.1.3 IGMP Snooping

IGMP S nooping ( Internet G roup M anagement Protocol S nooping) i s m ulticast c onstraining
mechanism r unning on L ayer-2 devices, us ed for m ulticast gr oup m anagement a nd c ontrol and
achieve layer-2 multicast.
IGMP S nooping a llows t he switch t o m onitor I GMP session between hos ts and m ulticast r outers.
When monitoring a group of IGMP Report from host, the switch will add host-located interface to
the f orwarding e ntry of t his gr oup; similarly, w hen f orwarding entry arriving at aging t ime, the
switch will delete host-located interface from forwarding entry.
IGMP Snooping forwards multicast da ta by layer-2 multicast forwarding entry. When receiving
multicast da ta, the switch will forward them directly according to the corresponding receiver
interface of multicast f orwarding e ntry, but not f lood t o a ll i nterfaces, so as to save the switch
bandwidth effectively.
IGMP Snooping establishes layer-2 multicast forwarding entry, which can be learnt dynamically or
configured manually.
Currently, the switch is in support of up to 1024 layer-2 multicast forwarding entries.
7.1.4 IGMP MVR

IGMP MVR (Multicast VLAN Registration) is multicast constraining mechanism running on layer-2
devices, used for multicast group management and control and achieve layer-2 multicast.
IGMP MVR adds member interfaces belonging to different user VLAN in switch to multicast VLAN
by configuring multicast VLAN and makes different VLAN user uses one common multicast VLAN,
then the multicast data will be transmitted only in one multicast VLAN without copying one for each
user VLAN, t hus s aving b andwidth. At the s ame t ime, multicast V LAN and us er V LAN ar e
completely isolated which also increases the security.
Both IGMP MVR and IGMP Snooping can achieve layer-2 multicast, but the difference is: Multicast
VLAN in IGMP Snooping is the same with user VLAN, while multicast VLAN in IGMP MVR can
be different with user VLAN.
Note: One switch can configure up t o 10 m ulticast VLAN, at least one multicast VLAN and group
addresses. The supported maximum number of multicast groups is 1024.
7.1.5 IGMP Proxy

IGMP Proxy i s a n IGMP protocol proxy mechanism. It is used for a ssisting IGMP to manage a nd
control multicast group. IGMP Proxy will terminate IGMP packets; It can proxy h ost function and
also pr oxy m ulticast r outer f unctions f or t he ne xt a gent. E nable L ayer 2 ne twork device of I GMP
Proxy feature, there are two identities:
On t he us er s ide, i t i s a query bui lder a nd un dertakes t he r ole of Server, s ending Query
packets and periodically checking user information, and dealing with the Report and Leave
packets from user.
On t he network r outing s ide, i t i s a hos t a nd unde rtakes t he r ole of C lient, r esponding t he
multicast r outer Q uery pa cket and s ending Report an d Leave pa ckets. It s ends the us er
information to the network when they are in need.
The proxy mechanism can control and access user information effectively, at the same time, reducing
147
www.raisecom.com
User Manual
the ne twork s ide pr otocol packet a nd n etwork l oad. IGMP Proxy e stablishes multicast pa cket
forwarding list by intercepting IGMP packet between the user and the multicast routers.
7.1.6 IGMP filtering

In or der t o c ontrol us er a ccess, y ou c an s et IGMP f iltering. I GMP f iltering contains acces sible
multicast group scope limited by filter template and the maximum number of groups:
IGMP filtering template
To e nsure i nformation s ecurity, t he a dministrator ne eds t o l imit t he multicast us ers, s uch a s what
multicast data are allowed to receive and what are not.
Configure IGMP Profile filtering template to control the interface. One IGMP Profile can be set one
or more multicast group access control restrictions and access the multicast group according to the
restriction rules ( permit and deny). If a r ejected IGMP P rofile filtering template is applied to the
interface, the interface will discard the IGMP report message from this group directly once receiving
it and doesnt allow receiving this group of multicast data.
IGMP filtering template can be configured on interface or "interface + VLAN".
IGMP Profile only applies to dynamic multicast groups, but not static ones.
Limit to the maximum number of multicast group
The maximum al lowed adding number of multicast gr oup a nd the maximum gr oup limitation rule
can be set on interface or "interface + VLAN.
The maximum group limitation rule sets the actions for reaching the maximum number of multicast
group us ers added, which c an be no l onger allowing us er a dding groups, or c overing t he or iginal
adding group.
Note: IGMP filtering is generally used with IGMP Snooping/IGMP MVR.
7.2 Configure IGMP foundation

7.2.1 Configure basic function of IGMP
Please configure basic function of IGMP for the device as below
Step
Configuration
Description
Raisecom#config
Raisecom(config)#igmp mrouter vlan

vlan-id { interface-type interface-number }
(Optional) Configure multicast routing interface
Raisecom(config)#igmp immediate-leave
{ interface-type interface-number } [ vlan
vlan-list ]
(Optional) Configure interface or the immediate-leave

function of interface + VLAN.
Raisecom(config)#igmp timeout { period |

infinite }
(Optional) Configure the aging time for multicast

forwarding table entry.
The aging time set by this command is valid to all
dynamic learning router interface and multicast
forwarding table entries.
148
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#igmp ring
interface-type interface-number
(Optional) Enable IGMP ring network forwarding

function of the interface.
static multicast mac-address vlan vlan-id
interface-type interface-number-list
(Optional) Configure to add interface to static

multicast group.
Interface joins the multicast group usually through the
IGMP Report message transmitted by host. User also
can add an interface to a multicast group manually.
7.2.2 Check configuration

Please check configuration result by the following command:
No.
Item
Description
Raisecom#show igmp mrouter
Show multicast routing interface configuration.
Raisecom#show igmp immediate-leave

[ interface-type interface-number ]
Show immediate-leave configuration of IGMP.
Raisecom#show igmp statistics

Show IGMP statistics.
7.3 Configure IGMP Snooping

7.3.1 Configuration preparation
7.3.1.1
As the Figure 7-5 shows below, multiple hosts receive multicast source data, and multiple hosts
belong to the same VLAN. It can run IGMP Snooping on switch connecting multicast router and host
and establish and maintain multicast forwarding table by monitoring the message between multicast
routers and hosts to achieve Layer 2 multicast.
Figure IGMP Snooping application scene

149
www.raisecom.com
7.3.1.2
User Manual
Precondition
Before c onfiguring I GMP Snooping, you s hould create t he V LAN a nd j oin t he c orresponding
interface to VLAN.
7.3.2 Default configuration of IGMP Snooping

The default configuration of IGMP Snooping is as below:
Function
Default value
Global IGMP Snooping status
Disable
VLAN IGMP Snooping status
Disable
7.3.3 Configure IGMP Snooping function

Please configure IGMP Snooping function as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#igmp snooping
Enable global IGMP Snooping.
vlan vlan-list
Enable VLAN IGMP Snooping.
(Optional) Configure static multicast
static multicast mac-address vlan
forwarding table.
vlan-id interface-type
Interface joins the multicast group usually
interface-number-list
through the IGMP Report message
transmitted by host. User also can add an
interface to a multicast group manually.

No.
Item
Description
Raisecom#show igmp snooping [ vlan vlan-list ]
Show IGMP Snooping configuration.
Raisecom#show igmp snooping member

[ interface-type interface-number | vlan vlan-id ]
Show IGMP Snooping multicast

group member configuration.
150
www.raisecom.com
User Manual
7.4 Configure IGMP MVR

7.4.1.1
As the Figure 7-6 shows below, when multiple users need to receive data from the multicast source,
the da ta among multiple us ers and multicast r outers all belongs to different VLAN. User can run
IGMP M VR function o n Switch A, configure multicast V LAN s o as t o make u sers in different
VLAN receive the same multicast data with one multicast VLAN and also reduce bandwidth waste.
Figure 7-6 IGMP MVR application scene
7.4.1.2
Precondition
Before configuring IGMP MVR, you should create a VLAN and join the corresponding interface to
the VLAN.
7.4.2 Default configuration of IGMP MVR

The default configuration of IGMP MVR is as below:
Function
Default value
Global IGMP MVR status
Disable
Interface IGMP MVR status
Disable
Multicast VLAN and group address set
N/A
151
www.raisecom.com
User Manual
7.4.3 Configure IGMP MVR function

Please configure IGMP MVR function as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#igmp mvr
Enable global IGMP MVR function.
Enable interface IGMP MVR function.
Raisecom(config)#igmp mvr mcast-vlan

vlan-id group { start-ip-address
[ end-ip-address ] | any }
Configure multicast VLAN IP address.
Note: After enabling IGMP MVR, the

device needs to configure multicast VLAN
and binding group address set, do nothing
to Report message if the receiving IGMP
Report message doesnt belong to any
VLAN IP address set, user cannot demand
to multicast traffic.
static multicast mac-address vlan vlan-id
interface-type interface-number-list
(Optional) Configure static multicast

forwarding table.
Interface joins the multicast group usually
through the IGMP Report message
transmitted by host. User also can add an
interface to a multicast group manually.

No.
Item
Description
Raisecom#show igmp
mvr[ interface-type interface-number ]
View IGMP MVR configuration.
Raisecom#show igmp mvr member

[ interface-type interface-number |
user-vlan vlan-id ]
View IGMP MVR multicast

group members information.
Raisecom# show igmp mvr vlan-group

[ mcast-vlan vlan-id ]
View multicast VLAN and

group address set.
7.5 Configure IGMP Proxy

7.5.1.1
There are multiple hosts or multiple user subnets in a large-scale multicast protocols application
network. Configure IGMP pr oxy on switch which connects w ith multicast r outer and h ost t o
intercept the IGMP packets and reduce network burden.
IGMP P roxy can reduce t he configuration a nd management w ork of multicast r outers to users
subnets, at the same time, achieve the multicast connection of customer subnet.
152
www.raisecom.com
User Manual
IGMP Proxy function is generally used with IGMP Snooping or IGMP MVR.
7.5.1.2
Precondition
Before c onfiguring IGMP Proxy, you should c reate V LAN a nd join the c orresponding interface to
the VLAN.
7.5.2 Default configuration of IGMP Proxy

The default configuration of IGMP Proxy is as below:
Function
Default value
IGMP Proxy status
Disable
IGMP message suppression function
Disable
IGMP querier function
Disable
IGMP querier and source IP address

of IGMP Proxy transmission message
Use the IP address of IP interface 0, or use

0.0.0.0 if the IP interface 0 hasnt be configured.
IGMP query interval
60s
The maximum response time of

Query transmission message
10s
The Query transmission interval of

final member
1s
7.5.3 Configure IGMP Proxy function

Please configure IGMP Proxy function as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#igmp proxy
Enable IGMP Proxy function
suppression
Enable IGMP packet suppression function.
Raisecom(config)#igmp proxy querier
Enable IGMP querier function
Raisecom(config)#igmp proxy source-ip

ip-address
(Optional) Configure source IP address of

query packet sent by IGMP Proxy querier.
query-interval seconds
(Optional) Configure IGMP query interval.
query-max-response-time period
(Optional) Configure the maximum response

time of Query packet.
last-member-query period
(Optional) Configure the Query transmission

interval of final member.
Note:
153
www.raisecom.com
User Manual
Configure IGMP P roxy if it isnt ena bled: set source I P address, t he que ry interval, the
maximum response time of Query packet transmission, Query transmission interval of final
member, once MVR Proxy is started, the configuration takes effect immediately.
IGMP Proxy function can be started when enabling IGMP Snooping or IGMP MVR.

No.
Item
Description
Raisecom#show igmp proxy
View IGMP Proxy configuration information
7.6 Configure IGMP filtering

7.6.1.1
The di fferent us ers in the s ame multicast group receive different multicast requirements a nd
permissions, allow configuring filter rule on switch which connects multicast router and user host so
as to restrict multicast users. It also can set the maximum number of multicast group allowing user
joining. IGMP Proxy function is generally used with IGMP Snooping or IGMP MVR.
7.6.1.2
Precondition
Before configuring IGMP filtering, you should create VLAN and join the corresponding interface to
the VLAN.
7.6.2 Default configuration of IGMP filtering

The default configuration of IGMP filtering is as below:
Function
Default value
Global IGMP filtering
Disable
IGMP filtering template Profile
N/A
IGMP filtering template action
Refuse
IGMP filtering under interface
No maximum group limitation, the largest group

action is drop, no application filter template
IGMP filtering under interface + VLAN
No maximum group limitation, the largest group

action is drop, no application filter template
7.6.3 Configure to enable global IGMP filtering

Please configure to enable global IGMP filtering as below:
154
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#igmp filter
Enable global IGMP filtering
Note: When configuring IGMP filtering template or the maximum group limitation, please use the
command igmp filter to enable global IGMP filtering at first.
7.6.4 Configure IGMP filtering template

IGMP filtering template can be used to interface or interface + VLAN.
Please configure IGMP filtering template as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#igmp filter profile

profile-number
Create Profile and enter Profile configuration mode.
Raisecom(config-igmp-profile)#permit |
deny
(Optional) Configure IGMP Profile action.
Raisecom(config-igmp-profile)#range
range-id start-ip-address [ end-ip-address ]
Configure to control IP multicast address access and

range.
Raisecom(config-igmp-profile)#exit
Enter physical layer interface configuration mode or

aggregation group configuration mode.
Raisecom(config)#interface interface-type
interface-number
6
Raisecom(config-port)#igmp filter profile

profile-number [ vlan vlan-list ]
Configure IGMP Profile filtering template to

physical interface or interface + VLAN.
Raisecom(config-aggregator)#igmp filter
profile profile-number [ vlan vlan-list ]
Configure IGMP Profile filtering template to

aggregation group interface or interface + VLAN.
Note: Perform the command of igmp filter profile profile-number in interface configuration mode
to make the created IGMP Profile apply to the specified interface. One IGMP Profile can be applied
to multiple interfaces, but each interface can have only one IGMP Profile.
7.6.5 Configure the maximum multicast group number restriction

User can add the maximum multicast group number restriction a pplied to interface or interface +
VLAN.
Please take the following configuration to the device:
Step
Configuration
Description
Raisecom#config
Enter physical layer interface configuration mode

or aggregation group configuration mode.
Raisecom(config-port)#igmp filter
max-groups group-number [ vlan
vlan-list ]
Configure the maximum multicast group number

restriction to physical interface or interface +
VLAN.
155
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config-aggregator)#igmp
filter max-groups group-number
[ vlan vlan-list ]
Configure the maximum multicast group number

restriction to aggregation group interface or
interface + VLAN.
Raisecom(config-port)#igmp filter
max-groups action { drop |
replace } [ vlan vlan-list ]
(Optional) Configure the action over maximum

multicast group number restriction in physical
interface or interface + VLAN.
Raisecom(config-aggregator)#igmp
filter max-groups action { drop |
replace } [ vlan vlan-list ]
(Optional) Configure the action over maximum

multicast group number restriction in aggregation
group interface or interface + VLAN.

No.
Item
Description
Raisecom#show igmp filter [interface|

interface-type interface-number [vlan vlan-id ] ]
View IGMP filtering configuration.
Raisecom#show igmp filter profile

[ profile-number ]
View IGMP Profile information.
7.7 Maintenance
Users can maintain multicast features operation and configuration by the following command.
7.8
Command
Description
Raisecom(config)#clear igmp statistics

Clear IGMP statistic information
Raisecom(config)#no igmp member

Delete specified multicast

forwarding table entry.
Configuration application
7.8.1
7.8.1.1
Configure IGMP Snooping and IGMP Proxy application

Network requirements
As Shown in Figure 7-7, the switch interface Port 1 connects with multicast router; interface Port 2
and Port 3 connects users. All multicast users belong to the same VLAN10; It is needed to configure
IGMP Snooping on the switch to receive multicast data with the address 234.5.6.7.
Enable the IGMP P roxy function on switch to r educe communication between the hosts and
multicast routers and achieve multicast function.
When the P C and set-top box a dd i nto t he s ame m ulticast gr oup, t he s witch r eceives t wo I GMP
Report messages and only sends one of them to multicast router. The IGMP Query message sent by
multicast will no longer forward downstream, but transmit IGMP Query message
156
www.raisecom.com
User Manual
Figure 7-7 IGMP Snooping application networking
7.8.1.2
Configuration steps
Create VLAN and add interface to VLAN.
Raisecom#config
Raisecom(config-port)#switchport trunk native vlan 10
Configure to enable IGMP Snooping.

Raisecom(config)#igmp snooping vlan 10
Configure IGMP Proxy function.

Raisecom(config)#igmp proxy suppression
Raisecom(config)#igmp proxy querier
source-ip 192.168.1.2
157
www.raisecom.com
7.8.1.3
User Manual
Show result
Check whether IGMP Snooping configuration is correct.
Raisecom#show igmp snooping
igmp snooping
:Enable
igmp snooping active vlan
:10
igmp router alert examine
:Disable
igmp aging time(s)
:300
igmp ring
:--
Check whether IGMP Snooping multicast group member information is correct.

Raisecom#show igmp snooping member vlan 10
Port
Vlan
GroupID
Live-time
------------------------------------------------------port 1
10
234.5.6.7
270
Check whether IGMP Proxy configuration is correct.

Raisecom#show igmp proxy
Igmp Proxy Status
Igmp Proxy Suppression Status
:Enable
:Enable
Igmp Proxy Querier Status
:Enable
Igmp Proxy Source Ip
:192.168.1.2
Igmp Query Interval(s)
:60
Query Max Response Interval(s)
:10
Last Member Query Interval(s)
:1
Next IGMP General Query(s)
7.8.2
7.8.2.1
:10
Configure IGMP MVR application

As shown in Figure 7-8, interface Port 1 of Switch A connects with multicast router, interfaces Port 2
and Port 3 connect with users in different VLAN to receive multicast 234.5.6.7 and 225.1.1.1 data.
Configuring IGMP MVR function on Switch A to designate VLAN3 as a multicast VLAN, then the
multicast data can only be copied one time in the multicast VLAN instead of copying for each user
VLAN, thus saving bandwidth.
158
www.raisecom.com
User Manual
Figure 7-8 IGMP MVR application networking
7.8.2.2
Configuration steps
Create VLAN on Switch A and add the interface into it.
Raisecom(config)#config
Raisecom(config)#creat vlan 3,12,13 active
Raisecom(config-port)#switchport trunk untagged vlan 12,13
Raisecom(config-port)#switchport trunk untagged vlan 3
Configure IGMP MVR function on Switch A.

Raisecom(config)#igmp mvr port 2,3
Raisecom(config)#igmp mvr mcast-vlan 3 group 234.5.6.7
Raisecom(config)#igmp mvr mcast-vlan 3 group 225.1.1.1
159
www.raisecom.com
7.8.2.3
User Manual
Show result
Check whether the IGMP MVR configuration configuration is correct.
Raisecom#show igmp mvr
igmp mvr running
:Enable
igmp mvr port
:port-list 2-3
igmp mvr multicast vlan(ref)
:3(2)
igmp router alert examine
:Disable
igmp aging time(s)
:300
igmp ring
:--
Check whether the multicast VLAN and group address information are correct.
Raisecom#show igmp mvr vlan-group
mcast-vlan
start-group
end-group
-------------------------------------------
7.8.3
7.8.3.1
225.1.1.1
225.1.1.1
234.5.6.7
234.5.6.7
Configure IGMP filtering example under the interface

Enable IGMP filtering on switch, add interface filter rule to restrict multicast user.
As shown in Figure 7-9, create IGMP filtering rules Profile 1, set address range between 234.5.6.7
and 234.5.6.10, the action is in green light. According to IGMP filtering rules under the interface Port
2, set-top box can join the multicast group 234.5.6.7, but not the multicast group 234.5.6.11; Port 3
hasnt enabled filtering rule and PC can the multicast group 234.5.6.11.
Set the maximum gr oup l imitation to interface Port 2, a fter a dding s et-top boxe s 234.5. 6.7, a dd
234.5.6.8 and quit the previous 234.5.6.7 multicast group.
As Figure 7-9 shows, use IGMP MVR function to provide multicast service.
Figure 7-9 IGMP filtering networking

160
www.raisecom.com
7.8.3.2
User Manual
Configuration steps
Create VLAN and add the interface into it.
Raisecom#config
Raisecom(config)#creat vlan 3,12,13 active
Raisecom(config-port)#switchport trunk untagged vlan 12,13
Configure IGMP MVR function.

Raisecom(config)#igmp mvr port 2,3
Raisecom(config)#igmp mvr mcast-vlan 3 group any
Configure IGMP filtering template.

Raisecom(config)#igmp filter profile 1
Raisecom(config-igmp-profile)#permit
Raisecom(config-igmp-profile)#range 1 234.5.6.7 234.5.6.10
Raisecom(config-igmp-profile)#exit
Configure IGMP filtering template to set-top box.

Raisecom(config)#igmp filter
Raisecom(config-port)#igmp filter profile 1
Configure the maximum group number limitation for set-top box interface.
Raisecom(config-port)#igmp filter max-groups 1
Raisecom(config-port)#igmp filter max-groups action replace
7.8.3.3
Show result
Check whether the IGMP filtering configuration is correct.
Raisecom#show igmp filter port 2
161
www.raisecom.com
User Manual
IGMP profile:
MaxGroup:
7.8.4
7.8.4.1
Currentgroup:
action:
replace
Configure ring network multicast application example

Configure IGMP r ing f orwarding f unction on s ingle E thernet r ing t o make multicast s ervice more
stable and prevent multicast service from disrupting by some failure links.
As shown in Figure 7-10, Port 1 a nd Port 2 of Switch A, Port 2 a nd Port 3 of Switch B, Port 2 a nd
Port 4 of Switch C constitute an physical ring, multicast traffic input from Port 1 of Switch B. The
user who need multicast stream goes through Port 5 and Port 6 interfaces of Switch C. By doing this,
whichever links fail in the Switch, it will not affect customers on-demand multicast stream.
When using single Ethernet ring to provide multicast services, you can adopt IGMP MVR or IGMP
Snooping function to receive the multicast stream.
Take STP providing ring network detection and IGMP Snooping providing multicast function for an
example:
Figure 7-10 Ring network multicast application networking
7.8.4.2
Configuration steps
Enable STP function, create VLAN and add interface into the VLAN.
Configure Switch A
162
www.raisecom.com
User Manual
SwitchA#config
SwitchA(config)#spanning-tree mode stp
SwitchA(config)#exit
SwitchA(config-port)#interface port 2
Configura Switch B
SwitchB#config
SwitchB(config)#spanning-tree mode stp
Configura Switch C
SwitchC#config
SwitchC(config)#spanning-tree mode stp
SwitchC(config-port)#switchport trunk native vlan 200
SwitchC(config-port)#switchport trunk native vlan 200
Enable IGMP Snooping and IGMP ring network forwarding function.

Configure Switch A
SwitchA(config)#igmp ring port 1,2
SwitchA(config)#igmp snooping
SwitchA(config)#igmp snooping vlan 200
Configura Switch B
SwitchB(config)#igmp ring port 2,3
SwitchB(config)#igmp snooping
SwitchB(config)#igmp snooping vlan 200
Configura Switch C
163
www.raisecom.com
User Manual
SwitchC(config)#igmp ring port 2,4
SwitchC(config)#igmp snooping
SwitchC(config)#igmp snooping vlan 200
7.8.4.3
Show result
Disconnect any one link in ring link to check whether the multicast traffic can be reveived normally.
164
www.raisecom.com
User Manual
Chapter 8 Security
This c hapter i ntroduces b asic pr inciple a nd c onfiguration of s ecurity a nd pr ovides r elated

Overview
ACL
RADIUS
TACACS+
Storm Control
Maintenance
8.1 Overview
Network application is getting more and more popular with the continuous development of Internet.
More and more enterprises speed up its development by using network. To ensure data and resource
security in open network environemtn become more and more important. Besides, some user access
network unconsciously but cause damage to network also lead device performance degrade or even
cause abnormal.
To d eploy a ccess c ontrol, user a uthentication, e tc. s ecurity t echnology c an effectively i mprove
network and device security.
8.1.1 ACL
ACL (Access Control List) is a set of ordered rules, which can control the device to receive or refuse
to some data message.
User needs to configure rules in network to control illegal packets influent network perofmrnace and
decide packets allowed passing. These rules are defined by ACL.
ACL is a series of rule composed by permit | deny sentences. The rules are described according to
source a ddress, destination a ddress, por t I D of da ta pa ckets. Device j udges r eceiving or r ejecting
packets according to the rules.
8.1.2 RADIUS
RADIUS (Remote Authentication Dial I n User S ervice) i s a kind of s tandard communication
protocol t hat a uthenticate r emote acces s us ers intensively. RADIUS uses UDP a s t he t ransmission
protocol (port 1812 and port 1813) which has a good instantaneity; at the same time, RADIUS is in
support of retransmission mechanism and standby server mechanism which has a good reliability.
165
www.raisecom.com
8.1.2.1
User Manual
RADIUS authentication function

RADIUS adopts c lient/server m ode, network access de vice i s us ed as cl ient of RADIUS server.
RADIUS server receives user connecting requests and authenticates users, then reply configuration
information to all clients for providing services. Control user access device and network and improve
network security.
Communication between client and RADIUS server is authenticated by sharing key, which wont be
transmitted on network. Besides, all user directions need to be encrypted when transmitting between
client device and RADIUS server to ensure security.
8.1.2.2
RADIUS accounting function

RADIUS accounting f unction i s us ed t o a uthenticate us er t hrough RADIUS. User s ends a st arting
account packets to RADIUS accrounting server when log in, according to the accounting policy to
send update packet to RADIUS server; when log off, send stopping account packet to RADIUS
accounting server, the packet includes user online time. RADIUS accounting server can record the
access time and operations for each user by the packets.
8.1.3 TACACS+
TACACS+ (Terminal Access Controller Access Control System) i s a ki nd of ne twork a ccess
authentication protocol similar to RADIUS. The differences between them are:
TACACS+ uses TCP port, which has higher transmission reliability compared with UPD port
used by RADIUS.
TACACS+ encrypts the holistic of packets except the standard head of TACACS+, and there
is an area to show whether the data packets are encrypted in the head of packet. Compared to
RADIUS user password encryption, the TACACS+ is much safer.
TACACS+ authentication function is separated from authorization and accounting functions;
it is more flexible in deployment.
In a w ord, TACACS+ is s afer a nd more r eliable than R ADIUS, but RADIUS is used w ider i n
network as an open protocol.
8.1.4 Storm suppression

In most layer-2 network application, unicast traffic flow is much bigger than broadcast traffic flow. If
customer doesnt control broadcast flow, broadcast storm may generate and occupies large amount of
network bandwidth. Broadcast storm can degrade network performance and influence forwarding of
unicast packets or even lead communication halt.
Restricting broadcast traffic flow generated from network on layer-2 device can suppress broadcast
storm and ensure common unicast forwarding normally.
The st orm suppression a llows the interface to filter broadcast pa cket in the ne twork. E nable storm
suppression, when the i nterface r eceiving broadcast m essages are accumulated to a pr edetermined
threshold, the interface will discard broadcast packets automatically. The broadcast packets will be
broadcast normally to the other switch interfaces if this function is not enabled or broadcast packets
are not accumulated to a threshold.
166
www.raisecom.com
User Manual
8.2 Configure ACL

8.2.1.1
ACL can help network device to recognize filter objects. The device recognizes special objects and
then permit or denay packets passing according to the configured policy.
ACL includes the below types:
IP ACL: make classification rule according to source or destination address taken by packets
IP head, port ID used by TCP or UDP, etc. attributes.
IPv6 A CL: m ake c lassification r ule a ccording t o s ource or de stination address t aken by
packets IPv6 head, tag value, etc. attributes.
MAC A CL: make c lassification r ule a ccording t o s ource M AC a ddress, de stination M AC
address, layer-2 protocol type taken by packets layer-2 frame head, etc. attributes.
MAP ACL: MAP ACL can define more protocols and more detailed protocol fields than IP
ACL and MAC ACL, also can match any bytes in the former 64 b ytes of layer-2 data frame
according to users definition.
There are 4 kinds of ACL application according to difference of application environment: ACL over
the whole device, over interface, over flow from ingress port to egress port and over VLAN.
8.2.1.2
Preconditions
N/A
8.2.2 Default configuration of ACL

The default configuration of ACL is as below:
Function
Default value
Function status of device filter
Disable
MAC address matching rules
Mismatch
CoS valuematching rules
Mismatch
Ethernet frame type matching rules
Mismatch
ARP protocol type matching rules
Mismatch
ARP message and MAC/IP address matching rules
Mismatch
IP message matching rules
Mismatch
TCP message matching rules
Mismatch
UDP message matching rules
Mismatch
IGMP message type matching rules
Mismatch
167
www.raisecom.com
User Manual
Function
Default value
IPv6 message matching rules
Mismatch
8.2.3 Configure IP ACL

Please configure IP ACL for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ip-access-list acl-number
{ deny | permit } { protocol-id | icmp | igmp |
ip } { source-ip-address ip-mask | any }
{ destination-ip-address ip-mask | any }
Confiugre IP ACL.
Raisecom(config)#ip-access-list acl-number
{ deny | permit } { tcp | udp }
{ source-ip-address ip-mask | any }
[ source-protocol-port ] { destination-ip-address
ip-mask | any } [ destination-protocol-port ]
8.2.4 Configure IPv6 ACL

Please configure IPv6 ACL for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ipv6-access-list acl-number { deny |

permit } { next-header-value | icmpv6 | ipv6 | tcp |
udp } [ traffic-class class-id ] [ flow-label label-id ]
{ source-ipv6-address/mask | any }
{ destination-ipv6-address/mask | any }
Confiugre IPv6 ACL.
8.2.5 Configure MAC ACL

Please configure MAC ACL for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mac-access-list acl-number
{ deny | permit } [ protocol-id | arp | ip | rarp |
any ] { source-mac-address mask | any}
{ destination-mac-address mask | any }
Confiugre MAC ACL.
168
www.raisecom.com
User Manual
8.2.6 Configure MAP ACL

Please configure MAP ACL for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#access-list-map acl-number
{ deny | permit }
Create M AP A CL list a nd e nter ACLMAP

configuration mode.
Raisecom(config-aclmap)#match mac
{ destination | source } mac-address mask
(Optional) Define m atch rule f or sour ce or

destination MAC a ddress. By default, dont
match MAC address.
Raisecom(config-aclmap)#match cos cos-value
(Optional) Define m atch rule f or Cos value.

By default, dont match Cos value.
Raisecom(config-aclmap)#match ethertype
ethertype [ ethertype-mask ]
(Optional) Define m atch rule for Ethernet

frame type. By default, dont match Ethernet
frame t ype.
Both
ethertype
and
ethertype-mask are he x-decimal di gitals in
format of HHHH.
Raisecom(config-aclmap)#match { arp | eapol |

flowcontrol | icmpv6 | ip | ipv6 | loopback |
mpls | mpls-mcast | pppoe | pppoedisc |
slowprotocol | x25 | x75 }
Raisecom(config-aclmap)#match arp opcode

{ request | reply }
(Optional) Define m atch r ule f or ARP

protocol t ype ( reply pa cket/request pa cket).
By default, dont match ARP protocol type.
Raisecom(config-aclmap)#match arp
{ sender-mac | target-mac } mac-address
(Optional) Define m atch rule for MA C

address of ARP packet. By de fault, do nt
match MAC address for ARP packet.
Raisecom(config-aclmap)#match arp
{ sender-ip | target-ip } ip-address [ ip-mask ]
(Optional) Define m atch rule f or IP addres s

of ARP packet. By de fault, don t m atch IP
address of ARP packet.
10
Raisecom(config-aclmap)#match ip
{ destination-address | source-address }
ip-address [ ip-mask ]

destination IP address. By default, dont match
IP address.
11
Raisecom(config-aclmap)#match ip
precedence { precedence-value | routine |
priority | immediate | flash | flash-override |
critical | internet | network }
(Optional) Define m atch rule f or IP packet

priority. By de fault, don t m atch IP packet
priority.
12
Raisecom(config-aclmap)#match ip tos
{ tos-value | normal | min-monetary-cost |
min-delay | max-reliability |
max-throughput }
(Optional) Define match r ule for ToS value

of IP packet priority. By default, dont match
ToS value of IP packet priority.
13
Raisecom(config-aclmap)#match ip dscp
{ dscp-value | af11 | af12 | af13 | af21 | af22 |
af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 |
cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | default }
(Optional) Define match rule for DSCP value

of IP packet. By de fault, do nt match DSCP
value of IP packet.
14
Raisecom(config-aclmap)#match ip protocol
{ protocol-id | ahp | esp | gre | icmp | igmp |
igrp | ipinip | ospf | pcp | pim | tcp | udp }
(Optional) Define m atch r ule f or pr otocol

value of IP packet. By default, dont match.
(Optional) Define match rule for upper layer

protocol t ype car ried by l aryer-2 packets
head.
169
www.raisecom.com
User Manual
Step
Configuration
Description
15
Raisecom(config-aclmap)#match ip tcp
{destination-port|source-port} {port-id
|bgp|domain|echo|exec|finger|ftp| ftp-data|
gopher|hostname|ident|irc|klogin| kshell| login|
lpd|nntp|pim-auto-rp|pop2|pop3|smtp |sunrpc|
syslog|tacacs|talk|telnet|time|uucp|whois|www}
(Optional) Define m atch r ule f or por t ID o f

TCP packet. By default, dont match port ID
of TCP packet.
16
Raisecom(config-aclmap)#match ip tcp { ack |

fin | psh | rst | syn | urg }
17
Raisecom(config-aclmap)#match ip udp
{destination-port | source-port}
{port-id|biff|bootpc|bootps|domain |
echo|mobile-ip|netbios-dgm|netbios-ns |
netbios-ss|ntp|pim-auto-rp|rip|snmp|snmptrap
|sunrpc|syslog|tacacs|talk|tftp|time|who}
(Optional) Define m atch rule f or TCP

protocol t ag. By de fault, don t m atch TCP
protocol tag.
(Optional) Define m atch rule f or po rt ID o f
UDP packet. By default, dont match port ID
of UDP packet.
18
Raisecom(config-aclmap)#match ip icmp
icmp-type-id [ icmp-code ]
(Optional) Define m atch rule for m essage

type of ICMP packet. By default, dont match
message type of ICMP packet.
19
Raisecom(config-aclmap)#match ip igmp
{igmp-type-id|dvmrp| query|leave-v2|
report-v1|report-v2|report-v3 | pim-v1}
(Optional) Define m atch rule for m essage

type of IGMP packet. By de fault, don t
match message type of IGMP packet.
20
Raisecom(config-aclmap)#match ipv6
{ destination-address | source-address }
ipv6-address/mask

destination a ddress of IPv6 packet. By
default, dont match source or destination
address of IPv6 packet.
21
flow-label label-id
(Optional) Define match rule for flow tag of

IPv6 packet. By default, dont match flow tag
of IPv6 packet.
22
Raisecom(config-aclmap)#match ipv6 protocol

protocol-id
(Optional) Define m atch r ule f or pr otocol

value of IPv6 packet. By default, dont match
protocol value of IPv6 packet.
23
traffic-class class-id
(Optional) Define m atch rule for f low

classification of IPv6 packet. By de fault,
dont m atch flow c lassification of IPv6
packet.
24
Raisecom(config-aclmap)#match user-define
rule-string rule-mask offset
(Optional) Confiugre m atch r ule f or

user-defined field, that is, two pa rameters of
rule mask and offset take an y b yte f rom the
former 64 b ytes of da ta f rame, t hen
comparing with user-defined rule to filter out
matched data frame for processing.
For e xample, if w ant to f ilter a ll T CP
packets, user can defines t he r ule as 06,
rule mask is EF, offset is 27, the rule mask
and of fset v alue w ork t ogether t o f ilter out
content of T CP pr otocol I D f ield, then
comparing with rule and match with all TCP
packets.
Note: Rule must be even number of he x
digital, offset inc ludes f ield 802.1q V LAN
Tag, make the device receives untag packets.
170
www.raisecom.com
User Manual
8.2.7 ACL application on device

Please configure ACL for the device as below.
Note: ACL c annot ta ke e ffective unt il a dding ACL int o filter. Multiple A CL match rules c an be
added into filter to form multiple filter rules. When configuring filter, the order to add ACL match
rule de cides pr iority of t he r ule. The l ater the rul es a re added, t he hi gher t he pr iority is. If the
multiple rules are conflicted in matching calculation, take the higher priority rule as standard. Please
pay attention to the order of rules when setting the commands so as to filter packets correctly.
ACL application over whole device

Step
Configuration
Description
Raisecom#config
Enter Global Configuration mode.
Raisecom(config)#filter
{ all | acl-list } [ statistics ]
Configure filter for the whole device. If configure

parameter of statistics system will statistic
accounts according to filter rule.
Raisecom(config)#filter enable
Enable filter and the rules becom effective.

Enable filter can not only active the fitler rules,
but also make the filter rules set later become
effective. By default, system doesnt enable filter,
the command of filter disable can disable filter.
ACL application over interface

Step
Configuration
Description
Raisecom#config
Raisecom(config)#filter { access-list-map
| ip-access-list | ipv6-access-list |
mac-access-list } { all | acl-list } { ingress
| egress } port-list port-list [ statistics ]
Configure filter on interface. If configure

parameter of statistics system will statistic
accounts according to filter rule.

ACL application over traffic flow from ingress port to egress port
Step
Configuration
Description
Raisecom#config
171
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#filter { access-list-map |
ip-access-list | ipv6-access-list |
mac-access-list } { all | acl-list } from
port-id to port-id [ statistics ]
Configure flow filter from ingress port to egress

port. If configure parameter of statistics system
will statistic accounts according to filter rule.

ACL application over VLAN

Step
Configuration
Description
Raisecom#config
Raisecom(config)#filter
{ all | acl-list } vlan vlan-id
[ double-tagging inner | statistics ]
Configure VLAN filter. If configure parameter of

statistics system will statistic accounts according
to filter rule.


No.
Item
Description
Raisecom(config)#show ip-access-list [ acl-list ]
Show IP ACL configuration.
Raisecom(config)#show ipv6-access-list [ acl-list ]
Show IPv6 ACL configuration.
Raisecom(config)#show mac-access-list [ acl-list ]
Show MAC ACL configuration.
Raisecom(config)#show access-list-map
[ acl-number ]
Show MAP ACL configuration.
Raisecom(config)#show filter [ filter-number-list ]
Show filter configuration.
172
www.raisecom.com
User Manual
8.3 Configure RADIUS

8.3.1.1
User can deploy RADIUS server in network to take authentication and accounting so as to control
user access to de vice and network. This device can be used as agent of RADIUS server, which
authorizes user accessing according to feedback from RADIUS.
8.3.1.2
Preconditions
N/A
8.3.2 Default configuration of RADIUS

The default configuration of RADIUS is as below:
Function
Default value
RADIUS accounting function
Disable
IP address of RADIUS server
0.0.0.0
IP address of RADIUS accounting server
0.0.0.0
Port No. of RADIUS authentication server
1812
Port No. of RADIUS accounting server
1813
Shared key communicated with RADIUS

accounting server
N/A
Strategy for dealing with failed accountion
online
Update message transmission period
8.3.3 Configure RADIUS authentication

Please configure RADIUS authentication for the device as below.
Step
Configuration
Description
Raisecom#config
ip-address ip-mask vlan-id
Configure IPv4 address.
Raisecom(config-ip)#end
Return privileged EXEC mode.
173
www.raisecom.com
Step
User Manual
Configuration
Description
Raisecom#radius [ backup ] ip-address
Assign IP address and port ID for RADIUS

authentication server. Configure backup parameter
to assign RADIUS authentication server for backup.
Raisecom#radius-key string
Configure shared key for RADIUS authentication.
Raisecom#user login { local-radius |

local-user | radius-local
[ server-no-response ] | radius-user }
Configure use login authentication by RADIUS.
Raisecom#enable login { local-radius |

local-user | radius-local
[ server-no-response ] | radius-user }
Configure RADIUS authentication mode for user

entering privileged EXEC mode.
8.3.4 Configure RADIUS accounting

Please configure RADIUS accounting for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip
if-number
Raisecom#aaa accounting login

enable
Enable RADIUS accounting function. By default,

system doesnt enable RADIUS accounting function,
use the command of aaa accounting login disable to
disable RADIUS accounting function.
Raisecom#radius [ backup ]
accounting-server ip-address
[ account-port ]
Assigne IP address and UDP port ID for RADIUS

accounting server. By default, UDP port ID is 1813.
Confiugre parameter of backup to assign backup
RADIUS accounting server.
Raisecom#radius accounting-server
key string
Configure sharing key to communicate with RADIUS

accounting server, otherwise accounding
unsuccessfully. By default, the key is empty.
Raisecom#aaa accounting fail

{ offline | online }
Configure strategy for dealing with failed accounting.

By default, it is online, that is to allow login after
accounting unsuccessfully.
Raisecom#aaa accounting update

update-time
Configure accounting update packets sending period.

If configured as 0, never send accounting update
packet. By default, the period is 0.
Note: RADIUS accounting server can record access
time and operation for each user through accounting
starting packets, update packets and finish packets.
174
www.raisecom.com
User Manual

No.
Item
Description
Raisecom#show radius-server
Show RADIUS server configuration.
8.4 Configure TACACS+

8.4.1.1
User c an a uthenticate a nd c harge us er by de ploying TACACS+ server i n network t o c ontrol user
access to device and network. TACACS+ is safer and more reliable than RADIUS. This device can
be us ed a s a gent of TACACS+ server, authorize us er accessing according t o result feedback f rom
TACACS+.
8.4.1.2
Preconditions
N/A
8.4.2 Default configuration of TACACS+

The default configuration of TACACS+ is as below:
Function
Default value
TACACS+ function status
Disable
Login mode
local-user
IP address of TACACS+ server
0.0.0.0, shown as --
IP address of TACACS+ accounting server
0.0.0.0, shown as --
Shared key communicated with TACACS+

accounting server
Null
Strategy for dealing with failed accountion
online
Update message transmission period
8.4.3 Configure TACACS+ authentication

Please configure TACACS+ authentication for the device as below.
Step
Configuration
Description
175
www.raisecom.com
Step
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip
if-number
Enter layer-3 interface configuration

mode.
Raisecom#tacacs-server [ backup ]
ip-address
Assign IP address for TACACS+

authentication server. Configure parameter
of backup to assign backup TACACS+
authentication server.
Raisecom#tacacs-server key string
Configure sharing key for TACACS+

authentication.
Raisecom#user login { local-tacacs |

local-user | tacacs-local
[ server-no-response ] |
tacacs-user }
Confiugre user login to be authenticated by

TACACS+.
Raisecom#enable login { |
local-tacacs | local-user |
tacacs-local [ server-no-response ] |
tacacs-user }
Configure TACACS+ authentication mode

for user entering privileged EXEC mode.
8.4.4 Configure TACACS+ accountion

Please configure TACACS+ accounting for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config-ip)#ip address ip-address

ip-mask vlan-id
Raisecom#aaa accounting login enable
Enable TACACS+ accounting function. By default,

system doesnt enable TACACS+ accounting
function, use the command of aaa accounting login
disable to disable TACACS+ accounting function.
Raisecom#tacacs [ backup ]
accounting-server ip-address
Assigne IP address for TACACS+ accounting server.

Confiugre parameter of backup to assign backup
TACACS+ accounting server.
Raisecom#tacacs-server key string
Configure sharing key to communicate with

TACACS+ accounting server
Raisecom#aaa accounting fail { offline |

online }
Configure strategy for dealing with failed accounting.

By default, it is online, that is to allow login after
accounting unsuccessfully.
176
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#aaa accounting update period
Configure to update accounting packets transmission

period. If configured as 0, never send accounting
update packet. By default, the period is 0.

No.
Item
Description
Raisecom#show tacacs-server
Show TACACS+ server configuration.
Show TACACS+ accounting configuration.

Note: Use the command of show
radius-server to check TACACS+ and
RADIUS accountiong configuration. By
default the authentication information is
RADIUS authentication configuration.
8.5 Configure storm suppression

8.5.1.1
Configure storm suppression in layer-2 network can control the broadcast storm when the broadcast
packets increasing in network and then ensure unicast be forwarded normally.
The f ollowing f lows m ay c ause br oadcast f low, us er needs t o s et r ate l imit on l ayer-2 device f or
themre spectively:
Unknown uni cast flow: de stination MAC is unicast f low not existing in MAC table,
broadcast this flow on layer-2 device.
Multicast flow: destination MAC is multicast flow, broadcast this flow on layer-2 device.
Broadcast flow: destination MAC is broadcast flow, broadcast this flow on layer-2 device.
8.5.1.2
Preconditions
Connect interfaces and configure physical pa rameters f or i nterface be fore con figuring s torm
suppression and make physical interface is Up.
8.5.2 Default configuration of storm suppression

The default configuration of storm suppression is as below:
Function
Default value
Storm suppression status of broadcast flow
Enable
177
www.raisecom.com
User Manual
Function
Default value
Storm suppression status of multicast flow and unicast flow
Disable
Storm suppression threshold
1024pps
8.5.3 Configure storm suppression function

Please enable storm control on the device and configure as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#storm-control
{ broadcast | dlf | multicast } { enable |
disable } port-list port-list
Enable storm control function for broadcast

flow, multicast flow and unknown unicast
flow. By default, broadcast storm function for
broadcast flow is enabled, multicast and
unknown unicast storm control are disabled.
Raisecom(config)#storm-control pps value
Configure threshold for storm control. By

default, threshold is 1024pps.

No.
Item
Description
Raisecom#show storm-control
Show storm control configuration.
8.6 Maintenance
User can maintain system security through below command.
Command
Description
Raisecom(config)#clear filter
statistics [ filter-number-list ]
Clear statistic result of filter.
Raisecom#clear tacacs statistics
Clear TACACS+ statistics.

8.7.1 Configure ACL application
8.7.1.1
As the Figure 8-1 shows below, configure ACL denies 192.168.1.1 to access server 192.168.1.100 on
Switch A to restrict client access server.
178
www.raisecom.com
User Manual
Figure 8-1 ACL application networking
8.7.1.2
Configuration steps
Configure IP ACL.
Raisecom#config
Raisecom(config)#ip-access-list 1 permit ip any any
Raisecom(config)#ip-access-list 2 deny ip 192.168.1.1 255.255.255.255 192.168.1.100 255.255.255.255
Apply ACL on Port 1 of Switch A.

Raisecom(config)#filter ip-access-list 1-2 ingress port-list 1
8.7.1.3
Show result
Check whether IP ACL configuration is correct by the command of show ip-access-list.
Raisecom#show ip-access-list
Src Ip: Source Ip Address
Dest Ip: Destination Ip Address
List
Access
Protocol Ref. Src Ip:Port
Dest Ip:Port
-----------------------------------------------------------------1
permit
IP
0.0.0.0:0
0.0.0.0:0
deny
IP
192.168.1.0:0
192.168.1.0:0
Check whether the filter configuration is valid by the command of show filter.
Raisecom#show filter
Rule filter: Enable
Filter list(Larger order number, Higher priority):
Order ACL-Index
IPort
EPort
VLAN VLANType Hardware StatHw
Pkts
------------------------------------------------------------------1
IP
port1
--
--
--
Yes
No
--
IP
port1
--
--
--
Yes
No
--
8.7.2 Configure RADIUS application

8.7.2.1
As the Figure 8-2 shows below, user needs to configure RADIUS authentication and accounting
features on Switch A to authenticate login users on Switch A and record the operations. The packets
179
www.raisecom.com
User Manual
update transmitting interval is 2 minutes. User will be offline if the accounting fails.
Figure 8-2 RADIUS application networking
8.7.2.2
Configuration steps
Configure user login authentication through RADIUS.
Raisecom#radius 192.168.1.1
Raisecom#radius-key raisecom
Raisecom#user login radius-user
Raisecom#enable login local-radius
Configure user login accounting through RADIUS.

Raisecom#aaa accounting login enable
Raisecom#radius accounting-server 192.168.1.1
Raisecom#radius accounting-server key raisecom
Raisecom#aaa accounting fail offline
Raisecom#aaa accounting update 2
8.7.2.3
Show result
Show RADIUS configuration by the command of show radius-server.
Authentication server IP:
192.168.1.1 port:1812
Backup authentication server IP:0.0.0.0 port:1812

Authentication server key:
Accounting server IP:
raisecom
192.168.1.1 port:1813
Backup accounting server IP:
0.0.0.0 port:1813
Accounting server key:
raisecom
Accounting login:
enable
Update interval:
Accounting fail policy:
offline
180
www.raisecom.com
User Manual
8.7.3 Configure TACACS+ application

8.7.3.1
As the Figure 8-3 shows be low, configure TACACS+ a uthentication on Switch A to authenticate
login user and control user access to device.
Figure 8-3 TACACS+ application networking
8.7.3.2
Configuration steps
Configure user login authentication through TACACS+.
Raisecom#tacacs-server 192.168.1.1
Raisecom#tacacs-server key raisecom
Raisecom#user login tacacs-user
Raisecom#enable login local-tacacs
8.7.3.3
Show result
Show TACACS+ configuration by the command of show tacacs-server.
Raisecom#show tacacs-server
Server Address:
192.168.1.1
Backup Server Address:

Sever Shared Key:
-raisecom
Accounting server Address:
--
Backup Accounting server Address: -Total Packet Sent:
Total Packet Recv:
Num of Error Packets: 0
181
www.raisecom.com
User Manual
8.7.4 Configure storm suppressionapplication

8.7.4.1
As the Figure 8-4 shows be low, to restrict influence on Switch A c aused by broadcast storm, user
needs to configure storm suppression feature on Switch A to control broadcast packets and unknown
unicast packets, threshold is 2000pps.
Figure 8-4 Storm suppression application networking
8.7.4.2
Configuration steps
Configure storm control function on Switch A.
Raisecom#config
Raisecom(config)#storm-control broadcast enable port-list 1-2
Raisecom(config)#storm-control dlf enable port-list 1-2
Raisecom(config)#storm-control pps 2000
8.7.4.3
Show result
Show storm control configuration by the command of show storm-control.
Raisecom#show storm-control
Threshold: 2000 pps
Interface
Broadcast
Multicast
Unicast
----------------------------------------------------------port1
Enable
Disable Enable
port2
Enable
Disable Enable
port3
Enable
Disable Disable
port4
Enable
Disable Disable
port5
Enable
Disable Disable
port6
Enable
Disable Disable
182
www.raisecom.com
User Manual
Chapter 9 Reliability
This chapter introduces basic principle and configuration of network reliability and provides related
Overview
Configure link aggregation
Configure interface backup
ELPS
ERPS
Configure Ethernet ring
Maintenance
9.1 Overview
Ethernet is becoming more and more widely used for its simple structure, high-efficient and
cost-effective f eatures. One of t he i mportant reasons to restrict Ethernet ap plication in
telecommunication is the tr aditional E thernet r eliability. Packeting services ar e pr esented in burst
mode usually; it is difficult to ensure invariable traffic. As two features of Ethernet, statistic TDM
and a ddress l earning s ystem pr ovide e fficient a nd f lexible ba ndwidth a nd m eanwhile i mport
incertitude for service bandwidth and path.
In order to improve Ethernet reliability and meet demands of telecommunication network, customer
can deploy special reliability technology in Ethernet.
9.1.1 Link aggregation

Link aggregation function is t o aggregate s everal ph ysical E thernet i nterface t ogether and make a
trunk group by logically, a nd c onsider the several physical links in one trunk group a s one logical
link. This f unction r ealizes f low l oad s haring among m ember i nterfaces in a t runk gr oup, t hen
improve link reliability among devices and increase bandwidth without upgrading hardware.
The device is in support of two link aggregation modes:
Manual aggregation mode
This mode is to add several physical interface into a Trunk group and make up a logical interface.
The link under one logical link can realize load sharing. This mode is not convenient for watch link
aggregation interface status.
Static LACP aggregation mode
LACP (Link A ggregation C ontrol Protocol) pr otocol is ba sed on IEEE802.3ad recommendation.
LACP exchanges information with peer through LACPDU (Link Aggregation Control Protocol Data
Unit). After enabling LACP of a interface, it notifies the peer its own LACP priority, system MAC,
interface LACP priority, port ID and operation Key via sending LACPDU.
183
www.raisecom.com
User Manual
The pe er r eceives L ACPDU and com pares i nformation with other interfaces received, c hoosing
interface i n Selected status. The i nterfaces at bot h ends be come consi stent i n Selected status. The
operation Key pe rforms a ggregation a nd c ontrol on t he a utomatical ge nerated c onfiguration gr oup
according to the interface configuration (speed, duplex mode, Up/Down status, basic configuration
information, etc.).
The m ain difference be tween static LACP aggregation a nd m anual a ggregation is: s tatic LACP
aggregation m ode ha s standby l ink, w hile a ll t he member i nterfaces of m anual a ggregation a re i n
forwarding status and share loading flow.
Link aggregation is the most widely used and simplest function in Ethernet reliability technology.
9.1.2 Interface backup

Double-upstream networking is one of the most commonly used application networks, which often
blocks redundant links through the Spanning T ree Protocol for backup. Although this solution c an
meet customer redundancy backup demand in function, it cannot achieve the requirements of many
users in performance. Even with the rapid migration of Rapid Spanning Tree Protocol, it can only get
a second level convergence, which is a very bad performance parameter for high-end Ethernet switch
used in carrier-class network core.
RAISECOM pr oprietary i nterface ba ckup s olution aims a t d ouble-upstream networking t o a chieve
the redundancy backup of master standby link and rapid migration. The program is tailor-made for
double-upstream networking, which not onl y ensures the performance, b ut also simplifies the
configuration.
Interface ba ckup function is the ot her solution for STP pr otocol. Users can configure i nterface
manually to achieve the ba sic link redundancy when disabling S TP function. If the s witch enables
STP, the interface backup function will be disabled because STP already provides similar function.
Interface backup function can be achieved by setting interface backup group, which contains a pair
of interfaces, one is master interface and the other is standby interface. The master interface located
link is called master link, while the standby interface located link is called standby link. The member
interface in interface backup group is in support of physical interface and link aggregation group, but
not layer-3 interface.
In the interface backup group, when one interface is in forwarding (Up) state, the other will be in
standby (Standby) state. Any time, only one in two interfaces is in the forwarding state. The interface
in standby state will change to forwarding state to maintain the normal link when there is link failure
in forwarding state interface.
184
www.raisecom.com
User Manual
Figure 9-1 Interface backup networking

Interface backup principle is shown in Figure 9-1. Port 1 and Port 2 on Switch A are connected with
the upstream switches respectively, the interface forwarding state is as follows:
In normal state, Port 1 on Switch A is master interface, Port 2 is standby interface, Port 1 and
upstream switch forward messages, while Port 2 and the upstream switch not.
When there is link failure between Port 1 and upstream switch, the standby interface Port 2
and upstream switch forward messages.
When the Port 1 link failure is recovered and kept for a period of time (restore delay), Port 1
will change to forwarding state, Port 2 becomes standby state.
The s witch will s end a Trap to report ne twork management s ystem when the master i nterface a nd
standby interface switch with each other.
9.1.2.1
Interface backup over VLAN

Interface backup can be used on VLAN to make the two interfaces forward concurrently on different
VLAN. In Figure 9 -2, interface ba ckup function over V LAN i s achi eved by cr eating VLAN and
adding interface to it.
Figure 9-2 Sketch map of Interface backup over VLAN
Figure 9-2 Sketch map of Interface backup over VLAN

In different VLAN, the interface forwarding state is as follows:
185
www.raisecom.com
User Manual
Under norm al circumstances, configure S witch A i n VLAN 10 0~VLAN 150, P ort 1 as

master interface, Port 2 as standby interface; in VLAN 151 ~VLAN 200, P ort 2 is m aster
interface, Port 1 is standby interface. Then, Port 1 forwards traffic in VLAN 100~VLAN 150,
Port 2 forwards traffic in VLAN 151~VLAN 200.
When Port 1 has link failure, Port 2 is re sponsible for for warding traffic in VLAN
100~VLAN 200.
When Port 1 recovers normal and keeps for a period of time (restore delay), Port 1 forwards
traffic in VLAN 100~VLAN 150, Port 2 forwards traffic in VLAN 151~VLAN 200.
Using this method, interface backup over VLAN can be used for load balancing. At the same time,
this application doesnt depend on the uplink switch configuration and is easy for user to operate.
9.1.3 ELPS
ELPS (Ethernet Linear Protection Switching) is an APS (Automatic Protection Switching) protocol
over IT U-T G.8031 r ecommendation. It is a n end-to-end pr otection t echnology us ed t o pr otect a n
Ethernet connection.
ELPS de ploys pr otection r esources f or w orking r esources, l ike pa th a nd ba ndwidth, e tc. E LPS
technology takes a simple and fast predictable mode to realize network resource switching, easier for
carrier to program network more efficiently and know network active status.
9.1.4 ERPS
ERPS (Ethernet Ring Protection Switching) is an APS protocol over ITU-T G.8032 recommendation.
It is special used in Ethernet ring link protocol. Generally, ERPS can avoid broadcast storm caused
by data loopback. When Ethernet has loop or device malfault, ERPS can switch the link to backup
link and ensure service restore quickly.
ERPS t akes t he s pcial VLAN i n r ing ne twork t o t ransmit r ing ne twork c ontrol i nformation a nd
meanwhile, combining with the topology feature of ring network to discover network fault quickly
and enable backup link to restore service fast.
9.1.5 Ethernet ring

With the development of Ethernet to the MAN, voice, video and multicast service has come up with
higher re quirements to the E thernet r edundancy protection a nd fault r ecovery t ime. The fault
recovery convergence time of original STP mechanism is in the second level, which is far to meet
the fault recovery time requirements of MAN.
Ethernet ring technology is RAISECOM independent research and development protocol, which can
ensure that there is data loop in Ethernet by blocking some interface on the ring. Ethernet ring solves
the problems of weak protection to traditional data network and long time to fault recovery, which,
in theory, can provide 50ms rapid protection features.
Shown in Figure 9-3, blocked interface node is the master node, other nodes are transmission nodes.
The master node generates by election. Each node can specify one loop interface as the first interface,
the other as the second interface. The master node usually sends Hello messages periodically from
the f irst int erface and receives Hello message s ent by i tself in t he s econd i nterface unde r t he
circumstance of complete Ethernet ring. Then the master node w ill block the f irst int erface
immediately to ensure there is no l oop when the ring network is in a complete s tate. For the other
186
www.raisecom.com
User Manual
nodes on t he Ethernet ring, the first interface No. and the second interface No. play the s ame r ole
basically.
Ethernet ring generates master node by the election, so each node needs to collect device information
on Ethernet ring, only the right collection leads to correct election. Topology collection is completed
by Hello messages, which contain all nodes information the node collected from the other interface.
The normal state of Ethernet ring is shown in Figure 9-3.
Figure 9-3 Sketch map of Ethernet ring in normal status

According to the interface state of node ring, the ring node state can be divided into three types:
Down: At least one of the two Ethernet ring interfaces is Down;
Block: At least one of the two Ethernet ring interfaces is Block;
Two-Forwarding: Both Ethernet ring interfaces are Forwarding.
The election rules of master node are as follows:
In all nodes on t he ring, node with Down state is prior for master node, followed by Block
and Two-Forward.
If the nodes are in the same state, the node with high-priority Bridge is master node.
If the nodes have the same state and priority, the node with large Mac is master node.
Interface Block rules:
If the node is not master node, the two interfaces are Forwarding.
If the node is master node, then one of two interfaces is Block, the other is Forwarding. Rules
are as follows:
Interface with Down link is prior for Block;
Both interfaces are Down, the Block is the first interface;
Both interfaces are Up, the Block is the first interface;
The Ethernet ring link failure is shown in Figure 9-4.
187
www.raisecom.com
User Manual
Figure 9-4 Sketch map of Ethernet ring in switching status

Once there is link failure (such as link break), the failure adjacent node or interface will check the
fault i mmediately and send link failure messages to master node . T he master node will e nable the
first interface onc e r eceiving the m essages, in the meantime, send messages t o notify other
transmission nodes about the link failure and inform them to change transmission direction. The data
traffic will be switched to normal link after the transmission nodes updating forwarding entry.
When the failed link is restored, the failed node does not enable the blocked port immediately until
the ne w t opology c ollection i s s table. The origin node will f ind itself the m aster node, after som e
time de lay, it w ill block hi s f irst i nterface, a nd send Change m essages t o notify t he failed node
enabling the blocked interface.
9.2 Configure link aggregation

9.2.1.1
Link a ggregation f unction can pr ovide hi gher communication bandwidth a nd r eliability f or l ink
between two devices. It aggregates several physical Ethernet interface together and make one logical
link. This f unction realizes upbound a nd downbound flow l oad s haring a mong m ember i nterfaces
and then increases bandwidth; at the same time, the member interfaces are dynamic to one another
which improve link reliability.
9.2.1.2
Preconditions
Please configure interface physical pa rameters be fore c onfiguring l ink a ggregation a nd m ake
interface physical layer in Up status.
9.2.2 Default configuration of link aggregation

The default configuration of link aggregation is as below:
188
www.raisecom.com
User Manual
Function
Default value
Link aggregation function status
Enable
Load balancing mode
Sxordmac mode
Link aggregation group
Existence, and for manual mode
LACP system priority
32768
LACP interface priority
32768
LACP interface mode
active
LACP timeout mode
fast
9.2.3 Configure link aggregation in manual mode

Please configure manual link aggregation for the device as below:
Step
Configuration
Description
Raisecom#config
port-channel port-channel-number
Enter aggregation group configuration mode.
Raisecom(config-aggregator)#mode
manual
Configure manual link aggregation mode.
Raisecom(config-aggregator)#exit
Return to global configuration mode.
Raisecom(config-port)#channel group
group-id
Add interface to link aggregation group.
Raisecom(config)#link-aggregation
enable
(Optional) Enable link aggregation. By default,

system enables this function. The command of
link-aggregation disable can disable it.
loading-sharing mode { dip | dmac | sip
| smac | sportxorsxordmac | sxordip |
sxordmac }
(Optional) Configure load sharing mode of link

aggregation group. By default, the system adopts
sxordmac mode, i.e. choose forwarding interface
according to the logical result of source and
destination MAC address.
Note: In one link aggregation group, the member interfaces take part in load sharing must have
identical c onfiguration, or e lse, t he da ta f orwarding w ill be a pr oblem. The c onfiguration i ncludes
STP, QoS, QinQ, VLAN, interface attributes, MAC address learning:
STP c onfiguration: int erface S TP e nable/disable s tatus, link attributes c onnects to the
interface (point-to-point or not), interface path overhead, STP priority, packets sending rate
limit, loopback protection, root protection, edge port or not.
QoS c onfiguration: f low m onitor, f low r eshaping, j am a voidance, i nterface r ate l imit, S P
queue, WRR queue, interface priority, interface trust mode.
189
www.raisecom.com
User Manual
QinQ configuration: interface QinQ enable/disable status, added outer VLAN Tag, policy for
adding outer VLAN Tag by different inner VLANID.
VLAN c onfiguration: i nterface pe rmitting V LAN, de fault V LAN I D, i nterface l ink t ype
(Trunk, Hybrid, A ccess), s ub-net VL AN configuration, V LAN packets w ith T ag
configuration or not.
Interface at tributes conf iguration: i nterface i s adde d into i solation gr oup or not , i nterface
speed, duplex mode, link up.down status.
MAC a ddress l earning c onfiguration: M AC a ddress l earning e nable/disable, i nterface w ith
max. Learning MAC address number limit or not, MAC address table can control forwarding
when it is full.
9.2.4 Configure static LACP link aggregation

Please configure static LACP link aggregation for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#lacp system-priority
system-priority
(Optional) Configure system LACP pr iority. The

higher pr iority e nd i s a ctive e nd. L ACP c hooses
active and backup interfaces according to the active
end c onfiguration. The s maller t he num ber i s, the
higher t he pr iority i s. By default, system LACP
priority is 32768. The smaller system MAC address
device will be chosen as active end if devices
system LACP priorities are identical.
Raisecom(config)#lacp timeout { fast |

slow }
(Optional) Configure LACP timeout mode.
Raisecom(config)#interface port-channel
port-channel-number
Raisecom(config-aggregator)#mode
lacp-static
Raisecom(config-aggregator)#{ max-active
| min-active } links number
Raisecom(config-port)#channel group
group-id
Add member interfaces into LACP link aggregation

group.
10
Raisecom(config-port)#lacp port-priority
port-priority
(Optional) Configure interface LACP priority. T he

priority inf luents de fault int erface s election for
LACP. By default, system LACP priority is 32768.
11
Raisecom(config-port)#lacp mode { active

| passive }
(Optional) Configure LACP m ode f or m ember

interface. By de fault i s i n act ive mode. LACP
connection will fail when both ends of a link are in
passive mode.
12
13
enable
Enter link aggregation group configuration mode.

Configure static LACP link aggregation group.
(Optional) Configure max. or m in. a ctive l inks
number for LACP link aggregation group.

(Optional) Enable link aggregation. By default, It is
enabled. The c ommand of
link-aggregation
disable can disable this function.
190
www.raisecom.com
User Manual
Note:
Interface in s tatic LACP l ink a ggregation gr oup can b e i n a ctive or s tandby s tatus. Both
active interface and standby i nterface can receive/transmit LACP p ackets, but s tandby
interface cannot forward client packets.
System chooses default interface in the order of neighbor discover, interface maximum speed,
interface hi ghest LACP pr iority, interface minimum ID. The int erface is in active s tatus by
default, the interface with identical speed, identical peer and identical device operation key is
also in active status; other interfaces are in standby status.

No.
Item
Description
Raisecom#show lacp
internal [ detail ]
Show loc al s ystem LACP int erface s tatus, mark, interface

priority, management key, operation key and status of interface
status machine.
Raisecom#show lacp
neighbor[ detail ]
Show ne ighbor LACP information, i ncluding mark, interface

priority, device ID, Age, operation key value, interface ID and
status of interface status machine.
Raisecom#show lacp
statistics [ port-list
port-list ]
Show i nterface LACP statistic inf ormation, including total

receiving a nd t ransmitting number L ACP pa ckets, r eceiving
and t ransmitting num ber o f M arker pa ckets, r eceiving a nd
transmitting number of Marker Response packets, as well as
error packets.
Raisecom#show lacp
sys-id
Show gl obal e nable c ondition of loc al s ystem LACP, de vice

ID, including system LACP priority and system MAC address.
Raisecom#show
link-aggregation
Show c urrent s ystem link a ggregation e nable/disable, link

aggregation load sharing mode, group member interface set by
all c urrent link aggregation groups and current effective
member interfaces.
Note: Current ef fective member interface i ndicates t he
interface list in Up status in group member interfaces.
9.3 Configure interface backup

9.3.1
9.3.1.1

Configure interface backup function to achieve the redundancy backup and quick switch of master
and s tandby l inks w hen di sabling S TP f unction.It a lso c an a chieve t he l oad balancing b etween
interfaces by interface backup over VLAN.
Compared with STP function, interface backup ensures the fast millisecond switching and simplifies
the configuration.
191
www.raisecom.com
9.3.1.2
User Manual
Preconditions
Finish the following tasks before configuring interface backup:
Create VLAN
Add interface to VLAN
Disable STP function
9.3.2
Default configuration of interface backup

The default configuration of interface backup is as below:
9.3.3
Function
Default value
Interface backup group
N/A
Recovery time
15s
Recovery mode
Interface connection mode (port-up)
Configure the basic function of interface backup

Please configure the basic function of interface backup as below:
Step
Configuration
Description
Raisecom#config
interface-type primary-interface-number
Enter physical layer interface configuration

mode or aggregation group configuration mode.
backup interface-type
backup-interface-number [ vlanlist
vlan-list ]
Configure interface backup group.
Raisecom(config-aggregator)#switchport
backup interface-type
backup-interface-number [ vlanlist
vlan-list ]
4
Configure interface backup-interface-number as

standby interface, while
primary-interface-number as master interface on
VLAN list.
If configure interface backup group not
assigningVLAN list, the default VLAN range is
1~4049.
Return global configuration mode.
5
Raisecom(config)#switchport backup
restore-delay period
(Optional) Configure fault recovery delay time.
Raisecom(config)#switchport backup
restore-mode { disable |
neighbor-discover | port-up }
(Optional) Configure recovery mode.
Note:
In one interface backup group, on interface cannot be master interface and standby interface
at the same time.
On t he s ame VLAN, one i nterface/link a ggregation gr oup c annot be a m ember of bot h
192
www.raisecom.com
User Manual
interface standby group simultaneously.

If configuring one link aggregation group as a member of interface backup group, it needs to
configure the member interface with the minimum interface No. in link aggregation group as
interface ba ckup member. The Up s tate m ember i nterface s hows that s ome i nterfaces i n
member interface aggregation group are in Up state; the Down state member interface shoes
that some interfaces in member interface aggregation group are in Down state.
9.3.4
(Optional) Configure interface forced switch

Please configure interface forced switch as below:
Note:
The m aster a nd s tandby lnks w ill s witch w ith e ach ot her a fter c onfiguring f orced s witch
successfully; the working link will force to switch to standby link. For example, when both
the m aster i nterface and standby i nterface ar e in Up state, the da te w ill be tr ansmitted on
master link; after configuring forced switch, working link will be switched from master link
to standby link.
Interface keywords in command are s tandby interface No., optional parameters. Input
standby interface number if configuring multiple pairs of standby interface pairs under master
interface.
Step
Configuration
Description
Raisecom#config
interface-type primary-interface-number

mode or aggregation group configuration mode.
backup [ interface-type
backup-interface-number ] force-switch
Configure interface forced switch.
Raisecom(config-aggregator)#switchport
backup [ interface-type
backup-interface-number ] force-switch
Use the command of no switchport backup

[ interface-type backup-interface-number ]
force-switch to disable forced switch. The
working linkwill take selection again according
ti link state. The selection rules are as below:
Up interface priority.
Master priority if both interfaces are UP.
9.3.5
Check configuration
No.
Item
Description
Raisecom#show switchport backup
Check interface backup state information, including

recovery delay time, recovery mode and interface
backup group information. The interface backup
group information contains master interface, standby
interface, master and standby interface states
(Up/Down/Standby) and VLAN list.
193
www.raisecom.com
User Manual
9.4 Configure ELPS

9.4.1.1
Configuring ELPS f eature in Ethernet can make Ethernet r eliability up to telecommunication level
(network self-heal time less than 50ms). It is an end-to-end protection technology used for protecting
an Ethenet link.
ELPS is in support of two protection modes: 1+1 and 1:1.
1+1 pr otection s witching m ode: de ploys a pr otection pa th f or e ach w orking path. In
protection domain, source end transmits traffic at both working path and protection path, but
destination end only choose one path to receive traffic.
1:1 protection switching mode: deploys a protection path for each working path. Traffic just
be transmitted in either working path or protection path, need APS protocol for negotiation
and the source end and destination end choose the same path.
One-way s witching a nd bi -directional s witching c an b e c hosen a ccording t o w hether bot h e nds
switches at the same time when link error.
One-way s witching: t he f ault of w hen one di rection at a l ink causes one end can r eceive
traffic, but t he ot her end cannot r eceive. In this cas e, the end cannot r eceive t raffic de tects
link error and performs switching, while the normal end doesnt detect and switch. The result
of switching is that two ends of ELPS may choose different link to receive traffic.
Bi-directional switching: when link is error, even only one direction has fault, both ends of
the link require APS protocol to negotiate and switch to backup link at the same time. The
result of s witching i s t hat t wo e nds of ELPS s hould c hoose one l ink f or t ransmitting and
receiving.
This de vice doe snt di fferenciate one -way a nd bi -directional s witching unt il i n 1 +1 m ode, onl y
bi-directional switching is available in 1:1 mode.
ELPS provides two modes for fault detection:
Detecting fault over physical interface status: to get link fault quickly and switching in time,
available to neighbor devices.
Detecting fault ov er C FM: a vailable to one-way de tection or m ulti-devices ac crossing
detection.
9.4.1.2
Preconditions
Finish the below tasks before configuring ELPS:
Connect i nterface a nd configure physical pa rameters f or i t, the i nterface i s Up at physical
layer
Create VLAN
Add interface into VLAN
Configure CFP detection among devices (prepairing when adopting CFP detection mode)
9.4.2 Default configuration of ELPS

The default configuration of ELPS is as below:
Function
Default value
194
www.raisecom.com
User Manual
Function
Default value
Protection group mode
revertive mode
WTR timer
5min
HOLDOFF timer
ELPS failure information reports to

network management system status
Enable
Failure detection method
Physical link
9.4.3 Create protection line

Please enable ELPS on the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet
line-protection line-id working
{ port port-id | port-channel
port-channel-number } vlan-list
protection { port port-id |
port-channel port-channel-number }
vlan-list { one-plus-one-bi |
one-plus-one-uni | one-to-one }
[ non-revertive ] [ protocol-vlan
vlan-id ]
Create ELPS pr otection l ine and configure

protection m ode. The pr otection gr oup be comes
non-revertive mode i f configure the pa rameter of
non-revertive. In r evertive m ode, w hen w orking
line f ault r ecover, traffic switches ba ck t o w orking
line from protection line; it doesnt switch back if in
non-revertive mode. By default, protection group is
in revertive mode.
line-protection line-id name string
line-protection line-id wtr-timer
wtr-timer
(Optional) Configure ELPS protection line name.

(Optional) Configure WTR timer. In revertive mode,
traffic waits WT R t imer ov ertime t o recover t o
working link after its fault restore. By default, WTR
timer value is 5 minutes.
Note: I t is be tter to configure WTR tim er a t tw o
ends c onsistent, or e lse f ast s witching i n 5 0ms
cannot be ensured.
(Optional) Configure HOLDOFF timer. After
line-protection line-id hold-off-timer configuring HOLDOFF timer, system delays process
hold-off-timer
fault time when working link is error, that is to say,
it switches to protection link after a delay time to
avoid f requent s witch c aused by working l ink
change. By default, HOLDOFF timer is 0.
Note: HOLDOFF t imer configures i n large v alue
will i nfluence 50m s s witching pe rformance, i t i s
recommended to use defaulted value 0.
line-protection trap enable
(Optional) Enable ELPS fault information reports to

NMS. It i s di sabled by de fault. The c ommand of
ethernet port-protection trap disable can di sable
this function.
195
www.raisecom.com
User Manual
9.4.4 Configure ELPS fault detection mode

Please configure ELPS for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet line-protection
line-id { working | protection } failure-detect
physical-link
Configure physical l ink de tection m ode f or

working path and protection path. By default
is is physical link detection mode.
line-id { working | protection } failure-detect cc
[ md md-name ] ma ma-name level level mep
LocalMepid RemoteMepid
Configure CC de tection m ode f or w orking

path and protection path. The fault detection
mode takes effective after user finishes CFM
related configuration.
line-id { working | protection } failure-detect
physical-link-or-cc [ md md-name ] ma ma-name
level level mep LocalMepid RemoteMepid
Configure physical link or C C de tection

mode f or w orking l ink or pr otection l ink.
Any f ault of physical link or CC w ill be
reported. The f ault de tection m ode t akes
effective a fter us er fi nishes C FM re lated
configuration.
Note: The working path a nd protection pa th c an configure different f ault de tection mode, but it is
better to keep their configuration consistent.
9.4.5 (Optional) Configure ELPS switching control

Please configure ELPS for the device as below.
Step
Configuration
Description
Raisecom#config
line-protection line-id lockout
Lock out protection switch. Traffic wont switch

to protection link even if working link is fault.
line-protection line-id force-switch
Switching traffic to protection link from working

link by force.
line-protection line-id manual-switch
Switching traffic to protection link from working

link by manual, priority of this command is lower
than force switch and auto-switch.
line-protection line-id
manual-switch-to-work
Traffic switches back to working link from

protection link in non-revertive mode.
Raisecom(config)#clear ethernet
line-protection line-id end-to-end
command
Clear end-to-end switch control commands,

including commands of lockout, force-switch,
manual-switch and manual-switch-to-work.
Note: By de fault, traffic will s witch t o pr otection l ink when w orking l ink i s f ault. Thus E LPS is
needed in some special conditions.
196
www.raisecom.com
User Manual

No.
Item
Description
Raisecom#show ethernet
line-protection [ line-id ]
Show protection link configuration.
Show protection line statistic information.
line-protection [ line-id ] statistics
line-protection [ line-id ] aps
Show aps protocol information.
9.5 Configure ERPS

9.5.1.1
With the development of Ethernet to telecom level network, voice and video multicast services bring
forth higher requirements on Ethernet redundant protection and fault-restore time. The fault-restore
convergent time of current STP system is in second level that is far away to meet requirement. By
defining different roles for nodes in a ring, ERPS can break loop link and avoid broadcast storm in
normal condition. Then the service link can switch to backup link if the ring link or node faults and
remove loop, perform fault protection switch and automatic fault restore, whats more, the protection
switch t ime is l ower t han 50ms. It is i n s upport of s ingle r ing, c rossed r ings a nd t angent r ings
networking modes.
ERPS provides two fault detection modes:
Fault de tection ov er phy sical i nterface s tatus: t o ge t l ink f ault a nd s witching quickly,
available to adjacent devices.
Fault detection over CFM: available to uni-directional detection or multi-devices cross over
detection.
9.5.1.2
Preconditions
Finish the below tasks before configuring ERPS:
layer
Create VLAN
Configure CFP detection among devices (prepairing when adopting CFP detection mode)
9.5.2 Default configuration of ERPS

The default configuration of ERPS is as below:
Function
Default value
Protocol VLAN
1
197
www.raisecom.com
User Manual
Function
Default value
Protection ring
Revertive mode
Ring WTR timer
5min
Guard timer
500ms
Ring HOLDOFF timer
ERPS fault information reported to network

management system
Disable
Subring virtual path mode in crossiong node
with mode
Ring Propagate switch in crossiong node
Disable
Fault detection method
Physical interface
WTB timer
5s
9.5.3 Create ERPS protection ring

Please configure ERPS for the device as below.
Note:
Only one device set can be configured as RPL (Ring Protection Link) Owner in a ring, and
one de vice s et as RPL Neighbour, other de vices c an only be configured a s ring forwarding
node.
Tangent ring can be taken as two independent rings in fact, the configuration is identical to
common single ring; crossover rings has a master ring and a sub-ring, the configurations
please refer to the section of Create ERPS protection ring.
Step
Configuration
Description
Raisecom#config
ring-protection ring-id east { port
port-id | port-channel
port-channel-number } west { port
port-channel-number } [ node-type
rpl-owner rpl { east | west } ]
[ not-revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
Create ring and configure node as RPLOwner.

By default, protocol VLAN is 1, blocked VLAN
range is 1-4094.
Protection ring changes to non-revertive mode if
configured parameter of not-revertive. Traffic
switches ba ck t o w orking l ink f rom pr otection
link after working link fault restore but it doesnt
switch if in non-revertive mode. P rotection ring
is in revertive mode by default.
Note: The east-bound a nd
interface cannot be identical.
western-bound
198
www.raisecom.com
Step
User Manual
Configuration
Description
port-channel-number } node-type
rpl-neighbour rpl { east| west }
Create ring and configure node as RPL
port-channel-number } [ not-revertive ]
[ protocol-vlan vlan-id ] [ block-vlanlist
vlan-list ]
Create ring and configure node as ring

forwarding node.
ring-protection ring-id name string
(Optional) Configure ring name. The length of
ring-protection ring-id version { 1 | 2 }
(Optional) Configure protocol version. All nodes

in one r ing m ust be c onsistent, v ersion 1
differenciate r ing v ia pr otocol VLAN, s o
different r ings ne ed configure different pr otocol
VLAN, and so do version 2. By default, using
protocol version 1.
ring-protection ring-id guard-time
guard-time
(Optional) D uring f ault nod e r estore t ime, a fter

configuring Guard timer it doesnt deal with APS
protocol pa ckets. In s ome bi g r ing ne twork,
restore node fault immediately may receive fault
notice from neighbor node and cause link Down.
Configure ring Guard timer can solve t his
problem.
ring-protection ring-id wtr-time
wtr-time
(Optional) Configure ring WTR tim er. In

revertive mode, waiting WTR tim er ti meout to
switch ba ck w orking l ink when w orking l ink
restore from fault. By default, WTR timer values
5 minutes.
ring-protection ring-id holdeoff-time
holdoff-time
(Optional) System delays fault report time when

working l ink f aults a fter c onfiguring r ing
HOLDOFF t imer. It c an a void w orking l ink
switching f requently. By default, H OLDOFF
timer is 0.
Neighbour.
name cannot exceed 32 strings.
Note: 50ms s witching pe rformance w ill be

affected by HOLDOFF timer v alue if i t is too
bigger, so it is 0 by default 0.
8
ring-protection trap enable
(Optional) Enable ERPS fault information report

to NMS. Disable by default. Us the command of
ethernet ring-protection trap disable to disable
this function.
199
www.raisecom.com
User Manual
9.5.4 (Optional) Create ERPS protection sub-ring

Note:
Only the crossover rings network contains master ring and sub-ring.
The master ring configuration is identical to the configuration of single ring or tangent ring;
please refer to the section of Create ERPS protection ring for details.
Un-crossed node on s ub-ring is i dentical t o c onfiguration of s ingle ring or t angent ring;
please refer to the section of Create ERPS protection ring for details.
Please configure ERPS crossover rings for devices as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet ring-protection ring-id

{ east | west } { port port-id | port-channel
port-channel-number } node-type rpl-owner
Create sub-ring a nd configure node as RPLOwner on

crossover node.
By default, protocol VLAN is 1, blocked VLAN range
is 1-4094.
Protection r ing c hanges t o no n-revertive mode if
configured parameter of
not-revertive. Traffic
switches ba ck t o w orking l ink f rom pr otection l ink
after working link fault restore but it doesnt switch if
in non -revertive mode. P rotection r ing i s i n r evertive
mode by default.
Note: T he link be tween t wo crossover nodes i n
crossover r ings be longs to m aster r ing, so either
east-bound or w ester-bound i nterface c an be
configured for sub-ring.

port-channel-number } node-type rpl-neighbour
Create sub-ring and configure node as RPL Neighbour

on crossover nodes.

port-channel-number } [ not-revertive ]
[ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ]
Create sub-ring and configure node as ring forwarding

node on crossover nodes.

raps-vc { with | without }
(Optional) Configure sub-ring virtual path mode on

crossover node. Protocol packets transmitting in
sub-ring is different from master ring, including with
mode and without mode:
with: sub-ring protocol packets transmitted by
master ring.
without: sub-ring protocol packets transmitted by
sub-ring protocol VLAN, so the blocked VLAN list
should not include protocol VLAN.
By default, sub-ring virtual path uses with.
Configuration mode of two crossover nodes must be
consistent.
200
www.raisecom.com
Step
4
User Manual
Configuration
Description

propagate enable
Enable ring Propagate switch on crossover node.

Sub-ring data needs to be forwarded by master ring, so
the sub-ring MAC address table also exists in master
ring device. When sub-ring has fault, Propagate
switch notifies master ring to refresh MAC address
table in time and avoid traffic lost.
By default, Propagate switch disable. The commandof
ethernet ring-protection ring-id propagate disable
can disable this function. It is suggested to enable
Propagate switch.
9.5.5 Configure ERPS fault detection mode

Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet ring-protection
ring-id { east | west } failure-detect
physical-link
Configure physical interface fault

detection mode. By default, it is physical
interface fault detection mode.
ring-id { east | west } failure-detect cc [ md
md-name ] ma ma-name level level mep
LocalMepid RemoteMepid
Configure CC fault detection mode. The

fault detection mode wont take effect
unless configuring CFM. MA must under
md level.
ring-id { east | west } failure-detect
physical-link-or-cc [ md md-name ] ma
ma-name level level mep LocalMepid
RemoteMepid
Configure fault detection mode as

physical interface or CC. namely, report
fault either physical link or CC detected
fault. The fault detection mode wont
take effect unless configuring CFM. MA
must under md level.
9.5.6 (Optional) Configure ERPS switching control

Step
Configuration
Description
Raisecom#config
ring-id force-switch { east | west }
Configure traffic on the ring force switch to east-bound

or western-bound.
ring-id manual-switch { east | west }
Configure traffic on the ring manual switch to east-bound

or western-bound. Priority is lower than force switch and
auto-switch when working link faults.
201
www.raisecom.com
User Manual
Step
Configuration
Description
ring-id wtb-time wtb-time
Available to RPLOwner node, in revertive mode, after

configuring WTB timer, delay blocking RPL interface
when clearing manual command to avoid several
force-switch or manual-switch on a ring to block RPL
interface. It is 5 seconds by default.
ring-protection ring-id { command |
statistics }
Clear switch control command, including force-switch

and manual-switch.
Note: By de fault, traffic will s witch t o pr otection l ink w hen w orking l ink i s f ault. Thus E RPS i s
needed in some special conditions.

No.
Item
Description
Raisecom#show ethernet ring-protection
Show ERPS ring configuration.
Raisecom#show ethernet ring-protection status
Show ERPS ring status inforamtion.
Raisecom#show ethernet ring-protection statistic
Show ERPS ring statistics.
9.6 Configure Ethernet ring

9.6.1
9.6.1.1

As a Metro Ethernet technology, Ethernet ring solves the problems of weak protection to traditional
data ne twork and long time to fault recovery, which, in the ory, can provide 50ms r apid protection
features and is compatible with traditional Ethernet protocol, is an important technology options and
solutions of metro broadband access network optimization transformation.
Ethernet r ing t echnology is R AISECOM i ndependent research a nd de velopment protocol, which
through simple c onfiguration a chieves the elimination o f ring loop, fault protection switching, a nd
automatic fault recovery function and makes the fault protection switching time less than 50ms.
Raisecom Ethernet r ing t echnology is in support of bo th single-ring and t angent ring networking
modes, but not intersecting ring networking. Tangent ring is actually two separate single rings, which
has the same configuration with common single ring.
9.6.1.2
Preconditions
Before configuring Ethernet ring, configure interface physical parameters to make interface physical
layer state Up.
202
www.raisecom.com
9.6.2
User Manual
Default configuration of Ethernet ring

The default configuration of Ethernet ring is as below:
9.6.3
Function
Default value
Ethernet ring function status
Disable
Hello messages transmitting time
1s
Fault recovery delay time
5s
Bridge priority
Ring interface aging time
15s
Ring protocol messages VLAN
Create Ethernet ring

Please create Ethernet ring as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface interface-type
primary-interface-number

configuration mode.this interface
is the first interface of ring node.
Raisecom(config-port)#ethernet ring ring-id

interface-type sencondary-interface-number
Create ring and configure

corresponding ring interface. This
interface is the second interface of
ring node.
Enable Ethernet ring function.
Raisecom(config)#ethernet ring ring-id enable
9.6.4
Configure basic function of ring

Note:
For all de vices in the same ring, suggest configure the fault recovery time, Hello messages
interval. Ring protocol VLAN and Ring interface aging time separately for the same value.
Interface aging time must be greater than 2 times Hello time.
Please configure the basic function of ring on the device as below:
1
Raisecom#config
Raisecom(config)#ethernet ring
ring-id hello-time hello-time
(Optional) Configure Hello messages transmitting time

for Ethernet ring. By default, the messages sending
interval is 1s.
203
www.raisecom.com
User Manual
ring-id restore-delay delay-time
(Optional) Configure fault recovery delay time for

Ethernet ring. The link can be restored to the original
working link until the recovery delay time timeout.
ring-id priority priority
(Optional) Configure bridege priority for Ethernet ring.
ring-id description string
(Optional) Configure ring description information. The

description infortion cannot exceed 32 bytes.
ring-id hold-time hold-time
(Optional) Configure interface aging time for Ethernet

ring. If Ethernet ring interface hasnt received Hello
messages in aging time, age this interface and consider
that the link circuit on link ring has fault. If the node
interface is in Block state, it will enable the blocked
interface temporarily to ensure the normal
communication of all nodes on Ethernet ring.
ring-id protocol-vlan vlan-id
(Optional) Configure protocol VLAN for Ethernet ring.
Note: master node election: at the beginning, all nodes consider themselves the master node, one of
two interfaces is Block, so no data loop on the ring; when two interfaces on the ring node receive the
same Hello packets for many times, the node considers that the ring topology is stable and can elect
master node. Other nodes will not enable the blocked interface, usually only one master node, which
ensures only one blocked interface, and ensures the connectivity of the nodes on the ring.
9.6.5
Check configuration
No.
Item
Description
Raisecom#show ethernet ring [ ring-id ]
Check Ethernet ring information.
Raisecom#show ethernet ring port
Check Ethernet ring interface information.
Raisecom#show ethernet ring port statistic
Check Ethernet ring interface messages

statistics information.
9.7 Maintenance
User can maintain network reliability by the below commands:
Command
Description
line-protection [ line-id ] statistics
Clear protection line statistic information,

including Tx APS packets, Rx APS packets, latest
switching time, latest status switching time, etc.
ring-protection ring-id statistics
Clear protection ring statistic information.
ring ring-id statistics
Clear ring interface statistic information,

including Ethernet rong No., ring interface No.,
Hello, Change and Flush message, etc.
204
www.raisecom.com
User Manual

9.8.1 Configuring application of link aggregation in manual mode
9.8.1.1
As the Figure 9-5 shows below, in order to improve link reliability between Switch A and Switch B,
configure manual link aggregation for the two devices; add Port 1 and Port 2 into link aggregation
group t o b uild up a unique l ogical i nterface. T he l ink a ggregatin gr oup p erforms l oad s haring
according to source MAC.
Figure 9-5 Manual link aggregation application networking
9.8.1.2
Configuration Steps
Create manual link aggregation group.
Configure Switch A.
SwitchA#config
SwitchA(config)#interface port-channel 1
SwitchA(config-aggregator)#mode manual
SwitchA(config-aggregator)#exit
Configure Switch B.
SwitchA#config
SwitchB(config)#interface port-channel 1
SwitchB(config-aggregator)#mode manual
SwitchB(config-aggregator)#exit
Add interface info link aggregation group.

Configure Switch A.
SwitchA(config-port)#channel group 1
205
www.raisecom.com
User Manual
Configure Switch B.
SwitchB(config-port)#channel group 1
Configure load sharing mode for link aggregation.

Configure Switch A.
SwitchA(config)#link-aggregation load-sharing mode smac
Configure Switch B.
SwitchB(config)#link-aggregation load-sharing mode smac
Enable link aggregation.

Configure Switch A.
SwitchA(config)#link-aggregation enable
Configure Switch B.
SwitchB(config)#link-aggregation enable
9.8.1.3
Show result
Show global configuration of manual link aggregation by the command of show link-aggregation:
SwitchA#show link-aggregation
Link aggregation status:Enable
Load sharing mode:SMAC
Load sharing ticket generation algorithm:Direct-map
M - Manual
L - Lacp-static
GroupID Mode MinLinks MaxLinks UpLinks Member Port List
Efficient Port List
--------------------------------------------------------------------1
1-2
206
www.raisecom.com
User Manual
9.8.2 Configuring application of link aggregation in static LACP mode

9.8.2.1
configure static L ACP l ink a ggregation f or t he t wo devices, a dd Port 1 a nd Port 2 i nto l ink
aggregation group. Port 1 is the master link and Port 2 is standby link.
Figure 9-6 Static LACP link aggregation application networking
9.8.2.2
Configuration steps
Configure static LACP link aggregation group on Switch A and set Switch A as active end.
SwitchA#config
SwitchA(config)#lacp system-priority 1000
SwitchA(config)#interface port-channel 1
SwitchA(config-aggregator)#mode lacp-static
SwitchA(config-aggregator)#exit
SwitchA(config-port)#lacp port-priority 1000
SwitchA(config)#link-aggregation enable
Configure static LACP link aggregation group on Switch B.

SwitchB#config
SwitchB(config)#lacp system-priority 1000
SwitchB(config)#interface port-channel 1
SwitchB(config-aggregator)#modelacp-static
SwitchB(config-aggregator)#exit
207
www.raisecom.com
User Manual
SwitchB(config)#link-aggregation enable
9.8.2.3
Show result
Show static LACP link aggregation global configuration on Switch A by the command of show
link-aggregation:
Raisecom#show link-aggregation
Link aggregation status:Enable
Load sharing mode:SXORDMAC
Load sharing ticket generation algorithm:Direct-map
M - Manual
L - Lacp-static
GroupID Mode MinLinks MaxLinks UpLinks Member Port List
Efficient Port List
--------------------------------------------------------------------1
1-2
Show pe er s ystem LACP i nterface s tatus, mark, i nterface pr iority, management ke y, ope ration key
and status of interface status machine on Switch A by the command of show lacp internal:
Raisecom(config)#show lacp internal
Flags:
S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device in Active mode
P - Device in Passive mode
Interface State
Flag
Port-Priority
Admin-key
Oper-key
Port-State
------------------------------------------------------------------------P1
active
SA
1000
0x45
P2
standby
SA
32768
0x45
Show pe er system LACP interface s tatus, mark, interface pr iority, management ke y, ope ration key
and status of interface status machine on Switch A by the command of show lacp neighbor.
208
www.raisecom.com
User Manual
9.8.3 Configure interface backup application

9.8.3.1
As the Figure 9-7 shows below, to achieve the realiable accress from remote PC to server, configure
interface backup group on Switch A and assign VLAN list so as to achieve interface link protection
and load sharing. The requirement is as below:
Configure Switch A on V LAN 100VLAN 150, Port 1 i s m aster i nterface a nd P ort 2 i s
standby interface.
Configure S witch A on V LAN 15 1VLAN 200, Port 2 i s m aster interface, a nd Port 1 i s
standby interface.
Port 1 can be switched to Port 2 to keep link normal when it has link fault.
Switch A needs to support interface backup function, but Switch B, Switch C, Switch D need not.
Figure 9-7 Interface backup application networking
9.8.3.2
Configuration steps
Create VLAN 100VLAN 200 and add Port 1 and Port 2 into it.
Raisecom#config
Raisecom(config)#create vlan 100-200 active
Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm
Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm
Configure Port 1 as master interface and Port 2 as standby interface on VLAN 100VALN 150.
Raisecom(config-port)#switchport backup port 2 vlanlist 100-150
209
www.raisecom.com
User Manual
Configure Port 2 as master interface and Port 1 as standby interface on VLAN 151VALN 200.
Raisecom(config-port)#switchport backup port 1 vlanlist 151-200
9.8.3.3
Show result
Check i nterface ba ckup s tatus i nformation i n c onditions of normal l ink s tatus a nd l ink fault
separately by the command of show switchport backup.
When the link of Port 1 and Port 2 is Up, Port 1 forwards traffics on VLAN 100VALN 1 50, while
Port 2 forwards traffics on VLAN 151VALN 200.
Restore delay: 15s.
Restore mode: port-up.
Active Port(State)
Backup Port(State)
Vlanlist
--------------------------------------------------------port1
(Up)
port2
(Standby)
100-150
port2
(Up)
port1
(Standby)
151-200
Break the link simulation fault between Switch A and Switch B manually, then the status of Port 1
will become Down, Port 2 will forward traffics on VLAN 100VALN 200.
Restore delay: 15s
Restore mode: port-up
Active Port(State)
Backup Port(State)
Vlanlist
----------------------------------------------------------------port1 (Down)
port2
(Up)
100-150
port2 (Up)
port1
(Down)
150-200
When Port1 recovers t o Up st atus for 15s (re cover de lay), Port 1 will forward traffics on VLAN
100VALN 150, and Port 2 on VLAN 151VALN 200.
9.8.4 Configuring application of ELPS protection in 1:1 mode

9.8.4.1
configure 1:1 ELPS on the two devices and detect fault over physical interface status. Port 1 and Port
2 set in VLAN range 100~200.
Figure 9-8 Networking sketch map of 1:1 ELPS application

210
www.raisecom.com
9.8.4.2
User Manual
Configuration steps
Create VLAN 100~VLAN 200 and add interface into VLAN 100~VLAN 200.
Configure Switch A.
SwitchA#config
SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm
Configure Switch B.
SwitchB#config
SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm
create 1:1 mode ELPS protection line.

Configure Switch A.
SwitchA(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-to-one
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-to-one
Configure fault detection mode.

Configure Switch A.
SwitchA(config)#ethernet line-protection 1 working failure-detect physical-link
SwitchA(config)#ethernet line-protection 1 protection failure-detect physical-link
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working failure-detect physical-link
211
www.raisecom.com
User Manual
SwitchB(config)#ethernet line-protection 1 protection failure-detect physical-link
9.8.4.3
Show result
Show 1: 1 m ode E LPS c onfiguration on t he de vice by t he c ommand of
line-protection.
show ethernet

SwitchA#show ethernet line-protection 1
Id:1
Name:
MEL:0
ProtocolVlan:100-200
Working(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/LCK):
P1-100-200-physical--0-0-0(Active/N)
Protection(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/F/M):
P2-100-200-physical--0-0-0(Standby/N/N)
Wtr(m):5
Holdoff(100ms):0
Show 1:1 mode ELPS APS protocol information on t he device by the command of show ethernet
line-protection aps.
SwitchA#show ethernet line-protection 1 aps
Id
Type
Direction Revert Aps State Signal(Requested/Bridged)
-------------------------------------------------------------------1-Local
1:1
bi
yes
yes NR-W null/null
1-Remote 1:1
bi
yes
yes NR-W
null/null
9.8.5 Configuring application of ELPS protection in 1+1 mode

9.8.5.1
configure 1+1 one-way ELPS on the two devices and detect fault over CFM. Port 1 and Port 2 set in
VLAN range 100~200.
Figure 9-9 Networking sketch map of 1+1 ELPS application
212
www.raisecom.com
9.8.5.2
User Manual
Configuration steps
Create VLAN 100~VLAN 200 and add interface into VLAN 100~VLAN 200.
Configure Switch A.
SwitchA#config
Configure Switch B.
SwitchB#config
Configure CFM.
Configure Switch A.
SwitchA(config)#ethernet cfm domain md-name md1 level 7
SwitchA(config)#service ma1 level 7
SwitchA(config-service)#service vlan-list 100
SwitchA(config-service)#service mep down mpid 1 port 1
SwitchA(config-service)#service remote-mep 3
SwitchA(config-service)#service cc enable mep 1
SwitchA(config-service)#exit
SwitchA(config)#ethernet cfm enable
Configure Switch B.
213
www.raisecom.com
User Manual
SwitchB(config)#ethernet cfm domain md-name md1 level 7
SwitchB(config)#service ma1 level 7
SwitchB(config-service)#service vlan-list 100
SwitchB(config-service)#service mep down mpid 3 port 1
SwitchB(config-service)#service remote-mep 1
SwitchB(config-service)#service remote-mep 2
SwitchB(config-service)#service cc enable mep 3
SwitchB(config-service)#exit
SwitchB(config)#ethernet cfm enable
Create 1+1 mode one-way ELPS protection line.

Configure Switch A.
SwitchA(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-plus-one-uni
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-plus-one-uni

Configure Switch A.
SwitchA(config)#ethernet line-protection 1 working failure-detect cc md md1 ma ma1 level 7 mep 1 3
SwitchA(config)#ethernet line-protection 1 protection failure-detect cc md md1 ma ma1 level 7 mep 2 4
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working failure-detect cc md md1 ma ma1 level 7 mep 3 1
SwitchB(config)#ethernet line-protection 1 protection failure-detect cc md md1 ma ma1 level 7 mep 4 2
9.8.5.3
Show result
Show 1+ 1 m ode E LPS configuration on
line-protection.
the de vice by the c ommand of show ethernet

SwitchA#show ethernet line-protection 1
Id:1
Name:
ProtocolVlan:100-200
Working(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/LCK):
Port1-100-200-cc-md1ma1-7-1-3(Active/N)
Protection(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/F/M):
Port2-100-200-cc-md1ma1-7-2-4(Standby/N/N)
Wtr(m):5
Holdoff(100ms):0
214
www.raisecom.com
User Manual
Show 1+1 mode ELPS APS protocol information on t he device by the command of show ethernet
line-protection aps.
SwitchA#show ethernet line-protection 1 aps
Id
Type
Direction Revert Aps State Signal(Requested/Bridged)
-------------------------------------------------------------------1-Local
1+1
uni
yes
yes NR-W null/normal
9.8.6 Configuring application of single ring ERPS protection

9.8.6.1
As the Figure 9-10 shows below, in order to improve Ethernet reliability, the four devices Switch A,
Switch B, Switch C and Switch D build up an ERPS single ring.
Switch A device i s R PLOwner, Switch B i s R PLNeighbour; the RPL link between Switch A a nd
Switch B is blocked.
The fault de tection mode between Switch A and Switch D i s physical-link-or-cc, other links adopt
default fault detection mode (physical-link).
By default, VLAN is 1, and the congested VLAN range is 1~4094.
Figure 9-10 Single ring ERPS application networking
9.8.6.2
Configuration steps
Add interface into VLAN 1~VLAN 4094.
Configure Switch A.
SwitchA#config
215
www.raisecom.com
User Manual
Configure Switch B.
SwitchB#config
Configure Switch C.
SwitchC#config
Configure Switch D.
Raisecom#hostname SwitchD
SwitchD#config
SwitchD(config)#interface port 1
SwitchD(config-port)#switchport mode trunk
SwitchD(config-port)#exit
Configure CFM.
Configure Switch A.
Configure Switch D.
SwitchD(config)#ethernet cfm domain md-name md1 level 7
216
www.raisecom.com
User Manual
SwitchD(config)#service ma1 level 7
SwitchD(config-service)#service vlan-list 1
SwitchD(config-service)#service mep down mpid 2 port 1
SwitchD(config-service)#service remote-mep 1
SwitchD(config-service)#service cc enable mep 2
SwitchD(config-service)#exit
SwitchD(config)#ethernet cfm enable
Create ERPS protection ring.

Configure Switch A.
SwitchA(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-owner rpl east
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-neighbour rpl west
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east port 1 west port 2

Configure Switch A.
SwitchA(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 1
2
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 2
1
9.8.6.3
Show result
Check i f E RPS protection ring is ef fective on the de vice b y t he command of show ethernet
ring-protection status.
Take Switch A for example, RPL link is congested to avoid loopback:
SwitchA#show ethernet ring-protection status
Id/Name
Status
Last Occur(ago)
East-State West-State sc Traffic-vlanlist
--------------------------------------------------------------------1
idle
0 day 0050750
block
forwarding
1-4094
Cut off link between Switch B and Switch C by manual to simulate fault, execute command to show
ERPS protection ring status on Switch A again, RPL link switches to forwarding status.
Id/Name
Status
Last Occur(ago)
------------------------------------------------------------------1
Protection
0 day 0055950
forwarding forwarding
1-4094
217
www.raisecom.com
User Manual
9.8.7 Configuring application of double ring ERPS protection

9.8.7.1
As the Figure 9-11 shows below, in order to improve Ethernet reliability, the devices Switch A,
Switch B, Switch C, Switch D, Switch E and Switch F build up double ring ERPS network.
Switch A, Switch B, Switch C and Switch D build up the master ring, Switch D is master ring
RPLOwner, S witch C i s m aster r ing R PLNeighbour, c ongest S witch D Port 1 i nterface, pr otocol
VLAN adopts default value 1.
Switch A, Switch B, S witch E and Switch F bui ld up secondary r ing, S witch F i s s econdary r ing
RPLOwner, Switch A is secondary ring RPLNeighbour, congest Switch F Port 1 i nterface, protocol
VLAN is 4094. Virtual path mode of secondary ring is defaulted with mode.
Congestion VLAN range of master and secondary ring are both defaulted 1~4094.
Master ring devices all adopt physical-link-or-cc mode to detect fault, secondary ring adopt defaulted
fault detection mode (physical-link).
Figure 9-11 Double-ring ERPS application networking
9.8.7.2
Configuration steps
Add interface into VLAN 1~VLAN 4094.
Configure Switch A.
SwitchA#config
218
www.raisecom.com
User Manual
Configure Switch B.
SwitchB#config
Configure Switch C.
SwitchC#config
Configure Switch D.
Raisecom#hostname SwitchD
SwitchD#config
Configure Switch E.
Raisecom#hostname SwitchE
SwitchE#config
SwitchE(config)#interface port 1
SwitchE(config-port)#switchport mode trunk
SwitchE(config-port)#exit
SwitchE(config)#interface port 2
SwitchE(config-port)#switchport mode trunk
SwitchE(config-port)#exit
Configure Switch F.
Raisecom#hostname SwitchF
219
www.raisecom.com
User Manual
SwitchF#config
SwitchF(config)#interface port 1
SwitchF(config-port)#switchport mode trunk
SwitchF(config-port)#exit
SwitchF(config)#interface port 2
SwitchF(config-port)#switchport mode trunk
SwitchF(config-port)#exit
Configure master ring CFM detection.

Configure Switch A.
Configure Switch B.
SwitchB(config)#ethernet cfm domain md-name md1 level 7
Configure Switch C.
SwitchC(config)#ethernet cfm domain md-name md1 level 7
SwitchC(config)#service ma1 level 7
SwitchC(config-service)#service vlan-list 1
SwitchC(config-service)#service mep down mpid 5 port 1
SwitchC(config-service)#service mep down mpid 6 port 2
SwitchC(config-service)#service cc enable mep 5
SwitchC(config-service)#service cc enable mep 6
SwitchC(config-service)#exit
SwitchC(config)#ethernet cfm enable
Configure Switch D.
SwitchD(config)#ethernet cfm domain md-name md1 level 7
SwitchD(config)#service ma1 level 7
220
www.raisecom.com
User Manual
SwitchD(config-service)#service vlan-list 1
SwitchD(config-service)#exit
SwitchD(config)#ethernet cfm enable
Create master ring for ERPS protection.

Configure Switch A.
SwitchA(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-neighbour rpl west
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-owner rpl east
Configure fault detection mode for master ring.

Configure Switch A.
SwitchA(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 1
8
SwitchA(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 2
3
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 3
2
SwitchB(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 4
5
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 5
4
SwitchC(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 6
7
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 7
6
SwitchD(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 8
1
Configure sub-ring for ERPS protection ring.

Configure Switch A.
SwitchA(config)#ethernet ring-protection 2 east port 3 node-type rpl-neighbour protocol-vlan 4094
221
www.raisecom.com
User Manual
SwitchA(config)#ethernet ring-protection 2 propagate enable
Configure Switch B.
SwitchB(config)#ethernet ring-protection 2 east port 3 protocol-vlan 4094
SwitchB(config)#ethernet ring-protection 2 propagate enable
Configure Switch E.
SwitchE(config)#ethernet ring-protection 2 east port 1 west port 2 protocol-vlan 4094
Configure Switch F.
SwitchF(config)#ethernet ring-protection 2 east port 1 west port 2 node-type rpl-owner rpl east protocol-vlan
4094
9.8.7.3
Show result
Check i f E RPS protection ring i s e ffective on t he de vice b y t he c ommand of show ethernet
ring-protection status.
Execute the c ommand on Switch A, Switch D and Switch F r espectively, the r esult w ill s how a s
below if configure successfully.
Id/Name
Status
Last Occur(ago) East-State West-State sc
Traffic-vlanlist
------------------------------------------------------------------------1
Id/Name
idle
Status
0 day 0050750
forwarding
forwarding 1
Last Occur(ago) East-State West-State sc
1-4094
Traffic-vlanlist
------------------------------------------------------------------------2
idle
0 day 0050750
forwarding
forwarding 1
1-4094
SwitchD#show ethernet ring-protection status

Id/Name
Status
Last Occur(ago)
------------------------------------------------------------------------1
idle
0 day 0050750
block
forwarding
1-4094
SwitchF#show ethernet ring-protection status

Id/Name
Status
Last Occur(ago)
------------------------------------------------------------------------2
idle
0 day 0050750
block
forwarding
1-4094
9.8.8 Configure Ethernet ring application

9.8.8.1
As t he F igure 9 -12 s hows be low, t o i mprove t he r eliability of E thernet, t he S witch A , S witch B,
Switch C, Switch D have constituted an Ethernet single ring Ring 1.
The figure shows that the four devices are added to Ring 1 interface. MAC addresses are Switch A
(000E.5E00.000A), Switch B (000E.5E00.000B), Switch C (000E.5E00.000C), Switch D
(000E.5E00.000D).
222
www.raisecom.com
User Manual
The status and priority of four nodes are the same, Mac address of Switch D is biggest, and therefore,
Switch D is the master node of Ethernet ring.
Figure 9-12 Ethernet ring application networking
9.8.8.2
Configuration steps
Configure Switch A.
SwitchA#config
SwitchA(config-port)#ethernet ring 1 port 2
SwitchA(config)#ethernet ring 1 enable
Switch Switch B, Switch C, and Swtch C, please take Switch A configuration for reference.
9.8.8.3
Show result
Check Ethernet ring configuration by the command of show ethernet ring.
Take Switch D for example, when the loop is normal, the first ring interface of master node Switch D:
Port 1 Block clears data loop.
SwitchD#show ethernet ring
Ethernet Ring Upstream PortList:-Ethernet Ring 1:
Ring Admin:
Enable
Ring State:
Enclosed
Bridge State:
Block
Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds

Bridge Priority:
Bridge MAC:
000E.5E00.000D
Ring DB State:
Block
Ring DB Priority:
Ring DB:
000E.5E00.000D
223
www.raisecom.com
User Manual
Hello Time:
Restore delay:
Hold Time
15
Protocol Vlan
Break l ink s imulation f ault be tween S witch A a nd S witch B m anually, P ort 1 of S witch D w ill
change i ts s tatus f rom B lock t o F orwarding, Port 1 of S witch B w ill c hange i ts status fr om
Forwarding to Block. Check Ethernet ring status again.
SwitchD#show ethernet ring
Ethernet Ring Upstream-Group:1
Ethernet Ring 1:
Ring Admin:
Enable
Ring State:
Unenclosed
Bridge State:
Two-Forward
Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds

Bridge Priority:
Bridge MAC:
000E.5E00.000D
Ring DB State:
Block
Ring DB Priority:
Ring DB:
000E.5E00.000B
Hello Time:
Restore delay:
15
Hold Time
15
Protocol Vlan
224
www.raisecom.com
User Manual
Chapter 10 OAM
This chapter introduces basic principle and configuration of OAM and provides related configuration
applications.
Overview
EFM
CFM
SLA
E-LMI
Maintenance
10.1
Overview
10.1.1
OAM overview
Ethernet i s de signed f or LAN initially; the OAM ( Operation, Administration and Management) i s
weak for its small scale and possesses administrative system of NE level. With the wider application
of E thernet i n t elecom ne twork, t he l ink l ength a nd network s cal become bi gger a nd bi gger, i t
demands an efficient management and maintenance system in telecom network.
To confirm connectivity of Ethernet virtual connection, detecting, confirming and locating fault from
Ethernet layer, as well as balance network utility and network performance, then providing service
according S LA (Service Level Agreement) i mplementing OAM o n E thernet has becoming a
inevitable developing trend.
Ethernet OAM is graded to achieve, as shown in Figure 10-1, it is generally divided into two levels:
Link level Ethernet OAM: mostly used to the Ethernet physical link between PE (P rovider
Edge) and CE (Customer Edge) (i.e.: the last mile) to monitor the link status between users
network and and operators network. The typical protocol is EFM (Ethernet in the First Mile)
OAM protocol.
Service-class Ethernet OAM: mostly us ed t o network access conv ergence l ayer to monitor
the e ntire ne twork connectivity, position network connectivity fault, and monitor link
performance. The typical protocol is CFM (Connectivity Fault Management) OAM protocol.
225
www.raisecom.com
User Manual
Figure 10-1 Sketch map of OAM level
10.1.2
EFM
Complied with IEEE 8802.3ah protocol, EFM is a kind of Ethernet OAM technology in link level,
which provides link connectivity detection function, link fault monitoring function, and remote fault
notification function, etc to the link between two straight-connection devices.
"The last mile" in EFM r efers t o the c onnection f rom telecommunications carrier t o the users. Its
goal is to promote the widely used E thernet technology to the telecommunications access ne twork
market, which can significantly improve network performance and reduce device and operating costs.
EFM is mainly used for user access network edge Ethernet link.
Switch device provides the IEEE 802.3ah standard EFM function.
10.1.3
CFM
CFM is a kind of Ethernet OAM technology in network level, implementing end-to-end connectivity
fault de tection, f ault n otification, j udgement a nd l ocation f unctions. It is us ed t o diagnose f ault
actively for EVC (Ethernet Virtual Connection) and provide c ost-effective ne twork maintenance
solution via fault management function and improve network maintenance.
The s witch provides CFM function which is compatible w ith IEEE 802.1ag and ITU-T Y.1731
recommendations.
226
www.raisecom.com
User Manual
CFM is made from below components:

MD
MD (Maintenance D omain, al so cal led MEG, Maintenance E ntity Group) is a network that runs
CFM f unction. It de fines ne twork r ange f or OAM m anagement. M D ha s l evel pr operty w ith 8
different levels (level 0 to level 7), the bigger the number is, the higher the level is, and the larger the
corresponding range is. Protocol packets of lower level MD will be discarded after entering higher
level MD; while higher level MD packets can transmit through lower level MD. In one VLAN range,
different MD can be adjacent, embedded, but not crossed.
As the Figure 10-2 shows below, MD2 is contained in MD1. MD1 packets need to transmit through
MD2. Confiure MD1 level as 6, and MD2 l evel a s 3. Then MD1 pa ckets c an t ravel through MD2
and i mplement c onnectivity fault m anagement to the whole MD1, b ut M D2 pa ckets w ont di ffuse
into MD1. MD2 is server layer and MD1 is client layer.
Figure 10-2 Sketch map of different MD levels
Service instance
Service Instance also called MA (Maintenance Association) is part of MD. One MD can be divided
into one or multiple service instances. One service instance corresponds to one service, mapping to
one V LAN group; VLAN of different service instances cannot cross. Though service instance can
map to multiple VLAN, one instance can use one VLAN for transmitting or receiving OAM packets.
This VLAN is master VLAN of the intance.
MEP
As the Figure 10-3 shows below, MEP (Maintenance associations End Point) is edge node of service
intance. MEP can transmit a nd deal with CFM packets, instance that MEP located and MD decide
the VLAN and level for MEP packets transmission and reception
MEP o n a ny de vice r unning C FM i n ne twork i s c alled l ocal MEP; MEP on ot her de vices i n t his
instance is called RMEP (Remote Maintenance association End Point).
One i nstance can configure multiple MEP; packets s ent by M EP i n one i nstance t ake i dentical
S-VLAN TAG, priority and C-VLAN TAG. MEP can receive OAM packets sent by other MEP in
the instance, stop packets with the same level or lower than its own level and transmit packets higher
than its own level.
227
www.raisecom.com
User Manual
Figure 10-3 Sketch map of MEP and MIP
MIP
As the Figure 10-3 shows above, MIP (Maintenance association Intermediate Point) is inner node of
service instance, which is created by device automatically. MIP cannot send CFM p ackets actively
but can manage and answer LTM (LinkTrace Message) and LBM (LoopBack Message) packets.
MP
MEP and MIP are both called MP (Maintenance Point).
10.1.4
SLA
SLA is a telecommunication service evaluating standard negotiated by service provider and users to
provide agreement to service quality, priority and responsibility, etc.
In technology, S LA is real-time ne twork performance de tection and statistic technology which c an
give s tatistics to responding t ime, ne twork j itter, delay, packet loss rate, etc. SLA can choose
different task for different application and monitor related measurement value.
Basic concepts related to SLA:
Operation
Static conc ept: it is a SLA ne twork performance t esting t ask f rom e nd-to-end, i ncluding layer-2
network delay/jitter te st ( y1731-echo/y1731-jitter) and
layer-3 network delay/jitter te st
(icmp-echo/icmp-jitter).
Test
Dynamic concept: it is used to describe an execution of one operation.
Detection
Dynamic concept: it is used to describe a procedure of transmitting-receiving packet in operation test.
According to definition of operation, one operation test can contain multiple detections (one test only
contains one time of detection for Echo operation).
Schedule
Dynamic concept: it is used to describe a schedule of one operation; one schedule contains multiple
periodical tests executions.
228
www.raisecom.com
10.1.5
User Manual
E-LMI
Refering to Frame Relay Local Management Interface Specification, MEF (Metro Ethernet Forum)
defines t he E thernet L ocal M anagement I nterface. E -LMI i s the O AM pr otocol to locate in UNI
(User-Network Interface), mainly used between CE and PE devices.
E-LMI enables service providers to configure CE automatically according to purchased services. By
E-LMI, CE can automatically r eceive mapping information from us er VLAN t o EVC and the
corresponding bandwidth and QoS settings. E-LMI CE device auto-configuration function not only
reduces the w ork of the services establishment, but also the coordination work between service
providers and enterprises users. As a result, enterprise users neednt to know the configuration of CE
devices; service pr ovider w ill t ake t he i ntegrateconfiguration a nd m anagement w hich r educes the
risk of human errors.
In addition, E-LMI also provides the EVC status information to CE device. Once the EVC fails (such
as PE uses CFM to provide fault detection function for EVC), PE will notify the CE device to access
side route for switching.
The deployment location of E-LMI in the network is shown in Figure 10-4:
Figure 10-4 E-LMI location in network
10.2
EFM
10.2.1
10.2.1.1
Deploy E FM f eature be tween s traight t hrough c onnected de vices c an efficiently improve E thernet
link management and maintenance capability and ensure network running stable.
10.2.1.2
Preconditions
Before c onfiguring E FM, users ha ve to c onnect interface a nd configure physical pa rameters f or it,
the interface is Up at physical layer.
10.2.2
Default configuration of EFM

The default configuration of EFM is as below:
Function
Default value
229
www.raisecom.com
10.2.3
User Manual
Function
Default value
Working mode of EFM
Passive
Message transmission interval
10100ms
Link timeout time
5s
OAM function status
Disable
Alarm function statusof peer OAM event
Disable
Remote loopback status of EFM
Respond
Monitoring window of error frame event
1s
Monitoring threshold of error frame event
1 error frame
Monitoring window for statistic event of link error

frame seconds
60s
Monitoring threshold for statistic event of link error

frame seconds
1s
Monitoring window for statistic event of error code
100ms
Monitoring threshold for statistic event of error code
1s
Fault indication function status
Enable
Alarm function for Local OAM event
Disable
Basic functions of EFM

Please configure EFM on the device as below:
Step
Configuration
Description
Raisecom#config
port-id
Raisecom(config-port)#oam
{ active | passive }
Configure work mode for EFM. In active mode, starting

OAM peer discover process actively, not supporting no
answer to remote loopback command and no answer to
variable obtain request functions; dont start OAM peer
discover process in passive mode, not in support of sending
remote loopback command and sending variable obtain
request functions. By default, device is in passive mode. At
least one end is active mode when configuring, otherwise
the link detection cannot perform.
230
www.raisecom.com
Step
User Manual
Configuration
Raisecom(config)#oam
send-period period-number
Description
(Optional) OAM link sends INFO packets to each other
timing, use this command to set packets sending interval
and control link communication period. The unit is 100ms.
By default, sending interval is 10 (10100ms).
Raisecom(config)#oam timeout
period-number
(Optional) Configure OAM link timeout time.

OAM link is broken if both ends devices of OAM link
havent receive OAM packets over timeout time.
By default, time for link timeout is 5s.
port-id
Raisecom(config-port)#oam enable
Enable interface OAM function. By default, OAM disable.

The command of oam disable can disable interface OAM.
10.2.4
Active functions of EFM

Please configure EFM active function for the device as below.
Note: EFM active function must be configured when the device is in active mode.
10.2.4.1
(Optional) Startup EFM remote loop function

Step
Configuration
Description
Raisecom#config
port port-id

mode.
remote-loopback
Configure interface to start EFM remote

loopback function. Remote loopback function
can only be started after EFM connection and
must be configured in active mode device.
Raisecom(config-port)#no oam
remote-loopback
(Optional) Disable remote loopback function.

Disable remote loopback function in time after
finish detection.
Note:
Perform loopback detection periodically can discover network fault in time. By loopback
detection in network sections can locate exact fault area and help users remove fault.
In link loopback status, the device loopback all packets except OAM packets received by link
to peer device, user data packets cannot forwarded normally. Please disable this function in
time when doesnt need detection.
10.2.4.2
(Optional) Configure peer OAM event trap function

Step
Configuration
Description
Raisecom#config

231
www.raisecom.com
10.2.4.3
User Manual
Step
Configuration
Description
port port-id
peer event trap enable
Enable peer OAM event trap function, link monitor

event can be reported to NMS center in time. By
default, device doesnt report trap to NMS center
through SNMP TRAP when receiving peer link
monitor event. User can use the command of oam
peer event trap disable to disable this function.
(Optional) Check current variable value of peer

Please configure OAM link monitor for the device as below.
Step
Configuration
Description
Raisecom#show oam peer

[link-statistic | oam-info ] port-list
port-list
Get peer device OAM information or

interface statistic variable value.
Note: By ge tting c urrent variable value of pe er de vice to get s tatus of c urrent l ink. IEEE802.3
Clause30 defines a nd e xplains s upporting O AM ge tting v ariable a nd i ts denotation in details. The
variable t akes Object as t he m aximum di vision, e ach obj ect c ontains Package a nd Attribute. A
package contains several attributes. Attribute is the minimum unit of variable. When OAM variable
getting, it de fines object, package, brach and leaf description of a ttributes by C lause30 to describe
requesting object, and the branch and leaf are followed by variable value to denote object responds
variable r equest. The de vice i s i n s upport of OAM inf ormation and interface s tatistics f or obj ect
variable getting.
Peer variable getting cannot realize until building up EFM connection.
10.2.5
Passive functions of EFM

Please configure EFM passive function for the device as below.
Note: EFM passive function can be configured regardless the device is in active or passive mode.
10.2.5.1
(Optional) Configure device related EFM remote loopback

Step
Configuration
Description
Raisecom#config
port port-id
loopback { ignore | process }
Configure ignore or process EFM remote

loopback. By default, the device processes EFM
remote loopback.
Note: Peer EFM remote loopback function wont take effect until remote loopback process function
232
www.raisecom.com
User Manual
is configured at local.
10.2.5.2
(Optional) Configure OAM link monitor function

Step
Configuration
Description
Raisecom#config
port-id

mode.
errored-frame window window
threshold threshold
Configure error frame monitor window and

threshold. By default, monitor window is 1
second, threshold is 1 error frame.
errored-frame-period window
window threshold threshold
Configure error frame period event monitor

window and threshold. By default, monitor
window is 100 ms, threshold is 1 error frame.
errored-frame-seconds window
Configure link error frame seconds windown

and threshold. By default, monitor window is
60 seconds, threshold is 1 second.
errored-symbol-period window
Configure error code window and threshold.

By default, monitor window is 100ms,
threshold is 1 second.
Note:
OAM link m onitor is us ed t o de tect a nd r eport l ink error i n di fferent c ondition. When
detection link has fault, device notifies peer the error generated time, windown and threshold
setting, etc. by OAM event, the peer receives event notification and report NMS center via
SNMP Trap. Besides, local device can direct report event to NMS center via SNMP Trap.
By default, system has default value for error generated time, windown and threshold setting.
10.2.5.3
(Optional) Configure OAM fault indication function
Step
Configuration
Description
Raisecom#config
port port-id
notify { critical-event |
dying-gasp | errored-frame |
errored-frame-period |
errored-frame-seconds |
errored-symbol-period }
{ disable | enable }
Configure OAM fault indication system, used to notify peer

device that local device is abnormal. The device can notify
peer faults of link-fault, dying-gasp and critical-event. By
default, device fault indication is enabled. When fault
happens, device notifies peer through OAM immediately.
Except link-fault must notify peer, dying-gasp and
critical-event can be disabled by this command.
10.2.5.4
(Optional) Configure local OAM event trap function

Step
Configuration
Description
233
www.raisecom.com
10.2.6
User Manual
Step
Configuration
Description
Raisecom#config
port port-id
event trap enable
Enable local OAM event trap function, link monitor

event can be reported to NMS center in time. By
default, device wont report NMS center by SNMP
Trap. The command of oam event trap disable can
disable it.
No.
Item
Description
Raisecom#show oam
Show basic configuration of EFM.
Raisecom#show oam loopback Show EFM remote loopback configuration.

Raisecom#show oam notify

Show OAM link monitor and fault

indication configuration.
Raisecom#show oam statistics

Show OAM statistic information.
Raisecom#show oam trap

Show OAM event trap configuration.
Raisecom#show oam event

[ port-list port-list ] [ critical ]
Shoe serious interface detection fault

information of local device.
Raisecom#show oam peer

event [ port-list port-list ]
[ critical ]
Show serious peer transmission fault

information to the interface.
10.3
CFM
10.3.1
10.3.1.1
To develop Ethernet technology application in telecommunication network, Ethernet needs to realize
service level identical to telecommunication transmission network. CFM provides full OAM tool to
telecommunication Ethernet to solve this problem.
CFM provides the below OAM functions:
Fault detection function
Fault detection function refers to use CC (Continuity Check) protocol to detect the connectivity of
Ethernrt v irtual ne twork a nd c onfirm the M P c onnection s tatus. This f unction i s r ealized by MEP
sending CCM (Continuity Check Message) periodically, other MEP in one service instance receives
234
www.raisecom.com
User Manual
packet to confirm the status of RMEP. The device fault or link configuration error may make MEP
cannot fail to receive and process CCM from RMEP. If MEP hasnt recived remote CCM packet in
3.5 CCM intervals, the link is considered to be fault, system will send fault trap according to alarm
priority configuration.
Fault acknowledgement function
Using L B ( LoopBack), this f unction c onfirms connectivity be tween t wo M P by s ending L BM
(LoopBack Message) from source MEP and answering LBR (LoopBack Reply) by destination MP.
Source MEP sends LBM to MP for fault acknowledgement; the MP receives LBR and sends a LBR
to source ME P. I f the source ME P can receive LBR, the pa th is connective; if sou rce ME P cant
receive LBR, the path is not connective.
Fault location function
Using LT, this function sends LTM (LinkTrace Message) to destination MP by source MEP, each MP
device on LTM transmitting path will answer LTR ( LinkTrace Reply) to source MEP, and then the
efficient LTR and LTM fault location point can be recorded.
Alarm indication signal function (AIS, Alarm Indication Signal)
This function is used to stop alarm when detected fault at server layer (sub-layer). MEP (including
server MEP) sends AIS frame to client MD when detected fault. ETH-AIS frame is transmitted on
MEP (or server MEP). When receiving AIS frame, it doesnt contain peer MEP information of fault,
the M EP m ust inhi bit a ll pe er M EP tr ap regardless of the c onnectivity s tatus. It can inhibit c lient
alarm information through AIS function to make the network easier to manage and maintain when
server layer has fault.
Ethernet signal lock function (LCK, Lock)
This function is used to notify management lock for server layer (sub-layer) MEP and the followed
data s ervice traffic ha lt. The s ervice traffic is sent for MEP expected to receive traffic. Then MEP
receives ETH-LCK frame can identify it is fault or management lock of server layer MEP. Lock is
OAM f unction a ccording t o r equirement, a t ypical a pplication of M EP l ock i s w hen pe rforming
diagnostic test when service halts.
Anyway, CFM implements end-to-end service OAM technology, reducing service provider operation
cost and improve competion.
10.3.1.2
Preconditions
Finish below tasks before configuring CFM:
layer
Create VLAN
10.3.2
Default configuration of CFM

The default configuration of CFM is as below:
Function
Default value
235
www.raisecom.com
10.3.3
User Manual
Function
Default value
Global CFM function status
Disable
CFM function status on interface
Enable
MD status
Not exist
MEP status overservice instance
Up
Aging time of remote MEP
100min
Hold time of error CCM message
100min
MEP transmitting CCM message status
Not transmit
MEP transmitting CCM message mode
Passive
CCM message transmitting interval
10s
Dynamic import function leart by service

instance romote MEP
Ineffective
cc check function of remote MEP
Disable
CFM OAM message priority
Layer-2 ping function status
Five LBM messages are transmitted;

the length of TLV message is 64.
Switch status of fault location database
Disable
Hold time of data in fault location database
100min
AIS transmitting function status
Disable
AIS transmission period
1s
Alarm suppression function status
Enable
LCK message transmitting function statis
Disable
Enable CFM
Please configure CFM for the device as below.
Note: CFM fault detection and location function cannot take effect unless enabling CFM function on
the device.
Step
Configuration
Description
Raisecom#config
236
www.raisecom.com
10.3.4
User Manual
Step
Configuration
Description
Raisecom(config)#ethernet cfm
enable
Enable global CFM function. By default, CFM is

not enabled globally; the command of ethernet cfm
disable can disable it.
port-id
Raisecom(config-port)#ethernet
cfm enable
Enable CFM function on interface. By default,

interface enables CFM function. The command of
ethernet cfm disable can disable it. The interface
cannot receive/transmit CFM packets after disabled.
Basic functions of CFM

Please configure CFM for the device as below.
Step
Configuration
Description
Raisecom#config
domain [ md-name
domain-name ] level level
Create maintain domain. Use t he pa rameter md-name

to assign name for MD in 802.1ag style. MA and CCM
packets u nder M D a re b oth i n 80 2.1ag s tyle; don t
assign name, the MD is in Y.1731 style, MA and CCM
packets under this MD are both in Y.1731 style. If user
assigns na me f or MD , the na me m ust be uni que i n
global, or else MD configuration will be failure.
Note: L evel of specified MD m ust be different; other
wise MD configuration will fail.
Raisecom(config)#service cisid
level level
Create service instance and enter instance configuration

mode. ( MD name, s ervice instance name) character
string i s uni que i n gl obal range. If se rvice instance
existed, this c ommand will di rect le ad to service
instance configuration mode.
Raisecom(config-service)#service Configure service application VLAN map.

vlan-list vlan-list [ primary-vlan
VLAN list pe rmits a t most 32 VLAN. The smallest
vlan-id ]
VLAN w ill be t aken as pr imary V LAN of s ervice
instance. All M EP in service ins tance tr ansmit a nd
receive packets through primary VLAN.
Note: Since using primary V LAN t o t ransmit a nd
receive pa ckets, all of ot her V LAN i n the l ist ar e
mapped t o pr imary V LAN. This logical V LAN
mapping r elationship i s globally; VLAN m apping
relationship of di fferent le vel c an be ide ntical but
cannot c ross. For e xample: i nstance 1 m apping t o
VLAN 10-20, instance 2 mapping to VLAN 15-30, the
configuration i s i llegal b ecause V LAN 15 -20 is
overlopped.
Raisecom(config-service)#service Configure MEP over service instance. Service instance

mep [ up | down ] mpid mep-id must map t o V LAN w hen c onfiguring t his ki nd MEP.
port port-id
By de fault, M EP i s Up, that is to detect the f ault in
interface uplink direction.
237
www.raisecom.com
10.3.5
User Manual
Configure fault detection

Please configure CFM fault detection on the device as below.
Step
Configuration
Description
Raisecom#config
remote mep age-time minutes
(Optional) Configure remote MEP aging time.

By default, learned remote MEP aging time is 100min.
Raisecom(config)#ethernet cfm errors (Optional) Configure hold time for e rror C CM p ackets.
archive-hold-time minutes
The device saves all fault information of MEP.
By de fault, hol d t ime f or error C CM packets i s 100
minutes. New h old time configured by the s ystem w ill
check data i n database once; the data will be cl eared
immediately if it is over time.
Raisecom(config)#service cisid level

level
Enter service instance configuration mode.
Raisecom(config-service)#service cc
interval { 1 | 10 | 60 | 600 | 3ms | 10ms
| 100ms }
(Optional) Configure service i nstance C CM pa ckets

sending time interval.
By de fault, C CM pa ckets s ending time interval is 10
seconds. C CM pa ckets sending interval cannot be
modified when the function is enabled.
Raisecom(config-service)#service cc
enable mep { mepid-list | all }
Enable MEP transmitting CCM packets.
Raisecom(config-service)#service
remote-mep mep-list [ port port-id ]
(Optional) Configure static r emote M EP. Use by

cooperating with cc check function.
remote-mep learning active
(Optional) Configure remote M EP l earning dy namic

import f unction. Service i nstance t ransfers dynamic
remote ME P learnt to static r emote M EP automatically
once receiving CCM packets.
By de fault, M EP do esnt s end C CM pa ckets. U se t he

command service cc disable mep {mepid-list | all} to
disable CCM packets transmission.
By default, disable this function.

9
10
remote-mep cc-check enable
(Optional) Configure remote MEP cc check function.
cvlan vlan-id
(Optional) Configure client V LAN for CFM OAM

packets, j ust ne ed to configure in Q inQ ne tworking
environment.
After en abling this function, s ystem will check whether

the dynamic r emote M EP I D learned is consistent w ith
static r emote M EP I D once receiving CCM pa ckets. If
they are not consistent, the CCM packets are considered
as incorrect. By default, disable this function.
By default, CFM OAM packets dont take C-TAG. After

configuring client VLAN for service instance, all CCM,
LTM, LBM, DMM sent by MEP under the instance will
carry double TAG. Hereinto, C-TAG uses this command
to configure client VLAN.
238
www.raisecom.com
User Manual
Step
Configuration
11
priority priority
Description
(Optional) Configure CFM OAM packets priority.
After configuring packets priority, all CCM, LBM, LTM,
DMM sent by MEP use assigned priority.
By default, packet priority is 6.
12
Raisecom(config-service)#snmp-server
trap cfm { all | ccmerr | macremerr |
none | remerr | xcon } mep { all |
mep-list }
(Optional) Configure CFM permitting sending fault trap

type. C C f unction of CFM can detect f ault i n 5 l evels,
they are from high to low: level 5-cross connection, level
4-CCM error, level 3-remote MEP loss, level 2-interface
status fault, level 1-RDI. By default, it is macremerr,
namely permiting fault trap on level 2-5.
Note:
When CFM detected fault, identical level or lower level
fault wont generate trap again before removing fault;
Wait f or 10s unt il the f ault s tatus is c leared a fter
removing CFM fault.
10.3.6
Configure fault acknowledgement

Please configure CFM fault acknowledgement for the device as below.
Step
Configuration
Description
Raisecom#config
level level
Raisecom(config-service)#ping
{ mac-address | mep rmep-id }
[ count count ] [ size size ]
[ source mep-id ]
Execute layer-2 ping function for fault acknowledgement.

By default, five LBM messages will be transmitted; the
length of TLV message is 64; they will search an available
source MEP by automation.
CFM needs to find destination MEP MAC address by
mep-id to execute ping operation if the specified destination
mep-id performs layer-2 ping operation. Source MEP will
save remote MEP idata information in remote MEP database
after discovering and stabilizing remote MEP. The remote
MEP MAC address can be found from remote MEP
database according to mep-id.
Note:
Make s ure gl obal C FM f unction e nable be fore executing t his c ommand, ot herwise t he
command will be executed unsuccessfully;
If there is no MEP configured in service instance, ping unsuccessfully because of fail to find
source MEP;
If assigned source MEP is invalid, ping unsuccessfully. For example, assigned source MEP is
not existing or CFM of the source MEP interface is disabled;
If assigning destination MEPID to perform ping operation, ping unsuccessfully when fail to
find destination MEP MAC address according to MEPID;
Operation will f ail if ot her us ers a re us ing t he a ssigned s ource M EP t o pe rform ping
operation.
239
www.raisecom.com
10.3.7
User Manual
Configure fault location

Please configure CFM fault location for the device as below.
Step
Configuration
Description
Raisecom#config
traceroute cache enable
(Optional) Enable fault location database switch.

In enable status, system trace route information
via database storing protocol, the command of
show ethernet cfm traceroute cache can show at
any time. In disable status, result of traceroute will
be cleared after executing traceroute. Disable by
default, the command of ethernet cfm traceroute
cache disable can disable it.
traceroute cache hold-time minutes
(Optional) Configure data hold time for fault

location database. User can set data hold time
when fault location database switch is enabled.
Hold time is 100 minutes by default.
traceroute cache size size
(Optional) Configure saved data amount. User can

set the saved data amount when the switch is
enabled. It is 100 by default; doesnt save data if
the switch is disabled.
Raisecom(config)#service cisid level

level
Raisecom(config-service)#traceroute
{ mac-address | mep mep-id } [ ttl
ttl ] [ source mep-id ]
Execute layer-2 Traceroute function for fault

locating. By default, packets TLV size is 64,
search an available source MEP by automation.
CFM needs to find destination MEP MAC address
to execute Traceroute operation if perform layer-2
Traceroute operation by assigning destination
mep-id. After source MEP discovers remote MEP
and becomes stable, it saves data information of
remote MEP in remote MEP database, and then
remote MEP MAC address can be found from
remote MEP database according to mep-id.
Note:
Make s ure gl obal C FM f unction e nable be fore executing t his c ommand, ot herwise t he
command will be executed unsuccessfully;
If there is no MEP configured in service instance, Traceroute unsuccessfully because of fail to
find source MEP;
If the assigned source MEP is invalid, Traceroute will fail. For example, assigned source
MEP is not existing or CFM of the source MEP interface is disabled;
If a ssigning de stination MEPID to pe rform Traceroute operation, Traceroute unsuccessfully
when fail to find destination MEP MAC address according to MEPID;
If C C f unction i s not e ffective, configure static re mote ME P a nd a ssigne M AC a ddress t o
ensure layer-2 traceroute operating successfully;
Operation will f ail if other users a re using the a ssigned source MEP to perform Traceroute
operation.
240
www.raisecom.com
10.3.8
User Manual
Configure AIS function

Please configure CFM AID for the device as below.
Configure server layer devices as below:
Step
Configuration
Description
Raisecom#config
level level
Enter service instance configuration mode..
ais enable
Enable AIS sending function. By deault, system doesnt

enable LCK function. The command of service ais
disable can disable it.
ais period { 1 | 60 }
Configure AIS sending period. By default, sending

period is 1 second.
ais level level
Configure AIS level being sent to client MD.
Configure client layer devices as below:
10.3.9
Step
Configuration
Description
Raisecom#config
Raisecom(config)#service cisid level level
suppress-alarms enable mep { all |
mep-list }
Enable alarm control function. By default,

this function is enabled. The command of
service suppress-alarms disable mep
mep-list can disable it.
Configure Ethernet signal lockout function

Please configure CFM Ethernet lock function for the device as below.
Configure server layer devices as below:
Step
Configuration
Description
Raisecom#config
level level
lck start mep { all | mep-list }
Enable LCK packets sending function. By

deault, system doesnt enable LCK
function. The command of service lck stop
mep mep-list can disable it.
lck period { 1 | 60 }
Configure LCK packets sending period. By

default, sending period is 1 second.
lck level level
Configure LCK level sent to client MD.
241
www.raisecom.com
User Manual
Configure client layer devices as below:

Step
Configuration
Description
Raisecom#config
level level
suppress-alarms enable mep
{ all | mep-list }
Enable alarm control function. By default, this

function is enabled. The command of service
suppress-alarms disable mep mep-list can
disable it.

Step
Configuration
Description
Raisecom#show ethernet cfm
Show CFM global configuration.
Raisecom#show ethernet cfm domain [ level level ]
Show MD and service instance

configuration.
Raisecom#show ethernet cfm errors [ level level ]
Shoe error CCM database

information.
Raisecom#show ethernet cfm lck [ level level ]
Show Ethernet lockout signal.
Raisecom#show ethernet cfm local-mp [ interface

port port-id | level level ]
Show local MEP configuration.
Raisecom#show ethernet cfm remote-mep [ static

[ level level ] ]
Show static remote MEP

information.
Raisecom#show ethernet cfm remote-mep [ level

level [ service name [ mpid local-mep-id ] ] ]
Show remote MEP discovery

information.
Raisecom#show ethernet cfm suppress-alarms

[ level level ]
Show CCM alarm suppression

function configuration.
Raisecom#show ethernet cfm traceroute-cache
Show fault location database

traceroute information.
10.4
SLA
10.4.1
10.4.1.1
Carrier and customer sign SLA protocol to guarantee users can enjoy certain quality network service.
To perform SLA protocol effectively, carrier needs to deploy SLA feature test performance on device
and the test result is evidence to ensure users performance.
SLA feature chooses two testing node, configure SLA operation on one node and schedule executing
242
www.raisecom.com
User Manual
it to implement network performance test between the two nodes.

SLA f eature s tatistics t he s huttle pa ckets dr opping r ate, s huttle or one -way ( SD/DS) de lay, jitter,
variance of jitter, distribution of jitter, etc. data and notify data to upper layer monitor software (like
NMS), then analyze network performance and get users wanted data.
10.4.1.2
Preconditions
Finish the below task before configuring SLA:
Deploy CFM between the tested devices.
10.4.2
Default configuration of SLA

The default configuration of SLA is as below:
10.4.3
Function
Default value
SLA schedule information status
Disable
SLA layer-2 operation service level
0 level
SLA jitter operation detection time interval
1s
SLA jitter operation detection message number
10
SLA operation schedule life period
forever
SLA operation schedule test period
20s
Basic information of SLA

Please configure SLA for the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#sla oper-num y1731-echo

remote-mep mep-id level level svlan vlan-id
[ cvlan vlan-id ] [ cos cos-value ] [ dm ]
Configure SLA y1731-echo for

destination MEP.
Raisecom(config)#sla oper-num y1731-echo

remote-mac mac-address level level svlan
vlan-id [ cvlan vlan-id ] [ cos cos-value ] [ dm ]
Configure SLA y1731-echo for

destination MAC.
Raisecom(config)#sla oper-num y1731-jitter

remote-mep mep-id level level svlan vlan-id
[ cvlan vlan-id ] [ cos cos-value ] [ interval
period ] [ packets packets-num ] [ dm ]
Configure SLA y1731-jitter for

destination MEP.
243
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#sla oper-num y1731-jitter

remote-mac mac-address level level svlan
vlan-id [ cvlan vlan-id ] [ cos cos-value ]
[ interval period ] [ packets packets-num ] [ dm ]
Configure SLA y1731-jitter for

destination MAC.
Raisecom(config)#sla oper-num icmp-echo

dest-ipaddr ip-address [ dscp dscp-value ]
Configure basic information for

SLA icmp-echo.
Raisecom(config)#sla oper-num icmp-jitter

dest-ipaddr ip-address [ dscp dscp-value ]
[ interval period ] [ packets packets-num ]
Configure basic information for

SLA icmp-jitter.
Raisecom(config)#sla y1731-echo quick-input

[ level level ] [ svlan vlan-id ] [ dm ]
Create y1731-echo quickly.
Raisecom(config)#sla y1731-jitter quick-input

[ level level] [ svlan vlan-id ] [ dm ]
Create y1731-jitter quickly.
Note:
After c onfiguring basic information for on e o peration ( differed by ope ration I D), i t i s no t
allowed to modify or configure again. That is to say, delete the operation at first if user wants
to configure it again.
SLA supports a t m ost 100 operations s chedule a t one time up t o 100 pi eces, b ut w ait a
schedule to finish (reach schedule life time or stop schedule) before schedule again or modify
schedule information.
10.4.4
Configure SLA schedule information and enable schedule

Please configure SLA for the device as below.
10.4.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#sla schedule
oper-num [ life { forever |
life-time } ] [ period period ]
Configure SLA schedule information,

enable SLA operation schedule. By
default, disable schedule.
Check configuration
No.
Item
Description
Raisecom#show sla { all |

oper-num } configuration
Show SLA configuration.

oper-num } result
Show the latest operation test information.

oper-num } statistic
Show operation schedule statistics. One

operation (differed by operation ID) possesses
5 groups of statistics at most, if over 5, the
oldest statistics (from the schedule starting
time) will get aged if over 5 groups.
244
www.raisecom.com
User Manual
10.5
E-LMI
10.5.1
10.5.1.1
By E -LMI, PE can s end t he m apping i nformation from VLAN to EVC to CE and achieve t he
automatic configuration function of CE d evice. This not onl y reduces the work of t he business
establishment, but also the coordination work between service providers and enterprise users. As a
result, enterprise users neednt to know the configuration of CE devices; service provider will take
the integrateconfiguration and management which reduces the risk of human errors.
Cooperating w ith O AM pr otocol ( such a s C FM pr otocol), E -LMI can give f eedback of the EV C
status inf ormation in service pr ovider ne twork t o C E de vice timely. Once the E VC f ails, PE will
notify the CE device to access side route for switching.
10.5.1.2
Preconditions
Finish the following tasks before configuring E-LMI:
Connect interface and configure the interface physical pa rameters, make the physical l ayer
status of interface Up;
Configure the physical layrer interface between PE and CE for Trunk mode.
Configure CFM between PE devices.
10.5.2
Default configuration of E-LMI

The default configuration of E-LMI is as below:
Function
Default value
Global E-LMI function status
Enable
Interface E-LMI function status
Disable
Working mode of the device
pe
Trap switch status
Close
EVCmessage notification mode
asyn
Value of T391 timer
10s
Value of T392 timer
15s
T392 timer function status
Enable
Value of N391counter
360
Value of N393counter
245
www.raisecom.com
10.5.3
User Manual
Configure E-LMI function for PE device

Please configure E-LMI function for PE device as below:
Enable E-LMI function
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet lmi
enable
Globally enable E-LMIfunction. The command of

ethernet lmi disable can disable this function.
Raisecom(config)#ethernet lmi
trap { enable | disable }
(Optional) Configure Trap switch.
Raisecom(config)#ethernet lmi pe
Configure the device as PE.
port-id
lmi enable
(Optional) Enable E-LMI function on interface.

The command of ethernet lmi disable can disable
this function.
lmi t392 enable
(Optional) Enable E-LMI T392 timer function on

interface. The command of ethernet lmi t392
lmi t392 value
(Optional) Configure the value for T392 timer.
lmi n393 value
Note: The value of T392 timer must be greater than

the value for T391 timer of the corresping CE
device.
(Optional) Configure the value of N393 counter for
PE device.
Configure EVC
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet lmi evc

evc-number evc-name
Create EVC and enter EVC configuration mode.
Raisecom(config-evc)#oam-protoco
l cfm svlan vlan-id level level
Bind EVC and CFM.

The binding CFM service instance must be existed
and MEP is Up.
246
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config-evc)#uni count
number
Configure the UNI number bound by EVC.

The UNI bound by EVC contains local UNI and
remote UNI. If the UNI number is 2, the attribute of
EVC is point-to-point; if the number is more than 2,
EVC will be point-to-multiple.
Note: the configured UNI number must be consistent
to MEP number bound by CFM.
If number of UNI is greater than MEP, the UNI status
is still partially active, even all UNI are Up. If
number of UNI is less than MEP, the UNI status may
shows as active while part of UNI are Down.
Configure UNI
Step
Configuration
Description
Raisecom#config
port-id
Raisecom(config-port)#ethernet lmi
uni uni-id
Create UNI. It only can create one UNI for each

interface and uni-id should be unique globally.
uni { bundling | all-to-one-bundling |
service-multiplexing }
Configure binding type for UNI.

Bundling: UNI can bind one or more EVC and one or
more CE-VLAN can be mapped to one EVC;
all-to-one-bundling: UNI only can bind one EVC and
all CE-VLAN can be mapped to this EVC
service-multiplexing: UNI can bind one or more
EVC, but each EVC only has one CE-VLAN mapping.
evc evc-number
Bind UNI and EVC.
ce-vlan map { vlan-list | untagged |
all } evc evc-number
Configure the mapping relation between EVC and

CE-VLAN.
If the mapping type of UNI is all-to-one-bundling,
then all CE-VLAN are mapped to the bound EVC by
default, and at this time, not configure the command.
247
www.raisecom.com
User Manual
Step
Configuration
Description
default-evc evc-number
(Optional) Configure some EVC as default EVC. All

other unspecified CE-VLAN will be mapped to default
EVC. For example: After configuring the command of
ethernet lmi ce-vlan-map 100-4094 evc evc1, VLAN
100VLAN 4094 is mapped to evc1, then configure
evc2 as default EVC, the remained VLAN 1VLAN
99 and Untagged VLAN will be mapped to evc2.
If this command is configured in advance, the system
will map all VLAN to default EVC, then the command
of ethernet lmi ce-vlan-map {vlan-list | untagged |
all} evc evc-number will not be configured.
Note: This command can be configured only when the
binding type of UNI is bundling.
evc-notify { asyn | full }
(Optional) Configure EVC message notification mode

for PE device.
When EVC notification mode is asyn, PE will send
message to CE immediately with the change of EVC to
make CE device take EVC update.
When EVC notification mode is full, PE will not send
message to CE immediately with the change of EVC,
but wait until receiving the efficient Full Status
Enquiry message from CE device, it will respond the
Full or Full Continuous message.
10.5.4
Configure E-LMI function for CE device

Please configure E-LMI function for CE device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet lmi enable
Globally enable E-LMIfunction. The command of

ethernet lmi disable can disable this function.
Raisecom(config)#ethernet lmi ce
Configure the device as CE.

Note: The system will give a tip to clear the
existing E-LMI configuration when configuring
role switching for the device.
Raisecom(config-port)#ethernet lmi enable
(Optional) Enable E-LMI function on interface.

The command of ethernet lmi disable can disable
this function.
Raisecom(config-port)#ethernet lmi t391 value
(Optional) Configure the value for T391 timer.
Raisecom(config-port)#ethernet lmi n391 value
(Optional) Configure the value for N391 counter.
Raisecom(config-port)#ethernet lmi n393 value
(Optional) Configure the value for N393 counter

of CE device.
248
www.raisecom.com
10.5.5
User Manual
Check configuration
10.6
No.
Item
Description
Raisecom#show ethernet lmi config

port-list { all | port-list }
Show E-LMI configuration of interface.
Raisecom#show ethernet lmi statistics

Show E-LMI statistics of interface.
Raisecom#show ethernet lmi uni port-list

{ all | port-list }
Show UNI configuration.
Raisecom#show ethernet lmi evc

evc-number
Show EVC status.
Raisecom#show ethernet lmi evc map

Show the mapping information between

EVC and CE-VLAN.
Raisecom#show ethernet lmi evc map oam
Show OAM protocol information

mapped by EVC.
Maintenance
User can maintain OAM features by the below commands.
Command
Description
Raisecom(config-port)#clear oam statistics
Clear EFM OAM interface link statistics.
Raisecom(config)#clear ethernet cfm errors

[ level level ]
Clear CCM error database information.
Raisecom(config)#clear ethernet cfm

remote-mep [ level level ]
Clear remote MEP.
Raisecom(config)#clear ethernet cfm

traceroute-cache
Clear traceroute cache database.
Raisecom(config)#clear ethernet lmi

statistics port-list { all | port-list }
Clear interface E-LMI statistics.
10.7
10.7.1
Application of EFM
10.7.1.1
As the Figure 10-5 s hows be low, de ploy E FM f eature on de vice t o i mprove E thernet l ink
management and maintenance capa bility be tween Switch A and Switch B. Switch A is active end,
Switch B is passive end. Deploy OAM event trap function on Switch A.
249
www.raisecom.com
User Manual
Figure 10-5 Networking Sketch Map of EFM Application
10.7.1.2
Configuration steps
Configure active end Switch A.
Raisecom#hostname Switch A
SwitchA#config
SwitchA(config-port)#oam active
SwitchA(config-port)#oam enable
SwitchA(config-port)#oam event trap enable
SwitchA(config-port)#oam peer event trap enable
Configure passive end Switch B.

Raisecom#hostname Switch B
SwitchB#config
SwitchB(config-port)#oam enable
10.7.1.3
Show result
Show EFM configuration on Switch A by the command of show oam.
SwitchA#show oam port-list 1
Port:port1
Mode:Active
Administrate state:
Operation state:
Enable
Disable
Max OAMPDU size:
1518
Send period:
1000 ms
Link timeout :
5s
Config revision:
Supported functions:
Loopback, Event, Variable
Show OAM event larm configuration on Switch A by the command of show oam trap.
SwitchA#show oam trap port-list 1
Port:
port1
Event trap:
Enable
Peer event trap:
Enable
Discovery trap total:
Discovery trap timestamp:
0 days, 0 hours, 0 minutes
Lost trap total:
0
250
www.raisecom.com
User Manual
Lost trap timestamp:
10.7.2
10.7.2.1
0 days, 0 hours, 0 minutes
Application of CFM
As t he Figure 10-6 shows b elow, users communicate w ith server through t he ne twork bui ldup by
Switch A, Switch B a nd Switch C. To make E thernet l ink between server and user ge t
telecommunication service l evel, user can deploy C FM f eature on Switch device t o realize act ive
fault detection, acknowledgement and location. Switch A and Switch C are MEP, Switch B is M IP,
detecting Ethernet fault from Switch A Port 1 to Switch C Port 2, maintenance domain level is 3.
Figure 10-6 Networking Sketch Map of CFM Application
10.7.2.2
Configuration steps
Configure interface adding into VLAN.
Configure Switch A.
SwitchA#config
SwitchA(config)#create vlan 100 active
Configure Switch B.
SwitchB#config
251
www.raisecom.com
User Manual
Configure Switch C.
SwitchC#config
SwitchC(config)#create vlan 100 active
SwitchC(config-port)#switch access vlan 100
Configure CFM fault detection function.

Configure Switch A.
SwitchA(config)#ethernet cfm domain level 3
SwitchA(config-service)#service mep up mpid 301 port 1
SwitchA(config-service)#service cc enable mep all
Configure Switch B.
SwitchB(config)#ethernet cfm domain level 3
Configure Switch C.
SwitchC(config)#ethernet cfm domain level 3
SwitchC(config)#service ma1 level 3
SwitchC(config-service)#service vlan-list 100
SwitchC(config-service)#service mep up mpid 302 port 2
SwitchC(config-service)#service remote mep 301
SwitchC(config-service)#service cc enable mep all
SwitchC(config-service)#exit
252
www.raisecom.com
User Manual
SwitchC(config)#ethernet cfm enable
Execute CFM fault acknowledgement.

Take Switch A for example.
Switch(config)#service ma1 level 3
Switch(config-service)#ping mep 302 source 301
Sending 5 ethernet cfm loopback messages to 000e.5e03.688d, timeout is 2.5 seconds:
!!!!!
Success rate is 100 percent (5/5).
Ping statistics from 000e.5e03.688d:
Received loopback replys< 5/0/0 > (Total/Out of order/Error)
Ping successfully.
Execute CFM fault location.

Take Switch A for example.
SwitchA(config-service)#traceroute mep 302 source 301
TTL: <64>
Tracing the route to 000E.5E00.0002 on level 3, service ma1.
Traceroute send via port1.
---------------------------------------------------------------------------------Hops HostMac
Ingress/EgressPort
IsForwarded
RelayAction
NextHop
----------------------------------------------------------------------------------
10.7.2.3
000E.5E00.0003
2/1
Yes
rlyFdb
000E.5E00.0003
000E.5E00.0003
1/2
Yes
rlyFdb
000E.5E00.0001
!3
000E.5E00.0001
1/-
No
rlyHit
000E.5E00.0002
Show result
Show CFM configuration on Switch by the command of show ethernet cfm.
SwitchA#show ethernet cfm
Global CFM Admin Status: enable
Port CFM Enabled Portlist: P:1-28
PC:1-3
Archive hold time of error CCMs: 100(Min)

Remote mep aging time: 100(Min)
Device mode: Slave
253
www.raisecom.com
10.7.3
10.7.3.1
User Manual
Application of SLA
As the Figure 10-7 shows b elow, users com municate with server through t he ne twork bui ldup by
Switch A, Switch B and Switch C, deploying CFM on Switch to make Ethernet link between server
and user get telecommunication service level. C arrier deploys SLA feature on Switch A and
schedules execution periodically, then it is able to detect network performance between Switch A and
Switch C.
Switch A performs layer-2 delay test to Switch C. Configure y1731-echo on Switch A, operation ID
is 2, remote MEP is 2, MD level is 3, VLAN-ID is 100, service level is 0. Schedule life period is 20
seconds, testing period is 10 seconds.
Figure 10-7 Networking Sketch Map of SLA Application
10.7.3.2
Configuration steps
Configure CFM on Switch device.
Refer to Configure CFM Application for details.
Configure y1731-echo on Switch A and enable the operation schedule.
SwitchA#config
SwitchA(config)#sla 2 y1731-echo remote-mep 302 level 3 svlan 100 cos 0
SwitchA(config)#sla schedule 2 life 20 period 10
10.7.3.3
Show result
Show SLA configuration on Switch A by the command of show sla configuration.
Raisecom(config)#show sla 2 configuration
-----------------------------------------------------------------------Operation <2>:
Type:
Y1731-ECHO
Frame type:
Schedule Starttime:
Loopback
0
days, 00:00:00
-----------------------------------------------------------------------254
www.raisecom.com
User Manual
Cos:
Service Vlan ID:
100
Customer Vlan ID:
MD Level:
Remote MEP ID:
302
Timeout(sec):
10.7.4
10.7.4.1
Schedule Life(sec):
20
Schedule Period(sec):
10
Schedule Status:
Completed!
Configure E-LMI application

As the Figure 10-8 shows below, users edge de vices CE A an d CE B acces s service provider
network and interconnect through PE A and PE B separately. Deploy CFM feature on PE device to
make t he E thernet l ink between PE ge t t elecommunication service levels and realize act ive f ault
detection. Deploy E-LMI between PE and CE to reduce the service provider and user coordination
working a nd r ealize t he a utomatic c onfiguration of CE, a nd a t t he s ame t ime m onitor E VC s tatus
through CFM. The MD level of CFM is 3, and SVLAN is 100.
Figure 10-8 E-LMI application networking
10.7.4.2
Configuration steps
Configure PE device interface adding VLAN.
Configure PE A.
Raisecom#hostname PEA
PEA#config
PEA(config)#create vlan 100 active
PEA(config)#interface port 1
PEA(config-port)#switchport mode trunk
PEA(config-port)#exit
PEA(config-port)#switchport mode trunk
Configure PE B.
Raisecom#hostname PEB
PEB#config
PEB(config)#create vlan 100 active
255
www.raisecom.com
User Manual
PEB(config)#interface port 1
PEB(config-port)#switchport mode trunk
PEB(config-port)#exit
PEB(config-port)#switchport mode trunk
Configure CFM fault detection function.

Configure PE A.
PEA(config)#ethernet cfm domain level 3
PEA(config)#service ma1 level 3
PEA(config-service)#service vlan-list 100
PEA(config-service)#service mep up mpid 301 port 1
PEA(config-service)#service remote-mep 302
PEA(config-service)#service cc enable mep all
PEA(config-service)#exit
PEA(config)#ethernet cfm enable
Configure PE B.
PEB(config)#ethernet cfm domain level 3
PEB(config)#service ma1 level 3
PEB(config-service)#service vlan-list 100
PEB(config-service)#service mep up mpid 302 port 2
PEB(config-service)#service remote-mep 301
PEB(config-service)#service cc enable mep all
PEB(config-service)#exit
PEB(config)#ethernet cfm enable
Configure E-LMI function of PE device.

Configure PE A.
PEA(config)#ethernet lmi enable
PEA(config)#ethernet lmi pe
PEA(config)#ethernet lmi evc 1 evc1
PEA(config-evc)#oam-protocol cfm svlan 100 level 3
PEA(config-evc)#exit
PEA(config-port)#ethernet lmi uni uni1
PEA(config-port)#ethernet lmi uni bundling
PEA(config-port)#ethernet lmi evc 1
PEA(config-port)#ethernet lmi ce-vlan map 100 evc 1
Configure PE B.
PEB(config)#ethernet lmi enable
256
www.raisecom.com
User Manual
PEB(config)#ethernet lmi pe
PEB(config)#ethernet lmi evc 1 evc1
PEB(config-evc)#oam-protocol cfm svlan 100 level 3
PEB(config-evc)#exit
PEB(config-port)#ethernet lmi uni uni1
PEB(config-port)#ethernet lmi uni bundling
PEB(config-port)#ethernet lmi evc 1
PEB(config-port)#ethernet lmi ce-vlan map 100 evc 1
Execute E-LMI function on CE device.

Configure CE A.
Raisecom#hostname CEA
CEA#config
CEA(config)#ethernet lmi enable
CEA(config)#ethernet lmi ce
Configure CE B.
Raisecom#hostname CEB
CEB#config
CEB(config)#ethernet lmi enable
CEB(config)#ethernet lmi ce
10.7.4.3
Show result
Check whether E-LMI configuration is correct on PE device by the command of show ethernet lmi
config port-list port-list.
Take PE A as example.
PEA#show ethernet lmi config port-list 1
E-LMI Global Enable Status:
Enable
TrapEnable:
(default is disabled)
Enable
Mode:
(default is enabled)
PE
(default is PE)
------------------------------------------------------------------------E-LMI Interface client1 configuration:

E-LMI Interface Enable status: Enable
Max EVC number:
64
N393:
Notify Type:
T392 Enable Status:
T392:
4
Aysn
Enable
15s
(default is 4)
(default is Aysn)
(default is 15s)
Check whether the VLAN configuration is learnt correctly on CE device by the command of show
257
www.raisecom.com
User Manual
vlan.
Take CE A as example.
CEA#show vlan
Switch Mode: -VLAN
Name
State
--------------------------------------------------------------1
100
Default
VLAN0100
active static -active static --
1-6
3
258
www.raisecom.com
User Manual
Chapter 11 System Management
This c hapter i ntroduces basic pr inciple a nd c onfiguration of s ystem management a nd pr ovides

related configuration applications.
Overview
SNMP
KeepAlive
RMON
Cluster management
LLDP
Expanded OAM
SFP digital diagnostics
System LOG
Alarm management
Hardware environment detection
Fan monitor
CPU monitor
Check device information
Ping
Traceroute
Maintenance
11.1
Overview
11.1.1
SNMP
SNMP ( Simple N etwork Management P rotocol) i s a dvanced by IETF (Internet E ngineering Task
Force) f or s olving m anagement pr oblem of ne twork de vices i n I nternet. S NMP l ets r emote
management for network devices supporting this protocol through one NMS (Network Management
System) possible, including monitor network status, modify network device configuration, receiving
network event alarm, etc. It is the widest applied network management protocol in TCP/IP network.
11.1.1.1 Working system

SNMP is separated into two parts: Agent and NMS. The Agent and NMS communicate b y SNMP
packets being sent through UDP. The working system of SNMP is shown in the Figure 11-1:
259
www.raisecom.com
User Manual
Figure 11-1 SNMP working system networking

Raisecom NView NNM system can provide friendly H MI ( Human Machine Interface) to facilitate
network management. The below functions can be realized through it:
Send request packets to the managed device.
Receive reply packets and Trap packets from the managed device, and show result.
Agent is a program stays in the managed device, realizing the below functions:
Receive/reply request packets from NView NNM system
To read/write packets and generate replay packets according to the packets type, then return
the result to NView NNM system
Define t rigger c ondition a ccording t o pr otocol m odules, e nter/exit s ystem or r eboot de vice
when c onditions a re s atisfied; r eplying module s ends Trap pa ckets t o N View NNM system
via agent to report current status of device.
Note: Agent can configure several versions, and different version communicates with different NMS.
But SNMP version of NMS must be consistent with agent when they are communicating so that they
can intercommunicate.
11.1.1.2 Protocol version

Now SNMP has three versions: v1, v2c and v3.
SNMP v 1 uses a uthentication s ystem of C ommunity Name. C ommunity na me i s us ed t o
define r elationship between S NMP NMS an d Agent, performing as a pa ssword to restrict
NMS accesses SNMP agent. The packets will be discarded if the community name taken by
SNMP packets failed to pass device authentication.
SNMP v2c also uses authentication system of Community Name. It expands functions of
SNMP v1 besides compatibility: supporting more operation types, data type and error codes,
able to differenciate errors more detailed.
SNMP v 3 uses a uthentication s ystem of USM (User-Based Security M odel). User can s et
functions of authentication and encryption for it. The function combination of authentication
and encryption can provide a higher security to the communication between NMS and Agent.
Authentication is used to authenticate legacy of packets transmitting end, prevent illegal users
from accessing; encryption is to encrypt the transmission packets between NMS and Agent,
to avoid wiretapping.
ISCOM2924GF device is in support of all of the three SNMP versions simutaneously.
11.1.1.3 MIB
MIB ( Management Information B ase) i s t he c ollection of a ll obj ects managed by N MS. It de fines
attributes for the managed objects:
260
www.raisecom.com
User Manual
Name
Access right
Data type
The device-related statistic contents can be reached by accessing data items. Each proxy has its own
MIB. MIB can be taken as an interface between NMS and Agent, through which NMS can
read/write every managed object in Agent to manage and monitor the device.
MIB store information in a tree structure, its root is on the top, without name. Nodes of the tree are
the managed obj ects, which take a u niquely pa th s tarting f rom r oot ( OID) f or i dentication. S NMP
protocol packets can access network devices by checking the nodes in MIB tree directory.
ISCOM2924GF is in support of standard MIB and Raisecom customized MIB.
11.1.2
KeepAlive
KeepAlive packet is a ki nd of keepAlive mechanism running i n HDLC ( High-Level D ata Link
Control) l ink l ayer pr otocol. The de vice w ill s end a KeepAlive pa cket to c onfirm w hether the
opposite side is online every several seconds so as to realize neighbor detection mechanism.
Trap is the unrequested information sent by the device actively to NMS, used to report some urgent
and important events.
Switch s ends K eepAlive Trap pockers act ively which includes the basic inf ormation of s witch
(device name, device OID, MAC address and IP address). Network management synchronizes device
information by IP t o m ake t he NMS di scover ne twork s egment i n a s hour t ime, i mprove w orking
efficiency and reduce working load of administrators.
11.1.3
RMON
RMON ( Remote Network Monitoring) is a standard stipulated by IETF (Internet Engineering Task
Force) for network data monitoring through different network Agent and NMS.
RMON is achieved based on SNMP architecture, including the network management center and the
Agent running on network devices. On the foundation of SNMP, increase the subnet traffic, statistics,
and analysis to achieve the monitoring to one network segment and the whole network, while SNMP
only c an monitor t he partial inf ormation of a s ingle de vice and it is difficult for i t t o monitor one
network segment.
RMON Ag ent is c ommonly r eferred t o a s the pr obe pr ogram; R MON Probe can take the
communication s ubnet s tatistics a nd pe rformance a nalysis. W henever it finds network f ailure,
RMON Probe can report network management center, and describes the capture information under
unusual ci rcumstances so t hat the ne twork management cent er doesnt ne ed t o pol l the de vice
constantly. Compared with SNMP, RMON can monitor remote de vices more act ively and more
effectively, ne twork a dministrators c an t rack t he ne twork, network segment or de vice m alfunction
more quickly. T his a pproach r educes t he data traffics be tween network m anagement cent er and
Agent, makes it pos sible to manage l arge ne tworks simply and pow erfully, and m akes up the
limitations of SNMP in growing distributed Internet.
RMON Probe data collection methods:
Distributed RMON. N etwork management center obtains ne twork management information
and controls network resources directly from RMON Probe through dedicated RMON Probe
collection data.
261
www.raisecom.com
User Manual
Embedded RMON. Embed RMON Agent directly to network devices (such as switches) to
make the m w ith RMON Probe f unction. N etwork m anagement c enter will collect network
management i nformation through the basic operation of SNMP and the exchange data
information of RMON Agent.
Our d evices a re e mbedded RMON. S hown i n F igure 1 1-2, t he de vice i mplements R MON Agent
function. Through this function, the management station can obtain the overall traffic, error statistics
and performance statistics information of this network segment connected to the managed network
device interface so as to achieve the monitoring to one segment.
Figure 11-2 RMON application networking

RMON MIB can be divided into nine groups according to function. Currently, there are four function
groups achieved: statistics group, history group, alarm group, and event group.
Statistics group, responsible f or c ollecting statistics on an interface, including the r eceived packet
count and size distribution statistics;
History gr oup, s imilar t o t he s tatistics gr oup, but i t c ollects statistics information i n a de signated
testing period;
Alarm gr oup, w ithin t he s pecified t ime i nterval, monitor a s pecific m anagement i nformation base
(MIB) objects, and set the rising threshold and falling threshold; if the monitored object reaches the
threshold, an event is triggered;
Event group, coordinating with the alarm group, when the alarm triggers an event, it will be used to
record the c orresponding e vent information, s uch a s s end Trap i nformation, w rite into t he l og a nd
etc.
11.1.4
Cluster management
Cluster management protocol is used to manage a set of switch e quipment to provide users a ne w
management method.
Users can set up a cl uster by master s witch so as to achieve the centralized management and
configuration to multiple devices added to the cluster. The main switch is called command device,
the other managed switches are member devices. Command device has a public IP address, while the
member devices do not set the IP address; the management and maintenance of member devices are
often achieved by command device redirection.
The c luster m anagement c an r educe t he w orkload of e ngineering a nd m aintenance, and also save
public IP address resources. Administrators only need to configure public IP address on one device to
achieve the management and maintenance of all cluster equipment without logging into each device
for configuration.
The benefits of c luster management are beyond doubt. H owever, when using cluster management,
different manufacturers ha ve di fferent i mplementations on t he c luster pr ogram, g enerally us ing
262
www.raisecom.com
User Manual
proprietary pr otocols, c luster, w hich shows t hat the c luster m anagement t echnology ha s i ts
limitations
11.1.4.1
Cluster role
According to the different position and function of switches, the cluster has different roles. User can
configure to specify the role of switch. The cluster role can be command device, member device and
candidate device.
Command device (Commander): also known as management device, used to assign public IP
address t o provide m anagement i nterface f or al l s witch in the c luster. C ommand de vice
manages m ember de vice by command redirection: n etwork m anagement s ystem s ends
commands t o t he c ommand de vice for pr ocessing via t he publ ic ne twork. The c ommand
device will f orward c ommands t o m ember de vice i f i t f inds t he c ommands s hould b e
executed on member device. Command device can discover neighbor information, collect the
entire network topology, manage cluster, maintain cluster state, and support a variety of agent
functions.
Member device (Member): members in cluster, generally do not configure public IP address.
User manages member devices by commands redirection via the command device. Member
device can discover neighbor information, accept command device management, equipment,
execute t he c ommands from command device, and report fault/log. M ember device can b e
managed through network management system or Telnet mode directly on c ommand device
after activating.
Candidate device (Candidate): ha s not joi ned any c lusters but s till ha s c luster a bility to
become a cl uster m ember s witch. The di fference from member de vice i s the t opology
information of candidate device has already collected by command device but not yet joined
the c luster. When adding a candidate device to the cluster, the de vice will be come member
device; w hen r emoving a member device from the cluster, t he device will recover to
candidate device again.
Figure 11-3 Sketch map of cluster management

As s hown i n Figure 1 1-3, the s witch c onfigured I P a ddress i s c ommand de vice, while the de vice
managed by command device redirection is member de vice. T he command device and member
263
www.raisecom.com
User Manual
device can form a cluster. The device not joined cluster but still had cluster ability is candidate
device.
11.1.4.2
Working principle of cluster

Cluster management mainly contains three protocols:
RNDP (Raisecom Neighbor Discover Protocol) is responsible for the neighbor discovery and
information gathering of devices.
RTDP (Raisecom Topology Discover Protocol) is responsible for the entire network topology
information collection and processing.
RCMP ( Raisecom C luster M anagement P rotocol) m ainly configures t o add, activate, and
delete cluster members.
RTDP and RCMP protocols take communication in the cluster V LAN. S o, if there are devices not
supporting RAISECOM cl uster m anagement function between the t wo devices f or cl uster
management, you ne ed t o c onfigure t he c luster VLAN to e nsure t he nor mal c ommunication of
RCMP and RTDP protocols.
Each cluster must specify a com mand device. After command device is specified, command device
can di scover and determine candidate de vice through neighbor discovery and topology gathering
protocol. Users can add candidate device to the cluster by corresponding configuration.
Candidate de vice will become m ember device af ter addi ng to cluster. If you w ant to m anage t he
device through cluster management function, you must activate the switch, or configure auto-active
function on switch.
11.1.5
LLDP
As the growing of network scale and the i ncreasing of network devices, ne twork t opology is
becoming m ore c omplex a nd network m anagement is become pa rticularly i mportant. T o t rack
changes i n network t opology information, m any ne twork management s oftware has a dopted the
"automatic di scovery" f unction, but m ost ne twork m anagement s oftware only can analyze t he
network layer topology without determining by which i nterface other devices connected t o other
devices.
LLDP ( Link Layer D iscovery P rotocol) is a link la yer di scovery pr otocol de fined by t he I EEE
802.1AB. Network m anagement s ystem c an m aster l ayer-2 network t opology a nd t he c hanges
quickly by the protocol.
LLDP or ganizes the l ocal device i nformation to di fferent T LV ( Type Length V alue uni t), a nd
encapsulates t hem in LLDPDU ( Link Layer D iscovery P rotocol Data U nit) to s end to directconnected neighbors. Meanwhile, LLDP will save the information from neighbors with the standard
MIB ( Management Information Base) f or m anagement s ystem to inquiry and judge links
communication status.
11.1.5.1
Basic concept
LLDP messages: Ethernet messages encapsulated LLDPDU in data unit.
LLDPDU: da ta uni t of LLDP message. Before the c omposition of L LDPDU, the de vice w ill
264
www.raisecom.com
User Manual
encapsulate local information to TLV, and a number of TLV will combine into one LLDPDU, which
encapsulated in the Ethernet data part will be transmitted.
Shown in Figure 11-4, LLDPDU is formed by a number of TLV, which contains four mandatory TLV
and a number of optional TLV.
Figure 11-4 LLDPDU structure chart

TLV: uni t c ombining LLDPDU, which r efers t o t he unit de scribing t he object type, l ength a nd
information.
TLV st ructure is shown i n F igure 1 1-5: each TLV r epresents a piece of local i nformation. For
example, t he device ID and interface ID are corresponded to Chassis ID TLV and Por t ID TLV
separately.
Figure 11-5 Basic TLV structure chart

TLV types are shown in Table 11-1, currently, it only uses the type of 0~8.
Table 11-1 TLV types:
11.1.5.2
TLV type
Description
Compulsory or not
End Of LLDPDU: means LLDP messages end.
Compulsory
Chassis Id: MAC address of sending device.
Compulsory
Port Id: sending side interface of LLDP messages
Compulsory
Time To Live: aging time of local device

information on neighbour device.
Compulsory
Port Description: description of Ethernet interface
Optional
System Name
Optional
System Description
Optional
System Capabilities: main function of system and

the used function
Optional
Management Address
Optional
Working principle of LLDP

LLDP i s a poi nt-to-point one -way di stribution protocol, which sends L LDP m essages periodically
265
www.raisecom.com
User Manual
from l ocal de vice t o oppo site de vice (or se nd LLDP messages w hen there i s cha nge in local
information) to notify the link state to opposite device.
The data traffic is as follows:
When sending, the de vice obtains system information r equired by the selected TLV, and
obtains configuration information from LLDP MIB, generates TLV, constitutes LLDPDU,
encapsulates to LLDP messages and sends them to opposite device.
After r eceiving LLDP messages, oppos ite de vice w ill a nalyze a ll the T LV information. If
there i s c hange, t he oppos ite de vice w ill upda te t he i nformation to LLDP neighbors M IB
table and inform NMS.
The aging time TTL (Time to live) of local device information in the neighbor node can be adjusted
by modifying t he pa rameter v alues of aging coefficient, s ends LLDP m essages t o ne ighbor node ,
after r eceiving LLDP messages, ne ighbor no de will adjust the a ging time of its neighbor n odes
(sending side) information. Aging time formula, TTL = Min {65535, (interval hold-multiplier)}:
Interval indicates the time period to send LLDP messages from neighbor node.
Hold-multiplier refers to the aging coefficient of device information in neighbor node.
11.1.6
Optical module digital diagnostics

Optical m odule digital d iagnostics function on de vice i s i n s upport of SFP ( Small Form-factor
Pluggables), and 10 GE SFP + diagnosis.
Optical m odule digital di agnostics function provides a performance m onitoring method. Network
administrator a nalyzes the monitor da ta provided b y SFP to predict the a ge of transceiver, isolates
system fault and authenticates modules compatibility during installation.
Optical module digital diagnostics function can monitor the following performance parameters:
Module temperature
Inner supply voltage
Transmitting offset current
Transmitting optical power
Receiving optical power
When the pe rformance parameters r each alarm t hreshold or s tatus i nformation changes, the
corresponding Trap alarm will be generated.
11.1.7
System Log
System Log means the device records system information and debug information, etc. in the form of
log and outputs them to assigned destination. When the device has fault, the system log will take it
easy for user to check and locate fault.
System information and some debug outputs of ISCOM2924GF will be sent to system log. System
log s ends the i nformation t o di fferent de stination a ccording t o us er c onfiguration. The system log
destinations are as below:
Console: output log information to local Console through Console interface
Log host: output log information to log host in log file format
Monitor: output log information to monitor, such as Telnet terminal
File: output log information to device Flash in log file format
Buffer: output log information to buffer
Format of system log:
266
www.raisecom.com
User Manual
timestamp
module-level- Message content
Content of system log:

FEB-22-2005 14:27:33
CONFIG-7-CONFIG:USER "raisecom" Run "logging on"
FEB-22-2005 06:46:20
CONFIG-6-LINK_D:port 2 Link Down
FEB-22-2005 06:45:56
CONFIG-6-LINK_U:port 2 Link UP
Log format output to log host:

timestamp
module-level- Message content
Log contents output to log host:

07-01-2008 11:31:28 Local0.Debug 20.0.0.6 JAN
CONFIG-7-CONFIG:USER " raisecom " Run " logging on "
01
10:22:15
ISCOM2924GF:
07-01-2008 11:27:41 Local0.Debug 20.0.0.6 JAN

01
10:18:30
CONFIG-7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 "
ISCOM2924GF:
The system log information can be divided into eight levels according to the order of severity, as the
Table 11-2 shows:
Information levels:
Severity level
Level
Description
emergencies
The system is unavailable
alerts
Need to process immediately
critical
criticalstatus
errors
Error status
warnings
Alarm status
notifications
Normal but very important status
informational
Notification event
debugging
Debug information
Note: The severity level of output information can be set manually. According to the severity level, it
only outputs low level or the same level configuration information with severity level. For example,
configure i nformation out put f or s pecified level 3 (or a ssign the severity l evel e rrors di rectly); t he
level is 0 to 3, i.e. the information with severity level of emergencies ~ errors can be output.
11.1.8
Alarm management
Alarm means when the device has fault or some working condition changes, the system will generate
alarm information according to different fault types and different alarm sources.
Alarm information is used to report some of the urgent and important event and notify them to the
network administrator promptly, which provides strong support for monitoring device operation and
fault diagnosis.
Alarm information is stored in the alarm buffer, and at the same time generated to log information. If
configuring network management system, the alarm information will be sent to network management
267
www.raisecom.com
User Manual
system through SNMP (Simple Network Management Protocol). The information sent to the network
management system is called Trap information.
11.1.8.1
Classification of alarm information

The alarm information can be divided into three types according to alarm natures:
Fault alarm: refers t o the alarm for so me hardware fault or some abnormal important
functions, such as interface status down alarm;
Recovery alarm: re fers to the al arm for de vice failure or a bnormal function r eturning to
normal, such as interface status up alarm;
Event alarm: refers to the alarm indicating the prompted fault and recovery unmatched, such
as Ping probe failure alarm.
The alarm information can be divided into five types according to alarm functions:
Communication alarm: refers t o the alarms r elated to the processing of i nformation
transmission, i ncluding the c ommunication f ault between ne twork e lements, network
elements and network management systems or NMS and NMS.
Service quality alarm: refers to the alarms caus ed by service qua lity de gradation, including
congestion, performance decline, high resource utilization rate, and the bandwidth reducing.
Processing error alarm: refers t o the al arms caused by software or pr ocessing errors,
including s oftware e rrors, m emory ov erflow, v ersion mismatching, and t he a bnormal
program aborts.
Environmental a larm: refers t o the al arms caus ed by equipment l ocation-related pr oblems,
including the environment temperature, humidity, ventilation and other abnormal working
conditions.
Device alarm: refers to the alarms caused by physical resource failure, including power, fan,
processor, clock, input / output interfaces and other hardware devices.
11.1.8.2
Output of alarm information

There are three alarm information output modes:
Alarm buffer: record in tabular form, including the current alarm table and history alarm
table.
Current alarm table, recording alarm information which doesnt be cleared or restored.
History alarm table, recording the cleared and auto-restored alarm information.
Log: alarm information is generated to system log when recorded in alarm buffer, and stored
in t he a larm l og buf fer. By de fault, a larm inf ormation will generate to system l og
automatically. User can suppress the generation of the system log manually.
Trap Information: alarm information sent to network management system when configuring
network management system.
Alarm will be broadcast a ccording t o t he v arious t erminals of t he de vice c onfiguration, i ncluding
command-line terminal and network management system.
Alarm information log output with the beginning of symbol "#", the output format is:
# Index TimeStamp HostName ModuleName / Severity / name: Arise From Description
The field description is shown in Table 11-3.

Table 11-3 Alarm information field description
Field
Description
Index
Alarm index
268
www.raisecom.com
11.1.8.3
User Manual
Field
Description
TimeStamp
Alarm time
HostName
Alarm host name
ModuleName
Alarm module name
Severity
Alarm severity level
name
Alarm name
Arise From Description
Alarm description
Level of alarm information

The alarm level is used to identify the severity degree of an alarm. The level is defined in Table 11-4.
Table 11-4 Alarm level definition
Level
Description
Corresponding Syslog
Critical (3)
This alarm has affected system services and requires

immediate troubleshooting. Restore the device or source
immediately if they are completely unavailable, even it
is not during working time.
1 (Alert)
Major (4)
This alarm has affected the service quality and requires

immediate troubleshooting. Restore the device or source
service quality if they decline; or take measures
immediately during working hours to restore all
performances.
Minor (5)
This alarm hasnt influenced the existing service yet,

which needs further observation and take measures at
appropriate time so as to avoid more serious fault.
3 (Error)
Warning (6)
This alarm will not affect the current service, but maybe
the potential error will affect the service, so it can be
considered as needing to take measures.
4 (Warning)
Indeterminate (2)
Uncertain alarm level, usually the event alarm.
5 (Notice)
Cleared (1)
This alarm shows to clear one or more reported alarms.
5 (Notice)
11.1.8.4
(Critical)
Alarm-related concepts
Introduction of alarm related concepts:
Alarm suppression
The device only records root-cause alarm, but not incidental alarm when enabling alarm suppression.
For example, the generation of alarm A will inevitably produce alarm B, then alarm B is suppressed
and doe snt appe ar i n alarm buffer and r ecord l og information when e nabling a larm s uppression.
Enabling alarm suppression can reduce the number of alarms effectively.
269
www.raisecom.com
User Manual
The root-cause alarm and all other incidental alarms will be recorded on device when disabling alarm
suppression.
Alarm Auto-reporting
Auto-reporting refers to the a larm w ill be r eported t o network m anagement s ystem automatically
with i ts ge neration a nd ne ednt initiate inqui ries or s ynchronization. User can set auto-reporting
function to a larms generated f rom s ome property module ( alarm source), s ome interface ( alarm
source), and the specified property module in the specified interface.
Note: Alarm S ource: refers t o the alarm entities ge nerated related alarms, such as i nterface, alarm
module (in support of alarm features) and so on.
Alarm monitoring
Alarm monitoring is used to deal with each module alarms:
The alarm module will receive alarms generated by each module when enabling alarm
monitoring function, and deal with them according to the configuration of alarm module,
such as record alarm in alarm buffer, and record system logs, etc;
The a larm m odule w ill di scard t he a larm ge nerated by t he m odule without follow-up
treatment when disabling alarm monitoring function and the alarms will not be recorded
on the device.
User can take alarm monitoring to some property module, some interface or the specified property
module in the specified interface.
Alarm reverse mode
Alarm reverse refers t o the de vice will r eport t he i nformation oppos ite t o a ctual s tatus w hen
recording alarm information, or report the a larm when there is no alarm inf ormation. Not r eport if
there is alarm information.
Currently, t he de vice is only in support of reverse mode configuration of the i nterface. There a re
three reverse modes to be set; the specific definitions are as follows:
No reverse mode
Device alarm is reported normally.
Manual reverse mode
Set the alarm reverse mode of an interface as manual reverse mode, then no matter what the current
alarm state is, the reported alarm state of the interface will be changed opposite to the actual alarm
state i mmediately, that is to say, not report when there are alarms, report when there arent alarms
actually. The interface will maintain the oppos ite alarm state regardless of the alarm state cha nges
before the alarm reverse state being restored to non-reverse mode.
Auto-reverse mode
Set the alarm re verse mode as aut o-reverse m ode. If t he i nterface hasnt actual r everse al arm
currently, the setting will return fail; if the interface has actual reverse alarm, the setting is success
and enter reverse m ode, i.e. t he i nterface r eported alarm s tatus is changed oppos ite t o t he actual
alarm s tatus immediately. After t he al arm is f inished, t he e nabling s tate of interface alarm reverse
will e nds automatically and cha nges to no n-reverse al arm mode so that t he al arm s tate can be
reported normally in next alarm.
Alarm delay
Alarm delay refers to the device will record alarms and report alarms to NMS after a delay time but
not immediately when alarms generate. Both recording delay time and reporting delay time are the
270
www.raisecom.com
User Manual
same.
By default, the device alarm is reported once generating (0s), which is instant reporting; clear alarm
once it ends (0s), which is instant clearing.
Alarm storage mode
Alarm storage mode refers t o how t o record new ge nerated alarms w hen the a larm buf fer i s f ull.
There are two ways:
Stop: stop mode, when the alarm buffer is full, new generated alarms will be discarded
without recording.
Loop: wrapping mode, when the alarm buffer is full, the new generated al arms will
replace old alarm information and take rolling records.
Use configured storage m ode t o deal with new generated alarm information w hen the al arm
information in device alarm table is full.
Alarm clear
Clear the current alarm, which i s delete the current alarm from current alarm table. T he cleared
alarms will enter history alarm table.
Check alarm
Administrators can check alarms directly on t he device, monitor alarm information. If the device is
configured network management system, they can monitor on the network management system.
11.1.9
Hardware environment monitoring

Hardware environment m onitoring mainly r efers t o m onitor t he r unning e nvironment of
ISCOM2924GF device. The monitoring alarm events include:
Power state alarm
Temperature beyond threshold alarm
Voltage beyond threshold alarms
Abnormal interface status alarm
There are s everal w ays to notify the us er when an al arm is generated. The alarm event out put
methods are as follows:
Record device hardware environmental monitoring alarm buffer;
Output Syslog system log;
Send Trap to network management center.
User can take appropriate measures to prevent failure when alarm events happen.
11.1.9.1
Alarm event
Power monitoring alarm
There are two power status alarms specifically:
Abnormal supply voltage alarm
The al arm ge nerates w hen the p ower v oltage is ov er or be low 20% of t he predetermined v oltage
value 12V , on the contrary, alarm will also generates when voltage restore the no rmal value. This
alarm event is in support of recording hardware monitoring alarm table, Trap and Syslog output.
Power state change alarm
271
www.raisecom.com
User Manual
Power state change refers to the power present changes to power absent, or power absent changes to
power present state. ISCOM2924GF device is in support of dual power supplies, so the power state
change alarm can be divides into one power state of two powers changes and device power-down.
One power state of dual powers changes: the alarm e vent will inform user the state of
power 1/2 changes, which is in support of recording hardware monitoring alarm table,
Trap and Syslog output.
Device power-down: Both powers are down, that is to say, both powers are changed to
absent state, which is only support of Syslog output.
Temperature beyond threshold alarm
The device is in support of temperature beyond threshold alarm event, when the current temperature
is lower than low temperature threshold, the low temperature alarm event will generate, which is in
support of recording hardware monitoring alarm table, Trap and Syslog output.
When the device current temperature is higher than high temperature threshold, the high temperature
alarm e vent w ill ge nerate, w hich i s a lso i n support of recording ha rdware monitoring a larm t able,
Trap and Syslog output.
Voltage beyond threshold alarm
The device is in support of voltage beyond threshold alarm event, when the current voltage is lower
than low v oltage threshold, the low v oltage a larm e vent w ill ge nerate, w hich is in support of
recording hardware monitoring alarm table, Trap and Syslog output.
When the device current voltage is higher than high voltage threshold, the high voltage alarm event
will ge nerate, w hich i s a lso i n support of r ecording h ardware m onitoring a larm t able, T rap a nd
Syslog output.
Note: the device only monitor 3.3V master chip voltage.
Interface status alarm
Each interface has three alarm events:
Interface link-fault alarm: link failure alarm refers to the peer link signal loss. The alarm
event only aims at optical port, but not power port.
Interface link-down alarm: interface status Down alarm.
Interface not-forwarding alarm: The interface will change to non-forwarding state under
all VLAN.
All three alarm events are in support of recording hardware monitoring alarm table, Trap and Syslog
output.
11.1.9.2
Alarm output mode

Hardware environment monitoring alarm output modes are as below:
Hardware environment monitoring a larm buf fer out put, which is r ecorded to the ha rdware
environment monitoring alarm table
The hardware environment monitoring alarm table, recording current alarm information
which hasnt been cleared and restored.
The hardware e nvironment m onitoring history a larm table, r ecording c urrent, restored
and manually cleared alarm information.
Hardware e nvironmental monitoring alarm information can be recorded in the cu rrent hardware
environment monitoring a larm table and ha rdware environment m onitoring history alarm t able
automatically without configuring manually.
272
www.raisecom.com
User Manual
Trap output
Alarm information is output to network management center in Trap mode.
Trap output has global switch and all monitored alarm events still have their own Trap alarm output
switches. When enabling the global switch and monitored alarm events switches simultaneously, the
alarm will generate Trap output.
The contents of Trap information are shown in Table 11-5.
Table 11-5 Trap description
Field
Description
Alarm status
Asserted (current alarm)

Cleared (alarm recovery)
Clearall (clear all alarm information)
Alarm source
Device (global alarm)

Interface number (interface status alarm)
Timestamp
Alarm time, in the form of absolute time
Alarm event type
dev-power-down (power-down alarm)

power-abnormal (power-abnormal alarm, one of two
powers is power down.)
high-temperature (high-temperature alarm)
low-temperature (low-temperature alarm)
high-volt (high-voltage alarm)
low-volt (low-voltage alarm)
link-down (interface LinkDown alarm)
not-forwarding (interface Not-Forwarding alarm)
link-falut (interface LinkFault alarm)
all-alarm (clear all alarm information)
Syslog output
Record alarm information to Syslog.
Syslog output ha s global s witch and all monitored alarm e vents still ha ve the ir o wn Syslog alarm
output s witches. When e nabling t he gl obal s witch a nd monitored alarm ev ents s witches
simultaneously, the alarm will generate Syslog output.
Syslog contents are shown in Table 11-6.
Table 11-6 Syslog information description
Field
Description
Facility
The module name generating alarm, the hardware environment

monitoring module is fixed as alarm.
Severity
Level, Please see table 11-2 for the same system log difined levels.
Mnemonics
Alarm event type, please see table 11-5 for the detailed type deacription.
273
www.raisecom.com
User Manual
Field
Description
Msg-body
Main body, describing alarm event contents.
11.1.10 Fan monitor

ISCOM2924GF device is in support of fan monitor function, can monitor the fan rotating speed and
temperature. When device de tects abnor mal fan rotating speed and temperature, it g enerates alarm
and sends Trap information.
Two monitor modes for the fan:
Force monitor: set rotating spedd for the fan by force;
Auto-monitor: adjust rotating speed automatically according to temperature.
In auto-monitor mode, the device divides rotating speed into four levels; every level corresponds to a
group of t emperature r ange r espectively. The device can adjust r otating speed according t o t he
environment temperature.
11.1.11 CPU monitor

SCOM2924GF device is in support of CPU monitoring function, which can real-time monitor each
task state in the system, CPU utilization and stack usage to help network administrator locate fault
quickly.
CPU monitoring can provide the following functions:
Check the CPU utilization
Check CPU holding time and utilization of all tasks in each period (5 seconds, 1 minute, 10 minutes,
and 2 hours). The total CPU utilization within each period can be displayed statically or dynamically.
Check the ope rational s tatus of a ll ta sks and the de tailed running s tatus i nformation of assigned
tasks.
Check CPU history utilization within each period.
Check death task information.
CPU utilization threshold alarms
Within a specified sampling period, the system will generate alarm and send Trap if CPU utilization
is ov er the c onfigured r ising threshold or be low t he declining threshold. Trap i nformation w ill
provide f ive task num bers and t heir CPU ut ilization with t he hi ghest CPU ut ilization in the most
recent periods (5 seconds, 1 minute, and 10 minutes).
11.1.12 Ping
The na me of P ing comes from sonar location operation, us ed t o detect whether the ne twork
connection is normal.
Generally, Ping function is achieved with ICMP echo messages. Firstly, send echo request message
to an address, then the address corresponding device will respond to echo reply message. When echo
request reaches the de stination a ddress, the de vice w ill r eturn echo reply message to t he s ource
274
www.raisecom.com
User Manual
address in an effective time to show the destination is reachable. If not receiving echo reply within
the effective time, the sending end will display timeout, which means the destination is unreachable.
Ping function principle is shown in Figure 11-6.
Figure 11-6 Ping function achieving principle network
11.1.13 Traceroute
Same to P ing, Traceroute i s a commonly used maintenance method in network m anagement.
Traceroute function is often used to test the network nodes of messages from sender to destination,
detect whether the network connection is reachable and analyze network fault.
The implementation process of Traceroute is as follows:
First, send a piece of TTL1 sniffer message (UDP port number of message is unavailable to
any application programs in destination side).
TTL deducts 1 when reaching the first hop; because the TTL value is 0, in the first hop, the
device returns an ICMP timeout message, indicating that this message cannot be sent.
The sending host will add 1 to TTL and resend this message.
Because TTL value was reduced to 0 in the second hop, the device will return an ICMP
timeout message, indicating that this message cannot be sent.
The above steps will continue until the messages reach destination host, which will not return ICMP
timeout message. Because the port number of destination host hasnt be used, destination host will
send port unreachable message and finish the test. Thus, the sending host can record the source
address of each ICMP T TL t imeout message, and a nalyze t he pa th t o de stination a ccording t o t he
response message. Traceroute function principle is shown in Figure 11-7.
275
www.raisecom.com
User Manual
Figure 11-7 Traceroute function achieving principle networking
11.2
SNMP
11.2.1
11.2.1.1
When us er needs t o l og o n ISCOM2924GF device t hrough N MS, pl ease configure SNMP basic
functions for ISCOM2924GF in advance.
11.2.1.2
Preconditions
Finish below tasks before configuring SNMP:
Configure SNMP interface IP address.
Configure routing pr otocol, a nd m ake s ure r outing be tween ISCOM2924GF and N MS is
available.
11.2.2
Default configuration of SNMP

The default configuration of SNMP is as below:
Function
Default value
SNMP view
By default: system, internet view
SNMP community
By default: public, private community

Index
SNMP access group
CommunityName ViewName
public
private
Permission
internet
internet
ro
rw
By default: initialnone, initial group

276
www.raisecom.com
User Manual
Function
Default value
SNMP user
By default: raisecomnone, raisecommd5nopriv,

raisecomshanopriv user
Mapping relation between

SNMP user and access group
Index
-0
1
GroupName
UserName S ecModel
initialnone
raisecomnone us m
nitial r aisecommd5nopriv us m
2 i nitial r aisecomshanopriv us m
11.2.3
Logo and the contact method

of administrator
support@Raisecom.com
Device physical location
world china raisecom
Trap status
Enable
SNMP target host address
N/A
Configure basic function for SNMP v1/v2c

In order to protect itself and prevent its MIB from unauthorized access, SNMP Agent proposes the
concept of c ommunity. The management s tation in the s ame community must use t he community
name in all Agent operating, or their requests will not be accepted.
Community na me refers t o use different S NMP s tring to identify di fferent group. Different
community can have read-only or read-write access permission. G roups with read-only pe rmission
can only query the device information, while groups with read-write authority can configure the
device in addition to query the device information.
SNMP v1/ v2c uses t he community na me a uthentication scheme, a nd the SNMP packets which are
inconsistent to the community name will be discarded.
Please configure SNMP v1, v2c on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server view view-name

oid-tree [ mask ] { included | excluded }
(Optional) Create SNMP view and configure

MIB variable range.
The default view is internet, which includes all
MIB variables below 1.3.6 node of MIB tree.
Raisecom(config)#snmp-server community
com-name [ view view-name ] { ro | rw }
Create community name and configure the

corresponding view and access permission. Use
default view internet if view view-name option
is empty.
Raisecom(config)#snmp-server access group-name

[ read view-name ] [ write view-name ] [ notify
view-name ] { v1sm | v2csm }
(Optional) Create and configure SNMP v1/v2c

access group.
277
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#snmp-server group group-name

user user-name { v1sm | v2csm | usm }
(Optional) Configure the mapping relation

between user and access group. SNMP v1/v2c
can assign the corresponding community group
and configure secure model for group. When
the secure model is v1sm or v2csm, the secure
level is noauthnopriv automatically.
11.2.4
Configure basic function for SNMP v3

SNMPV3 uses USM over user authentication mechanism. USM comes up with the concept of access
group: one or more users correspond to one a ccess group, e ach access group sets the related read,
write and announce v iew; u sers i n access gr oup have acces s pe rmission in this view. User acces s
group de nt G et a nd S et r equest must ha ve pe rmission c orresponding t o t he r equest, or t he r equest
will not be accepted.
As the Figure 11-8 s hows, ne twrk m anagement s tation us es t he nor mal a ccess f rom S NMP v 3 t o
switch and the configuration is as below:
Configure user
Check which access group the user belongs to.
Configure view permission for access group.
Create view.
Figure 11-8 Sketch map of SNMP v3 authentication mechanism

Please configure SNMP v3 on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server view view-name

oid-tree [ mask ] { included | excluded }
Create SNMP view and configure

MIB variable range.
278
www.raisecom.com
11.2.5
User Manual
Step
Configuration
Description
Raisecom(config)#snmp-server user user-name

[ remote engine-id ] authentication { md5 | sha }
authpassword
Create user and configure

authentication mode.
Raisecom(config)#snmp-server access group-name

[ read view-name ] [ write view-name ] [ notify
view-name ] [ context context-name { exact |
prefix } ] usm { noauthnopriv | authnopriv }
Create and configure SNMP v3

access group.
Raisecom(config)#snmp-server group group-name

user user-name { v1sm | v2csm | usm }
Configure the mapping relation

between user and access group.
Configure other information of SNMP

Configure other information of SNMP, including:
Logo and contact method of administrators
Physical location of switch
All SNMP v1, v2c and v3 are in support of the above configuration.
Please configure other information of SNMP on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server (Optional) Configure logo and contact method of

contact contact
administrators.
Note: Foe example: use E-mail as logo and
contact method of administrators.
11.2.6
Raisecom(config)#snmp-server (Optional) assign the physical location of device.

location location
Configure Trap
Note: Except for target host configuration, Trap configuration of SNMP v1, v2c and v3 are identical.
Trap means the device sends unrequested information to NMS automatically, which is used to report
some critical events.
Finish the following tasks befoce configuring Trap function:
Configure SNMP ba sic function. SNMP v 1 and v2c versions need to configure community
name; SNMP v3 needs to configure username and SNMP view.
available.
Please configure SNMP Trap on the device as below.
Step
Configuration
Description
Raisecom#config
279
www.raisecom.com
11.2.7
User Manual
Step
Configuration
Description
Enter Layer-3 interface configuration mode.

[ ip-mask ] [ sub ] [ vlan-list ]
Configure Layer-3 interface IP address.
Raisecom(config)#exit
Exit from global configuration mode and

enter Privileged EXEC mode.
Raisecom(config)#snmp-server host ip-address

version 3 { noauthnopriv | authnopriv }
user-name [ udpport udpport ]
(Optional) Configure Trap target host over

SNMP v3.
Raisecom(config)#snmp-server host ip-address

version { 1 | 2c } com-name [ udpport udpport ]
(Optional) Configure Trap target host over

SNMP v1 and SNMP v2c.
Raisecom(config)#snmp-server enable traps
Enable SNMP sending Trap function.
No.
Item
Description
Raisecom(config)#show snmp access
Show configuration information of SNMP

access group.
Raisecom(config)#show snmp
community
Show configuration information of SNMP

community.
Raisecom(config)#show snmp config
Show basic configuration information of

SNMP, including local SNMP engine ID,
logo and contact method of administrators,
switch location and TRAP switch status.
Raisecom(config)#show snmp group
Show mapping relationship between

SNMP user and access group.
Raisecom(config)#show snmp host
Show SNMP target host information.
Raisecom(config)#show snmp statistics
Show SNMP statistic information.
Raisecom(config)#show snmp user
Show SNMP user information.
Raisecom(config)#show snmp view
Show SNMP view information.
11.3
KeepAlive
11.3.1
11.3.1.1
Switch sends KeepAlive packet to make network management discover network segment in a short
time, improve working efficiency and reduce the working load of administrators. User can configure
to e nable or di sable t he K eepAlive t ransmission a nd i ts pe riod. When e nabling KeepAlive T rap
switch, if setting snmp enable traps and layer-3 IP address, switch will send a KeepAlive Trap to all
280
www.raisecom.com
User Manual
target hosts with Bridge Trap every KeepAlive Trap Interval.
11.3.1.2
Preconditions
Configure SNMP interface IP address.
Configure basic function of SNMP: SNMP v1 and v2c versions need to configure community
name; SNMP v3 needs to configure username and SNMP view.
available.
11.3.2
Defaut configuration of KeepAlive

The default configuration of KeepAlive is as below:
11.3.3
Function
Default value
KeepAlive Trap function status
Disable
KeepAlive Trap period
300s
Configure KeepAlive function

Please configure KeepAlive function as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server
keepalive-trap enable
Enable to send KeepAlive Trap. By default,

disable to send KeepAlive Trap packet. The
command of snmp-server keepalive-trap
keepalive-trap interval period
(Optional) Configure KeepAlive Trap

transmission period.
Note: To avoid multiple de vices s ending KeepAlive Trap in the s ame t ime accor ding to the s ame
period and causing heavy network management load, the real transmission period of KeepAlive Trap
is timed as period+5s random transmission.
11.3.4
Check configuration
No.
Item
Description
Raisecom#show keepalive
Show KeepAlive configuration.
281
www.raisecom.com
User Manual
11.4
RMON
11.4.1
11.4.1.1
RMON can help user monitor network and statistic traffic flow.
RMON is a more efficient monitoring method than SNMP. User just needs to assign alarm threshold,
device over t hreshold w ill s end trap information without variable information, which r educes
communication amount between management device and managed device management and provides
simple and efficient management to network.
11.4.1.2
Preconditions
Link between device and NMS is available.
11.4.2
Default configuration of RMON

The default configuration of RMON is as below:
11.4.3
Function
Default value
Statistics group
Enable all interfaces statistics function (including

layer-3 interface and physical interface)
History statistics group
Disable
Alarm group
N/A
Event group
N/A
Configure RMON statistics function

RMON s tatistics f unction can set the int erface s tatistics, including interface s ending and receiving
packet, too small or too large packets, conflict, cyclic redundancy check and error count, packet loss,
length of received packet, fragment, broadcast, multicast, and unicast news, etc.
Please configure RMON statistics function on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rmon statistics
{ ip if-number | port-list port-list }
[ owner owner-name ]
Enable interface RMON statistics function

and configure related parameters.
By default, enable all interfaces RMON
statistic function. The command of no
rmon statistics can disable this function.
Note: When using the command of no rmon statistics to disable interface statistics function, user
cannot continue to obtain the interface statistics, but the interface still can take data statistics.
282
www.raisecom.com
11.4.4
User Manual
Configure RMON history statistics function

Please configure RMON history statistics function on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rmon history
{ port-list port-list | ip if-number }
[ shortinterval short-period]
[ longinterval long-period] [ buckets
buckets-number ] [ owner owner-name ]
Enable interface RMON history statistics

function and configure related parameters.
By default, disable all interfaces RMON
history statistics function. The command of
no rmon history can disable this function.
Note: When using the command of no rmon history to disable interface history statistics function,
the interface will not take data statistics and clear all history data collected previously.
11.4.5
Configure RMON alarm group

Set one RMON al arm group i nstance (alarm-id) to monitor one MIB v ariable ( mibvar). When the
value of monitoring data exceeds the defined threshold, alarm event will generate. Record the log ot
send Trap to network management station according to the definition of alarm event.
The monitored MIB variable must be real, and the data value type is correct. If the setting variable
does not exist or value type variable is incorrect, return error. In the successfully setting alarm, if the
variable can not be collected later, close the alarm; reset if you want to monitor the variable again.
By default, the triggered event number is 0, refers to no triggered event. If the number is not zero,
and there is no corresponding configuration in event group, when the control variable is abnormal, it
cannot trigger the event successfully until the event is established.
Alarm will be triggered as long as matching the condition when configuring the upper or lower limits
for one of the e vents in the event table. If there is no c onfiguration for the up per and lower limits
related alarm event (rising-event-id, falling-event-id) in the event table, alarm will not generate even
meeting the alarm conditions.
Please configure RMON alarm group on the device as below.
11.4.6
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rmon alarm alarm-id mibvar

[ interval period ] { absolute | delta } rising-threshold
rising-value [ rising-event-id ] falling-threshold
falling-value [ falling-event-id ] [owner owner-name ]
Add alarm instance to RMON

alarm group and configure related
parameters.
Configure RMON event group

Please configure RMON event group on the device as below.
283
www.raisecom.com
11.4.7
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rmon event event-id

[ log ] [ trap community name ]
[ description string ] [ owner owner-name ]
Add event to RMON event group

and configure related event
processing mode.
No.
Item
Description
Raisecom#show rmon
Show related information of RMON

configuration.
Raisecom#show rmon alarms
Show RMON alarm group information.
Raisecom#show rmon events
Show RMON event group information.
Raisecom#show rmon statistics

[ port port-id | ip if-number ]
Show RMON statistics group information.
Raisecom#show rmon history

{ port port-id | ip if-number }
Show RMON history statistics group

information.
11.5
Cluster management
11.5.1
11.5.1.1
There ar e a l arge number of s witches ne eded t o be managed in l ayer-2 ne twork, bu t t he us able IP
address is limited, cluster management function can use one IP address to manage multiple devices
in one cluster.
11.5.1.2
Preconditions
Finish the following tasks before configuring cluster management function:
The link between command device and member device is available.
Create VLAN.
Add interface to VLAN.
11.5.2
Default configuration of cluster management

The default configuration of cluster management is as below:
Function
Default value
Global RNDP function status of cluster member
Disable
284
www.raisecom.com
11.5.3
User Manual
Function
Default value
Interface RNDP function status of cluster member
Enable
RTDP collection function status of cluster member
Disable
The maximum collection range for cluster member RTDP
16 jumpers
Cluster management function status of command device
Disable
The maximum member number of command device

cluster management
128
Auto-active function status of candidate device
Disable
MAC address of command device with candidate device

auto-active function
0000.0000.0000
Configure RNDP function

Please configure RNDP function on the device as below:
11.5.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rndp enable
(Optional) Enable global RNDP function.
Raisecom(config-port)#rndp enable
(Optional) Enable interface RNDP function.
Configure RTDP function

Note: When configuring cluster VLAN, if the device is command device or member device, due to
the cluster device has already confirmed cluster VLAN, then cluster VLAN configuration will lead to
conflict and failure, exit cluster and configure successfully.
Please configure RTDP function on the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rtdp enable
Enable global RTDP function.
Raisecom(config)#rtdp
max-hop max-hop
(Optional) Configuration the maximum

collectionrange for RTDP.
Raisecom(config)#cluster vlan
vlan-id port-list port-list
(Optional) Configure cluster VLAN and

interfacelist. The VLAN used by cluster
protocol packet communication has
limited the range of cluster management.
285
www.raisecom.com
11.5.5
User Manual
Configure cluster management function
11.5.5.1
Configure to enable cluster management function

Note:
This configuration only applies to command device.
If the device is cluster member device, restart the device if you want to take it as command
device. At this time, the device has become the command device, but because there is already
a command device in network, the device still cannot manage other devices.
Please take the following configuration on the device:
11.5.5.2
Step
Configuration
Description
Raisecom#config
Raisecom(config)#cluster
Configure the device as command device

and enable clustermanagement function.
Raisecom(config-cluster)#
max-member max-number
(Optional) Configure the maximum

member number of clustermanagement.
Configure to add and activate candidate device automatically

In order to facilitate the users to add and activate cluster members on command device, allow user
using the s ame us er na me and password to add and activate a ll t he candi date de vices, or to all
candidate de vices which can activate aut omatically by this command, or t o add and activate al l
candidate devices one by one in the prompt of device command echo contents.
11.5.5.3
Step
Configuration
Description
Raisecom#config
Enter cluster configuration mode.
Raisecom(config-cluster)#member auto-build
[ active user-name password [ all ] ]
Configure to add and activate

allcandidate devices automatically.
Confugure to add and activate candidate device manually

Configure to add a nd a ctivate candidate d evice on command device, us er ne eds t o a dd c luster
management device to cluster and activate it. After adding member device to the cluster, command
device cannot m anage m ember de vice through cluster m anagement function without a ctivation.
Users can add and activate members according to the following steps.
Step
Configuration
Description
Raisecom#config
286
www.raisecom.com
11.5.5.4
User Manual
Step
Configuration
Description
Enable cluster management function and

enter cluster configuration mode.
Raisecom(config-cluster)#member
mac-address active [ user-name
password ]
Configure to add candidate device to cluster

and activate it. The command of no member
{all | mac-address} can delete all or
specified cluster members. The command of
member {all | mac-address} suspend can
suspend all or specified cluster members.
Configure auto-active function

User must set MAC address for auto-active subordinated command device after setting auto-active
function on candidate de vice, and t hen the ca ndidate d evice can be act ivated automatically b y i ts
subordinated command device if the command device is configured to add and activate all candidate
members to cluster automatically when connecting the device to network.
11.5.5.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#cluster-autoactive
(Optional) Enable auto-active function.
Raisecom(config)#cluster-autoactive
commander-mac mac-address
(Optional) Assign MAC address for

auto-active command device.
Configure remote access member device

In c luster c onfiguration m ode, us er can t ake r emote m anagement t o activated member de vices on
command device. User can login activated cluster members according to the following steps.
11.5.6
Step
Configuration
Description
Raisecom#config
Enter cluster configuration mode.
Raisecom(config-cluster)#rcommand
{ hostname [ mac-address ] | mac-address }
Login cluster member device.
Check configuration
No.
Item
Description
287
www.raisecom.com
User Manual
No.
Item
Description
Raisecom#show rndp
Show RNDP configuration.
Raisecom#show rndp neighbor
Show RNDP neighbour information.
Raisecom#show rtdp
Show RTDP configuration.
Raisecom#show cluster vlan
Show cluster VLAN configuration.
Raisecom#show rtdp device-list

[ mac-address | hostname ] [ detailed ]
Show RTDP finding device list information.
Raisecom#show cluster
Show cluster information.
11.6
LLDP
11.6.1
11.6.1.1
When users obtain connection information between devices through NView NNM system for
topology di scovery, the de vices need t o e nable L LDP f unction, not ify their inf ormation to the
neighbors mutually, and store neighbor information to facilitate the NView NNM system queries.
11.6.1.2
Preconditions
N/A
11.6.2
Default configuration of LLDP

The default configuration of LLDP is as below:
Function
Default value
LLDP globally enable/disable
Disable
LLDP interface enable/disable
Enable
Delay sending timer
2s
Period sending timer
30s
Aging coefficient
Restart timer
2s
Alarm ebable/disable
Enable
Alarm notification timer
5s
288
www.raisecom.com
11.6.3
User Manual
Configure to enable global LLDP function

Note: The global LLDP function cannot be enabled instantly after disabling; it can enable again after
restart timer timeout.
When users obtain connection information between devices through NView NNM system for
topology di scovery, the de vices need t o e nable L LDP f unction, not ify their inf ormation to the
neighbors mutually, and store neighbor information to facilitate the NView NNM system queries.
Please configure to enable global LLDP function on the device as below:
11.6.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#lldp enable
Configure to enable global LLDP function. By

default, global LLDP function is disabled. The
command of lldp disable can disable this function.
Configure to enable interface LLDP function

Please configure to enable interface LLDP function on the device as below:
11.6.5
Step
Configuration
Description
Raisecom#config
port port-id
Raisecom(config-port)#lldp
enable
Configure to enable interface LLDP function. By

default, interface LLDP function is enabled. The
command of lldp disable can disable this function.
Configure basic LLDP function

Note: When c onfiguring de lay sending timer a nd pe riod sending timer, the value of de lay sending
timer must be smaller than or equal to one quarter of period sending timer value.
Please configure to basic LLDP function on the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#lldp
message-transmission
interval period
(Optional) Configure period sending

timer for LLDP packet. By default, the
sending period of LLDP packets is 30s.
message-transmission delay
period
(Optional) Configure delay sending timer

for LLDP packet. By default, the sending
delat time of LLDP packets is 2s.
message-transmission
hold-multiplier hold-multiplier
(Optional) Configure LLDP packets

aaaaaging coefficient. By default, the
aging coefficient is 4.
289
www.raisecom.com
11.6.6
User Manual
Step
Configuration
Description
restart-delay period
(Optional) Configure restart timer. The

device can enable global LLDP function
again after restart time when disabling
global LLDP function. By default, the
restart time is 2s.
Configure LLDP alarm function

Enable LLDP alarm notification function to send topology information update alarm to Nview NNM
system when the network changes.
Please configure LLDP alarm function on the device as below:
11.6.7
Step
Configuration
Description
Raisecom#config
lldp-trap enable
Enable LLDP alarm function.
trap-interval period
(Optional) Configure LLDP alarm

Trap period sending timer. By
default, The LLDP alarm Trap
sending period is 5s.
Check configuration
No.
Item
Description
Raisecom#show lldp local config
Show LLDP local configuration.
Raisecom#show lldp local

system-data [ port port-id ]
Show LLDP local system information.
Raisecom#show lldp remote

[ port port-id ][ detail ]
Show LLDP neighbor information.
Raisecom#show lldp statistic

[ port port-id ]
Show LLDP packet statistics information.
11.7
Optical module digital diagnostics
11.7.1
11.7.1.1
Fault di agnostics f unction of opt ical m odule pr ovides a detection m ethod to SFP pe rformation
parameters; user can predict t he s ervice l ife of opt ical m odule, isolate s ystem f ault and check its
compatibility during installation through analyzing the monitoring data.
290
www.raisecom.com
11.7.1.2
User Manual
Preconditions
N/A
11.7.2
Default configuration of optical module digital diagnostics

The default configuration of optical module digital diagnostics is as below:
11.7.3
Function
Default value
Global optical module digital

diagnostics function status
Disable
Interface optical module digital

diagnostics function status
Enable
Global optical module digital

diagnostics alarm sending Trap function
Disable
Interface optical module digital

diagnostics alarm sending Trap function
Enable
Configure to enable optical module digital diagnostics

Please configure to enable optical module digital diagnostics on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#transceiver
ddm enable
Enable global optical module digital

diagnostics function. By default, this
function is disabled. The command of
transceiver ddm disable can disable it.
port-id
Enable interface optical module digital

diagnostics function. Only when global
optical module digital diagnostics is
enabled, the optical module enabling
interface optical module digital diagnostics
function can take digital diagnostics.
Raisecom(config-port)#transceiver
ddm enable
11.7.4
Configure optical module digital diagnostics alarm sending Trap

Please configure to enable optical module parameters abnormal alarm on the device as below.
Step
Configuration
Description
Raisecom#config
trap transceiver enable
Enable global optical module digital

disgnostics alarm sending Trap.
291
www.raisecom.com
11.7.5
User Manual
Step
Configuration
Description
port-id
Enable interface optical module digital

disgnostics alarm sending Trap.
Raisecom(config-port)#transceiver
ddm enable
Only when global optical module digital

diagnostics alarm sending Trap is enabled, the
optical module enabling interface optical
module digital diagnostics alarm sending Trap
function can send Trap when alarm generates.
Check configuration
Check the result on the device as below after configuration.
No.
Item
Description
Raisecom#show transceiver
Show global switch status and

interface switch status of optical
module digital diagnostics.
Raisecom#show transceiver ddm

port-list port-list [ detail ]
Show optical module digital

diagnostics performance parameters.
Raisecom#show transceiver port-list

port-list history { 15m | 24h }
Show history information of optical

module digital diagnostics.
information port-list port-list
Show basic information of optical

module.
threshold-violations port-list port-list
Show optical module over threshold

information last time.
11.8
System log
11.8.1
11.8.1.1
Device will generate the key information, debugging information, error information, etc. to system
log, output a s log file or transmit to log host, Console port or control c onsole to facilitate users to
check and locate the fault.
11.8.1.2
Preconditions
N/A
11.8.2
Default configuration of dydtem log

The default configuration of system log is as below:
Function
Default value
292
www.raisecom.com
User Manual
Function
Default value
Enable/disable system log
Enable
Output log information to console
Enable, the default level is information (6).
Output log information to host
N/A, the default level is information (6).
Output log information to file
Disable, the fixed level is warning (4).
Output log information to monitor
Disable, the default level is information (6).
Output log information to buffer
Disable, the default level is information (6).
Output log information to history list
Disable
Log list size
Transfer log to Trap
Disable, the default level is warning (4).
Log buffer size
4KB
Transmitting rate of system log
No limit
Timestamp of system log information
Debug: no timestamp to debug level (7)

Syslog information.
Log: The timestamp to 0-6 levels Syslog
information is absolute time.
11.8.3
Configure basic information for system log

Please configure basic information for the system log as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#logging on
(Optional) Enable system log function. By

default, this function is enabled. Use the
command of no logging on to disable it.
Raisecom(config)#logging
time-stamp { debug | log }
{ datetime | none | uptime }
(Optional) Configure timestamp for system log.

Optional parameter debug is used to assign
debug level (7) system log timestamp; by default,
this system log doesnt have timestamp; Optional
parameter log is used to assign debug level 0-6
system log timestamp; by default, this system log
adopts date-time as timestamp.
rate-limit log-num
(Optional) Configure transmitting rate of system

log. By default, device doesnt restrict
transmitting rate of system log.
sequence-number
(Optional) Configure Serial No. of system log.

The serial No. only applies to control console,
monitor station, log file and log buffer, but not
log host and history list.
293
www.raisecom.com
11.8.4
User Manual
Step
Configuration
Description
discriminator
distriminator-number { facility |
mnemonics | msg-body } { drops
| includes | none } key
(Optional) Create and configure system log filter.

The filter can filter output log from control
console, monitor station, log file and log buffer.
Configure system log output

Please configure system log output on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#logging console [ log-level |

alerts | critical | debugging | emergencies | errors
| informational | notifications | warnings |
distriminator distriminator-number ]
(Optional) Configure system log output

direction as Console.
Raisecom(config)#logging host ip-address

[ log-level | alerts | critical | debugging |
emergencies | errors | informational | notifications
| warnings | distriminator distriminator-number ]

direction as log host. It can configure 10
log hosts at most.
Raisecom(config)#logging facility { alert | audit | |

auth | clock | cron | daemon | ftp | kern | local0 |
local1 | local2 | local3 | local4 | local5 | local6 |
local7 | lpr | mail | news | ntp | sercurity | syslog |
user | uucp }
(Optional) Configure log information

facility field sent to log host. The
precondition is system has created log
host, or the configuration will fail. This
configuration applies to all log hosts on
the device.
Raisecom(config)#logging monitor [ log-level |

alerts | critical | debugging | emergencies | errors |
informational | notifications | warnings |

direction as monitor.
Raisecom(config)#logging file [ discriminator

discriminateor-number ]

direction as Flash. The heavy level is
fixed as warning (4), not allow
configuring.
Raisecom(config)#logging buffered [ log-level |

alerts | critical | debugging | emergencies | errors
| informational | notifications | warnings |
(Optional) Configure log buffer size.
Raisecom(config)#logging buffered size size

direction as history list.
The output information is transferred to
Trap level.
Raisecom(config)#logging history

direction as buffer.
Raisecom(config)#logging history size size
(Optional) Configure log history list size.
294
www.raisecom.com
User Manual
Step
11.8.5
Configuration
Description
Raisecom(config)#logging trap [ log-level | alerts |

critical | debugging | emergencies | errors |
informational | notifications | warnings |
(Optional) Configure to transfer log with

a certain level in history list to Trap.
The precondition is system has enabled
the log output to history list, or no system
log is transferred to Trap.
Check configuration
11.9
11.9.1
11.9.1.1
No.
Item
Description
Raisecom#show logging
Show related information of system log configuration.
Raisecom#show logging buffer
Show system log buffer information.
discriminator
Show filter information
Raisecom#show logging file
Show system log file contents.
Raisecom#show logging history
Show system log history list information.
Alarm management
When t he d evice f ails, alarm management m odule will collect fault information and output alarm
occurrence time, alarm name and description information in log format to help users locate problem
quickly.
If the device is configured network management system, alarm information can be reported directly
to the network management system, providing possible alarm causes and treatment recommendations
to help users deal with fault.
Alarm management makes it easy for the user to take alarm suppression, alarm auto-reporting, alarm
monitoring, alarm reverse, alarm delay, alarm memory mode, alarm clear and alarm view directly on
the device.
11.9.1.2
Preconditions
N/A
11.9.2
Default configuration of alarm management

Please configure alarm management on the device as below:
295
www.raisecom.com
11.9.3
User Manual
Function
Default value
Alarm suppression
Enable
Alarm monitoring
All enable
Alarm auto-reporting
All auto-reporting
Alarm reverse mode
No reverse
Alarm delay time
0s
Alarm memory mode
Stop mode
Alarm output system log
Enable
Configure basic alarm function

Please configure basic alarm function on the device as below:
(All following steps are optional and no sequence between them.)
Step
Configuration
Description
Raisecom#config
Raisecom(config)#alarm inhibit enable
Enable alarm suppression.
Raisecom(config)#alarm auto-report
{ module_name [ group_name ] | port-list
port-list [ module_name
[ group_name ] ] } enable
Enable alarm auto-reporting.
Raisecom(config)#alarm monitor
{ module_name [ group_name ] | port-list
port-list [ module_name
[ group_name ] ] } { enable | disable }
Enable alarm monitoring.
Raisecom(config)#alarm inverse port-list

port-list { auto | manual | none }
Configure alarm reverse mode.
Raisecom(config)#alarm { active |
cleared } delay { delay }
Configure alarm delay.
Raisecom(config)#alarm active
storage-mode { loop | stop }
Configure alarm memory mode.
Raisecom(config)#alarm clear index

index
Clear current alarm of sepecified alarm index.
Raisecom(config)#alarm clear
module_name [ group_name ]
Clear current alarm of sepecified feature module.
Raisecom(config)#alarm clear port-list

port-list [ module_name [ group_name ] ]
Clear current alarm of sepecified feature module

under specified interface.
Raisecom(config)#alarm syslog enable
Enable alarm outputting system log.
296
www.raisecom.com
User Manual
Step
Configuration
Description
10
Show current alarm information.
Raisecom#show alarm active

[ module_name | severity severity ]
Raisecom#show alarm cleared
[ module_name | severity severity ]
Show history alarm information.
Note: All modules providing a larm support c an be configured to enable/disable a larm monitoring,
alarm auto-reporting and alarm clear function.
11.9.4
Check configuration
No.
Item
Description
Raisecom#show alarm
management [ module_name ]
Check current alarm parameters configuration. Use

this command to check alarm parameters
information, including alarm suppression, alarm
reverse mode, alarm delay, alarm memory mode, the
maximum alarm number stored in alarm buffer and
the maximum alarm number stored in alarm log.
Raisecom#show alarm log
Check alarm statistics information of system log.
Raisecom#show alarm
management statistics
Check statistics information of alarm management

module.
11.10 Hardware environment monitoring

11.10.1
11.10.1.1

Hardware environment monitoring pr ovide e nvironment m onitoring function t o t he de vices, by
which user can monitor the fault. When device operation environment is abnormal, this function will
record hardware e nvironment monitoring alarm list, generate Syslog system l og or s end Trap a nd
other alarm information so as to notify the user to take corresponding measures and prevent fault.
11.10.1.2
Preconditions
Hardware environment monitoring alarm output:
In Syslog output mode, alarm information will generate system log. When you need to send
alarm information to the system log host, please configure system log host IP address for the
device.
In Trap output mode, please configure network management center IP address for the device.
297
www.raisecom.com
11.10.2
User Manual
Default configuration of hardware environment monitoring

The default configuration of hardware environment monitoring is as below:
Function
Default value
Global hardware environment

monitoringalarm Syslog output
Disable
Global hardware environment

monitoringalarm Trap output
Disable
Power down event alarm
Enable Trap output function

Enable Syslog system log output function
Temperature alarm output

Voltage alarm output
Interface link-down event alarm output
Interface link-fault event alarm
Disable Trap output function
Interface not-forwarding event alarm output
11.10.3
Disable Syslog system log output function
High temperature alarm threshold
60C
Low temperature alarm threshold
20C
High voltage threshold
3450mV
Low voltage threshold
3150mV
Configure to enable global hardware environment monitoring

Step
Configuration
Description
Raisecom#config
Raisecom(config)#logging alarm
(Optional) Configure to enable global hardware

environment monitoring alarm Syslog output.
alarm-trap enable
(Optional) Configure to enable global hardware

environment monitoring alarm Trap output.
Note:
When e nabling gl obal ha rdware e nvironment monitoring a larm S yslog out put, a larm e vent
can generate syslog only when Syslog output under alarm event is also enabled.
When e nabling gl obal ha rdware e nvironment monitoring a larm s ending T rap, a larm e vent
can send Trap only when Trap output under alarm event is also enabled.
11.10.4
Configure power monitoring alarm

298
www.raisecom.com
11.10.5
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#alarm
power-supply { notifies | syslog }
Enable power monitoring alarm output and

configure power monitoring alarm output mode.
Configure temperature monitoring alarm

Step
Configuration
Description
Raisecom#config
Raisecom(config)#alarm
temperature { high high-value |
low low-value | notifies | syslog }
Enable temperature alarm output and configure

temperature alarm output mode or temperature
alarm threshold.
High temperature threshold high-value must be
higher than low temperature threshold low-value.
Low temperature threshold low-value must be
lower than high temperature threshold high-value.
11.10.6
Configure voltage monitoring alarm

Step
Configuration
Description
Raisecom#config
Raisecom(config)#alarm voltage
{ high high-value | low low-value
| notifies | syslog }
Enable voltage alarm output and

configure voltage alarm output
mode or voltage alarm threshold.
Note: the device is only in support
of 3.3V master chip voltage.
11.10.7
Configure interface status monitoring alarm

Step
Configuration
Description
Raisecom#config
Raisecom(config)#alarm port
{ link-down | link-fault |
not-forwarding } { notifies |
syslog } port-list port-list
Enable interface status alarm output and

configure interface status alarm output mode.
299
www.raisecom.com
11.10.8
User Manual
Clear all hareware environments monitoring alarm event manually

Step
Configuration
Description
Raisecom#config
Raisecom(config)#clear alarm
Configure to clear alarm manually.

Execute this command to clear all alarm information
in current alarm list and generate an all-alarm type
alarm information in history alarm list.
If enabling global sending Trap, the all-alarm alarm
infoemation will be output in Trap mode; if enabling
global Syslog, the all-alarm alarm information will
be output in Syslog mode.
11.10.9
Check configuration
No.
Item
Description
Raisecom#show alarm
Show global hardware environment monitoring

alarm configuration.
Use this command to check hardware
environment monitoring information, including
global alarm Syslog output, global sending
Trap, power down alarm, temperature alarm
and voltage alarm.
Raisecom#show alarm port-list port-list
Show interface status alarm information.
Raisecom#show alarm currrent
Show current alarm information of hardware

environment monitoring.
Raisecom#show alarm history
Show history alarm information of hardware

environment monitoring.
Raisecom#show environment [ power |

temperature | voltage ]
Show the current power, temperature, voltage

alarm and the current environment information.
Raisecom#show power-card
Show power type and serial No. of the device.
11.11 Fan monitor

11.11.1
11.11.1.1

When putting I SCOM2924GF in very hot environment, t he high temperature may influent he at
exhausting performance of the device, then configure fan monitor function to make the device adjust
temperature automatically according t o e nvironment t emperature a nd m aintain nor mal r unning of
device.
300
www.raisecom.com
11.11.1.2
User Manual
Preconditions
N/A
11.11.2
Configure fan monitor function

Please configure fan monitor function on the device as below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#fan-monitor mode { auto |

enforce }
Configure monitor mode for fan rotate

speed. By default, fan monitor mode is auto.
Raisecom(config)#fan-monitor enforce level level
(Optional) Configure fan rotate speed in

force monitor mode.
Raisecom(config)#fan-monitor temperature-scale
temperature1 temperature2 temperature3
(Optional) configure temperature range

corresponding to different rotate scale in
auto monitor mode.
11.11.3
Check configuration
No.
Item
Description
Raisecom#show fan-monitor information
Show related information of fan

monitor configuration.
Raisecom#show fan-monitor status
Show current fan status information.
11.12 CPU monitor

11.12.1
11.12.1.1

CPU monitor can give real-time monitoring to task state, CPU utilization rate and stack usage in the
system, provide C PU ut ilization rate threshold alarm, de tect a nd e liminate hidden dangers, or he lp
administrator for fault location.
11.12.1.2
Preconditions
Finish the following task before configuring CPU monitor:
When the CPU monitor alarm information needs to be output in Trap mode, configure Trap output
target host address on the device, which is IP address of network management center.
301
www.raisecom.com
11.12.2
User Manual
Defaut configuration of CPU monitor

The default configuration of CPU monitor is as below:
11.12.3
Function
Default value
CPU utilization rate alarm Trap output
Disable
Upper threshold of CPU utilization rate alarm
100%
Lower threshold of CPU utilization rate alarm
1%
Sampling period of CPU utilization rate
60s
Check CPU monitor information

Please configure the CPU monitor on the device as below:
11.12.4
Step
Configuration
Description
Raisecom#show cpu-utilization [ dynamic |

history { 10min | 1min | 2hour | 5sec } ]
Check CPU utilization rate.
Raisecom#show process [ dead | sorted

{ normal-priority | process-name } | taskname ]
Check task status.
Raisecom#show process cpu [ sorted [ 10min |

1min | 5sec | invoked ] ]
Check CPU utilization rate of all tasks.
Configure CPU monitor alarm

Please configure the CPU monitor alarm on the device as below:
11.12.5
Step
Configuration
Description
Raisecom#config
traps enable cpu-threshold
Enable CPU threshold alarm sending Trap.
Raisecom(config)#cpu
rising-threshold
rising-threshold-value
[ falling-threshold
falling-threshold-value ]
[ interval interval-value ]
(Optional) Configure upper threshold, lower threshold

and sampling time interval for CPU alarm. The upper
threshold must be greater than lower threshold.
After enabling CPU threshold alarm sending Trap. In
specified sampling period, the system will send alarm
Trap automatically when the CPU utilization rate is
over upper threshold or below lower threshold.
Check configuration
No.
Item
Description
302
www.raisecom.com
User Manual
No.
Item
Description
Raisecom#show cpu-utilization
Check CPU utilization and related

configuration information.
11.13 Check device information

Please configure the device as below:
Step
Configuration
Description
Raisecom#show version
Check the device version.
Raisecom#show running-config
Check the current configuration file.
Raisecom#show clock
Check system time.
Raisecom#show environment
[ power | temperature | voltage ]
Check the current power,

temperature, and voltage.
Raisecom#show power-card
Check the power type and serial No.
11.14 Ping
Please configure Ping function on the device as below:
Step
Configuration
Description
Raisecom#ping ip-address [ count count ]

[ size size ] [ waittime period]
(Optional) Test IPv4 network

connection by the command of Ping.
Raisecom#ping ipv6 ipv6-address [ count

count ] [ size size ] [ waittime period ]
(Optional) Test IPv6 network

connection by the command of Ping.
Note: The device c annot perform ot her operations in the pr ocess of Ping. It can perform other
operations only when Ping is finished or break off Ping through "ctrl + c".
11.15 Traceroute
Configure the I P address an d default ga teway f or ISCOM2924GF de vice be fore us ing T raceroute
function.
Please configure Traceroute function on the device as below:
Step
Configuration
Description
Raisecom#config

[ ip-mask ] vlan-id
Configure interface IP address.
303
www.raisecom.com
User Manual
Step
Configuration
Description
Exit from interface configuration mode and enter

enter global configuration mode.
Raisecom(config)#ip default-gateway
ip-address
Configure default gateway.
Exit from global configuration mode and enter

privileged EXEC mode.
Raisecom#traceroute ip-address [ firstttl

fitst-ttl ] [ maxttl max-ttl ] [ port port-id ]
[ waittime second ] [ count times ]
(Optional) Test IPv4 network connection by

traceroute and check packet passed network nodes.
Raisecom#traceroute ipv6 ipv6-address

[ firstttl fitst-ttl ] [ maxttl max-ttl ] [ port
port-id ] [ waittime second ] [ count times ]
(Optional) Test IPv6 network connection by

traceroute and check packet passed network nodes.
11.16 Maintenance
User can maintain system features by the following commands.
Command
Description
Raisecom(config)#clear lldp
statistic port port-id
Clear LLDP statistic information.
Raisecom(config)#clear lldp
remote-table [ port port-id ]
Clear LLDP neighbor information.
Raisecom(config)#clear rmon
Clear all configuration information of RMON.

11.17.1
11.17.1.1
Configure SNMP v1/v2c and Trap application

As the Figure 11-9 shows below, route between NView NNM system and Switch is available, Nview
NNM can check the MIB unde r v iew corresponding to r emote s witch b y S NMP v 1/v2c, a nd t he
switch can send Trap automatically to Nview NNM in emergency.
By default, there is VLAN1 in switch and all physical interfaces belong to VLAN1.
Figure 11-9 SNMP v1/v2c networking
304
www.raisecom.com
11.17.1.2
User Manual
Configuration steps
Configure IP address for Switch.
Raisecom#config
Configure SNMP v1/v2c view.

Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 included
Configure SNMP v1/v2c community.

Raisecom(config)#snmp-server community raisecom view mib2 ro
Configure Trap alarm.

Raisecom(config)#snmp-server host 20.0.0.221 version 2c raisecom
11.17.1.3
Show result
Check IP address configuration by show interface ip.
Raisecom#show interface ip
IF
Address
NetMask
Source
Catagory
---------------------------------------------------------0
20.0.0.10
255.255.255.0 assigned
primary
Check view configuration by show snmp view.

Raisecom(config)#show snmp view
Index:
View Name: mib2

OID Tree:
1.3.6.1.2.1
Mask:
--
Type:
include
Check community configuration by show snmp-server community.

Raisecom#show snmp community
Index
Community Name
View Name
Permission
-----------------------------------------------------------1
private
internet
rw
public
internet
ro
raisecom
mib2
ro
Check target host configuration by show snmp host.

Raisecom#show snmp host
Index:
IP family:
IPv4
IP address:
20.0.0.221
305
www.raisecom.com
User Manual
Port:
162
User Name:
raisecom
SNMP Version:
v2c
Security Level: noauthnopriv

TagList:
11.17.2
11.17.2.1
bridge config interface rmon snmp ospf
Configure SNMP v3 and Trap application

As t he Figure 11-10 s hows be low, r oute be tween NView N NM s ystem a nd S witch i s a vailable,
Nview N NM monitors A gent by S NMP v 3, and t he s witch c an s end Trap automatically to Nview
NNM when Agent is in emergency.
By default, there is VLAN1 in switch and all physical interfaces belong to VLAN1.
Figure 11-10 SNMP v3 and Trap networking
11.17.2.2
Configuration steps
Raisecom#config
Configure SNMP v3 access.

Create access view mib2, including all MIB variables under 1.3.6.1.x.1.
Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 1.1.1.1.0.1 included
Create user guestuser1, use md5 authentication algorithm, password is Raisecom.

Raisecom(config)#snmp-server user guestuser1 authentication md5 raisecom
Create gue stgroup a ccess g roup, s ecurity mode i s us msecurity le vel is a uthentication w ithout
encryption, readable view name is mib2.
Raisecom(config)#snmp-server access guestgroup read mib2 usm authnopriv
Configure guestuser1 user mapping to access group guestgroup.

Raisecom(config)#snmp-server group guestgroup user guestuser1 usm
Configure Trap alarm.

306
www.raisecom.com
User Manual
Raisecom(config)#snmp-server host 20.0.0.221 version 3 authnopriv guestuser1
11.17.2.3
Show result
Check SNMP access group configuration by show snmp access.
Raisecom#show snmp access
Index:
Group:
guestgroup
Security Model: usm

Security Level: authnopriv
Context Prefix: -Context Match:
exact
Read View:
mib2
Write View:
--
Notify View:
internet
Check the mapping relationship configuration between user and access group by show snmp group.
Raisecom#show snmp group
Index
GroupName
UserName
SecModel
----------------------------------------------------------0
initialnone
none
usm
initial
md5nopriv
usm
initial
shanopriv
usm
guestgroup
guestuser1
usm
Check Trap target host configuration by show snmp host.

Index:
IP family:
IPv4
IP address:
20.0.0.221
Port:
162
User Name:
guestuser1
SNMP Version:
v3
Security Level: authnopriv

TagList:
11.17.3
11.17.3.1
Configure KeepAlive application

As the Figure 11-11 shows below, the IP address of switch is 192.168.1.2, Trap target host address of
SNMPv2c is 1 92.168.1.1, read a nd w rite c ommunity na me i s publ ic, S NMP v ersion i s v 2c.
Configure time interval sending KeepAlive Trap from switch to SNMP network management station
307
www.raisecom.com
User Manual
as 120s and enable KeepAlive Trap function.
Figure 11-11 KeepAlive application networking
11.17.3.2
Configuration steps
Raisecom#config
Configure Trap target host IP address for SNMP.

Raisecom(config)#snmp-server host 192.168.1.1 version 2c public
Configure KeepAlive Trap function.

Raisecom(config)#snmp-server keepalive-trap enable
Raisecom(config)#snmp-server keepalive-trap interval 120
11.17.3.3
Show result
Check KeepAlive configuration information by show keepalive.
Raisecom#show keepalive
Keepalive Admin State:Enable
Keepalive trap interval:120s
Keepalive trap count:1
11.17.4
11.17.4.1
Configure RMON alarm group application

As the Figure 11-12 shows below, ISCOM2924GF device is Agent, connecting to terminal through
Console interface, c onnecting t o r emote NNM s ystem t hrough I nternet. Enable RMON statistic
function and statistic performance for Port 3. When interface receiving packets exceeds the threshold
in a period, record log and send Trap alarm.
308
www.raisecom.com
User Manual
Figure 11-12 RMON application networking
11.17.4.2
Configuration steps
Create e vent w ith index I D 10, us ed t o r ecord a nd s end l og information with description s tring
High-ifOutErrors, the owner of log information is system.
Raisecom#config
Raisecom(config)#rmon event 1 log description High-ifOutErrors owner system
Create a larm i tem w ith i ndex I D 1 0, used t o m onitor M IB variables 1.3.6.1.2.1.2.2.1.20.1, c heck
every 20 seconds, if the variable increases over 15, the Trap alarm is triggered, the owner of alarm
information is also system.
Raisecom(config)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 interval 20 delta rising-threshold 15 1 falling-threshold
0 owner system
11.17.4.3
Show result
Check w hether t here i s e vent gr oup i nformation on t he de vice by t he c ommand of show rmon
alarms.
Raisecom#show rmon alarms
Alarm 10 is active, owned by system
Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds
Taking delta
samples, last value was 0
Rising threshold is 15, assigned to event 1

Falling threshold is 0, assigned to event 0
On startup enable rising and falling alarm
Check w hether t here i s a larm gr oup i nformation on t he de vice by the c ommand of show rmon
events.
Raisecom#show rmon events
Event 1 is active, owned by system
Event generated at 0:0:0
Send TRAP when event is fired.
When alarm event is triggered, user can also check related information by alarm management part of
NNM system.
309
www.raisecom.com
11.17.5
11.17.5.1
User Manual
Configure cluster management and realize remote access

A lot of de vices in layer-2 network ne ed to be managed, but current IP a ddress re source in public
network is limited. User wants to use one device to manage other device.
Cluster management function can us e one IP ad dress t o manage m upltiple devices i n a cl uster.
Manage all member devices in cluster through command device and remote log in member device
for configuration and maintenance.
As the Figure 11-13 shows below, Switch A is command device, MAC address is 000e.5e03.5318;
Switch B an d Switch C is cl uster m ember de vice, M AC ad dress i s 000E.5EBD.5951 and
000E.5E03.023C separately. Configure cluster management function to realize remote management
and maintenance from Switch A log onto Switch B and Switch C.
Figure 11-13 Cluster management networking
11.17.5.2
Configuration steps
Switch A is command device, take the following configuration on Switch A.
Configure global and interface enabling RNDP function.
SwitchA#config
SwitchA(config)#rndp enable
SwitchA(config)#interface range 1-2
SwitchA(config-range)#rndp enable
SwitchA(config-range)#exit
Configure to enable RTDP function.

SwitchA(config)#rtdp enable
Configure to start auto-active function.

310
www.raisecom.com
User Manual
SwitchA(config)#cluster-autoactive
Assign itself for command device and start cluster management function.
SwitchA(config)#cluster
Configure auto-build and activate all candidate devices.

SwitchA(config-cluster)#member auto-build active raisecom raisecom all
SwitchA(config-cluster)#exit
Configure to enable RNDP and RTDP function on Switch B, and enable auto-active function, assign
MAC address for auto-active command device.
SwitchB#config
SwitchB(config)#rndp enable
SwitchB(config-port)#rndp enable
SwitchB(config)#rtdp enable
SwitchB(config)#cluster-autoactive
SwitchB(config)#cluster-autoactive commander-mac 000e.5e03.5318
Configure to enable RNDP and RTDP function on Switch C, and enable auto-active function, assign
MAC address for auto-active command device.
SwitchC#config
SwitchC(config)#rndp enable
SwitchC(config-port)#rndp enable
SwitchC(config)#rtdp enable
SwitchC(config)#cluster-autoactive
SwitchC(config)#cluster-autoactive commander-mac 000e.5e03.5318
Log in Switch B on Switch A.

SwitchA#config
SwitchA(config-cluster)#rcommand SwitchB
Login: raisecom
Password:
SwitchB>
Log in Switch C on Switch A.

SwitchA#config
311
www.raisecom.com
User Manual
SwitchA(config-cluster)#rcommand SwitchC
Login: raisecom
Password:
SwitchC>
11.17.5.3
Show result
Check cluster information on Switch A by show cluster.
SwitchA#show cluster
Identity:Commander
Current member number:2
Max member number:128
Check cluster member information on Switch A by show cluster.

SwitchA#show cluster member
MAC Address
Operation
State
Hostname
----------------------------------------------------000E.5EBD.5951
Up
Active
SwitchB
000E.5E03.023C Up
Active
SwitchC
Check cluster configuration information on Switch B by show cluster.

SwitchB#show cluster
Identity:Member
Autoactive:ON
Autoactive commander mac:000e.5e03.5318
Commander mac:000e.5e03.5318
Check cluster information on Switch C; please take cluster information on Switch B for reference.
11.17.6
11.17.6.1
Configure LLDP function application

As the Figure 11-14 shows below, switch is c onnected t o Nview N NM; enable LLDP be tween
Switch A and Switch B, query layer-2 link change through Nview NNM system. The neighbor aging,
new neighbor and neighbor i nformation changes w ill be reported LLDP a larm to N View NNM
system.
312
www.raisecom.com
User Manual
Figure 11-14 Configure LLDP function networking
11.17.6.2
Configuration steps
Configure to globally enable LLDP and LLDP alarm.
Configure Switch A.
SwitchA#config
SwitchA(config)#lldp enable
SwitchA(config)#snmp-server lldp-trap enable
Configure Switch B.
SwitchB#config
SwitchB(config)#lldp enable
SwitchB(config)#snmp-server lldp-trap enable
Configure to manage IP address.

Configure Switch A.
SwitchA(config)#create vlan 1024 active
SwitchA(config)#interface ip 1
SwitchA(config-ip)#ip address 10.10.10.1 1024
Configure Switch B.
SwitchB(config)#create vlan 1024 active
313
www.raisecom.com
User Manual
SwitchB(config)#interface ip 1
SwitchB(config-ip)#ip address 10.10.10.2 1024
Configure LLDP attributes.

Configure Switch A.
SwitchA(config)#lldp message-transmission interval 60
SwitchA(config)#lldp message-transmission delay 9
SwitchA(config)#lldp trap-interval 10
Configure Switch B.
SwitchB(config)#lldp message-transmission interval 60
SwitchB(config)#lldp message-transmission delay 9
SwitchB(config)#lldp trap-interval 10
11.17.6.3
Show result
Check the local configuration by show lldp local config.
SwitchA#show lldp local config
System configuration:
------------------------------------------------------------------------LLDP enable status:
enable (default is disabled)
LLDP enable ports:
1-28
LldpMsgTxInterval:
60
(default is 30s)
LldpMsgTxHoldMultiplier:
(default is 4)
LldpReinitDelay:
(default is 2s)
LldpTxDelay:
(default is 2s)
LldpNotificationInterval: 5
LldpNotificationEnable:
(default is 5s)
enable (default is enabled)
enable(default is enabled)
The destination mac address of LLDPDU: (default is 0180.c200.000e)

------------------------------------------------------------port1
destination-mac:0180.C200.000E
port2
port3
SwitchB#show lldp local config

System configuration:
------------------------------------------------------------------------LLDP enable status:
enable (default is disabled)
LLDP enable ports:
LldpMsgTxInterval:
60
(default is 30s)
LldpMsgTxHoldMultiplier:
(default is 4)
LldpReinitDelay:
(default is 2s)
314
www.raisecom.com
User Manual
LldpTxDelay:
LldpNotificationInterval: 10
(default is 2s)
(default is 5s)
enable (default is enabled)
Check neighbor information by show lldp remote.

SwitchA#show lldp remote
Port
ChassisId
PortId
SysName
MgtAddress
ExpiredTime
------------------------------------------------------------------------port1 000E.5E02.B010
port 1
SwitchB 10.10.10.2
106
SwitchB#show lldp remote

Port
ChassisId
PortId
SysName
MgtAddress
ExpiredTime
------------------------------------------------------------------------port1 000E.5E12.F120
port 1
SwitchA 10.10.10.1
106
11.17.7
11.17.7.1
Configure system log output to log host application

As the Figure 11-15 shows below, configure sytem log function, output device log information to log
host for user to check.
Figure 11-15 Networking of Outputting System Log to Log Host
11.17.7.2
Configuration steps
Configure device IP address.
Raisecom#config
Configure system log outputs to log host PC.

Raisecom(config)#logging on
Raisecom(config)#logging time-stamp log datetime
Raisecom(config)#logging rate-limit 2
Raisecom(config)#logging host 20.0.0.168 warnings
11.17.7.3
Show result
Show system log configuration by the command of show logging.
315
www.raisecom.com
User Manual
Syslog logging:
enable
Dropped Log messages:
Dropped debug messages:
Rate-limited:
2 messages per second
Logging config:
disable
Logging config level:
informational(6)
Squence number display:
disable
Log time stamp:
datetime
Debug time stamp:
none
Log buffer size:
4kB
Debug level:
low
Syslog history logging:
disable
Syslog history table size:1

Dest
Status
Level
LoggedMsgs DroppedMsgs
Discriminator
----------------------------------------------------------------------------buffer
disable
console
enable
informational(6)
trap
disable
warnings(4)
file
monitor
disable
informational(6)
warnings(4)
disable
203
0
0
informational(6)
0
0
Log host information:

Max number of log server:
10
Current log server number:
Target Address
Level
Port
Facility
Sent
Drop
Discriminator
----------------------------------------------------------------------------------------------20.0.0.168
warnings(4)
local7
Show device log information typed from PC terminal emulation program interface.
07-01-2008 11:31:28 Local0.Debug 20.0.0.6 JAN
11.17.8
11.17.8.1
01
10:22:15
ISCOM2924GF:
07-01-2008 11:27:41 Local0.Debug 20.0.0.6 JAN

01
10:18:30
ISCOM2924GF:
07-01-2008 11:27:35 Local0.Debug 20.0.0.10 JAN

01
10:18:24
ISCOM2924GF:
07-01-2008 11:12:43 Local0.Debug 20.0.0.10 JAN

01
10:03:41
CONFIG-7-CONFIG:USER " raisecom " Run " logging host 20.0.0.168 local0 7 "
ISCOM2924GF:
07-01-2008 11:12:37 Local0.Debug 20.0.0.10 JAN

ISCOM2924GF:
01
10:03:35
Configure hardware environment monitoring application

As the Figure 11-16 shows below, configure hardware environment monitoring function to monitor
device temperature information. When the temperature exceeds threshold, alarm information will be
output t o network m anagement c enter i n Trap m ode. U ser w ill t ake c orresponding m easures t o
316
www.raisecom.com
User Manual
prevent fault.
Figure 11-16 Hardware environment monitoring application networking
11.17.8.2
Configuration steps
Configure device IP address.
Raisecom#config
Configure device to send Trap.

Raisecom(config)#snmp-server host 20.0.0.1 version 2c public
Enable global hardware environment monitoring alarm sending Trap.

Raisecom(config)#snmp-server alarm-trap enable
Configure temperature monitoring function for the device.

Raisecom(config)#alarm temperature notifies
Raisecom(config)#alarm temperature high 50
Raisecom(config)#alarm temperature low 20
11.17.8.3
Show result
Check device sending Trap configuration by show snmp config.
Raisecom#show snmp config
Contact information: support@Raisecom.com
Device location :
World China Raisecom
SNMP trap status:
enable
SNMP engine ID:
800022B603000E5E156789
Check Trap target host configuration by show snmp host.

Index:
IP family:
IPv4
IP address:
20.0.0.1
Port:
162
User Name:
public
SNMP Version:
v2c
Security Level: noauthnopriv

317
www.raisecom.com
User Manual
TagList:
Check device hardware environment monitoring alarm configuration by show alarm.

Raisecom#show alarm
Traps alarm:
Enabled
Logging alarm:
Disabled
Power Supply
Notifies:
Disabled
Syslog:
Enabled
Temperature
High threshold(Celsius):
Low
threshold(Celsius):
Notifies:
Syslog:
50
20
Enabled
Enabled
Voltage
High threshold:
Low
threshold:
Notifies:
Syslog:
3450mV
3150mV
Disabled
Disabled
318
www.raisecom.com
User Manual
Appendix A Glossary Table
Failover
Provide a port association solution, extending link backup range. Transport fault
of upper layer device quickly to downstream device by monitoring upstream link
and synchronize downstream link, then trigger switching between master and
standby device and avoid traffic loss.
Precision Time
ProtocolPTP
IEEE 1588 v2 protocol is also called PTP (Precision Time Protocol), a

high-precision time protocol for synchronization used in measurement and
control systems residing on a local area network. Accuracy in the
sub-microsecond range may be achieved with low-cost implementations.
Connectivity
Fault
Management
CFM
A standard defined by IEEE. It defines protocols and practices for OAM

(Operations, Administration, and Maintenance) for paths through 802.1 bridges
and local area networks (LANs). Used to diagnose fault for EVC (Ethernet
Virtual Connection). Cost-effective by fault management function and improve
Ethernet maintenance.
Link
Aggregation
A computer networking term which describes using multiple network

cables/ports in parallel to increase the link speed beyond the limits of any one
single cable or port, and to increase the redundancy for higher availability.
SyncE
A technology adopts Ethernet link codes recover clock, similar to SDH clock
synchronization quality, SyncE provides frequency synchronization of high
precision. Unlike traditional Ethernet just synchronize data packets at receiving
node, SyncE implements real-time synchronization system for inner clock.
802.1Q in
802.1Q
QinQ is (also called Stacked VLAN or Double VLAN) extended from 802.1Q,
defined by IEEE 802.1ad recommendation. Basic QinQ is a simple layer-2 VPN
tunnel technology, encapsulating outer VLAN Tag for client private packets at
carrier access end, the packets take double VLAN Tag passing through trunk
network (public network). In public network, packets only transmit according to
outer VLAN Tag, the private VLAN Tag are transmitted as data in packets.
Solve communication problem from BTS to BSC for 2G, NodeB to RNC for 3G.
Mobile
Backhaul
Mobile backhaul for 2G focuses on voice service, not request high bandwidth,
implemented by TDM microwave or SDH/PDH device.
In 3G times, lots of data service as HSPA, HSPA+, etc concerning to IP service,
voice is changing to IP as well, namely IP RAN, to solve problem of IP RAN
mobile backhaul is solving whole network backhaul, satisfying both data
backhaul and voice transportation over IP (clock synchronization).
Ethernet Ring
Protection
Switching
ERPS
An APS (Automatic Protection Switching) protocol based on ITU-T G.8032

Recommendation to provide backup link protection and recovery switching for
Ethernet traffic in a ring topology and at the same time ensuring that there are no
loops formed at the Ethernet layer.
Ethernet Linear
Protection
Switching
ELPS
A protocol based on ITU-T G.8031 APS (Automatic Protection Switching) to

protect an Ethernet connection. It is a kind of end-to-end protection technology.
Including two linear protection modes: linear 1:1 protection switching and linear
1+1 protection switching.
319
www.raisecom.com
User Manual
Appendix B Acronym
Numerics
Full Spelling
A
ACL
Access Control List
APS
Automatic Protection Switching
C
CCM
Continuity Check Message
CFM
Connectivity Fault Management
CoS
Class of Service
D
DoS
Deny of Service
DRR
Deficit Round Robin
DSCP
Differentiated Services Code Point
E
EFM
Ethernet in the First Mile
ELPS
Ethernet Linear Protection Switching
ERPS
Ethernet Ring Protection Switching
EVC
Ethernet Virtual Connection
F
FTP
File Transfer Protocol
G
GARP
Generic Attribute Registration Protocol
GPS
Global Positioning System
GSM
Global System for Mobile Communications
GVRP
GARP VLAN Registration Protocol
320
www.raisecom.com
User Manual
IEEE
Institute of Electrical and Electronics Engineers
IETF
Internet Engineering Task Force
IP
Internet Protocol
ITU-T
International Telecommunications Union Telecommunication Standardization Sector
L
LACP
Link Aggregation Control Protocol
LBM
LoopBack Message
LBR
LoopBack Reply
LLDP
Link Layer Discovery Protocol
LLDPDU
Link Layer Discovery Protocol Data Unit
LTM
LinkTrace Message
LTR
LinkTrace Reply
M
MA
Maintenance Association
MAC
Medium Access Control
MD
Maintenance Domain
MEG
Maintenance Entity Group
MEP
Maintenance associations End Point
MIB
Management Information Base
MIP
Maintenance association Intermediate Point
MSTI
Multiple Spanning Tree Instance
MSTP
Multiple Spanning Tree Protocol
N
NNM
Network Node Management
O
OAM
Operation, Administration and
Management
P
PC
Personal Computer
Q
321
www.raisecom.com
User Manual
QoS
Quality of Service
R
RADIUS
Remote Authentication Dial In User Service
RMON
Remote Network Monitoring
RMEP
Remote Maintenance association End Point
RNC
Radio Network Controller
RSTP
Rapid Spanning Tree Protocol
S
SFP
Small Form-factor Pluggables
SLA
Service Level Agreement
SNMP
Simple Network Management Protocol
SNTP
Simple Network Time Protocol
SP
Strict-Priority
SSHv2
Secure Shell v2
STP
Spanning Tree Protocol
T
TACACS+
Terminal Access Controller Access Control System
TCP
Transmission Control Protocol
TFTP
Trivial File Transfer Protocol
TLV
Type Length Value
ToS
Type of Service
V
VLAN
Virtual Local Area Network
W
WRR
Weight Round Robin
322
Address: Building 2, No. 28 of the Shangdi 6th Street, Haidian District, Beijing. Postcode:
100085
Tel: +86-10-82883305
Fax: +86-10-82883056
Email: export@raisecom.com
http://www.raisecom.com

ISCOM2924GF-4GE - 4C Configuration Guide (A - 01) PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

ISCOM2924GF-4GE - 4C Configuration Guide (A - 01) PDF

Hochgeladen von

Copyright:

Verfügbare Formate

www.raisecom.

ISCOM2924GF-4GE/4C Configuration Guide

Restricted Rights Legend.

World Wide Web

We hope to hear from you!

Function Overview ------------------------------------------------------------------------- 1

Command line -----------------------------------------------------------------------------------------------------------9

Management of BootROM files -------------------------------------------------------------------------------------------------- 16

Upload and upgrade ------------------------------------------------------------------------------------------------- 18

Configure clock management ------------------------------------------------------------------------------------ 22

Configure time and time zone ---------------------------------------------------------------------------------------------------- 22

Configure interface management ------------------------------------------------------------------------------- 25

Default configuration of interface ------------------------------------------------------------------------------------------------ 25

Configure basic information for device ----------------------------------------------------------------------- 27

Configure TFTP auto-loading example----------------------------------------------------------------------------------------- 29

Brief introduction ----------------------------------------------------------------------------------------------------------------------- 9

Manage files ------------------------------------------------------------------------------------------------------------ 16

Brief introduction ----------------------------------------------------------------------------------------------------------------------- 3

Configure MAC address forwarding table ------------------------------------------------------------------- 44

Configure VLAN ------------------------------------------------------------------------------------------------------- 47

Preparation for configuration ----------------------------------------------------------------------------------------------------- 64

Configure interface mirror----------------------------------------------------------------------------------------- 65

Preparation for configuration ----------------------------------------------------------------------------------------------------- 62

Configure interface protection ----------------------------------------------------------------------------------- 64

Preparation for configuration ----------------------------------------------------------------------------------------------------- 55

Configure loopback detection ----------------------------------------------------------------------------------- 62

Preparation for configuration ----------------------------------------------------------------------------------------------------- 53

Preparation for configuration ----------------------------------------------------------------------------------------------------- 52

Configure STP --------------------------------------------------------------------------------------------------------- 53

Preparation for configuration ----------------------------------------------------------------------------------------------------- 50

Configure VLAN mapping ----------------------------------------------------------------------------------------- 52

Preparation for configuration ----------------------------------------------------------------------------------------------------- 47

Preparation for configuration ----------------------------------------------------------------------------------------------------- 44

Preparation for configuration ----------------------------------------------------------------------------------------------------- 65

Configure layer-2 protocol transparent transmission --------------------------------------------------- 66

Preparation for configuration ----------------------------------------------------------------------------------------------------- 66

Configure MAC address forwarding table ------------------------------------------------------------------------------------- 69

Configure ARP --------------------------------------------------------------------------------------------------------- 96

Preparation for configuration ----------------------------------------------------------------------------------------------------- 96

Configure layer-3 interface ---------------------------------------------------------------------------------------- 97

Preparation for configuration ----------------------------------------------------------------------------------------------------- 97

Configure statistic routing ---------------------------------------------------------------------------------------- 98

Preparation for configuration ----------------------------------------------------------------------------------------------------- 98

Configure ARP ----------------------------------------------------------------------------------------------------------------------- 99

DHCP ----------------------------------------------------------------------------------------- 105

DHCP overview --------------------------------------------------------------------------------------------------------------------- 105

Configure DHCP client -------------------------------------------------------------------------------------------- 110

Preparation for configuration ---------------------------------------------------------------------------------------------------- 110

Configure DHCP Snooping -------------------------------------------------------------------------------------- 112

Preparation for configuration ---------------------------------------------------------------------------------------------------- 112

Configure DHCP Option ------------------------------------------------------------------------------------------ 114

Preparation for configuration ---------------------------------------------------------------------------------------------------- 114

Configuring applications ---------------------------------------------------------------------------------------- 116

(Optional) Configure transparent transmission speed for message ---------------------------------------------------- 68

Configure DHCP clients application-------------------------------------------------------------------------------------------- 116

QoS ------------------------------------------------------------------------------------------- 120

Configure priority trust ------------------------------------------------------------------------------------------- 127

Multicast ------------------------------------------------------------------------------------ 141

Configure IGMP foundation ------------------------------------------------------------------------------------- 148

Configure basic function of IGMP ---------------------------------------------------------------------------------------------- 148

Configure IGMP Snooping--------------------------------------------------------------------------------------- 149

Configuration preparation -------------------------------------------------------------------------------------------------------- 149

Configure IGMP MVR ---------------------------------------------------------------------------------------------- 151