R1 Ethernet Switch User Guide

Edition : 00
Distribution : 2006, 06
Corecess Layer2 Ethernet Switch
R1-SW24L2B
User's Manual
| Copyright |
Copyright 2006 by Corecess Inc. All rights reserved.
No Part of this book shall be reproduced, stored in a retrieval system, or

transmitted by any means, electronic, mechanical, photocopying,
recording, or otherwise, without written permission from the publisher.
The specifications and information regarding the products in this manual

are subject to changed without notice.
| Trademark Credit |
Corecess R1-SW24L2B is registered trademark of Corecess Inc.
Other product names or company names mentioned in this manual are

registered trademarks of the appropriate company.
Corecess Inc.
500-2, Sangdaewon-dong, Jungwon-ku, Sungnam-city, Kyungki-do, Korea, 462-120
TEL:+82-31-739-6600 FAX: :+82-31-739-6622
http://www.corecess.com
Manual Contents
This manual is organized as follows concerning the Corecess R1-SW24L2B:
y Introduction to functions and features
y Name and function of each part
y How to install on a rack and connect cable to each port
y How to configure the Corecess R1-SW24L2B
Careful reading of this manual before using the Corecess R1-SW24L2B will alleviate the
complexity of manipulating the system. The user should read the chapters 1~3 to become
acquainted with the functions of the product, name and function of each part, and the
precautions before installation. Understanding chapters 1~3 will help a great deal for safety in
installing and using the product.
9 This manual can also be downloaded from Corecess website www.corecess.com.
9 If you have any problems or questions during installation or while using the product,
contact your equipment provider or visit our website at www.corecess.com and leave
a message in Q&A.
Audience
This manual is designed for the users with basic knowledge in Ethernet. Thus, this manual
assumes that the reader is knowledgeable of basic concepts and terminology about Ethernet and
FTTH and does not provide separate explanations for these topics. If you feel that the contents
of this manual are difficult and require more detailed explanations, refer to other network
related books.
Revison History
Edition Date Description
00 October, 2005 First Draft
01 June, 2006 Second Draft
III
Notations
This manual uses the notations explained below for assisting readers in understanding the
contents of this manual.
Notations in Console Screen

When indicating text displayed on the console screen, the following indications are used:
y Text displayed on console screen is shown in Courier New.
y Values entered by user are displayed in bold Courier New.
Notations in Command Syntax

In this manual, the following indications are used to explain the syntax of console commands:
y Console commands are indicated in bold Courier New.
y Parameters that need to be entered are indicated in Courier New.
y Parameters in [ ] are parameters that can be ignored.
y { A | B | C } means that one entry among A, B, and C must be selected and entered.
y [A | B | C] means that one entry among A, B, and C may or may not be selected and
entered.
IV R1-SW24L2B Users Manual

Conventions
This manual uses the following conventions:
Recommendation: Introduces recommendatory item for the use of product..
Note: Introduces useful item for the use of product, reference, and its related materials
Caution: Explains possible situations or conditions of improper operation and possibility of losing data and
provides suggestions how to deal with those cases.
Warning: Explains situtations in which product can be damaged or danger can be imposed to users physically,
and informs you how to respond to those situations.
V
Organization
The chapters of this manual are organized as follows:
Chapter 1 Overview
This chapter introduces the Corecess R1-SW24L2B functions and features and describes several kinds of
network examples configurable with the Corecess R1-SW24L2B.
Chapter 2 Hardware Description

This chapter introduces the structures of the front and rear side of the Corecess R1-SW24L2B and
describes the function and appearance of the modules provided for the Corecess R1-SW24L2B.
Chapter 3 Before Installation

This chapter describes the precautions for the Corecess R1-SW24L2B installation and installation
environment for the normal operation. It also describes the way to unpack the Corecess R1-SW24L2B box
and verify the contents.
Chapter 4 Installation
This chapter describes how to mount the Corecess R1-SW24L2B on a rack, connect the cables to the ports,
and connect the power.
Chapter 5 Basic Configuration

This chapter describes how to configure basic features to operate the Corecess R1-SW24L2B.
Chapter 6 Configuring Ports

This chapter describes how to configure the ports on the Corecess R1-SW24L2B.
Chapter 7 Configuring VLAN

This chapter describes how to configure the VLAN and VLAN interface on the Corecess R1-SW24L2B.
Chapter 8 Configuring SNMP and RMON

This chapter describes how to configure SNMP and RMON on the Corecess R1-SW24L2B.
Chapter 9 Configuring QoS

This chapter describes how to configure Quality of Service (QoS) features on the Corecess R1-SW24L2B.
VI R1-SW24L2B Users Manual

Chapter 10 Configuring Security
This chapter describes how to configure security features on the Corecess R1-SW24L2B.
Chapter 11 Configuring IGMP Snooping

This chapter describes how to configure IGMP snooping on the Corecess R1-SW24L2B.
Chapter 12 Configuring LACP

This chapter describes how to configure a trunking group by using Link Aggregation Control Protocol(LACP).
Chapter 13 Configuring STP/RSTP

This chapter describes how to configure STP (Spanning Tree Protocol) on the Corecess R1-SW24L2B.
Appendix A Product Specifications

Appendix A describes on hardware and software specifications of the Corecess R1-SW24L2B.
Appendix B Connector and Cable Specifications

Appendix B describes the specifications of the ports on the Corecess R1-SW24L2B and various option
modules provided by the Corecess R1-SW24L2B. In addition, the kinds and specifications of cables needed
for the connection of each port.
VII
Table of Contents
Manual Contents ............................................................................ III

Audience....................................................................................................... III
Revison History ........................................................................................... III
Notations........................................................................................IV
Notations in Console Screen ...................................................................... IV
Notations in Command Syntax ................................................................. IV
Conventions ...................................................................................................V
Organization...................................................................................VI
Table of Contents.........................................................................VIII
List of Tables................................................................................VIII
Chapter 1 Overview 1-8

Introduction .................................................................................. 1-8
Hardware Features..................................................................................... 1-8
Switching and Routing Performence .............................................................. 1-8
Memory............................................................................................................... 1-8
Interface .............................................................................................................. 1-8
Two Option Slots ............................................................................................... 1-8
Software Features ....................................................................................... 1-8
Layer 2 Switching Function.............................................................................. 1-8
QoS (Quality of Service) ................................................................................... 1-8
Security................................................................................................................ 1-8
Network Management...................................................................................... 1-8
Switching ............................................................................................................ 1-8
Network Configurations................................................................ 1-8
L2 Switch ..................................................................................................... 1-8
E-PON ONU................................................................................................ 1-8
Chapter 2 Hardware 2-8

System Chassis ........................................................................... 2-8
Ground Connector............................................................................................. 2-8
Power Input........................................................................................................ 2-8
Power Switch...................................................................................................... 2-8
Option Slots ........................................................................................................ 2-8
Reset Switch........................................................................................................ 2-8
Console Port ....................................................................................................... 2-8
RUN LED ............................................................................................................ 2-8
Fast Ethernet Port LEDs.................................................................................... 2-8
Fast Ethernet Port (1 ~ 24) ................................................................................ 2-8
VIII R1-SW24L2B Users Manual

Option Modules ............................................................................ 2-8
OPT-N1ES1CD............................................................................................ 2-8
Gigabit Ethernet PON Port LED (A)............................................................... 2-8
Gigabit Ethernet PON Port (A)........................................................................ 2-8
Gigabit Ethernet Combo Port (B) .................................................................... 2-8
Gigabit Ethernet Port LED (B) ......................................................................... 2-8
OPT-N1EL1CD ........................................................................................... 2-8
Gigabit Ethernet PON Port LED (A)............................................................... 2-8
Gigabit Ethernet PON Port (A)........................................................................ 2-8
Gigabit Ethernet Combo Port (B) .................................................................... 2-8
Gigabit Ethernet Port LED (B) ......................................................................... 2-8
OPT-N2CD .................................................................................................. 2-8
Gigabit Ethernet Combo Port (A, B) ............................................................... 2-8
Gigabit Ethernet Port LED (A, B) .................................................................... 2-8
OPT-N2CS ................................................................................................... 2-8
Gigabit Ethernet Combo Port (A, B) ............................................................... 2-8
Gigabit Ethernet Port LED (A, B) .................................................................... 2-8
Chapter 3 Before Installaion 3-8

Precautions .................................................................................. 3-8
General Precautions ................................................................................... 3-8
Power Considerations................................................................................ 3-8
AC Power............................................................................................................ 3-8
Preventing ESD........................................................................................... 3-8
Installing and Servicing the System......................................................... 3-8
Disconnecting Power ........................................................................................ 3-8
Grounding the System ...................................................................................... 3-8
Connecting Cables............................................................................................. 3-8
Working with Lasers ......................................................................................... 3-8
Preventing EMI .................................................................................................. 3-8
Covering Blank Slots ......................................................................................... 3-8
Rack-Mounting the System....................................................................... 3-8
Lifting the System....................................................................................... 3-8
Disposing of the System ............................................................................ 3-8
Installation Place .......................................................................... 3-8
Environmental Requirements................................................................... 3-8
Power Supply.............................................................................................. 3-8
Unpacking .................................................................................... 3-8
Chapter 4 Installation 4-8

Installation Procedure .................................................................. 4-8
Rack-Mounting ............................................................................. 4-8
Checking the Rack-Mount Space ............................................................. 4-8
Mounting the System on a Rack............................................................... 4-8
IX
Connecting Network Devices ....................................................... 4-8
10/100Base-TX Port.................................................................................... 4-8
1000Base-PX SFP Port ................................................................................ 4-8
100/1000Base-LX/SX Port ........................................................................ 4-8
10/100/1000Base-TX Port ......................................................................... 4-8
10/100/1000Base-TX Port ......................................................................... 4-8
Connecting a Console Terminal................................................... 4-8
Configuring a Console Terminal.............................................................. 4-8
Connecting a Console Terminal ............................................................... 4-8
Connecting Power to the System................................................. 4-8
Starting the System...................................................................... 4-8
Chapter 5 Basic Configuration 5-8

Before Configuration .................................................................... 5-8
Accessing the CLI ....................................................................................... 5-8
Command Modes ....................................................................................... 5-8
Entering Privileged Mode ................................................................................ 5-8
Entering Global Configuration Mode............................................................. 5-8
Returning to Previous Command Mode ........................................................ 5-8
Logging out From CLI ...................................................................................... 5-8
Prompt.......................................................................................................... 5-8
Getting Help................................................................................................ 5-8
CLI Command Usage Basics..................................................................... 5-8
Entering CLI Commands.................................................................................. 5-8
Specifying Ports ................................................................................................. 5-8
Editing Commands ........................................................................................... 5-8
Configuring Basic System Parameters......................................... 5-8
Setting the Management Ethernet Interface IP Address ...................... 5-8
User Management ...................................................................................... 5-8
Adding a New User .......................................................................................... 5-8
Changing a User Password .............................................................................. 5-8
Deleting a User................................................................................................... 5-8
Specifying System Name and Adjusting System Date and Time ....... 5-8
Changing System Name ................................................................................... 5-8
Adjusting System Time..................................................................................... 5-8
Setting NTP Mode ............................................................................................. 5-8
Setting the Time Zone ....................................................................................... 5-8
Configuration File Management ................................................... 5-8
Displaying the Current Running Configuration ................................... 5-8
Saving the Current Running Configuration........................................... 5-8
Restoring Default Configuration.............................................................. 5-8
Monitoring and Maintaining the System ....................................... 5-8
Displaying CPU Utilization ...................................................................... 5-8
Displaying Memory Usage ....................................................................... 5-8
X R1-SW24L2B Users Manual

Displaying System Module Information................................................. 5-8
Displaying System Module Equipment Status ...................................... 5-8
Checking Network Connectivity ............................................................. 5-8
System Log Management ............................................................ 5-8
Specifying Event Level .............................................................................. 5-8
Specifying Screen to Display Log............................................................. 5-8
Configuring to Display Log Messages on the Console Screen.................... 5-8
Configuring to Display Log Messages to a Remote Host ............................ 5-8
Configuring to Display Log Messages to a Telnet Sessions ........................ 5-8
Saving Log Message in Log File ............................................................... 5-8
Clearing System Log .................................................................................. 5-8
Displaying Contents of Log File............................................................... 5-8
Upgrading Software ..................................................................... 5-8
Chapter 6 Configuring Ports 6-8

Default Port Configuration............................................................ 6-8
Configuring Ports ......................................................................... 6-8
Disabling or Enabling a Port..................................................................... 6-8
Changing the Transmission Mode........................................................... 6-8
Setting the Port Speed................................................................................ 6-8
Configuring Flow Control on a Port........................................................ 6-8
Setting the Port Name................................................................................ 6-8
Setting Trap ................................................................................................. 6-8
Displaying Port Information .......................................................... 6-8
Chapter 7 Configuring VLAN 7-8

VLAN Configuration ..................................................................... 7-8
Default Configuration................................................................................ 7-8
Basic VLAN Configuration ....................................................................... 7-8
Creating VLANs ................................................................................................ 7-8
Assigning Ports to a VLAN.............................................................................. 7-8
Assigning IP Address to a VLAN ................................................................... 7-8
Assigning Secondary IP address to a VLAN ................................................. 7-8
Saving VLAN Configuration ........................................................................... 7-8
802.1Q Tunneling Feature Configuration ............................................... 7-8
Chapter 8 Configuring SNMP and RMON 8-8

Configuring SNMP ....................................................................... 8-8
SNMP(Simple Network Management Protocol) Overview................. 8-8
SNMP Basic Components................................................................................. 8-8
SNMP Messages ................................................................................................ 8-8
SNMP Community Strings............................................................................... 8-8
XI
Trap...................................................................................................................... 8-8
Configuring SNMP..................................................................................... 8-8
SNMP Default Configuration .......................................................................... 8-8
Setting the System Contact and Location Information ................................ 8-8
Configuring Community Strings .................................................................... 8-8
Configuring Trap Type..................................................................................... 8-8
Configuring Trap Host ..................................................................................... 8-8
Configuring SNMP Access Groups ................................................................ 8-8
Displaying SNMP Information................................................................. 8-8
Displying SNMP Configuration Information................................................ 8-8
Displaying SNMP Community Strings .......................................................... 8-8
Displaying SNMP Statistics.............................................................................. 8-8
Displaying SNMP Trap Hosts ......................................................................... 8-8
Configuring RMON....................................................................... 8-8
RMON (Remote MONitoring) Overview ............................................... 8-8
Configuring RMON ................................................................................... 8-8
Enabling RMON ................................................................................................ 8-8
Configuring History Groups............................................................................ 8-8
Configuring Statistics Groups.......................................................................... 8-8
Configuring Event Groups............................................................................... 8-8
Configuring Alarm Groups.............................................................................. 8-8
Displaying RMON Information ............................................................... 8-8
SNMP and RMON Configuration Commands .............................. 8-8
Chapter 9 Configuring QoS 9-8

QoS Overview .............................................................................. 9-8
QoS (Quality of Service) ............................................................................ 9-8
Classifier ...................................................................................................... 9-8
Classification Standard ..................................................................................... 9-8
Classification Table............................................................................................ 9-8
Packet Marker ............................................................................................. 9-8
Policer........................................................................................................... 9-8
Policer Variables ................................................................................................ 9-8
Token Bucket...................................................................................................... 9-8
Queue Scheduler......................................................................................... 9-8
SPQ (Strict Priority Queuing) .......................................................................... 9-8
WRR (Weight Round Robin)............................................................................ 9-8
WFQ (Weight Fair Queuing)............................................................................ 9-8
DWRR (Deficit Weight Round Robin)............................................................ 9-8
Shaping ............................................................................................................... 9-8
WC Scheduler and NWC Scheduler ............................................................... 9-8
Buffer Manager ........................................................................................... 9-8
Tail Drop ............................................................................................................. 9-8
QoS on the Corecess R1-SW24L2B........................................................... 9-8
Packet Classification.......................................................................................... 9-8
XII R1-SW24L2B Users Manual

Marking & Remarking ...................................................................................... 9-8
Policing................................................................................................................ 9-8
Transmit Queue ................................................................................................. 9-8
Configuring QoS........................................................................... 9-8
Configuring QoS Service Policy ............................................................... 9-8
Configuring a Class Map........................................................................... 9-8
Configuring a Policy Map ......................................................................... 9-8
Creating a Policy-map....................................................................................... 9-8
Configuring Policy-Map Class Remarking .................................................... 9-8
Configuring Packet Filtering............................................................................ 9-8
Configuring Minimum Transmission Bandwidth ........................................ 9-8
Configuring Policy-Map Class Priority .......................................................... 9-8
Configuring Policy-Map Class Policing (Rate-Limiting) ............................. 9-8
Configuring Service Policy........................................................................ 9-8
Configuring Non-Class-map QoS Features.................................. 9-8
Configuring CoS (Class of Service).......................................................... 9-8
Configuring Rate Limiting on a Port ....................................................... 9-8
Specifying Precedence of Values for CoS Field...................................... 9-8
Specifying Priority for a Transmission Queue ....................................... 9-8
Configuring Shaping.................................................................................. 9-8
Configuring Broadcast Suppression........................................................ 9-8
QoS Configuration Commands .................................................... 9-8
Chapter 10 Configuring Security 10-8

Configuring Password and Session Timeouts............................ 10-8
Configuring Password............................................................................. 10-8
Setting the Login Password............................................................................ 10-8
Setting the Privileged Mode Password ........................................................ 10-8
Password Encryption............................................................................... 10-8
Session Timeouts ...................................................................................... 10-8
Configuring Access Lists............................................................ 10-8
Access Lists................................................................................................ 10-8
Defining Access Lists ...................................................................................... 10-8
Applying the Access List to Terminal Line.................................................. 10-8
Applying the Access List to SNMP Access .................................................. 10-8
Configuring Packet Filtering ....................................................... 10-8
Packet Filtering ......................................................................................... 10-8
Type of Packet Filtering.................................................................................. 10-8
Filtering DHCP Offer Packets................................................................. 10-8
File and Resource Sharing Protocol Filtering ....................................... 10-8
Default Traffic Filtering ........................................................................... 10-8
CIFS (Cognitive Information Filtering System) ................................... 10-8
Creating a Class Map ...................................................................................... 10-8
Creating a Policy Map..................................................................................... 10-8
XIII
Applying Service Policies to the System ...................................................... 10-8
Security Configuration Commands ............................................ 10-8
Chapter 11 Configuring IGMP Snooping 11-8

IGMP (Internet Group Management Protocol) ........................... 11-8
Configuring IGMP Snooping ...................................................... 11-8
Enabling IGMP Snooping........................................................................ 11-8
Configuring a Multicast Router Port ..................................................... 11-8
Enabling IGMP Fast Leave...................................................................... 11-8
Configuring a Host Statically to Join a Group ..................................... 11-8
Changing the IGMP Group Membership Time ................................... 11-8
Specifying the Maximum Number of Multicast Groups.................... 11-8
Displaying IGMP Information ..................................................... 11-8
Displaying Multicast Group Information ............................................. 11-8
Displaying Multicast Router Interface .................................................. 11-8
Displaying the List of Interfaces IGMP Fast-leave is Enabled........... 11-8
Displaying IGMP Group Membership Time........................................ 11-8
IGMP Snooping Commands ...................................................... 11-8
Chapter 12 Configuring LACP 12-8

LACP (Link Aggregation Control Protocol)................................. 12-8
Notes for LACP Trunk Configuration.......................................................... 12-8
QoS of Trunk Group ................................................................................ 12-8
Configuring Link Aggregation..................................................... 12-8
Setting LACP Key and Operation Mode............................................... 12-8
Setting LACP Partner Key....................................................................... 12-8
LACP Configuration Example................................................................ 12-8
Switch A............................................................................................................ 12-8
Switch B............................................................................................................. 12-8
Chapter 13 Configuring STP/RSTP 13-8

Understanding STP.................................................................... 13-8
STP Overview ........................................................................................... 13-8
Introduction...................................................................................................... 13-8
BDPU(Bridge Data Protocol Unit)................................................................. 13-8
Spanning-Tree Port States .............................................................................. 13-8
Selecting Path ................................................................................................... 13-8
RSTP (Rapid Spanning Tree Protocol) .................................................. 13-8
Port State of RSTP............................................................................................ 13-8
Configuring STP......................................................................... 13-8
Default STP Configuration...................................................................... 13-8
Enabling or Disabling STP on a VLAN ................................................. 13-8
XIV R1-SW24L2B Users Manual

Enabling or Disabling STP on a Port ..................................................... 13-8
Setting the Bridge ID (Priority)............................................................... 13-8
Configuring the Path Cost....................................................................... 13-8
Configuring STP Encoding Mode .......................................................... 13-8
Configuring the Port Priority.................................................................. 13-8
Setting Spanning Tree Timers................................................................. 13-8
Configuring RSTP ...................................................................... 13-8
Configuration Procedure of RSTP.......................................................... 13-8
Enabling RSTP on a VLAN ..................................................................... 13-8
Configuring the Path Cost....................................................................... 13-8
Configuring RSTP Encoding................................................................... 13-8
Configuring Spanning Tree Protocol Type........................................... 13-8
Configuring an Edge Port ....................................................................... 13-8
STP Configuration Commands .................................................. 13-8
Appendix A Product Specifications A-8

Hardware Specifications ..............................................................A-8
Software Specifications................................................................A-8
Appendix B Connector & Cable Specifications B-8

Connector Specifications .............................................................B-8
RJ-45 Connector ..........................................................................................B-8
10/100/1000Base-T Port ...................................................................................B-8
Console Port .......................................................................................................B-8
LC Connector ..............................................................................................B-8
1000Base-SX Port ...............................................................................................B-8
1000Base-LX Port ...............................................................................................B-8
SC/APC Connector....................................................................................B-8
1000Base-PX Port ...............................................................................................B-8
Cable Specifications.....................................................................B-8
Twisted Pair Cable .....................................................................................B-8
According to the speed of devices to be connected ......................................B-8
According to the kinds of devices to be connected: Straight-through, Crossover.....B-8
Fiber Optic Cable ........................................................................................B-8
Duplex LC Fiber Optic Cable...........................................................................B-8
Simplex SC/APC Fiber Optic Cable ...............................................................B-8
Console Cable..............................................................................................B-8
XV
List of Tables
Table 1-1 Types of Uplink module ............................................................... 1-8
Table 2-1 RUN LED descriptions ................................................................. 2-8

Table 2-2 LNK/ACT port status LED descriptions........................................ 2-8
Table 2-3 Fast Ethernet port specification ................................................... 2-8
Table 2-4 Types of option modules.............................................................. 2-8
Table 2-5 LED Functions of Gigabit Ethernet PON Port .............................. 2-8
Table 2-6 Specifications of Gigabit Ethernet PON Port ............................... 2-8
Table 2-7 Specifications of Gigabit Ethernet Port ........................................ 2-8
Table 2-8 LED Functions of Gigabit Ethernet Port....................................... 2-8
Table 2-9 LED Functions of Gigabit Ethernet PON Port .............................. 2-8
Table 2-10 Specifications of Gigabit Ethernet PON Port ............................. 2-8
Table 2-11 Specifications of Gigabit Ethernet Port ...................................... 2-8
Table 2-12 LED Functions of Gigabit Ethernet Port..................................... 2-8
Table 2-14 LED Functions of the OPT-N2CD Module ................................. 2-8
Table 2-16 LED Functions of the OPT-N2CS Module ................................. 2-8
Table 3-1 The Number of Required Person to Lift The System ................... 3-8
Table 3-2 Temperature and humidity condition............................................ 3-8
Table 3-3 Power condition ........................................................................... 3-8
Table 4-1 Configuring a console terminal .................................................... 4-8
Table 5-1 CLI modes.................................................................................... 5-8

Table 5-2 Command mode access method ................................................. 5-8
Table 5-3 Prompt of the main command modes .......................................... 5-8
Table 5-4 CLI line-editing commands .......................................................... 5-8
Table 5-5 Setting the IP address.................................................................. 5-8
Table 5-6 Adding a new user ....................................................................... 5-8
Table 5-7 Changing a user password .......................................................... 5-8
Table 5-8 Deleting a user............................................................................. 5-8
Table 5-9 Changing the system name ......................................................... 5-8
Table 5-10 Adjusting system time ................................................................ 5-8
Table 5-11 Configuring NTP ........................................................................ 5-8
Table 5-12 Setting the time zone ................................................................. 5-8
Table 5-13 Commands for saving the current running configuration ........... 5-8
Table 5-14 Restoring default configuration .................................................. 5-8
Table 5-15 show cpuinfo field descriptions .................................................. 5-8
Table 5-16 show meminfo field descriptions ................................................ 5-8
Table 5-17 show module field descriptions .................................................. 5-8
XVI R1-SW24L2B Users Manual

Table 5-18 show system field descriptions .................................................. 5-8
Table 5-19 Checking network connectivity................................................... 5-8
Table 5-20 PING field descriptions .............................................................. 5-8
Table 5-21 traceroute field descriptions ....................................................... 5-8
Table 5-22 Configuring event level .............................................................. 5-8
Table 5-23 Configuring log messages to display on the console................. 5-8
Table 5-24 Configuring log messages to display on a remote server.......... 5-8
Table 5-25 Configuring log messages to display on a Telnet session......... 5-8
Table 5-26 Saving log messages in a log file............................................... 5-8
Table 5-27 Displaying contents of log file .................................................... 5-8
Table 5-28 Downloading software from a remote TFTP server ................... 5-8
Table 6-1 Default port configuration............................................................. 6-8

Table 6-2 show port field descriptions.......................................................... 6-8
Table 6-3 show port with port argument field descriptions........................... 6-8
Table 7-1 Default VLAN configuration.......................................................... 7-8

Table 7-2 Creating a VLAN .......................................................................... 7-8
Table 7-3 Assigning ports to a VLAN ........................................................... 7-8
Table 7-4 Assigning IP address to a VLAN.................................................. 7-8
Table 7-5 Assigning secondary IP address to a VLAN ................................ 7-8
Table 7-6 Configuring trunk port .................................................................. 7-8
Table 8-1 Types of community strings ......................................................... 8-8

Table 8-2 Default SNMP configuration......................................................... 8-8
Table 8-3 Setting the system contact and location information ................... 8-8
Table 8-4 Configuring SNMP community strings ......................................... 8-8
Table 8-5 Types of trap supported by Corecess R1-SW24L2B................... 8-8
Table 8-6 Enabling a trap type ..................................................................... 8-8
Table 8-7 Configuring a trap host................................................................. 8-8
Table 8-8 Configuring SNMP access groups ............................................... 8-8
Table 8-9 show snmp-server field descriptions............................................ 8-8
Table 8-10 show snmp-server community-list field descriptions.................. 8-8
Table 8-11 show snmp-server statistics field descriptions ........................... 8-8
Table 8-12 show snmp-server traphost field descriptions............................ 8-8
Table 8-13 RMON groups ............................................................................ 8-8
Table 8-14 Enabling RMON ......................................................................... 8-8
Table 8-15 Configuring RMON history group............................................... 8-8
Table 8-16 Configuring RMON statistics group............................................ 8-8
Table 8-17 Configuring RMON event group................................................. 8-8
Table 8-18 Configuring RMON alarm group ................................................ 8-8
Table 8-19 show rmon field descriptions...................................................... 8-8
Table 8-20 SNMP & RMON Configuration Commands ............................... 8-8
Table 9-1 Criteria for packet classification ................................................... 9-8

Table 9-2 Creating a class map ................................................................... 9-8
Table 9-3 Creating a policy map .................................................................. 9-8
XVII
Table 9-4 Changing CoS, IP Precedence, or DSCP value .......................... 9-8
Table 9-5 Configuring packet filtering of a traffic class in a policy map ....... 9-8
Table 9-6 Configuring a transmission queue for a traffic class .................... 9-8
Table 9-7 Specifying a priority of a traffic class in a policy map................... 9-8
Table 9-8 Configuring rate-limint of a traffic class in a policy map............... 9-8
Table 9-9 Applying QoS service policy ........................................................ 9-8
Table 9-10 Configuring CoS value ............................................................... 9-8
Table 9-11 Configuring rate limiting on a port .............................................. 9-8
Table 9-12 Configring the precedence of values for CoS field .................... 9-8
Table 9-13 Specifying priority for transmission queue ................................. 9-8
Table 9-14 Configuring Shaping .................................................................. 9-8
Table 9-15 Configuring broadcast suppression ........................................... 9-8
Table 9-16 QoS configuration commands.................................................... 9-8
Table 10-1 Changing timeout for an unattended telent session ................ 10-8
Table 10-2 Defining access lists ................................................................ 10-8
Table 10-3 Applying the access list to terminal line ................................... 10-8
Table 10-4 Applying the access list to SNMP access................................ 10-8
Table 10-5 Filtering DHCP offer................................................................. 10-8
Table 10-6 Filtering File and Resource Sharing Protocol .......................... 10-8
Table 10-7 Filtering Default Traffic............................................................. 10-8
Table 10-8 Creating a class map ............................................................... 10-8
Table 10-9 Creating a policy map for packet filtering................................. 10-8
Table 10-10 Applying service policies........................................................ 10-8
Table 10-11 Security configuration commands.......................................... 10-8
Table 11-1 show ip igmp snoop mrouter field descriptions........................ 11-8

Table 11-2 IP Snooping commands........................................................... 11-8
Table 12-1 Configuring link aggregation .................................................... 12-8

Table 12-2 Configuring LACP partner key ................................................. 12-8
Table 13-1 STP Timers .............................................................................. 13-8

Table 13-2 Comparison of STP and RSTP port states .............................. 13-8
Table 13-3 Default STP configuration ........................................................ 13-8
Table 13-4 Enabling STP on a VLAN......................................................... 13-8
Table 13-5 Enabling STP on a port............................................................ 13-8
Table 13-6 Configuring the bridge ID for a VLAN ...................................... 13-8
Table 13-7 Configuring the path cost ......................................................... 13-8
Table 13-8 Configuring STP encoding mode ............................................. 13-8
Table 13-9 Configuring the port priority...................................................... 13-8
Table 13-10 Setting spanning tree timers .................................................. 13-8
Table 13-11 Enabling RSTP on a VLAN .................................................... 13-8
Table 13-12 Configuring the path cost ....................................................... 13-8
Table 13-13 Configuring RSTP encoding mode ........................................ 13-8
Table 13-14 Configuring Spanning Tree Protocol Type............................. 13-8
Table 13-15 Configuring an Edge Port....................................................... 13-8
XVIII R1-SW24L2B Users Manual

Table 13-16 STP configuration commands................................................ 13-8
Table A-1 Corecess R1-SW24L2B hardware specifications........................ A-8

Table A-2 Corecess R1-SW24L2B software specifications ......................... A-8
Table B-1 Pin Configuration of 10/100/1000Base-T Port............................. B-8

Table B-2 Pin Configuration of Console Port ............................................... B-8
Table B-3 System Modules with Fiber Optic Ports....................................... B-8
XIX
XX R1-SW24L2B Users Manual
Chapter 1 Overview
This chapter introduces the Corecess R1-SW24L2B functions and features and describes several kinds of
network examples configurable with the Corecess R1-SW24L2B.
9 Introduction 1-2
9 Network Configurations 1-6

Introduction
The Corecess R1-SW24L2B is a Powerful Layer 2 Ethernet Switch that enables enhanced
functionalities at the access networks. With the help of the several features on offer by the
Corecess R1-SW24L2B commonly connected to users directly at the access network.
Since the Corecess R1-SW24L2B provides 24 auto-sensing 10/100Base-TX Fast Ethernet ports and
supports the switching speed of 8.8Gbps@full-duplex and the packet processing speed of
5.9Mpps@64bytes, the maximum wire speed assigned to each port can be guaranteed. The
Corecess R1-SWL2B can trunk the Gigabit Ethernet ports to extend uplink bandwidth using
IEEE 802.3ad LACP.
Since Gigabit Ethernet option modules can be installed in the option slot on the Corecess R1-
SW24L2B, it is easy to configure networks that can flexibly respond to a variety of
environmental needs. As it can connect to a remotely located large Gigabit Ethernet backbone
device by installing option module into the option slot of the Corecess R1-SW24L2B, it can be
used as an intermediate backbone network device of a large network as well as a mid-range
workgroup network.
The Corecess R1-SW24L2B supports high perfomance QoS (Quality of Service). Thus users can
control the various types of traffic (voice, video and other important data) easily. For example,
users can set priority of data to provide the serive without interrupt.
The Corecess R1-SW24L2B is easy to use and can be easily installed as well. Just like an Ethernet
hub, it can be used by connecting cables to the target device. And LEDs on the front panel of the
Corecess R1-SW24L2B make it easy to manage the product and networks through notifying the
operation status, port conditions and fault occurrence.
1-2 R1-SW24L2B Users Manual

Hardware Features
Switching and Routing Performence

y Provides the high performance switching fabric of 8.8Gbps@Full-duplex.
y Provides the packet processing performance of 13Mpps@64byte.
Memory
y Main Memory (Protocol processing) : 64Mbytes
y Flash Memory : 64Mbytes
y Packet Buffer : 32Mbytes
Interface
The Corecess R1-SW24L2B supports the following interfaces:
y Various type of uplink interface
y Fast Ethernet downlink interface (10/100Base-TX)
y Local management interface (Console, RJ-45)
y Remote management interface (Ethernet, RJ-45)
Two Option Slots

The Corecess R1-SW24L2B provides one option slot in which a variety of option modules can be
installed as follows:
Table 1-1 Types of Uplink module
Uplink Module Specification
1 port of 10/100/1000Base-TX (RJ-45)

OPT-N1ES1CD 1 port of 100/1000Base-LX/SX SFP (Duplex LC)
1 port of 1000Base-PX SFP Maximum cable length of 10Km
1 port of 10/100/1000Base-TX (RJ-45)

OPT-N1EL1CD 1 port of 100/1000Base-LX/SX SFP (Duplex LC)
1 port of 1000Base-PX SFP Maximum cable length of 20Km
2 port of 10/100/1000Base-TX (RJ-45)

OPT-N2CD
2 port of 100/1000Base-LX/SX SFP (Duplex LC) supported 100M/1000M
2 port of 10/100/1000Base-TX (RJ-45)

OPT-N2CS
2 port of 1000Base-LX/SX SFP (Duplex LC) supported 1000M
Overview 1-3
Software Features
Layer 2 Switching Function

Corecess R1-SW24L2B provides the following Layer 2 switching functions.
y Supports IEEE 802.3x Flow control
y Supports IEEE 802.1p Traffic priority (8 priority queues)
y Supports Port based VLAN and IEEE 802.1q Tagged VLAN (Maximum: 254)
y Supports Link aggregation using Trunk and IEEE802.3ad
y Supports STP(Spanning Tree Protocol) and RSTP (Rapid STP)
QoS (Quality of Service)

The Corecess R1-SW24L2B supports the following QoS functions:
y Maximum 2048 of traffic flow
y Multi-Field Packet Classification
y 802.1p CoS Marking, Reclassification
y ToS Marking, Reclassification
y DSCP Marking, Reclassification
y SP (Strict Priority) and WRR (Weight Round Robin)
Security
The Corecess R1-SW24L2B supports the following security fuctions:
y System access control through Telnet or SNMP using access lists
y DHCP filtering to prevent operation of an unauthentic private DHCP server
y NetBIOS filtering to pervent file share between subscribers
y CIFS filtering using MAC address, IP address and TCP/UDP port number
Network Management
The Corecess R1-SW24L2B supports the SNMP and RMON for network management and port
mirroring feature for solving the network problem. You can monitor and control the Corecess
R1-SW24L2B network via the console port, Telnet session, or the Corecess NMS, ViewlinX.
The Corecess R1-SW24L2B supports the following network management tools:

y CLI (Command Line Interface) Commands
The Corecess R1-SW24L2B provides the in-band management using SNMP, Telnet and the out-of-band
management using the console based on CLI.
y ViewlinX Manager / EMS

The ViewlinX is a Corecess NMS (Network Management System).
y RMON
The Corecess R1-SW24L2B provides four RMON groups (history, statistics, alarms, and events) in
each port as traffic management, monitoring and analysis tools.
y Port Mirroring
The Corecess R1-SW24L2B allows you to use the port mirroring feature without effecting the switching
performance.
y Software Maintenance
The Corecess R1-SW24L2B provides easy-to-upgrade using FTP and TFTP in a remote place.
Switching
y RSTP and STP (Spanning Tree Protocol)

The Corecess R1-SW24L2B provides RSTP (802.1W) or STP (802.1D) for each VLAN.
y MAC Address
The Corecess R1-SW24L2B saves 8,192 MAC adresses which may be changed using software.
y Port Trunking
The Corecess R1-SW24L2B provides port trunking functionality which combines the bandwidths of ports
to serve as much as a single port.
Overview 1-5
Network Configurations
This section describes example applications for the Corecess R1-SW24L2B.
L2 Switch

E-PON ONU
Overview 1-7
Chapter 2 Hardware
This chapter introduces the structures of the front and rear side of the Corecess R1-SW24L2B and
describes the function and appearance of the cards provided for the Corecess R1-SW24L2B.
9 System Chassis 2-2
9 Option Modules 2-5

System Chassis
This section describes the external features of the Corecess R1-SW24L2B chassis.
On the front panel of the Corecess R1-SW24L2B, there are LEDs, ports, an uplink slot and
power devices; thus users can monitor the switch status immediatly, and connect cables easily.
Option Module Fast Ethernet Port

Power Switch
Power Input
Ground Connector Reset Switch RUN LED Fast Ethernet Port LED
Console Port
Ground Connector
Ground connector is used to ground the Corecess R1-SW24L2B for preventing damage from
electrostatic discharge or lightning. Before connecting power to the system, connect it according
to local site practice.
Power Input
The power input is a terminal that connects external AC power of 100 - 240VAC by using a
power cord.
Power Switch
The power switch is used when turning the Corecess R1-SW24L2B on and off.
Option Slots
On the left of the 10/100Base-TX port, there are an option slot in which an option module can
be installed. The Corecess R1-SW24L2B provides a variety of option modules that support
gigabit ports of various interfaces. The kinds of option modules that can be installed in the
option slots of the Corecess R1-SW24L2B are described in the Option Modules section in this
chapter.

Reset Switch
The reset switch is used to reboot the Corecess R1-SW24L2B. When the reset switch is pressed,
all the configuration information that has not been saved is deleted, and the connections
between each port and other devices are disconnected. Use pointed objects like a ball-point pen
when pressing the reset switch.
Console Port
The console port is used to connect a console terminal for monitoring and configuring the
Corecess R1-SW24L2B. To connect the console port to a console terminal, use the included
console cable. A PC or workstation installed with a terminal emulation program or VT-100
terminal can be used as a console terminal. Chapter 4/ Installation describes how to connect a
console terminal to the console port.
RUN LED
The RUN LEDs, which indicate the operating state of the Corecess R1-SW24L2B, operate as follows
according to the system status:
Table 2-1 RUN LED descriptions
LED Color Status Description
On The system is being initialized.
System initialization is completed and the processor is operating

RUN Green Flashing
normally.
Off Power is not supplied to the Corecess R1-SW24L2B.
Hardware 2-3
Fast Ethernet Port LEDs
The Fast Ethernet port LEDs (LINK/ACT) indicates the data transmission/reception status and
connection speed of each port.
The LINK/ACT LED display the information on the port connection and data transmission as
follows:
Table 2-2 LNK/ACT port status LED descriptions
LED Color Status Description
On The port is enabled and connecting to the devices.

LINK/ACT Green Flashing Data is being transmitted/received through the port.
Off The port is disabled or not connecting to the device.
Fast Ethernet Port (1 ~ 24)

The Corecess R1-SW24L2B provides 24 Fast Ethernet downlink ports. The specification of the
Fast Ethernet ports is as follows:
Table 2-3 Fast Ethernet port specification
Item Specification
Interface 10/100Base-TX
Trasmission Speed 10/100Mbps
Transmission Mode Full-duplex or half duplex (Auto sensing)
Connector Type RJ-45
Port Number 24
Maximum Cable Length 100m
Transmission Media Twisted-pair category-3, 4, 5 cable

Option Modules
There is an option slot on the front panel of the Corecess R1-SW24L2B and you can install the
following option modules into it.
Table 2-4 Types of option modules
Option Module Description
1 port, 10/100/1000Base-TX (RJ-45)

OPT-N1ES1CD 1 port, 100/1000Base-LX/SX SFP (Duplex LC) support 100M/1000M
1 port, 1000Base-PX SFP (Maximum cable length: 10Km)
1 port, 10/100/1000Base-TX (RJ-45)

OPT-N1EL1CD 1 port, 100/1000Base-LX/SX SFP (Duplex LC) support 100M/1000M
1 port, 1000Base-PX SFP (Maximum cable length: 20Km)
2 port, 10/100/1000Base-TX (RJ-45)

OPT-N2CD
2 port, 100/1000Base-LX/SX SFP (Duplex LC) support 100M/1000M
2 port, 10/100/1000Base-TX (RJ-45)

OPT-N2CS
2 port, 1000Base-LX/SX SFP (Duplex LC) support 1000M
This section describes the types and functions of option module that can be installed in the
option slot of the Corecess R1-SW24L2B.
Hardware 2-5
OPT-N1ES1CD
The OPT-N1ES1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo
port. The SFP type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit
Ethernet PON port (1000Base-PX) provides maximum 10Km of service length.
The feature of the OPT-N1ES1CD is as follows:
100/1000Base-SX/LX
1000Base-PX port SFP port 10/100/1000Base-T port
LEDs of 1000Base-PX port LEDs of 100/1000Base-SX/LX SFP

port and 10/100/1000Base-T port
Gigabit Ethernet PON Port LED (A)

The following table describes the information indicated by LEDs of the Gigabit Ethernet PON
port on the OPT-N1ES1CD module:
Table 2-5 LED Functions of Gigabit Ethernet PON Port on the OPT-N1ES1CD Module
LED Color State Description
On Indicates that the port have established a valid link with the network.
LINK Green Blink Indicates that the port is transmitting or receiving data.
Indicates that the port have not established a valid link with the
Off
network.
ACT Yellow Blink Indicates that the port is transmitting or receiving data.
Gigabit Ethernet PON Port (A)

The Gigabit Ethernet PON port can be connected to the maximum of 32 ONT (Optical Network
Terminal) through an optical splitter.
The following table lists the specifications of the Gigabit Ethernet PON port on the OPT-
N1ES1CD module:

Table 2-6 Specifications of Gigabit Ethernet PON Port on the OPT-N1ES1CD Module
Feature 1000Base-PX Port
Transfer Mode Full-duplex mode
Transfer Speed 1000Mbps
Connector Type Simplex SC/APC
Port Number 1
Branch Number per port 32
Maximum Transfer Distance 1000Base-PX10 10Km
Rx: 1310nm Single mode

Transfer Media
Tx: 1490nm Single mode
Gigabit Ethernet Combo Port (B)

The Gigabit Ethernet combo ports are used for connecting R1-SW24L2B to the core network.
The OPT-N1ES1CD module has two kinds of Gigabit Ethernet ports as follows:
y 10/100/1000Base-T Port (RJ-45 Connector)
y 100/1000Base-SX/LX SFP Port (Duplex LC Connector)
Both the RJ-45 connector and the LC connector (SFP module) cannot be used as Gigabit Ethernet
port at the same time. For example, if a RJ-45 connector of 10/100/1000Base-T port is connected
to a Gigabit Ethernet device, a LC connector of SFP port is automatically disabled.
The following table lists the specifications of the Gigabit Ethernet port on the OPT-N1ES1CD
module:
Table 2-7 Specifications of Gigabit Ethernet Port on the OPT-N1ES1CD Module
Feature 10/100/1000Base-T Port 100/1000Base-SX/LX SFP Port
Full-duplex mode or Half-duplex

mode (Auto sensing)
Transfer Speed 10/100/1000Mbps 100/1000Mbps
Connector Type RJ-45 Duplex LC
Maximum y 100/1000Base-SX : 550m

100m
Transfer Distance y 100/1000Base-LX : 10Km
y 100/1000Base-SX : 850nm Multi-mode

Transfer Media Twisted-pair category-5+, 6 cable
y 100/1000Base-LX : 1310nm Single mode
Hardware 2-7
Gigabit Ethernet Port LED (B)
The following table describes the information indicated by LEDs of the Gigabit Ethernet port on
the OPT-N1ES1CD module:
Table 2-8 LED Functions of Gigabit Ethernet Port on the OPT-N1ES1CD Module
ACT/
(A, B) Indicates that the port have not established a valid link with the
Off
network.
SPEED On Indicates that the port is operating at 1000Mbps speed.

Orange
1000
Off Indicates that the port is operating at 100Mbps speed.
OPT-N1EL1CD
The OPT-N1EL1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo
port. The SFP type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit
Ethernet PON port (1000Base-PX) provides maximum 20Km of service length.
The feature of the OPT-N1EL1CD is as follows:
100/1000Base-SX/LX
1000Base-PX port SFP port 10/100/1000Base-T port
LEDs of 1000Base-PX port LEDs of 100/1000Base-SX/LX SFP port

and 10/100/1000Base-T port
Gigabit Ethernet PON Port LED (A)

The following table describes the information indicated by LEDs of the Gigabit Ethernet PON
port on the OPT-N1EL1CD module:

Table 2-9 LED Functions of Gigabit Ethernet PON Port on the OPT-N1EL1CD Module
Indicates that the port have not established a valid link with the
Off
network.
ACT Yellow Blink Indicates that the port is transmitting or receiving data.
Gigabit Ethernet PON Port (A)

The Gigabit Ethernet PON port can be connected to the maximum of 32 ONT (Optical Network
Terminal) through an optical splitter.
The following table lists the specifications of the Gigabit Ethernet PON port on the OPT-
N1EL1CD module:
Table 2-10 Specifications of Gigabit Ethernet PON Port on the OPT-N1EL1CD Module
Feature 1000Base-PX Port
Transfer Speed 1000Mbps
Connector Type Simplex SC/APC
Port Number 1
Branch Number per port 32
Maximum Transfer Distance 1000Base-PX10 20Km
Rx: 1310nm Single mode

Transfer Media
Tx: 1490nm Single mode
Gigabit Ethernet Combo Port (B)

The OPT-N1EL1CD module has two kinds of Gigabit Ethernet ports as follows:
y 100/1000Base-SX/LX SFP Port (LC Connector)
Hardware 2-9
The following table lists the specifications of the Gigabit Ethernet port on the OPT-N1EL1CD
module:
Table 2-11 Specifications of Gigabit Ethernet Port on the OPT-N1EL1CD Module

mode (Auto sensing)
Maximum y100/ 1000Base-SX : 550m

100m
Transfer Distance y100/ 1000Base-LX : 10Km
y100/ 1000Base-SX : 850nm Multi-mode

y100/ 1000Base-LX : 1310nm Single mode
Gigabit Ethernet Port LED (B)

The following table describes the information indicated by LEDs of the Gigabit Ethernet port on
the OPT-N1EL1CD module:
Table 2-12 LED Functions of Gigabit Ethernet Port on the OPT-N1EL1CD Module
ACT/
Off
network.

Orange
1000

OPT-N2CD
The OPT-N2CD module provides two Gigabit Ethernet combo ports (RJ-45, SFP). The SFP type
of the Gigabit Ethernet ports supports both 100M and 1000M speed.
The feature of the OPT-N2CD is as follows:
1000Base-SX/LX SFP port 10/100/1000Base-TX port
LEDs of 1000Base-SX/LX SFP port

and 10/100/1000Base-TX port
Gigabit Ethernet Combo Port (A, B)

The OPT-N2CD module has two kinds of Gigabit Ethernet ports as follows:
y 100/1000Base-LX/SX SFP Port (LC Connector)
The following table lists the specifications of the Gigabit Ethernet port on the OPT-N2CD
module:
Table 2-13 Specifications of Gigabit Ethernet Port on the OPT-N2CD Module

mode (Auto sensing)
Maximum y 100/1000Base-SX : 550m

100m
Transfer Distance y 100/1000Base-LX : 10Km
y 100/1000Base-SX : 850nm Multi-mode

y 100/1000Base-LX : 1310nm Single mode
Hardware 2-11
Gigabit Ethernet Port LED (A, B)
The following table describes the information indicated by LEDs of the OPT-N2CD module:
Table 2-14 LED Functions of the OPT-N2CD Module
ACT/
Off
network.
SPEED- On Indicates that the port is operating at 1000Mbps speed.

Orange
1000
OPT-N2CS
The OPT-N2CS module provides two Gigabit Ethernet combo ports (RJ-45, SFP). The SFP type
of the Gigabit Ethernet ports supports 1000M speed.
The feature of the OPT-N2CS is as follows:
1000Base-SX/LX SFP port 10/100/1000Base-TX port
LEDs of 1000Base-SX/LX SFP port

and 10/100/1000Base-TX port
Gigabit Ethernet Combo Port (A, B)

The OPT-N2CS module has two kinds of Gigabit Ethernet ports as follows:
y 1000Base-SX/LX SFP Port (LC Connector)

The following table lists the specifications of the Gigabit Ethernet port on the OPT-N2CS
module:
Table 2-15 Specifications of Gigabit Ethernet Port on the OPT-N2CS Module
Feature 10/100/1000Base-T Port 1000Base-SX/LX SFP Port
Full-duplex mode or Half-duplex mode

(Auto sensing)
Transfer Speed 10/100/1000Mbps 1000Mbps
Maximum y 1000Base-SX : 550m

100m
Transfer Distance y 1000Base-LX : 10Km
y 1000Base-SX : 850nm Multi-mode

y 1000Base-LX : 1310nm Single mode
Gigabit Ethernet Port LED (A, B)

The following table describes the information indicated by LEDs of the OPT-N2CS module:
Table 2-16 LED Functions of the OPT-N2CS Module
ACT/
Off
network.

Orange
1000
Hardware 2-13
Chapter 3 Before Installaion
This chapter describes the precautions for installation of the Corecess R1-SW24L2B and
installation environment for the normal operation. It also describes the way to unpack box of the
Corecess R1-SW24L2B and verify the contents.
9 Precautions 3-2
9 Installation Place 3-9
9 Unpacking 3-10
Precautions
Warning: Before you install the Corecess R1-SW24L2B, read this section. This section contains important safety
information you should know before working with the system.
General Precautions
y While or after installing the equipment, keep the equipment clean and free from dust all the
time.
y After removing the cover of the equipment, keep the cover in safe place.
y Any tool or cable should not be left on the way of passage for better safety.
y When installing the equipment, the installer should not wear baggy clothing so that tie, scarf,
and sleeves should not be caught in the equipment. Keep tie and scarf from getting slack,
and roll up the sleeves.
y Avoid any harmful action that damages the people or the equipment.
y In case that opening the case for repairing or test is required, contact the sales agency where
you purchased this equipment, or directly contact Corecess Inc. for professional help.
Power Considerations
y Be careful when connecting the system to the supply circuit so that wiring is not overloaded.
y When plugging in a power socket or handling any power source, avoid ring, necklace, metal
watch for better safety. If these materials touch the power socket or ground of the product,
the parts can be burnt out.
y Always verify whether there is any possible danger in the workshop. Wet floor, ungrounded
extension, rubbed-off power code, or unsafe (or ungrounded) floor might be dangerous.

AC Power
y The system is designed for connection to TN power systems. A TN power system is a power
distribution system with one point connected directly to earth (ground). The exposed
conductive parts of the installation are connected to that point by protective earth conductors.
y Ensure that the plug-socket combination is accessible at all times, because it serves as the
main disconnecting device.
Before Installaion 3-3

Preventing ESD
Electrostatic discharge (ESD) damage occurs when electronic cards or components are
mishandled and can result in complete or intermittent failures. Note the following guidelines
before you install or service the system:
y Always wear an ESD-preventive wrist or ankle strap when handling electronic components.
Connect one end of the strap to an ESD jack or an unpainted metal component on the system
(such as a captive installation screw).
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Avoid contact between the cards and clothing. The wrist strap only protects the card from
ESD voltages on the body; ESD voltages on clothing can still cause damage.
y For safety, periodically check the resistance value of the antistatic strap. The measurement
should be between 1 and 10 Mohms.
Installing and Servicing the System

y Before installation, the power switch of the system should be turned OFF and disconnect all
power and external cables.
y Remove all jewelry (including rings and chains) or other items that could get caught in the
system or heat up and cause serious burns.
y Do not touch the backplane or mid-plane with your hand or metal tools.
y Do not work alone under potentially hazardous conditions.
y Do not perform any action that creates a potential hazard to people or makes the equipment
unsafe.

Disconnecting Power
When disconnecting power, note the following guidelines.
y Locate the emergency power-off switch for the room before working with the system.
y Turn off the power and disconnect the power from the circuit when working with
components that are not hot-swappable or when working near the system backplane or mid-
plane. If the system does not have an on/off switch, unplug the power cord.
y To completely de-energize the system, disconnect the power connection to all power supplies.
y For DC power supplies, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the off position, and tape the switch handle of the circuit
breaker in the off position.
y Do not touch the power supply when the power cord is connected. Line voltages are present
within the power supply even when the power switch is off and the power cord is connected.
Grounding the System

y Connect AC-powered systems to grounded power outlets.
y Do not defeat the ground conductor on an AC plug.
y Connect the system to earth (ground).
Connecting Cables
When you connect cables, note the following guidelines.
y Use caution when installing or modifying telephone lines to prevent electric shock.
y Do not work on the system or connect or disconnect cables during periods of lightning activity.
y Do not touch uninsulated telephone wires or terminals unless the telephone line has been
disconnected at the network interface.
y Hazardous network voltages are present in WAN ports regardless of whether power to the
system is off or on. When you detach cables, detach the end away from the system first.
y Do not use a telephone to report a gas leak in the vicinity of the leak.
y Do not install telephone jacks in wet locations unless the jack is specifically designed for wet
locations.

Working with Lasers
If your system includes a fiber-optic port, note the following guidelines.
y To avoid exposure to radiation, do not stare into the aperture of a fiber-optic port. Invisible
radiation might be emitted from the aperture of the port when no fiber cable is connected.
y Always keep unused fiber-optic ports capped with a clean dust cap.
Preventing EMI
When you run wires for any significant distance in an electromagnetic field, electromagnetic
interference (EMI) can occur between the field and the signals on the wires.
y Bad plant wiring can result in radio frequency interference (RFI).
y Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the
signal drivers and receivers in the system, and can even create an electrical hazard by
conducting power surges through lines and into the system.
y If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.
Covering Blank Slots

Ensure that all cards, faceplates, and covers are in place. Blank faceplates and cover panels are
used to:
y Prevent exposure to hazardous voltages and currents inside the chassis
y Help contain electromagnetic interference (EMI) that might disrupt other equipment
y Direct the flow of cooling air through the chassis

Rack-Mounting the System
The following explanations should be noticed when installing the system into the 19-inch rack.
y Install the system in an open rack whenever possible. If installation in an enclosed rack is
unavoidable, ensure that the rack has adequate ventilation.
y Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted,
or if the intake air is too warm, an over temperature condition can occur.
y Avoid placing the system in an overly congested rack or directly next to another equipment
rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over
temperature condition.
y Equipment near the bottom of a rack might generate excessive heat that is drawn upward
and into the intake ports of the equipment above. The warm air can cause an over
temperature condition in the equipment above.
y Ensure that cables from other equipment do not obstruct the airflow through the chassis or
impair access to the power supplies or cards.
y Bolt the rack to the floor for stability.
y Load the rack from the bottom to the top, with the heaviest system at the bottom.
y If there is equipment already installed in the rack, select the location for the system carefully
considering the size of the system:

Lifting the System
When you lift the product to move or change the installation place, note the following
guidelines.
y Disconnect all power and external cables before lifting the system.
y Ensure that your footing is solid and the weight of the system is evenly distributed between
your feet.
y Lift the system slowly, keeping your back straight. Lift with your legs, not with your back.
Bend at the knees, not at the waist.
y Do not attempt to lift the system with the handles on the power supplies or on any of the
cards. These handles are not designed to support the weight of the system.
y To lift and move the system, following number of people or a crane should be needed
depends on weight of the system:
Table 3-1 The Number of Required Person to Lift The System
Weight of the The Number of

System Required Persons
Below 18Kg 1
18~32Kg 2
32~55Kg 3
Above 55Kg Crane
Disposing of the System

Dispose of the system and its components (including batteries) as specified by all national laws
and regulations.

Installation Place
Environmental Requirements
For the safe installation and use of the Corecess R1-SW24L2B, the place for installation should
satisfy the following requirements:
y While or after installing the product, keep the product clean all the time.
y The system should be installed in a cool place where has no direct ray of sunlight. Any tool
or equipment should not be place on the way of passage.
y The following ambience condition for temperature and humidity should always be kept.
Table 3-2 Temperature and humidity condition
Operating Temperature -20 ~ 60
Storage Temperature -30 ~ 75
Operating Humidity 10 ~ 95% (40, non-condensing)
Power Supply
y The Corecess R1-SW24L2B should be installed in the place where power supply satisfying
the following condition is provided.
Table 3-3 Power condition
Feature AC
Input Voltage Rating 100 ~ 240VAC
Operating Range 88 ~ 264VAC
Frequency 50/60Hz
y Verify the power (source) be clean. If there is too much noise or spark, it is better to have the
power control equipment.
y Locate an electric outlet near the system for easy installation of power cable.
y Be careful with connecting power supply equipment and avoiding overload wiring.

Unpacking
As the following instructions, unpack the shipping carton and inspecting contents of the
shipping carton.
1. Open the shipping carton of the Corecess R1-SW24L2B. There is this manual, desiccant, a
power cable(s), and a console cable on the cushion inserted- Corecess R1-SW24L2B.
2. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe
place.
3. And then, verify whether there is a plastic bag that contains rack brackets and screws under
the shipping carton.
Corecess R1-SW24L2B
Console cable (RJ45-DB9)

Users Manual
Rack brackets (2)
Pan-head screws (8)
Binder-head screws (4)

Power cable (AC)
Recommendation: After unpacking, do not throw away the box including cushions and keep them in a safe
place in case the product is relocated, it is better to move the product after packing with the box including
cushions.
Note: If there are some missing contents or damaged components, contact the sales agency where you
purchased this product to replace them with new ones.

Chapter 4 Installation
This chapter describes how to mount the Corecess R1-SW24L2B on a rack, connect the cables
to the ports, and connect the power.
9 Installation Procedure 4-2
9 Rack-Mounting 4-3
9 Connecting Network Devices 4-6
9 Connecting a Console Terminal 4-11
9 Connecting Power to the System 4-13
9 Starting the System 4-14

Installation Procedure
Caution: Before starting the installation

y Be sure that the installation place is satisfy the requirements referred to the Chapter 3/ Before Installation.
y Be sure that the power switch is in the OFF (O) position and disconnect all connected cables.
The following summarizes the installation procedure for the Corecess R1-SW24L2B. The next
section will describe in detail the step-by-step procedures for each step.
1. Rack-mount
The design allows the Corecess R1-SW24L2B to be mounted on a 19-inch rack. Rack brackets
and screws needed for rack mounting are enclosed with the product.
2. Connect network devices

Connect the Ethernet ports of the Corecess R1-SW24L2B and of the option module with
other devices using appropriate network cables.
3. Connect a system mangement port

Connect a console terminal to change the configuration of the Corecess R1-SW24L2B or to
monitor its status.
4. Connect power to the system

Connect adjacent power after installing the Corecess R1-SW24L2B.
5. Start the system

Turn the Corecess R1-SW24L2B on and verity that the system is correctly installed by
checking that certain LEDs are lit.

Rack-Mounting
The design allows the Corecess R1-SW24L2B to be mounted on any kind of standard 19-inch
racks. This section describes how to install the Corecess R1-SW24L2B on a 19-inch rack.
Caution: Before installing the system in a rack, read the Rack-Mounting the System section in the
Chapter 3/ Before Installation to familiarize yourself with the proper site and environmental conditions.
Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to
the system and components.
Checking the Rack-Mount Space

Before installing the Corecess R1-SW24L2B in a 19-inch rack, check the rack-mount space as
follows:
y Make sure that the 19-inch rack is placed on a convenient location for the Corecess R1-SW24L2B
installation. At least, the space of 550 x 750 (width x length)mm is needed to install the 19-inch rack.
y Check to see if there is a vertical space of around two rack units (2U) in the rack because of the
Corecess R1-SW24L2B (1U) and air flow space (1U).
Air Flow Space 1U
R1-SW24L2B 1U
19-inch Rack
Installation 4-3
Mounting the System on a Rack
To mount the Corecess R1-SW24L2B on a 19-inch rack, you need the following tools and
equipment:
y A Philips screwdriver
y Electrostatic discharge (ESD) grounding strap
y Rack Brackets and Screws (provided along with the product)
Two (2) rack brackets
Four (4) binder-head screws (M5, 8mm)
Eight (8) pan-head screws (M3, 6mm)
Note: For more information about ESD, refer to the Chapter 3 Before Installation.
Once all the tools and equipment are prepared, mount the Corecess R1-SW24L2B on a 19-inch
rack according to the following procedure:
1. Place the Corecess R1-SW24L2B on a spacious floor or a sturdy table near the rack. And
check the tools and equipment.
2. There are four screw holes on each side of the Corecess R1-SW24L2B. As shown in the figure,
place the rack brackets to the screw holes and fix them using pan-head screws.

3. Make sure that the 19-inch rack is placed on a convenient location for the Corecess R1-
SW24L2B to be installed. And check to see if there is a 1U high space in the rack where the
Corecess R1-SW24L2B can be installed.
4. Lift up the Corecess R1-SW24L2B installed with rack brackets as high as the available space in
the 19-inch rack.
5. Place the rack brackets installed on the Corecess R1-SW24L2B to the holes of the 19-inch
rack. And fix the brackets using four binder-head screws.
Caution: The following explanations should be noticed when installing the Corecess R1-SW24L2B into the 19-
inch rack:
y Locate the heavy things at the bottom of the rack. If there is another equipment already installed in the rack,
select the location for the Corecess R1-SW24L2B carefully considering the size of the Corecess R1-SW24L2B.
y If the rack is empty, you should install the Corecess R1-SW24L2B at the bottom of the rack.
Installation 4-5
Connecting Network Devices
This section describes how to connect the 10/100Base-TX ports located on the front panel of the
Corecess R1-SW24L2B and the ports on the option module installed in the option slots to
network devices. The kinds of cables used for port connection are described in Chapter 3/ Before
Installation and Appendix B/ Connectors and Cables Specifications.
10/100Base-TX Port
The 10/100Base-TX port on the front of the Corecess R1-SW24L2B can be connected with the
Fast Ethernet network that supports the transmission speed up to 100Mbps.
Using the RJ-45 UTP cable, connect the 10/100Base-TX port to the Fast Ethernet device as
follows:
R1-SW24L2B
UTP cable
y 10Mbps : Category-3,4
y 100Mbps : Category-5
y 1000Mbps : Category-5+, 6
y MAX. cable length : 100m
PC
Hub or Switch

1000Base-PX SFP Port
The OPT-N1ES1CD and OPT-N1EL1CD module of the Corecess R1-SW24L2B provides the
Gigabit Ethernet PON uplink port. The Gigabit Ethernet PON uplink port can be connected to
the core network using the 1000Base-PX SFP connector.
Prepare the single mode fiber optic cable (Rx: 1310nm, Tx: 1490nm), then connect the cable to
the 1000Base-PX SFP port of the OPT-N1ES1CS or OPT-N1EL1CS module and a Gigabit
Ethernet PON device.
R1-SW24L2B
Single Mode Fiber Optic Cable
y Connector : Simplex SC/APC
y Wavelength : 1310nm (Rx), 1490nm (Tx)
y Max. cable length : 10/20Km
Corecess 4500 Optical Splitter
Single Mode Fiber Optic Cable

y Connector : Simplex SC/APC
y Wavelength : 1310nm (Rx), 1490nm (Tx)
y Max. cable length : 10/20Km
Corecess 3804T ONT
Installation 4-7
100/1000Base-LX/SX Port
The 100/1000Base-SX/LX SFP module can be installed in the SFP slot of the uplink modules on
the Corecess R1-SW24L2B, and the Corecess R1-SW24L2B can be connected to the core network
using the 100/1000Base-SX/LX SFP module. Depends on the type of SFP modules, connect
cables as follows:
1000Base-SX SFP Module

When the 1000Base-SX SFP module is installed in the SFP module slot, use the 850nm Multi-
mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, and then connect to
the Gigabit Ethernet network.
1000Base-LX SFP Module

When the 1000Base-LX SFP module is installed in the SFP module slot, use the 1310nm Single

R1-SW24L2B
Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable
y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 850nm (Rx, Tx)
y Max. cable length : 10Km y Max. cable length : 550m
Gigabit Ethernet Switch or Router

When the 100Base-SX SFP module is installed in the SFP module slot, use the 1310nm Multi-

When the 100Base-LX SFP module is installed in the SFP module slot, use the 1310nm Single

R1-SW24L2B
Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable
y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 1310nm (Rx, Tx)
y Max. cable length : 15/40Km y Max. cable length : 2Km
Installation 4-9
10/100/1000Base-TX Port
The RJ-45 port of the uplink modules on the Corecess R1-SW24L2B supports 10/100/1000Base-
T interface, and the RJ-45 port can be connected with the Gigabit Ethernet device that support
the transmission speed up to 1000Mbps.
Using the twisted-pair cable, connect the 10/100/1000Base-T port to the Gigabit Ethernet
device.
R1-SW24L2B
Twisted pair cable
y 10Mbps : Category-3, 4
y 100Mbps : Category-5
y 1000Mbps : Category-5+, 6
y Max. cable length : 100m
Note: The 10/100/1000Base-T port on the uplink module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.

Connecting a Console Terminal
The Corecess R1-SW24L2B can perform the following works via a console:
y Can browse various network statistics information and the status of the switch and ports.
y Can change the switch configuration for changing the topology, improving the switch performance or
controlling the network traffic.
y Can browse the logs of various events and traps occurring at the switch.
y Can download new software from ftp server.
y Can strengthen the system security through specifying hosts that can access switches.
There are two different ways to access to a console:
y Out-of-Band: The console port on the front panel of the Corecess R1-SW24L2B is directly
connected to a VT-100 terminal or a PC that is to be used as a console terminal using a
console cable comes with the Corecess R1-SW24L2B.
y In-Band: Access is gained from a PC or a VT-100 terminal emulator through Telnet sessions
to the Corecess R1-SW24L2B. To use this method, the IP address and subnet mask of the
Corecess R1-SW24L2B need to be designated. See the Chapter 5/ Basic Configuration to designate
the IP address and subnet mask of the Corecess R1-SW24L2B.
Configuring a Console Terminal

Make sure that your terminal emulation software is configured to communicate with the system
through hardware flow control. Configure the baud rate and character format of the PC or
terminal to match these console port default characteristics:
Table 4-1 Configuring a console terminal
Bits per second 9600bps
Data bit 8bit
Parity bit None
Stop bit 1bit
Flow control None
Installation 4-11
Connecting a Console Terminal
Connect the PC or terminal to the console port on the Corecess R1-SW24L2B using the console
cable included with the Corecess R1-SW24L2B.
R1-SW24L2B
Console cable (RJ-45 - DB-9)
y Console cable included with the system
Console Terminal

Connecting Power to the System
Caution: Before connecting AC power

y Be sure that the power to be connected to the system is satisfy the considerationts referred to the Chapter
3/ Before Installation.
y Be sure that the power switch on the rear panel is turned off (O).
1. Check that the power switch is in the OFF (O) position.
2. Connect the power cord, which is provided with the product, to the power input located on
the front panel of the Corecess R1-SW24L2B. And plug the power cord into an outlet.
R1-SW24L2B
Installation 4-13
Starting the System
Start the Corecess R1-SW24L2B according to the following order after installation:
1. Check the followings once again before operating the Corecess R1-SW24L2B:
y Make sure that cables are properly connected to each port.
y Make sure that the power cord is properly connected.
2. Turn on the power of the console terminal and execute the terminal emulator program.
3. Turn on the Corecess R1-SW24L2Bs power by pressing the power switch (towards I) on
the front panel of the Corecess R1-SW24L2B.
4. Check to see if the cooling fans are operating.
5. If power is properly supplied to the Corecess R1-SW24L2B, the RUN LED turns on in green.
And you will see the following message on the console terminal:
U-Boot 1.1.1 (Wed Sep 28 10:33:51 KST 2005)

R-405 u-Boot Ver 1.0.5 (smile@hera)
CPU: IBM PowerPC 405GP Rev. E at 200 MHz (PLB=100, OPB=33, EBC=50 MHz)
PCI async ext clock used, internal PCI arbiter enabled
16 kB I-Cache 8 kB D-Cache
Board: Corecess R-405
I2C: ready
DRAM: 60 MB
FLASH: 512 kB
In: serial
Out: serial
Err: serial
PHYADD:not found.
OneNAND 32MB 2.65/3.3V 16-bit KFG5616U1M Samsung
BEDBUG:ready
Press CTRL-C to stop autoboot: 0
Loading from device onenand(0:0xf00000) to 0x1000000 ... 100%. complete.
## Booting image at 01000000 ...
Image Name: Linux-2.4.20-pre2-initrd
Created: 2005-10-27 7:20:03 UTC

Image Type: PowerPC Linux Multi-File Image (gzip compressed)
Data Size: 3853809 Bytes = 3.7 MB
Load Address: 00000000
Entry Point: 00000000
:
:
6. Once the initialization is properly completed in a short while, the RUN LED flickers in green.
And the following login message is displayed on the console screen.
login:
Now, the Corecess R1-SW24L2B is properly installed. If you want to log into the console and to
configure the system at the console, refer to Chapter 5/ Basic Configuration.
Installation 4-15
Chapter 5 Basic Configuration
This chapter briefs general configuration method of the Corecess R1-SW24L2B. The Corecess
R1-SW24L2B already has configured with default upon the shipment and can immediately be
used without additional configuration explained in this chapter. If the default configuration should
be changed according to users network environment, refer to the contents in this chapter.
9 Before Configuration 5-2
9 Configuring Basic System Parameters 5-12
9 Configuration File Management 5-22
9 Monitoring and Maintaining the System 5-25
9 System Log Management 5-34
9 Upgrading Software 5-42

Before Configuration
This section describes how to access the Corecess R1-SW24L2B CLI and provides information
that you should know before using the Corecess R1-SW24L2B Command Line Interface (CLI).
Accessing the CLI

When the Corecess R1-SW24L2B starts up for the first time, the only CLI access available is
through the console port. The following steps describe how to access the CLI on the console
terminal connected to the console port:
1. To access the Corecess CLI on the console screen, the console port on the Corecess R1-
SW24L2B should be connected to a serial port (DB-9) of the console terminal using a console
cable as the following figure:
R1-SW24L2B
Console cable (RJ-45 - DB-9)
y Console cable included with the system
Console termial environment

- 9600 bps, 8 data bits, no parity bit,
no stop bit, no hardware flow
Console Terminal
2. Make sure that you have started the emulation software program such as HyperTerminal
from your console terminal.
3. Press [Enter] and the following login message is displayed on the console terminal:
login:

4. Enter the login ID and press the [Enter]. The default login ID is corecess. If you entered the
login ID, localhost> prompt appears.
login: corecess
Password:
Last login: Wed Feb 25 14:28:13 on console
localhost>
5. To configure the Corecess R1-SW24L2B, enter the Privileged mode by enable command.
If you enter Privileged mode, the prompt is changed from localhost> to localhost#.
localhost> enable
localhost#
Note: After specifying the IP address of the NMS port(Management interface), you can access the Corecess R1-
SW24L2B CLI through the Telnet session or NMS.
Basic Configuration 5-3

Command Modes
The commands in the CLI are organized into the following modes:
Table 5-1 CLI modes
Command Mode Description
In this mode, you can display information and perform basic tasks such as
User
Ping and Telnet.
In this mode, you can use the same commands as those at the User
Privileged mode plus configuration commands that do not require saving the
changes to the system-configure file.
The global mode allows you to globally configure access-lists, DHCP,

Global SNMP, and VLAN. You can also apply or modify parameters for ports
on the device.
The interface mode allows you to configure the features for the
Interface
specific VLAN interface.
The QoS configuration mode allows you to configure QoS (Quality of

QoS
Service) on the system.
Configuration
The Class-map configuration mode allows you to configure QoS class-
Class-map
map.
The Policy-map configuration mode allows you to configure QoS

Policy-map
policy-map.
The Policy-map class mode allows you to assign the class map to be
Policy-map-class
applied to QoS policy-map.
You can enter the each command mode by entering the following command.
Table 5-2 Command mode access method
To From CLI Command
Privileged User mode enable
Global Privileged mode configure terminal
Interface Global configuration interface
QoS Global configuration qos

Configuration
Class-map QoS configuration class-map
Policy-map QoS configuration policy-map
Policy-map-class Policy-map configuration class

Entering Privileged Mode
When you start a session on the Corecess R1-SW24L2B, you begin in User mode. Only a limited
subset of the commands is available in User mode. To have access to all commands, you must
enter Privileged mode. To enter Privileged mode from User mode, enter the enable user mode
command. The CLI prompt will be changed from > to # entering Privileged mode.
localhost> enable
localhost#
To exit from Privileged mode, enter disable privileged mode command. The CLI prompt will
be changed from # to > returning to the user mode from Privileged mode.
localhost# disable
localhost>
If you enter the exit privileged mode command, you can exit form the CLI.
corecess# exit
login:
Entering Global Configuration Mode

Global configuration mode allows you to change configuration to for the Corecess R1-SW24L2B.
Global configuration mode contains sub-modes for individual ports, for VLANs, and other
configuration areas.
To enter Global configuration mode from Privileged mode, enter the configure terminal
privileged mode command. The CLI prompt will be changed localhost(config)# entering
Global configuration mode.
localhost# configure terminal

localhost(config)#
To exit from Global configuration mode, enter end configuration mode command. The CLI
prompt will be changed to localhost# returning to Privileged mode.
localhost(config)# end
localhost#

Returning to Previous Command Mode
To log out from CLI, you should return to User mode or Privileged mode. Use the exit
command to return to the previous mode and use the exit or end command to return to the
Privileged mode from other command mode:
This example shows how to return to Privileged mode from the policy-map mode by using the
exit command:
localhost(config-pmap)# exit
localhost(config-qos)# exit
localhost(config)# exit
localhost#
This example shows how to return to Privileged mode from the policy-map mode by using the
end command:
localhost(config-pmap)# end
localhost#
Logging out From CLI

To log out from the CLI, enter the exit command at User mode or Privileged mode.
This example shows how to log out from the CLI at Privileged mode. After logging out from the
CLI, login prompt will be displayed as follow.
localhost# exit
login:

Prompt
On the Corecess R1-SW24L2B CLI prompt, the node name and current command mode are
indicated as follows:
localhost(config-qos)#
Node name Command mode
The default node name is localhost. This default node name is used for the prompt until you
change them. The following table provides the prompt of the main command modes.
Table 5-3 Prompt of the main command modes
Command Mode Prompt
User corecess >
Privileged corecess #
Global corecess(config)#
Interface corecess(config-if)#
QoS corecess(config-qos)#
Configuration
Class-map corecess(config-cmap)#
Policy-map corecess(config-pmap)#
Policy-map-class corecess(config-pmap-c)#
Note: You can change the node name of the Corecess R1-SW24L2B by using hostname global
configuration mode command.

Getting Help
The Corecess R1-SW24L2B CLI provides help system that shows the list of available commands
or command options. You can also get information about their function and brief description of
usage.
This section describes how to use help system for the Corecess R1-SW24L2B CLI.
y To obtain a list of commands that are available for each command mode, enter a question
mark (?) at the prompt:
# ?
calendar calendar
clear Reset functions
clock System clock
close Close the terminal
cls Clear a screen
configure Configuration from vty interface
copy Copy from one file to another
debug
delete Delete
diag Diagnosis mode
disable Turn off privileged mode command
enable enable
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
ping send echo messages
reset reset
session Create Session
show Show
ssh Open a ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also 'debug')
update Update Images
write Write running configuration to memory, network, or terminal
#

y To obtain the syntax for commands that are available for each command mode, enter the
list command at the prompt:
# list
calendar set WORD [WORD] [WORD] [WORD]
clear arp
clear arp A.B.C.D
clear arp-cache
clear diag port (fastethernet|gigabitethernet|adsl|vdsl|shdsl) WORD
clear host-entries
clear host-entries A.B.C.D
clear interface vlan id <1-4094>
:
:
update rootfs image id <1-100>
write file
write memory
write terminal
write terminal port (fastethernet|gigabitethernet|adsl|vdsl|shdsl
|switchfabric|stacking) WORD
#
y To obtain a list of any command's associated keywords and arguments, enter a question
mark (?) after a partial command followed by a space:
# clear ip ?
dhcp Dynamic Host Configuration Protocol
igmp Internet Group Management Protocol
netflow netflow
route Clear all routing table
static Static routing table & configuration
# clear ip

CLI Command Usage Basics
Entering CLI Commands

To executing a CLI command, you should enter both the command and its options. You can
execute the commands in the command mode which the prompt is locating now.
The CLI commands of the Corecess R1-SW24L2B have the following characteristics:
y The CLI commands are case-sensitive.
y The CLI supports command completion, so you do not need to enter the entire name of a
command or option. As long as you enter enough characters of the command or option name
to avoid ambiguity with other commands or options, the CLI understands what you are
typing. For example, you can enter only con t to execute the configure terminal
command at Privileged command mode.
localhost# con t
localhost(config)#
But if you enter only co t, the following error message will be displayed. Because there are
copy and configure command and the system cant distinguish the two commands.
localhost# co t
% Ambiguous command :co t
y To complete a command, press Tab key. If you enter a few known characters, then press Tab
key, the CLI displays the rest characters of the command. For example, if you enter only con,
then press Tab key, the CLI displays configure on the terminal.
y To display a list of available commands or command options, enter ?. If you have not
entered part of a command at the command prompt, all the commands supported at the
current CLI mode are listed. If you enter part of a command, then enter ?, the CLI lists the
options you can enter at the point in the command string.

Specifying Ports
To specify ports, follow these rules.
y Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1
on the option module installed in the slot 1.
y Use dash (-) to specify consecutive number of ports. For example, enter 2/3-6 instead of
entering 2/3 2/4 2/5 2/6.
y Use comma (,) to specify non-consecutive number of ports. For example, enter 2/1,2/3-4
instead of entering 2/1 2/3 2/4.
y See the following figure to check the slot number:
Slot 1 Slot 2
Editing Commands
The CLI supports the following line editing commands. To enter a line-editing command, use
the CTRL-key combination for the command by pressing and holding the CTRL key, then
pressing the letter associated with the command.
Table 5-4 CLI line-editing commands
Ctrl-Key
Description
Combination
Ctrl+a Moves to the first character on the command line.
Ctrl+b Moves the cursor back one character.
Ctrl+d Deletes the character at the cursor.
Ctrl+e Moves to the end of the current command line.
Ctrl+f Moves the cursor forward one character.
Ctrl+n Enters the next command line in the history buffer.
Ctrl+p Enters the previous command line in the history buffer.
Ctrl+u Deletes all characters from the cursor to the beginning of the command line.

Configuring Basic System Parameters
This section describes the procedure of configuring the following basic system parameters:
y IP address
y CLI users
y System name
y System time and date
Setting the Management Ethernet Interface IP Address

Before you can Telnet to the Corecess R1-SW24L2B or use SNMP to manage the Corecess R1-
SW24L2B, you must assign an IP address to the NMS port, management Ethernet interface.
To set the management Ethernet (management) interface IP address, follow this procedure:
Table 5-5 Setting the IP address
Command Task
enable 1. Enter Privileged mode.
configure terminal 2. Enter Global configuration mode.
3. Enter Interface configuration mode for configuring management
interface management
interface.
4. Assign an IP address and subnet mask to the management
ip address Ethernet interface.
<ip-address>/<M> y <ip-address>: IP address for the interface.
y <M>: Subnet mask.
5. Exit from Interface configuration mode and return to Global
exit
configuration mode.
ip route default 6. Specify a default gateway address.
<gateway-address> y <gateway-address>: Default gateway address.
end 7. Return to Privileged mode.
show interface management 8. Verify the IP address configuration.
9. Check the network connectivity.
ping <host> y <host>: The IP address of the host or the network number to
ping.
write memory 10. Save the IP address configuration.

The following is an example of assigning an IP address and subnet mask to the management
Ethernet interface and verifying the configuration:
> enable
# config t
(config)# interface management
(config-if)# ip address 172.27.68.100/16
(config-if)# exit
(config)# ip route default 172.27.1.254
(config)# end
(config)# show interface management
Interface management
index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:90:a3:cd:0e:b0
inet 172.27.68.100/16 broadcast 172.27.255.255
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# ping 172.27.2.49

User Management
To access the CLI of the Corecess R1-SW24L2B, you must login by entering a user name. By
default, corecess exists. The corecess is administrators who can read and write the system
configuration. You can add new users to the Corecess R1-SW24L2B, modify the users
information, and remove them.
Adding a New User

The table below shows the commands to add a user:
Table 5-6 Adding a new user
Command Task
3. Add a user.
username <name>
y <name>: The user ID for entering the CLI.
password <password> [8]
y <password>: The password for the user.
show username 5. Verify the list of user configuration
write memory 6. Save the IP address configuration.
The following example adds a user whose id is kka and password is violet and verifies the
configuration:
# configure terminal
(config)# username kka passwd violet
(config)# end
# show username
corecess console Sat Nov 12 12 14:41:45 +0900 2005
kka none none **Never logged in**
# write memory
Building Configuration...
[OK]
#

Changing a User Password
To change a user password for a user, follow this procedure:
Table 5-7 Changing a user password
Command Task
configure terminal 1. Enter Global configuration mode..
2. Specify a new password.

username <name> passwd y <name>: The user name to modify password.
<password> [8] y <password>: New password
y 8: Encrypts the password.
write memory 4. Save the configuration change.
The following is an example of changing a password of the user kka:
(config)# username kka password R1SW24L2B
(config)# end
# write memory
[OK]
#
Deleting a User
To delete a user, follow this procedure:
Table 5-8 Deleting a user
Command Task
2. Delete a user.
no username <name>
y <user-name>: The user name to delete.
show username 4. Verify the list of users.

The following is an example of deleting the user kka and verify the deletion:
(config)# no username kka
(config)# end
# show username
# write memory
[OK]
#

Specifying System Name and Adjusting System Date and Time
This section describes the configuration of the following general system features:
y System name
y System time and date
y NTP (Network Time Protocol) and Time zone
Changing System Name

The system name is used as the prompt on the console. Therefore, it is convenient for finding
out which device is connected to.
To change the system name, use the hostname command in Global configuration mode:
Table 5-9 Changing the system name
Command Task
2. Specify the system name.

y <system-name>: The string used for system name. The
hostname <system-name>
maximum length of the host name is 63 alphanumeric
characters or _ beginning with alphabet.
The following example changes the system name to SW24L2:
localhost# configure terminal

localhost(config)# hostname SW24L2
SW24L2(config)#
SW24L2(config)# end
SW24L2# write memory
[OK]
SW24L2#

Adjusting System Time
The system date and time is used in the log which is the record of the events occurred in the
system. When recording events or commands executed in the system into a log, the date and
time of the system is recorded with events or commands. Such logs can be used as an important
data in solving problems in the system thus, it is very important to accurately set the date and
time of the system.
To adjust the system time, use calendar and clock read-calendar commands in
Privileged mode:
Table 5-10 Adjusting system time
Command Task
2. Specify the current system time and date.
y <time>: Current time in hours, minutes, and seconds (in the
clock set <time> [<date>] format hh:mm:ss, example : 16:24:00)
[<month>] [<year>] y <day>: Current day (by date) in the month.
y <month>: Current month (1 ~ 12, or name).
y <year>: Current year (no abbreviation).
show clock 3. Reads manually the calendar into the system clock.
write memory 4. Verify the configuration.
The following is an example of adjusting the system calendar and changing the system clock
into the system calendar:
# clock set 15:00:00 12 11 2005

# show clock
Sat Nov 12 15:00:03 KST 2005
# write memory
[OK]
#
To change the current software clock (calendar) to the system clock, use the clock read-
calendar command in Privileged mode.
# show calendar
Sat Nov 12 15:00:08 2005 -0.747987 seconds
# clock read-calendar

# show clock
Sun Nov 13 00:02:00 KST 2005
#
Note: calendar clock is erased when the system is turned off or reboot. It is different to the system clock that
maintains time information even the system turned off or reboot.
Setting NTP Mode

NTP synchronizes timekeeping among a set of distributed time servers and clients. This
synchronization allows events to be correlated when system logs are created and other time-
specific events occur. The Corecess R1-SW24L2B supports the following NTP modes:
y Broadcast client mode: In broadcast client mode, local network equipment, such as a router,
regularly broadcasts the time information. The Corecess R1-SW24L2B listens for the
broadcast messages and set the system clock.
y Multicast client mode: Multicast mode acts the same as broadcast client mode, only instead of
broadcast messages (IP address 255.255.255.255) multicast messages are sent (IP address
224.0.1.1).
y Server mode: In server mode, the Corecess R1-SW24L2B regularly request the time
information to an NTP server.
To configure NTP on the system, follow this procedure:
Table 5-11 Configuring NTP
Command Task
2. Set the NTP mode.
y broadcast: Configure the system in NTP broadcast client mode.
y multicast <group-address>: Configure the system in NTP
multicast client mode.
ntp config type
- <group-address>: Multicast group address
{broadcast |
y server <poll> <ip-address>: Configure the system in NTP
multicast <group-
server mode.
address> | server
- <poll>: The polling interval.
<poll> <ip-address>
- <ip-address>: The IP address of the NTP server.
preset {on | off}}
y preset: Whether to preset the system clock to the time received from
NTP server.
- on: Preset.
- off: Not preset.
ntp enable 3. Enable NTP on the system.

Command Task
show ntp config 5. Verify the NTP configuration.
The following example shows how to configure the system in NTP server mode and verify the
configuration:
(config)# ntp config type server 32 203.255.112.69 preset on

(config)# ntp enable
(config)# end
# show ntp config
ntp config type server 32 203.255.112.69 preset on
ntp enable
#
Setting the Time Zone

You can specify a time zone for the system to display the time in that time zone. You must
enable NTP before you set the time zone. If NTP is not enabled, this command has no effect. If
you enable NTP and do not specify a time zone, UTC is shown by default. The default time
zone is UTC.
To set the time zone, follow this procedure:
Table 5-12 Setting the time zone
Command Task
2. Set the time zone.

y <region>: The region name. Select one of followings:
- Africa, America, Antarctica, Arctic, Asia, Atlantic,
ntp region <region>
Australia, Europe, Indian, Pacific
<area-code>
y <area-cded>: Area code(area code, 1 ~ 1000). You can see the area
code for the selected region by using the show ntp region in
Privileged mode.
show ntp config 4. Verify the configuration.
write memory 5. Save the configuration changes.
reset system 6. Restart the system.

The following example shows how to set the time zone and the area code to Asis/Seoul:
(config)# ntp region Asia 54

New NTP region/area is Asia/Seoul(Seoul)
system must be rebooted.

(config)# end
# show ntp config
ntp region Asia 54
ntp enable
# write memory
[OK]
# reset system
.
.

Configuration File Management
The Corecess R1-SW24L2B contains two types of configuration files: the running (current
operating) configuration and the startup (last saved) configuration.
Running Configuration
The running configuration is the current (unsaved) configuration that reflects the most recent
configuration changes. You can upload or download the running configuration file via FTP or
TFTP.
Startup Configuration
The startup configuration is the saved configuration in NVRAM and is used when the system
initializes. You can upload or download the startup configuration file via FTP or TFTP.
Caution: Whenever you make changes to the Corecess R1-SW24L2B configuration, you must save the
changes to memory so they will not be lost if the system is rebooted.
Displaying the Current Running Configuration

To display the current running configuration, enter the show running-config command in
Privilege mode:
# show running-config
Building configuration...
Current configuration:
!
! version 0.75
!
hostname localhost
multicast
!
snmp-server contact Unknown
snmp-server location Unknown
snmp-server enable rmon
!
system fan disable
system temperature enable 90 80
!
port gigabitethernet 1/1 flowctl on
port gigabitethernet 1/1 duplex full
port gigabitethernet 1/1 media-type mdix
!

interface management
ip address 172.27.68.100/16
!
ip route default 172.27.1.254
!
line vty 0 10
!
no ntp
!
#
Saving the Current Running Configuration

To save your configuration changes to NVRAM so that they will not be lost if the system is
rebooted, enter one of the following commands in Privileged command mode:
Table 5-13 Commands for saving the current running configuration
Command
Write memory
write file
copy running-config startup-config
The following example shows how to save the configuration changes to NVRAM using the
write memory command:
# write memory
[OK]
#
write file command:
# write file
[OK]
#
copy running-config startup-config command:
# copy running-config startup-config

[OK]
#
Restoring Default Configuration

To restore the default configuration, use the following commands in Privileged mode:
Table 5-14 Restoring default configuration
Commands Task
copy factory-default start-up config 1. Restore the default configuration.
reset system 2. Restart the Corecess R1-SW24L2B.
The following example shows how to restore default configuration.
# copy factory-default startup-config

done
# reset system
.
.

Monitoring and Maintaining the System
This section describes the commands you use to monitor the network connectivity and the state
of the system modules and display the system configuration. It also describes how to display
and manage the system log and how to download the software from the remote server.
Displaying CPU Utilization

You can display the utilization of the CPU on the Corecess R1-SW24L2B using the show cpuinfo
command in Privileged mode.
The following is a sample output of the show cpuinfo command:
# show cpuinfo
cpu : 405GP
clock : 200MHz
revision : 1.69 (pvr 4011 0145)
bogomips : 197.04
machine : IBM Walnut
plb bus clock : 100MHz
pci bus clock : 33MHz#
#
The following table describes the fields shown by show cpuinfo command:
Table 5-15 show cpuinfo field descriptions
Field Description
cpu Model name of the CPU.
clock Clock speed of the CPU.
revision Version information of the CPU.
Bogomips is the number of million times per second a CPU can do absolutely nothing
bogomips
and is used for a measurement of speed for the non Intel CPUs.
machine Maker of the CPU.
plb bus clock Clock speed of the PLB bus.
pci bus clock Clock speed of PCI bus.

Displaying Memory Usage
You can display the usage of the memories on the Corecess R1-SW24L2B using the show meminfo
The following is a sample output of the show meminfo command:
# show meminfo
total: used: free: shared: buffers: cached:
Mem: 57360384 44961792 12398592 0 3313664 24461312
Swap: 0 0 0
MemTotal: 56016 kB
MemFree: 12108 kB
MemShared: 0 kB
Buffers: 3236 kB
Cached: 23888 kB
SwapCached: 0 kB
Active: 7676 kB
Inactive: 30008 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 56016 kB
LowFree: 12108 kB
SwapTotal: 0 kB
SwapFree: 0 kB
#
The table below describes the fields shown by the show meminfo command:
Table 5-16 show meminfo field descriptions
Field Description
total Total amount of memory held in bytes.
used Total amount of used memory in bytes.
free Total amount of free memory in bytes.

Mem
shared Total amount of shared memory in bytes.
buffers Total amount of buffer memory in bytes.
cached Total amount of cache memory in bytes.
total Total amount of swap in bytes.
Swap used Total amount of used swap in bytes.
free Total amount of free swap in bytes.
MemTotal Total amount of memory in Kilobytes.

(Continued)
Field Description
MemFree Total amount of free memory in Kilobytes.
MemShared Total amount of shared memory in Kilobytes.
Buffers Total amount of buffer memory in Kilobytes.
Cached Total amount of cache memory in Kilobytes.
SwapCached Total amount of swap cache in Kilobytes.
Active Amount of buffer or cache memory currently allocated in kilobytes.
Inactive Amount of free buffer or cache memory in Kilobytes.
Amount of memory which is not mapping to kernel directly. This is different

HighTotal
according to the type of the used kernel.
Amount of free memory which is not mapping to kernel directly. This is different
HighFree
Amount of memory which is not mapping to kernel directly. This is different

LowTotal
Amount of free memory which is not mapping to kernel directly. This is different
LowFree
SwapTotal Total amount of swap in Kilobytes.
SwapFree Total amount of free swap in Kilobytes.

Displaying System Module Information
You can display the information of the modules installed in the option slots on the Corecess R1-
SW24L2B using the show module command in Privileged mode.
The following is a sample output of the show module command:
# show module
Codes : * - Internal/Built-in Module, N - Network Attached Module
X - Switch Fabric Module
Module Ports Description Status Serial No.

------- ----- ------------------------------ ---------------- -----------
A(M2) N/A Control Module active N/A
1 2 OPT-N1ES1CD insert,up N/A
2 24 R1-SW24L2B insert,up N/A
Module Version Hw Fw Sw
------- ------------------ ---------------- ------------ ---------------
1 release.rev(patch) N/A N/A N/A
2 release.rev(patch) 0.0(18) N/A N/A
#
The table below describes the fields shown by the show module command:
Table 5-17 show module field descriptions
Field Description
Module Slot number which the module is installed on.
Ports Number of the ports on the module.
Description Type of the module.
Status Equipment status and operating status of the module.
Serial No. Serial number of the module.
Hw Hardware version of the module.
Fw Firmware version of the module.
Sw Software version of the module.

Displaying System Module Equipment Status
You can display the equipment and running state of the system modules using the show system
The following is a sample output of the show system command:
# show system
System Information
-----------------------------------------------------
Subscriver/Service Interface Board(s)
SIB [ 1] Normal
SIB [ 2] Normal
Auxiliary Information
-----------------------------------------------------
Fan (`C(`F)) -
Disabled
Temperature (`C(`F)) -
Current Temperature : 30 ( 86 )
Max/Min Threshold : 90/ 80 (194/176)
#
Each field shown by the show system command describes the following information about
system state:
Table 5-18 show system field descriptions
Field Description
System Information The state of the main and option slot, power, and fan module.
The range of the normal temperature of the fan module. The
Fan Max/Min Threshold
Corecess R1-SW24L2B doesnt provide this information
Current Temperature Current temperature of the inside of the system ()
Temperature
Max/Min Threshold The range of the normal temperature of the system.

Checking Network Connectivity
After you assign an IP address and a default gateway and connect the NMS port to the network,
you should be able to communicate with other nodes on the network.
To check whether the Corecess R1-SW24L2B is properly connected and configured, use the
following commands in Privileged mode:
Table 5-19 Checking network connectivity
Commands Task
1. Ping another node on the network.

y <destination>: The IP address of the host or the network number
ping <destination>
to ping.
[count <packet-count>]
y count: Sends the specified number of ICMP packets.
- <packet-count>: The number of packets to send (1 ~ 512).
traceroute 2. Trace the route of packets through the network to another node.
[<host-ip> | y <host-ip>: Destination address.
<host-name>] y <host-name>: Host name.
show interface
3. If the host is unresponsive, check the IP address, subnet mask.
management
4. If the interface is properly configured, check the default gateway

show ip route
configuration.
This example shows how to ping a host with IP address 172.27.2.49:
# ping 172.27.2.49
PING 172.27.2.49 (172.27.2.49) from 172.27.2.100 : 56(84) bytes of data.
64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=955 usec
64 bytes from 172.27.2.49: icmp_seq=3 ttl=128 time=8.284 msec

--- 172.27.2.49 ping statistics ---

16 packets transmitted, 15 packets received, 6% packet loss
round-trip min/avg/max/mdev = 0.760/1.304/8.284/1.866 ms
#
The following messages are displayed according to the status of host and network:
Table 5-20 PING field descriptions
Displayed message Connection Status
Host or network is connected. (When the ICMP echo

22 data bytes from <host> :
response messages have been received from the host or
icmp_seq=n. time=n usec
network)
Destination does not respond. (When any packets have not
no answer from <host>
been received from the host or network)
<host> is unreachable Host is unreachable.
Network is unreachable. : 2 Network is unreachable.
This example shows how to perform a traceroute to the host whose IP address is 192.1.1.1:
# traceroute 192.1.1.1
traceroute to 192.1.1.1 (192.1.1.1), 30 hops max, 38 byte packets
1 * 172.27.1.254 (172.27.1.254) 4.204 ms 9.754 ms
2 * 192.168.11.126 (192.168.11.126) 1.640 ms 1.317 ms
3 61.107.96.1 (61.107.96.1) 1.825 ms 1.778 ms 1.441 ms
4 61.96.195.249 (61.96.195.249) 1.723 ms 1.812 ms 1.838 ms
5 172.30.4.1 (172.30.4.1) 2.375 ms 1.838 ms 1.856 ms
6 172.30.100.33 (172.30.100.33) 2.212 ms 1.813 ms 1.838 ms
7 172.30.100.10 (172.30.100.10) 2.404 ms 1.888 ms 2.277 ms
8 211.61.251.1 (211.61.251.1) 2.305 ms 1.861 ms 1.802 ms
9 211.61.251.4 (211.61.251.4) 3.338 ms 2.812 ms 2.811 ms
.
.
.
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

The following example displays sample traceroute output when a destination host IP
address is specified:
# traceroute 61.107.97.51
traceroute to 61.107.97.51 (61.107.97.51), 30 hops max, 40 byte packets n
1 172.26.1.254 (172.26.1.254) 14.812 ms 29.758 ms 22.752 ms
2 192.168.11.126 (192.168.11.126) 0.497 ms 0.454 ms 0.360 ms
3 61.107.97.51 (61.107.97.51) 14.812 ms 29.758 ms 22.752 ms
o p q
#
The table below describes the fields shown by the traceroute command:
Table 5-21 traceroute field descriptions
Field Description
n Maximum TTL value and the size of the ICMP datagrams being sent
o Indicates the sequence number of the switch router in the path to the host
p IP address of the router
q Round-trip time for each of the three probes that are sent
The following example shows how to display the interface information of the using the show
interface management command:
# show interface vlan id 1

Interface management
index 0 kernel index 2 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:11:a1:ca:00:01
inet 172.19.3.154/16 broadcast 172.19.255.255
collisions 0
#

The following is a sample output from the show ip route command:
# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
S> * default [1/0] via 172.19.1.254, management

B> * 100.100.10.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
C * 172.19.0.0/16 is directly connected, vlan1
C> * 172.19.0.0/16 is directly connected, management
Route Source Num of Entries

connected 2
static 1
bgp 4
Total 7

System Log Management
The Corecess R1-SW24L2B maintains a log file of all error and status messages generated by
each module on the Corecess R1-SW24L2B. Log file is stored in the Corecess R1-SW24L2B. You
can transmit the system log file to a remote host to manage it separately.
In this section, the following issues will be described:
y Specifying level of the logs to be displayed on the console screen.
y Specifying screens to display log messages.
y Saving event messages in the log file.
y Displaying system logs saved in the log file.
y Clearing system logs in the log file.
Specifying Event Level

All events occurred in the Corecess R1-SW24L2B dont need to be stored in the system log file.
You can specify the top level of events to be stored using the logging level command in
Global configuration mode. The events of the upper levels than the level designated by the
loggin level command will be ignored (These events will be neither saved nor displayed).
The Corecess R1-SW24L2B supports the following eight event levels. 1. Emergency event is the
most critical level and 8. Debug is the least critical level event.
1. Emergency More critical

2. Alert
3. Critical
4. Errors
5. Warning
6. Notify
7. Inform
8. Debug Less critical

To configure the types and level of the events, use the following command in Global
configuration mode.
Table 5-22 Configuring event level
Command Task
1. Configure the event types and level to save.

logging level <type> <level> y <type>: Type of event to configure the level.
y <level>: Level of event (1 ~ 8). Default setting is 6.
show logging 3. Verify the configuration.
write memory 4. Save the changed configuration.
The following example configures the sys events of the lower levels (Emergency, Alert, Critical,
and Errors) than Errors level (level 4) to be stored in the system log file:
(config) # logging level sys 4
(config) # end
# show logging
onsole logging is disable
logging buffer is enable
logging file is disable
logging buffer size is 128 kbytes
Facility Default Severity Current Severity

----------- ------------------ ------------------
sys 6 4(*)
filesys 6 6
authorize 6 6
.
.
# write memory
[OK]
#

Note: The Corecess R1-SW24L2B supprts the following types of events:
- sys : Events related to system hardware.
- filesys : Events related to file system.
- authorize : Events related to security and authentication.
- port : Events related to ports.
- interface : Events related to interfaces.
- vlan : Events related to VLAN (Virtual LAN).
- spantree : Events related to spanning tree and bridge.
- lacp : Events related to LACP (Link aggregation Control Protocol).
- igmp : Events related to IGMP and IGMP snoopping.
- mcast : Events related to multicast.
- qos : Events related to QoS (Quality Of Service).
- acl : Events related to access list.
- snmp : Events related to SNMP.
- snmp_rmon : Events related to SNMP RMON.
- dhcp : Events related to DHCP.
- ntp : Events related to NTP.
- route_main : Events related to Main Routing Control.

Specifying Screen to Display Log
When an event is occurred, the information of the event can be appeared on the remote host
screen, a console screen, and telnet sessions.
Configuring to Display Log Messages on the Console Screen

To configure the log messages to display on the console screen, use the following commands in
Global configuration mode:
Table 5-23 Configuring log messages to display on the console
Command Task
1. Configure whether to display log messages on the console.

logging console {enable |
y enable: Displays log messages on the console.
disable}
y disable: Doesnt display log messages on the console.

show logging 3. Check the result.
The following example configures the log messages to display on the console screen and check
the result:
(config)# logging console enable

(config)# end
# show logging
console logging is enable
.
.
# write memory
[OK]
#

Configuring to Display Log Messages to a Remote Host
To configure the log messages to display on a remote host, use the following command in
Table 5-24 Configuring log messages to display on a remote server
Command Task
1. Specify a remote host to display the log messages.

logging {<ip-address> |
y <ip-address>: IP address of a remote host.
<host-name>}
y <host-name>: Host name of a remote host.
show logging 3. Check the result.
The following example configures the system log to display on the remote host whose IP address
is 172.10.1.0:
(config)# logging 172.10.1.0

(config)# end
# show logging
console logging is enable
logging servers
172.10.1.0
.
.
# write memory
[OK]
#

Configuring to Display Log Messages to a Telnet Sessions
To configure the log messages to display on Telnet sessions, use the following commands in
Table 5-25 Configuring log messages to display on a Telnet session
Command Task
1. Configure whether to display log messages on Telnet sessions.

logging session {enable |
y enable: Displays log messages on Telnet sessions.
disable}
y disable: Doesnt display log messages on Telnet sessions.
The following example configures the system log to display on Telnet sessions:
(config)# logging session enable
(config)# end
# write memory
[OK]
#

Saving Log Message in Log File
By default, the Corecess R1-SW24L2B does not save the log messages in a log file. After
configuring the log messages to save using the logging file enable command, the log
message generated will be saved in a log file.
To configure the log messages to be saved in a log file, use the following command in Global
configuration mode:
Table 5-26 Saving log messages in a log file
Command Task
1. Configure whether to save the log messages in a log file.

logging file {enable |
y enable: Saves log messages in a file.
disable}
y disable: Doesnt save log messages in a file.
The following example shows how to configure the log message to be save in a file:
(config)# logging file enable

(config)#
Clearing System Log

To clear the system log file, the clear logging buffer command in Privileged mode. The
following is an example of clearing the logs in the log file and verifying the result:
# clear logging buffer

# show logging buffer 1
#

Displaying Contents of Log File
To display the contents of the log file, use the following command in Privileged mode:
Table 5-27 Displaying contents of log file
Command Task
1. Display the log messages saved in the log file.

show logging buffer <line>
y <line>: Number of log messages to display.
The following is a sample output of the show logging buffer command:
# show logging buffer 10

Nov 14 10:06:58 localhost VLAN-6-VLAN_CREATED: vlan [1] is created
Nov 14 10:07:09 localhost SYS-6-SYS_MODULE: module [1] is inserted
Nov 14 10:07:09 localhost SYS-6-SYS_MODULE: module [2] is inserted
Nov 14 10:07:09 localhost SNMP-5-COLDSTART: Cold Start
Nov 14 10:07:10 localhost PORT-6-LINK_CHANGE: 1/1: ifIndex 1 Link Up (Up)
Nov 14 10:07:32 localhost AUTHORIZE-6-LOGIN: login corecess authentication
service(login) tty(/cinitrd/dev/console) from (local)
Nov 14 10:07:33 localhost AUTHORIZE-6-USER_LOGIN: corecess login from
/cinitrd/dev/console
#
The following table describes the fields shown by the show logging buffer command:
Nov 24 13:49:56 CCR1AD AUTHORIZE-6-USER_LOGIN: root login from /dev/console

n o p
No Description
n Date and time that the event occurred (month date hour:minute:second)
o System name
r The brief description of the event in brief.

Upgrading Software
You can download the software for the cards on the Corecess R1-SW24L2B from a remote TFTP
server. To download software from a TFTP server, the Corecess R1-SW24L2B should be
connected with remote source server as follows:
Corecess R1-SW24L2B
Network
Source server
Console
Remote telnet
To download software from a remote TFTP server to the Corecess R1-SW24L2B, perform this
task in Privileged mode:
Table 5-28 Downloading software from a remote TFTP server
Command Task
1. Download specified file from the TFTP server.

y <tftp-ip>: IP address of the TFTP server.
copy tftp flash <tftp-ip>
y image: Downloads system image file from the TFTP server.
image <file-name>
y <file-name>: The file name used for saving the downloaded
file.
show flash image 2. Verify software download.
update flash image 3. Select an image used for booting code.

<file-id> y <id>: Id of the image.
reset system 4. Reboot the system.

The following is an example of downloading r1sw24l2-base-osapp-kt_0.0.6.img file from the TFTP
server whose IP address is 172.27.2.17:
# copy tftp 172.27.2.17 flash image r1sw24l2-base-osapp-kt_0.0.6.img

tftp: data 10000 Kbytes
# show flash image
System flash directory:
File Length (bytes) Name/status
----- --------------- ------------------------------------------
1 10352627 r1sw24l2-base-osapp-1.0.13.img
2 10331844 r1sw24l2-base-osapp-hphong_0.0.1.img (*)
3 10190924 r1sw24l2-base-osapp-kt_0.0.6.img
[30154 blocks used, 21040 available, 51194 total, 1K-blocks]
*/# : running/updated image
# update flash image id 3
# reset system
halt system now
Restarting system.
..

Chapter 6 Configuring Ports
This chapter describes how to configure the Ethernet ports.
9 Default Port Configuration 6-2
9 Configuring Ports 6-3
9 Displaying Port Information 6-8

Default Port Configuration
The features you can customize have default values that will most likely suit your environment
and probably need not be changed. The default values of these features are set as follows:
Table 6-1 Default port configuration
Item Default setting
Port status Enable
Port name None configured
Port priority level Normal
10/100Base-TX Auto
Data
1000Base-PX
trasmission
1000Base-LX
mode Full-duplex, depending on option modules
1000Base-SX
1000Base-TX
Port speed Auto
STP status Enabled on eth0 (default VLAN)
10/100Base-TX 19
1000Base-PX
Cost
1000Base-LX
4
1000Base-SX
1000Base-TX
Port STP priority 32
VLAN All ports belong to the default VLAN (ID : 1, name: vlan1)
When change the Ethernet port configurations, the change becomes part of the running
configuration. The change does not automatically become part of the startup configuration file
in Flash memory. If you do not save your changes to Flash memory, they are lost when the
system restarts. To save the Ethernet port configuration changes to Flash memory, you must
enter the write memory command in Privileged mode.

Configuring Ports
This section describes the following port configuration tasks:
y Disabling or enabling a port
y Changing the duplex mode
y Configuring the flow control on a port
y Setting the port speed
y Setting the port trap
y Attaching the port name
Disabling or Enabling a Port

All ports are enabled by default. To change administrative status (disabling a port or reenabling
a port), use the following command in Global configuration mode:
Command Task
1. Enable or disable the specified port.
y <port-type>: The type of Ethernet port to configure.
- fastethernet: Configures Fast Ethernet port.
port <port-type> <slot>/<port> - gigabitethernet: Configures Gigabit Ethernet port.
admin {enable | disable} y <slot>: Slot number (1 ~ 2)
y <port>: Port number (1 ~ 24)
y enable: Administratively enables the port.
y disable: Administratively disables the port.
The following example disables the gigabit Ethernet port 1/1:
(config)# port gigabitethernet 1/1 admin disable

(config)#
The following example reenables the gigabit Ethernet port 1/1:
(config)# port gigabitethernet 1/1 admin enable

(config)#
Configuring Ports 6-3

Changing the Transmission Mode
On the Corecess R1-SW24L2B, the default transmission mode setting of Fast Ethernet ports is
auto. Fast Ethernet ports can automatically match the transmission capability of an attached
device. Gigabit Ethernet ports on Corecess R1-SW24L2B operate in full-duplex mode.
To change transmission mode of a port, use the following command in Global configuration
mode:
Command Task
1. Change transmission mode of the specified port.
- gigabitethernet: Configures Gigabit Ethernet port.
port <port-type> <slot>/<port> y <slot>: Slot number (1 ~ 2)
duplex <duplex-mode> y <port>: Port number (1 ~ 24)
y <duplex-mode>: Duplex mode of the port.
- auto: Auto negotiation.
- half: Half duplex mode.
- full: Full duplex mode.
The following example changes the transmission mode of the Fast Ethernet port 2/1 to full
duplex:
(config)# port fastethernet 3/1 duplex full

(config)#
Note: Gigabit Ethernet ports supports the following transmission mode depending on option modules.
y 1000Base-SX/LX and 1000Base-PX ports support auto and full-duplex mode.
y 10/100/1000Base-TX port supports all of transmission mode.

Setting the Port Speed
On the Corecess R1-SW24L2B, Fast and gigabit Ethernet ports can automatically match the
transmission speed of an attached device. You can configure the port speed if desired.
To set the port speed for a port, use the following command in Global configuration mode:
Command Task
1. Set the port speed of the specified port.

y <slot>: Slot number (1 ~ 2)
port <port-type> <slot>/<port>
speed <port-speed>
y <port-speed>: Port speed of the specified port.
- 10: 10Mbps
- 100: 100Mpbs
- 1000: 1Gbps
- auto: Auto negotiation
The following is an example of setting port speed of the Fast Ethernet port 2/1:
(config)# port fastethernet 2/1 speed 10

(config)#
Note: Gigabit Ethernet ports supports the following port speed depending on option modules.
y 1000Base-SX/LX and 1000Base-PX ports support auto and 1000 Mbps.
y 10/100/1000Base-TX port supports all speed.

Configuring Flow Control on a Port
You can enable or disable flow control of a port, which manages traffic rates during congestion.
If a port experiences congestion and cannot receive any more traffic, flow control notifies the
other port to stop transmitting until the condition clears. By default, flow control of the ports on
the Corecess R1-SW24L2B is disabled.
To change flow control status, use the following command in Global configuration mode:
Command Task
1. Configure the flow control of the specified port.
port <port-type> <slot>/<port> y <slot>: Slot number (1 ~ 3)
flowctl <status> y <port>: Port number (1 ~ 8/24)
y <status>: Flow control status
- auto: Auto negotiation.
- off: Disables flow control on the port.
- on: Enables flow control on the port.
The following example enables flow control on the Gigabit Ethernet port 1/2:
(config)# port gigabitethernet 1/2 flowctl on

(config)#

Setting the Port Name
You can assign a name to each port. To set a port name, use the following command in Global
configuration mode:
Command Task
1. Set the name of the specified port.

name <port-name>
y <port>: Port number (1 ~ 8/24)
y <port-name>: Port name.
The following is an example of setting the name of the gigabit Ethernet port 1/1:
(config)# port gigabitethernet 1/1 name uplink-port

(config)#
Setting Trap
You can enable or disable the operation of the standard SNMP link trap for a port. By default,
the SNMP link trap of the ports on the Corecess R1-SW24L2B is disabled.
To set trap for a port, use the following command in Global configuration mode:
Command Task
1. Enable or disable the SNMP link trap for the specified

port.
trap link-status
The following example enables the SNMP link trap on the Fast Ethernet port 2/1-24:
(config)# port fastethernet 2/1-24 trap link-status

(config)#

Displaying Port Information
You can see the port configuration and port status using the show port command in the
Privileged mode. The following is a sample output from the show port command. This shows
the information about all ports on the Corecess R1-SW24L2B:
# show port
Port Name Status Vlan FlwCtl Duplex Speed Type
---- ------------- ---------- ----- ------- ------- -------- ----------
1/1 uplink-port connected 1 on full 1000 1000BasePON
1/2 DEFAULT notconnect 1 on full 1000 1000BaseSX
2/1 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
.
.
.
#
The table below describes the fields shown by the show port command:
Table 6-2 show port field descriptions
Field Description
Port Slot number/port number.
Name Port name.

Port admin status and network connection
Status
status.
Vlan Id of the VLAN which the port belongs to.
FlwCtrl Status of the flow control.
Duplex Duplex mode.
Speed Port speed.
Type Port type.

The following is a sample output from the show port command with the port number. This
example shows the information about a Fast Ethernet port:
# show port fastethernet 2/23
Port Name Status Vlan FlwCtl Duplex Speed Type

----- ------------- ---------- ----- ------ ------ ------------ -------
AdminStatus Media-type STP RSTP Edge Trap LinkAgg.

----------- ---------- ---------- ---------- ---------- ----------
enable auto disable disable disable off
Port Admin Speed Limited Speed Active Speed

----- ---------------- ---------------- -----------------
2/23 Desired Unlimited 0 M
If Index Logical ID
---------- ----------
87
access-type : eferred nt
Port 2/23 Statistics Counters

All(bytes) Unicast Multicast Broadcast Discard Error
------------ ------------ ------------- ------------ ---------- -------
in 0 0 0 0 0 0
out 0 0 0 0 0 0
Port Error Counters

input runt(0)/shortCRC(0)/normalCRC(0)/normalAlign(0)/longCRC(0)
output eferred(0)/collision(single/multi/consecutive/late 0/0/0/0)
Extension status
N/A
#
The table below describes the fields shown by the show port command with a port number:
Table 6-3 show port with port argument field descriptions
Field Description
AdminStatus Admin status of the port (enable, disable).
Media-type Media type(MDI/MDIX) of the port (none).
STP STP status of the port (enable, disable).

Field Description
RSTP Edge RSTP status of the port (enable, disable).
Whether to enable displaying trap messages of the VDSL port (enable,

Trap
disable).
LinkAgg. LACP status of the port (on, off).
Admin Speed Maximum speed of the port.
Limited Speed Limited speed of the port.
Active Speed Current speed of the port.
If Index Interface number of the port.
Logical ID Logical ID of the port.
All Total number of the incoming packets on the port.
Unicast Total number of the incoming unicast packets on the port.
Multicast Total number of the incoming multicast packets on the port.

in
Broadcast Total number of the incoming broadcast packets on the port.
Discard Number of the incoming packets discarded on the port.
Error Number of the incoming packets with errors on the port.
All Total number of the outgoing packets on the port.
Unicast Total number of the outgoing packets on the port.
Multicast Total number of the outgoing packets on the port.

out
Broadcast Total number of the outgoing packets on the port.
Discard Total number of the outgoing packets on the port.
Error Total number of the outgoing packets on the port.
Number of frames received without Start of Frame Delimiter detection but

runt
with carrier assertion.
shortCRC Number of frames less than 64 bytes in length, received with CRC error.
Number of frames with lengths between 64 bytes and the maximum frame
input normalCRC
size, received with an integral number of bytes and a CRC error.
Number of frames with lengths between 64 bytes and the maximum frame
nomalAlign
size, received with a non integral number of bytes and a CRC error.
Number of frames, larger then the maximum frame size, received with a CRC
longCRC
error.
output Number of frames deferred at the first transmit attempt due to a busy line in
eferred
half duplex mode.

Field Description
- single: Number of frames transmitted without any error following a single
collision.
- multi: Number of frames transmitted without any error following multiple
collisions.
collision
- consecutive: Number of frames that have experienced 16 consecutive
collisions or more, not including late collisions.
- late: Number of transmission abortion due to a collision occurring after the
transmission of the first 64 bytes fo that packet.

Chapter 7 Configuring VLAN
This chapter describes how to configure the VLAN and VLAN interface.
9 VLAN Configuration 7-2

VLAN Configuration
Default Configuration
The table below shows the default VLAN configuration for the Corecess R1-SW24L2B:
Table 7-1 Default VLAN configuration
Parameter Default
VLAN name DEFAULT
VLAN ID 1
Ports All ports belong to default VLAN.
STP state Off
IP address 0.0.0.0
Subnet mask 0.0.0.0
Tag Untagged
VLAN state Active
After modifying the default VLAN configuration, modified configuration will be applied
immediately without rebooting system or using additional command. To maintain the modified
configuration after rebooting the system, save the configuration using write memory
Basic VLAN Configuration

You can configure VLAN on the Corecess R1-SW24L2B when it is starting or running. If you
change VLAN configuration on running, all MAC address that have been learned by the ports
in VLAN will be deleted.
You can configure VLAN on the Corecess R1-SW24L2B using the following procedures:
y Creating VLANs (Deleting VLANs).
y Assigning ports to the VLAN (Removing ports from the VLAN)
y Saving VLAN configuration

Creating VLANs
In the factory default configuration, VLAN support is enabled and all the ports are only in the
Corecess R1-SW24L2B physical broadcast domain, which is given the name DEFAULT. You can
partition the Corecess R1-SW24L2B into multiple virtual broadcast domains by adding one or
more additional VLANs and moving ports from the default VLAN to the new VLANs. Because
the default VLAN permanently exists in the Corecess R1-SW24L2B, adding new VLANs results
in multiple VLANs existing in the Corecess R1-SW24L2B.
User-configured VLANs have unique IDs from 2 to 4094. Enter a vlan command with an unused
ID to create a VLAN. Enter a vlan command for an existing VLAN to modify the VLAN.
To create a VLAN, perform this task in the Privileged mode:
Table 7-2 Creating a VLAN
Commands Task
2. Add a VLAN.
vlan id <vlan-id>
y <vlan-id>: VLAN ID
name <vlan-name>
y <vlan-name>: VLAN name
show vlan 4. Verify that a new VLAN is created.
The following example creates a VLAN whose id is 2 and name is test.
(config)# vlan id 2 name test
(config)# end
# show vlan
VLAN Name Status Slot/Port(s)
---- ----------------- -------- ------------------------------------
1 DEFAULT active 1/1-2
2/1-24
2 test active
VLAN Interface IGMPs STP Private Promisc Port(s)
---- ---------- -------- -------- -------- ------------------------
1 disable disable enable Disable None
2 disable disable enable Disable None
#
Configuring VLAN 7-3

To delete a VLAN, use the no vlan command in Global configuration mode. The following
example deletes the VLAN whose id is 2:
(config)# no vlan id 2
(config)#
Assigning Ports to a VLAN

You should add ports that belong to the same broadcast domain to a VLAN after defining a
VLAN. When ports are assigned to a VLAN, a broadcast domain with assigned ports is created.
If you add ports belonging to the default VLAN to other VLAN, the ports are deleted from the
default VLAN and are added to other VLAN.
To assign ports a VLAN, perform this task in Global configuration mode:
Table 7-3 Assigning ports to a VLAN
Commands Task
1. Assign the specified ports to the VLAN.

vlan {id <vlan-id>
y <vlan-id>: VLAN ID.
| name <vlan-name>}
y <vlan-name>: VLAN name.
port <port-type>
y <port-type>: Port type (gigabitethernet, fastethernet)
<slot>/<port>
y <slot>/<port>: slot number / port number to be added to the VLAN.

show vlan 3. Verify the VLAN configuration.
[id <vlan-id> | y <vlan-id>: ID of the VLAN to verify.
name <vlan-name>] y <vlan-name>: Name of the VLAN to verify.
The following example adds the ports 2/1 to the VLAN whose id is 2:
(config)# vlan id 2 port fastethernet 1/1

(config)# end
# show vlan id 2
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
2 test active 1/1
VLAN Interface MTU STP Private Promisc port

---- ------------ ------ -------- -------- ------------
2 disable 1500 enable disable None
#

To remove ports from the VLAN, use the no vlan command in Global configuration mode.
The following example removes the port 2/1 from the VLAN whose name is test:
(config)# no vlan name test port fastethernet 2/1

(config)#
Assigning IP Address to a VLAN

To assign the IP address of a VLAN, use the following command in Global configuration mode:
Table 7-4 Assigning IP address to a VLAN
Commands Task
1. Enter Interface configuration mode.

interface vlan {id <vlan-id> |
y <vlan-id>: Id of the VLAN to configure.
name <vlan-name>}
y <vlan-name>: Name of the VLAN to configure.
2. Assign the IP address of the VLAN.

ip address <network-num>/<M> y <network-num>: IP address.
y <M>: subnet mask.
4. Verify the VLAN configuration.

show interface vlan {id <vlan-id>
y <vlan-id>: Id of the VLAN to display.
| name <vlan-name>}
y <vlan-name>: Name of the VLAN to display.
This example shows how to specify the IP address of the VLAN whose id is 1:
(config)# interface vlan id 1

(config-if)# ip address 172.27.2.100/16
(config-if)# end
Interface vlan1
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
#

To remove the IP address of a VLAN, use the no ip address command in interface
configuration mode. The following example shows how to remove the IP address of the VLAN
whose id is 2.

(config-if)# no ip address 10.1.1.1/24
Assigning Secondary IP address to a VLAN

You can specify another IP address to a VLAN. This is called secondary IP address. The
secondary IP address is useful for configuring DHCP server with many DHCP hosts (more than
256 hosts).
To specify the secondary IP address to the VLAN, use the following command in Global
configuration mode:
Table 7-5 Assigning secondary IP address to a VLAN
Commands Task
1. Enter Interface configuration mode.
interface vlan {id <vlan-id> |
y <vlan-id>: ID of the VLAN to configure.
name <vlan-name>}
y <vlan-name>: Name of the VLAN to configure.
2. Specify the secondary IP address of the VLAN.
ip address <network-num>/<M>
y <network-num>: IP address.
secondary
y <M>: subnet mask.
show vlan 4. Verify the VLAN configuration.
This example shows how to specify the secondary IP address of the VLAN whose id is 1:
(config-if)# ip address 172.25.1.100/16 secondary
(config-if)# end
Interface vlan1
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
inet 172.25.1.100/16 broadcast 172.25.255.255 secondary

collisions 0
#
To remove the secondary IP address of a VLAN, use the no ip address seconday

command in interface configuration mode. The following example shows how to remove the
secondary IP address of the VLAN whose id is 1.

(config-if)# no ip address 172.25.1.100/16 secondary
(config-if)# end
Interface vlan1
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
#
Saving VLAN Configuration

When you finish the VLAN configuration, you should save the VLAN configuration to use it
after rebooting the system. To save the current VLAN configuration, use write memory
# write memory
[OK]
#

802.1Q Tunneling Feature Configuration
The 802.1Q tunneling feature supports secure virtual private networks (VPNs). 802.1Q
tunneling enables service providers to segregate traffic from different customers in the service
provider infrastructure while significantly reducing the number of VLANs required to support
the VPNs. 802.1Q tunneling allows multiple customer VLANs to be carried by a single VLAN
on the Corecess R1-SW24L2B without losing their unique VLAN IDs.
When you configure 802.1Q tunneling on the Corecess R1-SW24L2B, traffic to be tunneled
comes into the Corecess R1-SW24L2B from an 802.1Q trunk port on a neighboring device and
enters the Corecess R1-SW24L2B through a port configured to support 802.1Q tunneling (a
tunnel port). When the tunnel port receives traffic from an 802.1Q trunk port, it does not strip
the 802.1Q tags from the frame header; instead, the tunnel port leaves the 802.1Q tags intact and
puts all the received 802.1Q traffic into the VLAN assigned to the tunnel port. The VLAN
assigned to the tunnel port carries the tunneled customer traffic to the other neighboring
devices participating in the tunnel port VLAN. When the tunneled traffic is received by an
802.1Q trunk port on a neighboring device, the 802.1Q tag is stripped and the traffic is removed
from the tunnel.
The following table shows how to configure trunk port on the Corecess R1-SW24L2B:
Table 7-6 Configuring trunk port
Commands Task
2. Set the specified port to a trunk port.

dot1q port <port-type> y <port-type>: The port type (fastethernet, gigabitethernet)
<slot>/<port> tag y <slot>: The slot number of the port (1 ~ 3)
<tag-id> [<tag-id>] y <port>: The port number of the port (1 ~ 24)
y <tag-id>: The tag id to be tunneled by a trunk port (VLAN ID)
end 3. Return to the Privileged mode.
show dot1q port 4. Verify the 802.1Q trunk port configuration.

The following example describes how to configure the Gigabit Ethernet port 1/2 to a 802.1Q
trunk port for VLANs vlan1 and vlan2:
(config)# vlan id 2 port gigabitethernet 1/2
(config)# dot1q port gigabitethernet 1/2 tag 1-2
(config)# end
# show dot1q
Port allowed 802.1q Static and Dynamic Vlans created by GVRP
-------- ------------------------------------------------------
1/2 1-2
# show dot1q port gigabitethernet 1/2
Port PVID Acceptable frame types Ingress filter
---------- ---- ---------------------- --------------
1/2 2 all off
Port allowed 802.1q Vlans
-------- ------------------------------------------------------
1/2 1-2

Chapter 8 Configuring SNMP and RMON
This chapter describes how to configure SNMP and RMON on the Corecess R1-SW24L2B.
9 Configuring SNMP 8-2
9 Configuring RMON 8-18
9 SNMP and RMON Configuration Commands 8-33

Configuring SNMP
SNMP(Simple Network Management Protocol) Overview

The Simple Network Management Protocol (SNMP) is an application layer protocol that
facilitates the exchange of management information between network devices. It is part of the
Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables
network administrators to manage network performance, find and solve network problems,
and plan for network growth.
SNMP Basic Components

SNMP consists of the following three key components:
y Managed Device
y SNMP Agent and Management Information Base (MIB)
y SNMP Manager
SNMP
Manager
Managed Managed Managed

Device Device Device
SNMP Agent SNMP Agent SNMP Agent

MIB MIB MIB
Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a
managed network. Managed devices collect and store management information and make this
information available to NMSs using SNMP. Managed devices, sometimes called network
elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or
printers.

SNMP Agent and MIB
The SNMP agent is a network management module running in the managed device. The SNMP
agent responds to SNMP manager requests as follows:
y Get a MIB variable: The SNMP agent initiates this function in response to a request from the NMS. The
agent retrieves the value of the requested MIB variable and responds to the NMS with that value.
y Set a MIB variable: The SNMP agent initiates this function in response to a message from the NMS. The
SNMP agent changes the value of the MIB variable to the value requested by the NMS.
The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event
has occurred on the agent. Examples of traps conditions include, but are not limited to, when a
port or module goes up or down, when spanning-tree topology changes occur, and when
authentication failures occur.
The MIB is the information base, the SNMP agent must keep available for the managers. This
information base contains objects whose values provide information on the status of the
checked system or objects whose values can be modified by a manager to control the system.
Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB
and enterprise-specific MIB.
SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP
agent and sometimes sends warning messages depending on the each SNMP agent relations. In
other words, the actual data is collected from SNMP agent and this data will be processed by
management module and saved. To request information or configuration changes, respond to
requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages
(Get, GetNext, Set, trap). For more information on these messages, refer to the following section.
Configuring SNMP and RMON 8-3

SNMP Messages
The SNMP manger and SNMP agent use the following SNMP messages to request information
or configuration changes, respond to requests, and send unsolicited alerts.
y Get-Request / Get-Response Message
y GetNext-Request / GetNext-Request Message
y Set-Request Message
y Trap Message
Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it
requests information about a single MIB entry on an SNMP agent. For example, the amount of
free drive space.
GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse
the entire tree of management objects. When processing a Get-next request for a particular
object, the agent returns the identity and value of the object which logically follows the object
from the request. The Get-next request is useful for dynamic tables, such as an internal IP route
table.
Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated
MIB value to the agent.
Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects
that a certain type of event has occurred locally on the managed device. For example, a trap
message might be sent on a system restart event.

SNMP Community Strings
SNMP community strings authenticate access to MIB objects and function as embedded
passwords. A community string can have one of the following attributes:
Table 8-1 Types of community strings
Types Authenication
Gives read access to authorized management stations to all objects in the MIB
Read-only
except the community strings, but does not allow write access
Gives read and write access to authorized management stations to all objects in the
Read-write
MIB, but does not allow access to the community strings
Gives read and write access to authorized management stations to all objects in the
Read-write-all
MIB, including the community strings
Trap
Trap is a defined status of event or system. For example, event generated when port
configuration is changed or a host having not-allowed IP address accesses can be defined as a
trap. You can configure the level of trap according to the kind of events. If a trap occurs on the
system, the SNMP agent send SNMP trap message to the registered trap host.

Configuring SNMP
SNMP Default Configuration

The default SNMP configuration of the Corecess R1-SW24L2B is as follows:
Table 8-2 Default SNMP configuration
SNMP Configuration Element Default Setting
Agent contact information (MIB-II System Contact variable) None configured

Agent location information (MIB-II System Location variable) None configured
Community strings None configured
Trap None enabled
Trap Host None configured
RMON Enabled
Setting the System Contact and Location Information

In the system group of MIB-II (Public MIB) supported by the Corecess R1-SW24L2B has System
Contact variable and System Location variable displaying the system contact information and
system location information. The values of these variables can be browsed or modified via
ViewlinX, NMS of the Corecess or NMS of other companies.
To specify these values, use the following commands:
Table 8-3 Setting the system contact and location information
Command Task
2. Set the system contact information.

snmp-server contact <string>
y <string>: String described for system contact information.
3. Set the system location information.

snmp-server location <string>
y <string>: String described for system location information.
show snmp-server 5. Verify the system contact and location information.

The following is an example of setting the system contact information and system location
information:
Parameter Value
System contact information Dial System Administrator at phone #2734
System location information 1st_floor lab
(config)# snmp-server contact Dial System Administrator at phone #2734
(config)# snmp-server location 1st_floor lab
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
sysContact Dial Operator at phone

sysLocation 1st_floor_lab
:
# write memory
[OK]
#

Configuring Community Strings
You use the SNMP community string to define the relationship between the SNMP manager
and the agent. The community string acts like a password to permit access to the agent on the
system. One thing to be aware of is that in case of adding new community string using the
Corecess R1-SW24L2B CLI command, this community string must be added in NMS in order to
connect to the system using this community string. To define SNMP community strings, use the
following commands in Privileged mode:
Table 8-4 Configuring SNMP community strings
Command Task

2. Define the SNMP community strings for each access type.
snmp-server community y <community-string>: The SNMP community name for this
<community-string> system. Enter an unquoted text string with no space and a
<auth> maximum length of 12 characters.
y <auth> : Access type for this community (read-only, read-write)
show snmp-server 4. Verify new community string.
The following example defines new community string:
(config)# snmp-server community R1SW24 rw
(config)# end
# show snmp-server
RMON: Enabled
sysContact Dial Operator at phone

sysLocation 1st_floor_lab
Community-Access Community-String
---------------- ----------------
read-write R1SW24
:
:

Configuring Trap Type
Traps are system alerts that the Corecess R1-SW24L2B generates when certain events occur. The
Corecess R1-SW24L2B supports the following trap types:
Table 8-5 Types of trap supported by Corecess R1-SW24L2B
Trap Types Description
Sends a trap message when power supply is installed or uninstalled, temperature

chassis
limitations are exceeded, or fan errors occur.
module Sends a trap message when a module goes up or down.
port Sends a trap message when a port goes up or down.
bridge Sends a trap message when there are spanning tree topology changes.
repeater Sends a trap message when Ethernet hub repeater state is changed.
ip_permit Sends a trap message when there are access attempts with unauthorized IP address.
sysconfig Sends a trap message when the system backup configuration is changed.
Sends a trap message when there is Entity Management Information Base (MIB)
entity
change.
cpuload Sends a trap message when CPU load limitations are exceeded.
Sends a trap message when there are access attempts with unauthorized community
auth
string.
sysauth Sends a trap message when unauthorized user attempts access to the system.
Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is
dhcp
changed.
When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or
if problem occurs in the part defined by the trap, such error status (trap message) are
transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are
disabled. To send traps to the trap hosts, the trap types should be enabled.

To enable a trap type, use the following commands in Privileged mode:
Table 8-6 Enabling a trap type
Command Task
snmp-server enable traps 2. Enable the specified trap type.

<trap-type> y <trap-type>: Trap type to be enabled (all: all trap types).
show snmp-server 4. Check the state of the trap.
The following example enables the port and auth traps:
(config)# snmp-server enable traps port
(config)# snmp-server enable traps auth
(config)# end
# show snmp-server
RMON: Enabled
:
:
Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled
dhcp disabled
#
To disable the trap type, use the no snmp-server enable traps command as follows:
(config)# no snmp-server enable traps port

Configuring Trap Host
Trap host is the host to receive traps from an SNMP agent. Trap is message sent by an SNMP
agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such
as a specifically defined condition or a threshold that was reached. By default, no trap host is
configured. To receive the trap generated on your managed device using NMS, you must add
the NMS as a trap host. You can specify up to twenty trap hosts on the Corecess R1-SW24L2B.
To add or modify trap hosts, use the following commands in Privileged mode:
Table 8-7 Configuring a trap host
Command Task
2. Add a trap host.

y <ip-address>: The IP address or host name of an SNMP
host that has been configured to receive traps.
snmp-server host
y <community>: The community name to use when sending
<ip-address> <community>
traps to the specified SNMP host.
port {<udp-port> | default}
y <udp-port>: The UDP port number to use when sending
traps to the specified SNMP host (1 ~ 65535).
y default: use 162 of default UDP port number.
show snmp-server 4. Verify the trap host entries
The following example shows how to add a trap host:
(config)# snmp-server host 172.168.2.23 R1SW24 port default
(config)# end
# show snmp-server
RMON: Enabled
:
:
rap-Rec-Address Version Trap-Rec-Community
---------------------------- ------- ----------------------
udp:172.168.2.23:162 v2c R1SW24
:
:
# write memory
[OK]
#

To delete a trap host, use the no snmp-server host command in Global configuration mode.
The following example deletes a trap host 172.168.2.23:
(config)# no snmp-server host 172.168.2.23

(config)# end
# show snmp-server traphost
#
Configuring SNMP Access Groups

You can configure an SNMP access group by using access lists. The hosts that are permitted in
the access lists can access to the system via SNMP.
To configure SNMP access group by using access lists, use the following commands in
Privileged mode:
Table 8-8 Configuring SNMP access groups
Command Task

snmp-server group access 2. Configure a new SNMP access group.
<list-number> y <list-number>: Standard access list number (1 ~ 99, 100 ~ 199)
The following example shows how to configure a SNMP access group:
(config)# access-list 12 permit 192.89.55.0 0.0.0.255

(config)# snmp-server group access 12
(config)#
The hosts that belong to 192.89.55.0 network can access to the system via SNMP.

Displaying SNMP Information
The section describes how to display SNMP configuration information, SNMP community
strings, SNMP trap hosts, and SNMP statistics.
Displying SNMP Configuration Information

To display SNMP configuration information, use the show snmp-server command in
Privileged mode.
The following example is a sample output of the show snmp-server command:
# show snmp-server
RMON: Enabled
sysContact Dial System Administrator at phone #2734

sysLocation 1st_floor lab
Community-Access Community-String
---------------- ----------------
read-write R1SW24
Trap-Rec-Address Version Trap-Rec-Community

---------------------------- ------- ----------------------
udp:172.168.2.23:162 v2c R1SW24
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled
bgp disabled
dhcp disabled
atm disabled
adslAtuc enabled
adslAtur disabled
mac-flood disabled
#

The table below describes the fields shown by the show snmp-server command:
Table 8-9 show snmp-server field descriptions
Field Description Default
Status of whether RMON is enabled or

RMON enabled
disabled
Status of whether extended RMON is enabled

Extended RMON not supported
or disabled
sysContact SNMP system contact string unknown
sysLocation SNMP system location string unknown
Configured SNMP communities

Community-Access - read-only
community - read-write
SNMP community strings associated with each

Community-String none
SNMP community
IP address of trap receiver hosts and UDP port

Trap-Rec-Address
number for sending trap messages.
TrapReceive
r Version SNMP version of trap host
SNMP community string used for trap messages

Trap-Rec-Community
to the trap receiver.
Traps Trap types

Trap
Status of whether trap type is enabled or
Enabled disabled
disabled

Displaying SNMP Community Strings
To display SNMP community strings, use the show snmp-server community-list
The following example shows how to display SNMP community strings:
# show snmp-server community-list

community:pubilc access: ro
community:private access: rw
community:corecess access: ro
#
The table below describes the fields shown by the show snmp-server community-list
command output:
Table 8-10 show snmp-server community-list field descriptions
Field Description
community SNMP community strings
Access right of the community strings

access - ro : Read-only
- rw : Read-write

Displaying SNMP Statistics
To display SNMP statistics, use the show snmp-server statistics command in
Privileged mode.
The following is sample output from the show snmp-server statistics command:
# show snmp-server statistics

10090 SNMP packets input
0 Bad SNMP version errors
96 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
28051 Number of requested variables
12 Number of altered variables
9854 Get-request PDUs
83 Get-next PDUs
12 Set-request PDUs
9994 SNMP packet output
0 Too big errors (Maximum packet size 1500)
3 No such name errors
0 Bad values errors
0 General errors
9994 Response PDUs
0 Trap PDUs
#
The table below describes the fields shown by the show snmp-server statistics
command output:
Table 8-11 show snmp-server statistics field descriptions
Field Description
SNMP packets input Total number of SNMP packets input.
Bad SNMP version errors Number of packets with an invalid SNMP version.
Unknown community name Number of SNMP packets with an unknown community name.
Illegal operation for Number of packets requesting an operation not allowed for that
community name supplied community.
Encoding errors Number of SNMP packets that were improperly encoded.
Number of requested
Number of variables requested by SNMP managers.
variables

Field Description
Number of altered variables Number of variables altered by SNMP managers.
Get-request PDUs Number of get requests received.
Get-next PDUs Number of get-next requests received.
Set-request PDUs Number of set requests received.
SNMP packet output Total number of SNMP packets sent by the router.
Number of SNMP packets which were larger than the maximum packet
Too big errors
size.
Number of SNMP requests that specified an MIB object which does not
No such name errors
exist.
Number of SNMP set requests that specified an invalid value for an MIB
Bad values errors
object.
Number of SNMP set requests that failed due to some other error. (It
General errors was not a noSuchName error, badValue error, or any of the other
specific errors.)
Response PDUs Number of responses sent in reply to requests.
Trap PDUs Number of SNMP traps sent.
Displaying SNMP Trap Hosts

To display the list of the trap receiver hosts, use the show snmp-server traphost
The following example shows how to display the list of the trap receiver hosts:
# show snmp-server traphost

host: udp:172.27.2.36:162 comm: public
host: udp:172.28.3.178:24 comm: corecess
#
The table below describes the fields shown by the show snmp-server traphost command
output:
Table 8-12 show snmp-server traphost field descriptions
Field Description
host Protocol : IP address of a trap receiver host: port number.
comm SNMP community strings of the trap receiver host.

Configuring RMON
RMON (Remote MONitoring) Overview

The RMON is a standard MIB that defines current and historical MAC-layer statistics and
control objects, allowing you to capture real-time information across the entire network. The
RMON standard is an SNMP MIB definition described in RFC 1757 (formerly 1271) for Ethernet.
The RMON MIB provides a standard method to monitor the basic operations of the Ethernet,
providing inoperability between SNMP management stations and monitoring agents. The
RMON also provides a powerful alarm and event mechanism for setting thresholds and for
notifying you of changes in network behavior.
You can use the RMON to analyze and monitor network traffic data within remote LAN
segments from a central location. This allows you to detect, isolate, diagnose, and report
potential and actual network problems before they escalate to crisis situations. For example, the
Corecess R1-SW24L2B can identify the hosts on a network that generate the most traffic or
errors.
The RMON allows you to set up automatic histories, which the RMON agent collects over a
period of time, providing trending data on such basic statistics as utilization, collisions, and so
forth. The RMON monitors nine MIB groups including network statistics. The following table
lists the RMON MIB groups:
Table 8-13 RMON groups
Group Description
1. Statistics Collects the network statistics.
2. History Records the network activity in sequence of time.
3. Alarm Defines level of the alarms to be informed to the manager.
4. Host Monitors the hosts in the network.
5. Host Top N Filters and manages the information of N hosts.
6. Matrix Monitors the traffics between network nodes.
7. Filter Monitors the specified packets on the network segment.

Creates capture buffers and controls how the buffers are filled and how much of
8. Packet Capture
each packet is stored.
9. Event Determines the action to take when an event is triggered by an alarm.

The Corecess R1-SW24L2B supports the following four groups among the nine groups:
1) Statistics (RMON group 1)

Collects the number of packets/bytes, the number of broadcast/multicast packets, the
number of collisions, the number of errors occurred (fragment, CRC, jabber, short-length,
long-length) on an interface.
2) History (RMON group 2)

Collects a history group of statistics on Ethernet, Fast Ethernet, and Gigabit Ethernet
interfaces for a specified polling interval
3) Alarm (RMON group 3)

Monitors a specific management information base (MIB) object for a specified interval,
triggers an alarm at a specified value (rising threshold), and resets the alarm at another value
(falling threshold). Alarms can be used with events; the alarm triggers an event, which can
generate a log entry or an SNMP trap
4) Event (RMON group 9)

Determines the action to take when an event is triggered by an alarm. The action can be to
generate a log entry or an SNMP trap.

Configuring RMON
Enabling RMON
To enable RMON, perform this task in Privileged mode:
Table 8-14 Enabling RMON
Command Task

snmp-server enable rmon 2. Enable the RMON on the Corecess R1-SW24L2B.
show snmp-server 4. Verify that RMON is enabled.
This example shows how to enable the RMON on the Corecess R1-SW24L2B and how to verify
that RMON is enabled:
(config)# snmp-server enable rmon
(config)# end
# show snmp-server
RMON: Enabled
sysContact TEL:+82-2-3016-6900
sysLocation Sandaewon-dong Sungnam Korea
.
.

Configuring History Groups
The RMON History group contains a control and data collection function. The control function
manages the periodic statistical sampling of data from networks and specifies control
parameters, such as the frequency of data sampling, in the historyControlTable. The history
function records periodic statistical samples from Ethernet networks, for example, interval start
time and number of packets. This function places the statistical samples in the
etherHistoryTable.
You can configure the operation of the RMON history that periodically samples any Ethernet
port for statistical data. All ports are preconfigured with histories for 30-second and 30-minute
intervals, and 50 buckets with one sample per bucket. However, you can create additional
histories for a specific port. This allows you to configure the time interval to take the sample
and the number of samples you want to save.
To configure an RMON history group, use the following commands in Global configuration
mode:
Table 8-15 Configuring RMON history group
Command Task
2. Set a history group.

rmon historycontrol y <index>: RMON history number (1 ~ 65535)
<index> {<ifIndex> | y <ifindex>: Interface number (1 ~ 2147483647)
<port-type> y <port-type>: Port type (fastethernet, gigabitethernet)
y <slot>/<port>: Slot number/port number
<slot>/<port>} owner
y <history-owner>: Option for specifying an owner who defined
<history-owner> and is using the history resources
<bucket-number> y <bucket-number>: The bucket count for the interval (1 ~ 65535)
<history-interval> y <history-interval>: The time interval for the history (1 ~ 3600
seconds)
show rmon 4. Verify the configuration.

The following is an example of configuring a history group:
(config)# rmon historycontrol 1 gigabitethernet 1/1 owner aaa 50 30
(config)# end
# show rmon
RMON: Enabled
[statistics]
index status dataSource
----- -------------- -----------------------------
[history]
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
.
.
To display the detail information on a history group, enter the show rmon history
command with the history number:
# show rmon history 1

Entry 1 is valid, and owned by aaa
Monitors ifEntry.ifIndex.1 every 10 seconds
Requested # of time intervals, is buckets, is 10
Granted # of time intervals, is buckets, is 10
Sample # 6878 began measuring at 1days 18h:5m:52s:44th(15155244)
Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions.
# of dropped packet events is 0
Network utilization is estimated at 0
.
.
.

Sample # 6887 began measuring at 1days 18h:7m:22s:44th(15164244)
0 CRC alignment errors and 0 collisions.
# of dropped packet events is 0
Network utilization is estimated at 0
To delete a history group, enter the no rmon historycontrol command in Global

configuration mode:
(config)# no rmon historycontrol 1

(config)#
Configuring Statistics Groups

The RMON Statistics group records data that the Ethernet DCM measures on network
interfaces. The Ethernet DCM creates one entry for each Ethernet interface it monitors and
places the entry in the EtherStatsTable. The EtherStatsTable also contains control parameters for
this group.
To configure an RMON statistics group, use the following commands in Global configuration
mode:
Table 8-16 Configuring RMON statistics group
Command Task
2. Set a statistics group.

rmon etherstats y <index>: RMON history number (1 ~ 65535)
<index> {<ifIndex> | y <ifIndex>: The data source object for the Ethernet port. The port is
<port-type> identified by an ifIndex data object identifier. To see a list of data
<slot>/<port>} object IDs, use the show interface command.
owner <etherstats- y <port-type>: Port type (fastethernet, gigabitethern)
owner> y <slot>/<port>: Slot number/port number
y owner <etherstats-owner>: Option for specifying an owner who
defined and is using the statistics resources

The following is an example of configuring statistics groups:
(config)# rmon etherstats 1 gigabitethernet 1/1 owner dddd

(config)# rmon etherstats 2 fastethernet 2/1 owner aaa
(config)# end
# show rmon
RMON: Enabled
[statistics]
----- -------------- -----------------------------
2 valid ifIndex.3 (Fa 3/1)
[history]
----- -------------- -----------------------------
.
.
#
To display the detail information on a statistics group, enter the show rmon statistics
command with the statistics number:
# show rmon statistics 1

Entry 1 is valid, and owned by dddd
Monitors ifEntry.ifIndex.1 which has
# of dropped packet events (due to lack of resources): 0
# of packets received of length (in octets):
64: 0, 65-127: 0, 128-255: 0,
256-511: 0, 512-1023: 0 1024-1518: 0
#
To delete a statistics group, enter the no rmon etherstats command in Global configuration
mode:
(config)# no rmon etherstats 1

(config)#

Configuring Event Groups
The RMON Event group allows for the generation of an SNMP trap, the generation of a log entry, or
both, for any event you choose. An event can occur when the sample variable exceeds the alarm
threshold or a channel match event generated. Traps can be delivered by the RMON agent to
multiple management stations.
In order for RMON to generate trap events, you must set up the SNMP managers table based on
the SNMP community strings (for example, public) you are using with the network
management application and the hosts on which you are running applications. If you fail to
make these changes, the system will be unable to send trap events to the network management
station.
To set an RMON event, use the following commands in Privileged mode:
Table 8-17 Configuring RMON event group
Command Task
2 Add or remove an event in the RMON event table.

y <index>: Assigned event number (1 ~ 65535).
rmon event <index> y description <string>: A description of the event.
description <string> y trap <community>: Option for generating SNMP trap with the
{trap <community> | <community> community string when the event occurs.
log } owner <owner> y log: Option for generating an RMON log entry when the event is
triggered
yowner <owner>: Option for specifying an owner for the event.
This example shows how to configure an event group on the Corecess R1-SW24L2B and how to
verify that they are configured:
Parameter Value
Event index 10
Event description Event to create log entry and SNMP notification
Event type log, trap
Community public
Owner help_desk

(config)# rmon event 10 description Event to create log entry and SNMP
notification log trap public owner help_desk
(config)# end
# show rmon
RMON: Enabled
[statistics]
----- -------------- -----------------------------
2 valid ifIndex.2 (Fa 2/1)
[history]
----- -------------- -----------------------------
[alarm]
index status sample
----- -------------- -----------------------------
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#
To display the detail information on an event group, enter the show rmon events command
with the event number:
# show rmon events 10

Event 10 is valid, owned by help_desk
Description is Event to create log entry and SNMP notification
Event firing causes log and trap to community public
last fired 0days 00:00:00:00

To delete an event group, enter the no rmon event command in Global configuration mode:
(config)# no rmon event 10

(config)#
Configuring Alarm Groups

The RMON Alarm group allows you to set an alarm threshold and a sampling interval to
enable the RMON agent to generate alarms on any network segment it monitors. Alarm
thresholds can be based on absolute or delta values so that you can be notified of rapid spikes
or drops in a monitored value.
Each alarm is linked to an event in the event group. An event defines an action that will be
triggered when the alarm threshold is exceeded.
The alarm group periodically takes statistical samples from variables and compares them to
previously configured thresholds. The Alarm Table stores configuration entries that define a
variable, a polling period, and threshold parameters. If the RMON agents determines that a
sample crosses the threshold values, it generates an event. You can specify rising or falling
thresholds, indicating network faults such as slow throughput or other network-related
performance problems. You specify rising thresholds when you want to be notified that an
alarm has risen above the threshold you specified. You specify falling thresholds when you
want to be notified that the network is behaving normally again. For example, you might
specify a falling threshold of 30 collisions per second to indicate a return to acceptable behavior.
When you configure an alarm condition, you must define the following values:
y The monitoring interval over which data is sampled.
y The variable to be sampled.
y Rising and falling thresholds used to detect when network trouble starts and when it ends.
y The event that takes place when a rising threshold is crossed.
y The event that takes place when a falling threshold is crossed.
An RMON event is the action that occurs when an associated RMON alarm is triggered. When an
alarm event occurs, it can be configured to generate a log event, a trap to an SNMP network
management station, or both. For information on viewing alarm events in log files.

An RMON alarm allows you to monitor a MIB object for a desired transitory state. An alarm
periodically takes samples of the object's value and compares them to the configured thresholds.
RMON allows you to configure two types of sampling, absolute and delta:
y Absolute sampling compares the sample value directly to the threshold. This sampling is
similar to a gauge, recording values that go up or down.
y Delta sampling subtracts the current sample value from the last sample taken, and then
compares the difference to the threshold. This sampling is similar to a counter, recording a
value that is constantly increasing.
To set an RMON alarm, use the following commands in Privileged mode:
Table 8-18 Configuring RMON alarm group
Command Task
2. Set an alarm on a MIB object.

y <index>: Alarm number (1 ~ 65535)
y <interval>: MIB object monitoring interval (1-2147483647
seconds)
y <type>: Value to monitor. Select one of the following values:
- multicastPkts: The number of incoming multicast packets.
rmon alarm <index> - cRCAlignErrors: The number of incoming packets with CRC
<interval> errors.
{<type> <StatisticsIndex> - collisions: The number of times a collision occurs while the
|<variable>} packet is received.
- octets: The total number of incoming octets.
{delta | absolute}
- pkts: The total number of incoming packets.
{rising|falling|both} - broadcastPkts: The number of incoming broadcast packets
threshold - pkts256to511: The number of incoming packets 256 to 511 bytes in
<rising-threshold> length.
<falling-threshold> - pkts512to1023: The number of incoming packets 512 to 1023 bytes
in length.
event-index
- pkts1024to1518: The number of incoming packets 1024 to 1518
<rising-event-number> bytes in length.
<falling-event-number> - pkts64: The number of incoming packets 64 bytes in length
owner <alarm-owner> - pkts65to127: The number of incoming packets 65 to 127 bytes
in length.
- pkts128to255: The number of incoming packets 128 to 255
bytes in length.
y <StatisticsIndex>: The number of statistics group to get
the selected value from <type>option (0 ~ 65535).
y <variable>: OID number of the MIB object to monitor.

(Continued)
Command Task
y absolute: Option for testing each MIB variable directly.
y delta: Option for testing the change between MIB variables
y rising: Option for triggering alarm when the monitored value
exceeds the rising threshold
y falling: Option for triggering alarm when the monitored value
exceeds the falling threshold
y both: Option for triggering alarm when the monitored value
exceeds the rising or falling threshol
y <rising-threshold>: Value at which the alarm is triggered
(0 ~ 2147483647)
y <falling-threshold>: Value at which the alarm is reset (0
~ 2147483647)
y <rising-event-index>: Event number to trigger when the
rising threshold exceeds its limit. (0 ~ 65535)
y <falling-event-index>: Event number to trigger when
the falling threshold exceeds its limit. (0 ~ 65535)
y owner <alarm-owner> : option for specifying an owner for the
alarm.
The following example shows how to configure RMON alarm group and check the result:
(config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index 1
1 owner aaa
(config)# end
# show rmon
RMON: Enabled
[statistics]
----- -------------- -----------------------------
[history]
----- -------------- -----------------------------

[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#
Before configure RMON alarm group, you should verify that the statistics group
(<StatisticsIndex>) is defined. If you specify undefined statistics group, the Can't fetch
the MIB values message will be displayed:
(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 100 event-
index 1 1 owner kimka
Can't fetch the MIB values
(config)#
To display the detail information on an alarm group, enter the show rmon alarm command
with the alarm number:
# show rmon alarm 1

Alarm 1 is valid, owned by aaa
Monitors etherStatsEntry.etherStatsPkts.1 every 10 seconds
Taking absolute samples, last value was 0
Rising threshold is 1000, assigned to event 1
Falling threshold is 100, assigned to event 1
On startup enable rising or falling alarm
To delete a RMON alarm group, enter the no rmon alarm command in Global configuration
mode:
(config)# no rmon alarm 1

(config)#

Displaying RMON Information
To display the current RMON configuration, enter the show rmon command in Privileged
mode. You can execute the show rmon command with the following options:
y alarm Displays the RMON alarm table.
y events Displays the RMON event table.
y history Displays the RMON history table.
y statistics Displays the RMON statistics table.
If you do not specify any option, the contents of the RMON alarm table, event table, history table, and
statistics table are displayed. The following is a sample output of the show rmon command:
# show rmon
RMON: Enabled
[statistics]
----- -------------- -----------------------------
[history]
----- -------------- -----------------------------
[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
#

The table below describes the fields in the show rmon command output:
Table 8-19 show rmon field descriptions
Field Description
RMON Running status of the RMON.
Index Index of the RMON statistics entry into the statisticsTable.

statistics Status Status of the RMON statistics entry.
dataSource Data source of the RMON statistics entry.
Index Index of the RMON history entry into the historyTable.
history Status Status of the RMON history entry.
dataSource Data source of the RMON history entry.
Index Index of the RMON alarm entry into the alarmTable.
alarm Status The owner of the RMON alarm entry.
Sample Data source of the RMON alarm entry.
Index Index of the RMON event entry into the eventTable.
event Status Status of the RMON event entry.
Type Type of event.

SNMP and RMON Configuration Commands
The table below shows the list of SNMP and RMON configuration commands and their
functions.
Table 8-20 SNMP & RMON Configuration Commands
Command Function
show snmp-server Displays SNMP parameters.
show snmp-server
Displays SNMP community configuration.
community-list
show snmp-server
Displays SNMP statistics.
statistics
show snmp-server traphost Displays the list of the trap receiver hosts.
show snmp-server Save the system configuration automatically at least 24 hour
write-interval intervals
Displays the contents of the RMON alarm table, event table,
show rmon
history table, and statistics table.
snmp-server community Configures the SNMP community strings.
snmp-server contact Specifies the system contact information.

snmp-server disable
Disable a SNMP trap.
traps
snmp-server enable rmon Enables the RMON.
snmp-server enable traps Enables a SNMP trap.
Limits hosts which can access to the system through SNMP based
snmp-server group access
on the access list.
snmp-server host Specifies hosts to receive SNMP notifications.

snmp-server location Specifies the system location information.
snmp-sever trap Specifies souce IP of a trap
rmon alarm Configure an RMON alarm group.
rmon etherstats Configures an RMON statistics group.
rmon event Configures an RMON event group.
rmon historycontrol Configures an RMON history group.
rmon port utilization Polling utilization information periodically.

Chapter 9 Configuring QoS
This chapter describes how to configure QoS (Quality of Service) on the Corecess R1-
SW24L2B.
9 QoS Ovewview 9-2
9 Configuring QoS 9-17
9 Configuring Non-Class-map QoS Features 9-32
9 QoS Configuration Commands 9-40

QoS Overview
This section describes QoS (Quality of Service) and QoS features supported by the Corecess R1-
SW24L2B.
QoS (Quality of Service)

QoS can classify traffic into several levels and provide graded quality of service. QoS function
can give high priority to traffic that should transmit important information or be processed in
real-time, so high priority traffic is transmitted first, then low priority traffic is transmitted. It
makes the limited network resource such as bandwidth use efficiently.
QoS consists of the Classifier and the Traffic manager. The Classifier classifies traffic, and the
Traffic Manager processes the classified traffic as follows:

Packet Buffer Queue Packet
Classifier Marker Policer
In Manager Scheduler Out
Traffic Manager
The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic
manager marks the QoS level to the packet header or processes a packet that is in permitted
bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or
prefers which packet transmits first.
The following section describes parameters to classify packets and how to classify packet.

Classifier
Classification Standard
The classifier uses the following values to decide the packet level.
y Layer 1 : Number of Input/output port

The input/output ports in Layer 1 packet is a port that a packet is received and transmitted. It is also
called as ingress/egress port.
y Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number from zero
to seven is stuffed in the three bit field.
y Layer 3 : Source/Destination IP Address, Protocol ID, TOS/DSCP Field

Protocol ID in the header of Layer 3 packet is a field that marks which packet of protocol is. The field is
set by values that have been defined (TCP: 6, UDP: 17, ICMP:1, IGMP:2).
The following values are set in the eight bit of TOS field - also called DSCP field - in the header of Layer
3 packet.
IP Type of Service (RFC 1349) IP DiffServ Code Point (RFC 2474)
bits bits 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
DSCP C
IP-Prec TOS MRZ U
Class Selector
D T R C
- MRZ : Must Be Zero -D : Minimum Delay

-T : Maximum Throughput -R : Maximum Reliability
-C : Minimize Cost - CU : Currently Unused
y Layer 4 : Source/Destination Port Number, TCP Flag

The port number in TCP/UDP header of Layer 4 packet notifies what the packet of application is.
The classifier can classify the following types of category with the classification standard.
y Subscriber (packet sender) Classification: Who send the packet?

- Packet Classification using Input Port Number, Source MAC Address and Source IP Address
y Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address and
Configuring QoS 9-3

TCP/UDP Port Number
y Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port
Number, Destination MAC Address and Destination IP Address
y Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet?
And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port
Number, Destination MAC Address and Destination IP Address and TCP/UDP Port Number
y Class based Classification: QoS level is marked in the packet?

- Packet Classification using the value of the 802.1p field and IP TOS/DSCP/IP-Prec field
Classification Table
The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a
packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate)
classifier that recognizes the packet decided QoS level.
MF classifier uses the following table to decide QoS level and to recognize a QoS profile.
level Classification standard Service Contents
Source Destination
Input Output Source Destination VLAN Source Destination Protocol TCP QoS
Rule# 802.1P TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID IP IP ID Flag Profile
Port # Port #
1
2
3
4
5
6
7
.
.
.

A QoS profile has information what actions (marking, policing and assigning queue) should be
done to the packet decided QoS level through classification standard. The traffic manager
actually applies the actions to the packet.
BO
For example, the classification table is defined as follows.

20.1.1.0/24
There is a packet that source IP address is 1.1.1.0/24, and
HQ
destination IP address id 20.1.1.0/24. When the classifier
HTTP Packet
receives the packet, the classifier recognizes that the packet
1.1.1.0/24
matches rule number four, and applies the packet to be
processed by the QoS profile.
Source Destination
Input Output Source Destination VLAN Protocol TCP QoS
Rule# 802.1P Source IP Destination IP TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID ID Flag Profile
Port # Port #
1
2
3
4 * * * * 0x0800 * 1.1.1.0/24 20.1.1.0/24 6 * * 80 *
5
6
The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of
802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following
field values are defined. One of the profiles is applied to the packet by the field values.
TOS/DSCP/IP-Prec
802.1p Table
Table
802.1p Field Value QoS Profile ToS Field Value QoS Profile
0 0
1 1
2 2
3 3
4 4
5 5
6
7 255
The following section describes the traffic manager.
Configuring QoS 9-5

Packet Marker
Packet marker marks 802.1P field or ToS field with QoS level. QoS level of a packet can use the
value decided by the classifier or be changed by QoS profiles. It is called remarking that the
first decided level is changed and marked by QoS profiles.
Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic
flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged
bandwidth.
Policer consists of metering and action block. Metering measures traffic flow rate and compares
the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action
block. Action block decide how to process traffic depending on the result.
There are three methods to process the result as follows:
y Pass: transmits packets without the result.
y Drop: Discard packets which exceed bandwidth.
y Mark: Remark packets which exceed bandwidth.
Policer Variables
To use Policer function, you should understand the following variables.
y CIR (Committed Information Rate)

Engaged Bandwidth. It is also called Average rate or Guaranteed rate.
y PIR (Peak Information Rate)

Maximum bandwidth
y CBS (Committed Burst Size)

Packet size that can be received for one time. It is also called Average burst size.
y PBS (Peak Burst Size)

Maximum packet size that can be received for one time
y EBS (Excessive Burst Size)

Gap between received packet size and CBS

The following graph shows the variables.
Information Burst Size (Bytes)

Rate(bps)
EBS
CIR PIR PBS CBS
time
Token Bucket
There are several implementation of policer function, and the typical implementation is the
token bucket. The token bucket contains tokens, each of which can represent a unit of bytes.
Token is filled up in the token bucket for a certain rate. When packets are arrived, the same
amount of tokens is removed from the token bucket.
Packet
The same amount of tokens is

removed from the bucket.
Token Bucket
Bucket Size
Token Rate
Token
The variables of policer can be substituted for the element of token bucket as follows:
y CIR : Token Rate
y CBS : Bucket Size
Configuring QoS 9-7

If tokens are full in the token bucket, no token is provided. When packets are received, the same
amount of token are removed. If the number of tokens is less than size of a packet, the packet is
specified as non-conforming packet. And, if the number of tokens is more than size of a packet
or is the same as the size of packet, the packet is specified as conforming packet. The packet
specified as non-conforming packet is processed by QoS profile of the packet.
There are two method of token bucket - single token bucket, dual token bucket. Single token
method uses only one bucket, and dual token method uses two bucket.
In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR
rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the
second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally
becomes the non-conforming packet. If a packet that is specified as conforming in the first bucket
becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming
packet.
Dual token bucket method can control the packet with detailed classification above.
The following graph shows the dual token bucket method.
Bucket Size Bucket Size

= PBS = CBS
Token Rate Token Rate

= PIR = CIR P

Queue Scheduler
The output port is generally slower than the input port because the output port transmits
packets that are received from the several input ports. In the output port, at least one queue is
assigned, and packets that have to be processed by the output port are saved. When saved
packets in a queue are more than bandwidth that can transmit packets - it means congestion,
what packets are transmitted first should be defined in the output port. This is called queue
scheduling.
There are various queues scheduling method, and the following methods are generally used.
y Strict Priority Queuing
y WRR (Weight Round Robin)
y WFQ (Weight Fair Queuing)
y DWRR (Deficit Weight Round Robin)
SPQ (Strict Priority Queuing)

In this method, each queue has assigned priorities (high, medium, low), and packets in the high
priority queue are transmitted first. After packets in the high priority are transmitted
completely, packets in the next priority queue are transmitted.
[Q1] Priority: High

200B 300B 400B 100B 300B
[Q2] Priority: Medium Output Port
400B 500B 500B 400B 300B 600B 400B 500B 500B 200B 300B 400B 100B 300B
[Q3] Priority: Low SPQ Scheduler

400B 300B 600B
This method is easy to implement, but if there are plenty of packets that flows into the high
priority queue, packets in the low priority queue can not be transmitted at all. This is called
starvation.
Configuring QoS 9-9

WRR (Weight Round Robin)
WRR method processed every queue in sequence to remove starvation that happens in SPQ
(Strict Priority Queuing). The packet size that process packets each time can be set for each
queue instead. A value, called weight, is used to set the packet size. The weight represents the
ratio of packets that is serviced through the queues.
[Q1] Weight: 2
200B 300B 400B 100B 300B
[Q2] Weight: 1 Output Port
400B 500B 500B
[Q3] Weight: 1 WRR Scheduler

400B 300B 600B
If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It
means that two packets are transmitted through the first queue (Q1), and a packet is
transmitted through the second queue (Q2), then a packet is transmitted through the third
queue (Q3).
WRR method can specify priority to each queue and prohibit starvation as above. The
disadvantage of WRR is not useful in IP network that packet size is variable because weight is
ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is
1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even
though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but
the 1500byte data packet can be sent through the low weight queue.

WFQ (Weight Fair Queuing)
WFQ method divides whole packet in queue into bit unit to solve the problem of WRR and
transmits the bits at weight ratio of queues, then reassembles the bits.
[Q1] Weight: 2 1 bit

Last bit of Last bit of Last bit of
200B 300B 400B 100B 300B 400B Pkt 500B Pkt 600B Pkt
Packet Segmentation
Last bit of Last bit of Last bit of
400B Pkt 300B Pkt 500B Pkt
[Q2] Weight: 1
Packet
400B 500B 500B
Reassembler
Bit-by-Bit WRR
[Q3] Weight: 1 Scheduler Last bit of Last bit of Last bit of
300B Pkt 400B Pkt 300B Pkt
Bit-by-Bit Service Ratio Last bit of
400B 300B 600B
= Q1:Q2:Q3 = 2:1:1 200B Pkt Last bit of
100B Pkt
400B 400B 500B 300B 200B 600B 300B 500B 400B 100B 300B
Output Port
This method can transmit packets without the packet size at the ratio that is specified in the
queue, but it is complicated to implement.
DWRR (Deficit Weight Round Robin)

DWRR method enhances disadvantage of WRR and WFQ. DWRR defines weight, quantum and
deficit counter to each queue. Quantum is the maximum packet size that is processed by weight
ratio. Deficit counter is set to 0 by default. Deficit counter is merged with quantum when data
of a queue is serviced. The packet of queue can be serviced up to deficit counter. After the
packet is serviced, deficit counter is decreased to the packet size.
For example, there is a queue that quantum value is 1000bytes. If 500byte packet, 300byte
packet, and 300byte packet are in a queue, only 500byte packet and 300byte packet can be
processed because the queue can process up to 1000bytes. Then, deficit counter becomes 200.
After other queues process their packet, the queue become in the order. The deficit counter
value becomes 1200, and the queue can process up to 1200byte.
Deficit counter memorizes the size of packet that was not transmitted as the ratio of weight, and
transmits the packet next time.
Lets look at the operation principal of DWRR. There are three queues in an output port as
below. In each queue, 2:1:1 of weight is assigned. The quantum values of each queue are set as
1000byte, 500byte and 500byte. The deficit counter values are set as 0 (Picture 1).
Configuring QoS 9-11

[Q1] Weight: 2 [Q1] Weight: 2
1000B - 300B - 100B - 400B
Quantum=1000, DeficiCounter=0B Quantum=1000, DeficiCounter=200B
200B 300B 400B 100B 300B 200B 300B

Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B
400B 500B 500B 400B 500B 500B 400B 100B 300B
[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR

Quantum=500, DeficitCounter=0B Scheduler Quantum=500, DeficitCounter=0B Scheduler
400B 300B 600B 400B 300B 600B
[Picture 1] [Picture 2]
The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes
1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the
transmission, the deficit counter value becomes 200 (Picture 2).
The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the
value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter
value becomes 0. The next time the number 3 of queue should be processed, but the first packet
in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case,
deficit counter is not changed, and no packet is transmitted.
The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to
the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and
the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be
transmitted, then deficit counter becomes 700 (Picture 3).
[Q1] Weight: 2
1200B - 300B - 200B [Q1] Weight: 2
Quantum=1000, DeficiCounter=700B Quantum=1000, DeficiCounter=0B

Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B
400B 500B 200B 300B 400B 300B 600B
[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR

Quantum=500, DeficitCounter=500B Scheduler Quantum=500, DeficitCounter=100B Scheduler
400B 300B 600B 400B
1000B - 600B - 300B
[Picture 3] [Picture 4]
There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of
queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2
of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets

previous time, the deficit count becomes 1000byte, and 600byte and 300byte packet are
transmitted. After the transmission, the deficit counter becomes 100 (Picture 4). The rest of
packets are processed as above.
Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue.
The traffic that is more than target traffic rate is stored into the buffer. If there is enough
bandwidth to transmit, the stored traffic is transmitted.
Bandwidth(bps) Bandwidth(bps)
Offered Traffic Buffered
Target Traffic Rate

Rate Shaped Traffic
time time
This method is more flexible than policing, but is not useful in real-time traffic such as voice
traffic because transfer delay occurs.
WC Scheduler and NWC Scheduler

WC (Work Conserving) scheduler can use whole bandwidth of output port until congestion
occurs. SPQ, WRR, DWRR and WFQ are WC method. On the other hand, even if there is no
congestion, NWC (Non Work Conserving) scheduler does not service more than bandwidth
that is assigned queue. Shaping is this method.

Buffer Manager
Queues of an output port have fixed size. If a queue is full of packets, and other packets flow
into the queue, the packets are discarded as a particular rule. Buffer manager is the function
that discards received packets selectively to solve the congestion of the queue.
This section introduces that buffer manager methods.
Tail Drop
In Tail drop method, if there is no space to store Drop Probability
packets, packets that arrived after full of the queue

are discarded. The ratio that packets are discarded 1
is 1 when the amount of packet in the queue

becomes the size of the queue (Max Size) as the
right graph.
Retransmission requests are sent to senders 0 Queue Size

Max Size
continuously because packets are discarded after
the queue is full. The host that received retransmission requests considers that the link is not
stable and makes transmission speed slow. If this situation occurs repetitively, the speed of
whole network is slower. This problem is called TCP global synchronization.

QoS on the Corecess R1-SW24L2B
This section describes QoS features supported by the Corecess R1-SW24L2B. The following
figure shows QoS structure on the Corecess R1-SW24L2B:
Q0 Output
port #1 TC #1
Q1 TC #1
.
.
TC #1
Q6
Classifier
Input port #1 Q7
match
match
. .
. match .
. . .
.
. .
.
Input port #n . .
.
Q0 Output
port #n
Q1
.
. TC #216
Q6 TC #217
Q7 TC #218
The Corecess R1-SW24L2B classifies the packets from ingress (incoming) port according to the
criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and
transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.
Packet Classification
Packet classification partitions traffic into multiple priority levels, or classes of service. The
Corecess R1-SW24L2B uses the values in the following fields of the layer 1 ~ layer 4 IP packet
header as a criterion to classify packets:
y Layer 1:Input/output port number
y Layer 2: Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID
y Layer 3:Source/destination IP address, protocol ID, TOS/IP Precedence/DSCP filed
y Layer 4:Input/output port number, TCP flag

Marking & Remarking
Marking is a way to identify packet flows to differentiate them. Packet marking allows you to
partition your network into multiple priority levels or classes of service.
The Corecess R1-SW24L2B supports marking based on the following bits in the CoS (Class of
Service) filed for the packet:
y DSCP value
y CoS value
y VLAN priority
Policing
The Corecess R1-SW24L2B supports Policing. Policing is the process by which the system limits
the bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic
flow by using a policy map or limit the full bandwidth of a port.
Transmit Queue
The Corecess R1-SW24L2B provides eight transmit queues for each engress port. These transmit
queues are scheduled by the Strict Priority Queueing (SPQ) mechanism. You can use the
following value to determine queue priority:
y Users priority (The value that is set by using the priority command in Policy-map class configuration
mode)
y DSCP
y CoS
y VLAN priority
When the transmit queue is full, frames at the end of the queue are dropped (tail drop).

Configuring QoS
This section describes how to configure QoS on the Corecess R1-SW24L2B.
Configuring QoS Service Policy

A QoS service policy consists of a classification policy and QoS policies that are applied to a
particular interface. The Corecess R1-SW24L2B supports the use of class maps and policy maps
to create or modify a QoS service policy.
The following diagram shows steps for configuring QoS service policy:
A class map consists of criteria for classifying traffic into several

X Defining Class Map classes. The first task for configuring QoS service policy is defining
class maps.
A policy map consists of classes which have actions to apply to the

Y Defining Policy Map traffic class. The second step for configuring QoS service policy is
defining policy maps.
A policy map class consists of actions to apply to the specified class

Z Configuring
of traffic (bandwidth priority, filtering, rate limiting). The third step for
Policy Map Class
configuring QoS service policy is configuring policy map class.
A service policy consists of a policy-map and ingress/egress ports

Applying
[ Service Policy which the policy map will be applied to. The last step of configuring
the QoS Service policy is defining service policies.
The sections which describe how to configure each step follow.

Configuring a Class Map
A class-map is a mechanism that you use to name and to isolate a specific traffic flow (or class)
from all other traffic. The class-map defines the criteria used to match against a specific traffic
flow to further classify it. If you have more than one type of traffic that you want to classify, you
can create another class-map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use of a policy-map.
You can classify packets and assign them to specific queues based on the following criteria:
Table 9-1 Criteria for packet classification
Criterion Description Value

cos The CoS (Class of Service) value 0~7
dsap The DSaP (Destination Service Access Point) value 0 ~ 255
dscp The DSCP (DiffServe Code Point) value 0 ~ 63
tos The ToS (Type of Service) value 0~7
ip-prec The IP precedence value 0~7
ip-sa The source IP address
ip-da The destination IP address
mac-sa The source MAC address
mac-da The destination MAC address
tcp-dpn The destination TCP port number 0 ~ 65535
tcp-flag The TCP flag value
tcp-spn The source TCP port number 0 ~ 65535
udp-spn The source UDP port number 0 ~ 65535
udp-dpn The destination UDP port number 0 ~ 65535
ether-type The Ethernet Type filed value 0 ~ 65535
input-port The input port number
output-port The output port number
protocol The L4 Protocol field value 0 ~ 255
vlan-sid The VLAN ID that the input port belongs to. 1 ~ 4094
vlan-did The VLAN ID that the output port belongs to. 1 ~ 4094
CoS field can not be included with DSCP or IP precedence in the same class-map. To make the
CoS field available, enable IEEE 802.1p using 802.1p classification enable command.
If IEEE 802.1p is enabled, DSCP and IP precedence criteria in class-maps are not available. To
use the DSCP or IP precedence instead of CoS, disable the IEEE 802.1p using 802.1p

classification disable command. By default, IEEE 802.1p is disabled.
After creating class-maps, system checks the inbound or outbound packets by the criteria in
class-maps. QoS actions defined in the policy-map for the class will be applied to the classified
packets into classes.
You can create a class-map by using the class-map command in QoS configuration mode.
When you enter the class-map command, the Corecess R1-SW24L2B enters the class-map
configuration mode. In this mode, the match criterion is defined for the traffic by using the
match command.
To create a class-map and add the criteria to the class-map, use the following command in the
Privileged mode:
To create a class map and specify the way in which the Corecess R1-SW24L2B should classify
traffic, enter the following commands in Global configuration mode:
Table 9-2 Creating a class map
Command Task
qos 1. Enter QoS configuration mode.
2. (Optional) Enables IEEE 802.1p. If IEEE 802.1p

is enabled, CoS field is available for the criterion
8021p classification enable of the class-map. If IEEE 802.1p is disabled
(default setting), IP precedence and DSCP fields
become available instead of CoS field.
3. Create a class map and enters class-map

class-map <class-map-name> configuration mode.
y <class-map-name>: Class map name.
match cos <cos-value>
match dsap <dsap-value>
match dscp <dscp-value>
match ether-type <ether-type>
match input-port <port-type>
<slot>/<port>
match ip-da <dest-ip> <mask>
4. Define the classification criteria for the class
match ip-prec <ip-prec-value>
map.
match ip-sa <sour-ip> <wildcard>
match mac-da <dest-mac>
match mac-sa <sour-mac>
match output-port <port-type>
<slot>/<port>
match protocol <protocol-id>
match tcp-dpn <tcp-port-num>

Command Task
match tcp-flag <flag-num>
match tcp-spn <tcp-port-num>
match udp-dpn <udp-port-num>
match ucp-spn <udp-port-num>
match vlan-did <vlan-id>
match vlan-sid <vlan-id>
6. Verify the class map configuration.

show classmap <class-map-name>
y <class-map-name>: Class map name.
Note : To delete a class map, enter the no class-map <class-map-name> command in the qos
configuration mode. To delete the criteria, enter the no match command in the qos configuration mode.
The following example shows how to create a class map and define a classification criterion by
using the source IP address:
(config)# qos
(config-qos)# class-map class1
(config-cmap)# match ip-sa 172.27.2.16 0.0.255.255
(config-cmap)# end
# show classmap
ClassMap
--------------------------------------------------
Name : class1
Match Content : ip-sa 172.27.2.16/0.0.255.255
Total Entries = 1
# write memory
[OK]
The following example shows how to create a class map and define the criteria by using the
destination IP address and the destination TCP port number:
(config)# qos
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255

(config-cmap)# match tcp-dpn 25
(config-cmap)# end
# show classmap class2
ClassMap
--------------------------------------------------
Name : class2
Match Content : ip-da 10.10.10.1/0.0.0.255
: tcp-dpn 25
Total Entries = 2
# write memory
[OK]
To delete a class-map, use the no class-map <class-map-name> command in the QoS

configuration mode. To remove a criterion from a class-map, use no match command in the
class-map configuration mode.

Configuring a Policy Map
A policy-map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP,
or IP precedence values in the traffic class; setting a specific DSCP or IP precedence value in the
traffic class; or specifying the traffic bandwidth limitations and the action to take when the
traffic is out of profile. Before a policy-map can be effective, you must attach it to an interface
through defining a service policy. Multiple policy-maps can be attach to an interface and each
policy-map should be applied to different traffic class.
The followings are QoS actions which can be included in a policy-map:
y filter : Action for deciding whether the traffic is discarded or forwarded.
y mark : Action for configuring the values to be set in the DSCP, IP precedence, ToS, or
802.1P field of the packets which belong to the traffic class.
y police : Action for configuring the rate-limiting feature.
y priority : Action for configuring the priority(high or low) of the traffic. The priority is
used for selecting the traffic to be discarded when the system congestion.
y bandwidth : Action for configuring the minimum transmission bandwidth for the traffic
class.
y weight : Action for configuring the ration of the minimum transmission bandwidth for
the traffic class.
To apply multiple QoS actions to a traffic class, multiple QoS actions can be included in a
policy-map.

Creating a Policy-map
To create a policy-map and configure QoS actions for a traffic class, perform this task in the
Table 9-3 Creating a policy map
Command Task
2. Create a policy map and enter the policy-map
configuration mode.
policy-map <policy-map-name>
y <policy-map-name>: Name of a policy map to
define.
3. Specify the class to which the policy map applies and
enter the policy-map-class configuration mode.
class <class-name>
y <class-name>: The name of the class to which
the policy map applies.
mark {cos|dscp|ip-prec} <value>
filter {deny|permit|to-proc}
bandwidth <bandwidth> 4. Configures Qos actions for the class. Refer to the
weight <percentage> following sections for configuring QoS actions in the
priority <value> policy-map class configuration mode.
rate-limit rate <target-rate>
tcflow monitoring
show policymap 6. Verify the policy map configuration.
The sections which describes how to add the QoS actions in the Step 4 and how to verify the
policy map configuration in Step 5 will follow.
The following example shows how to create a policy map and specify a class map to which the
policy map applies:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# priority 7
(config-pmap-c)# end
# show policymap policy1
PolicyMap
--------------------------------------------------
Name : policy1
Linked ClassMap : class1

Policy : priority 7
#
You can delete a policy-map using the no policy-map command in the QoS configuration
mode. This example shows how to delete a policy-map:
(config)# qos
(config-qos)# no policy-map TEST
(config-qos)#
You can remove a class-map from the policy-map, using the no class command in the
policy-map configuration mode. The no class command does not delete the class-map but
disconnects the relation between the policy-map and the class-map. To delete a class-map, use
the no class-map command in the QoS configuration mode. This example shows how to
remove a class-map from the policy-map and verify the result:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# no class class1
(config-pmap)# end
# show policy-map
Policy-map polmap6

Configuring Policy-Map Class Remarking (CoS, IP Precedence, or DSCP)
The QoS fields such as the Layer 2 CoS (802.1p field) or Layer 3 IP precedence, ToS, or DSCP
fields are used for classifying the traffic class. Depending on the network state or QoS policy,
user can set these fields to the specified values which can change the priority of traffic.
To set the QoS fields of packets, which belong to the policy-map class to the specified values,
perform this task in the Global configuration mode.
Table 9-4 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map
Command Task
policy-map 2. Create a policy map and enter policy-map configuration mode.

<policy-map-name> y <policy-map-name>: The name of a policy-map.
3. Specify the class to which the policy map applies and enter policy-map-
class <class-name> class configuration mode.
y <class-name>: The name of the class to which the policy map applies.
4. Specify the value and type of the field to change.

mark {cos | dscp | y cos <value>: Specify the value of the CoS field (0 ~ 7).
ip-prec} <value> y dscp <value>: Specify the value of the DSCP field. (0 ~ 64).
y ip-prec <value>: Specify the value of the IP precedence field(0 ~ 7).
This example configure remarking feature to set the CoS field to 7 of the traffic class class1 in
the policy map policy1:
(config)# qos
(config-pmap-c)# mark cos 7
(config-pmap-c)#

Configuring Packet Filtering
In a policy-map, you can add criteria for filtering a traffic class or forwarding it to the internal
system processor.
To add a criterion for deciding whether filtering packets or forwarding, perform this task in the
Global configuration mode.
Table 9-5 Configuring packet filtering of a traffic class in a policy map
Command Task
policy-map <policy- 2. Create a policy map and enter policy-map configuration mode.
map-name> y <policy-map-name>: The name of a policy-map.
4. Select the filtering method of the traffic class.

filter {deny| y deny: Discard the traffic.
permit|to-proc} y permit: Forward the traffic.
y to-proc: Send the traffic to the CPU.
This example configure to discard the traffic class class2 in the policy map policy1:
(config)# qos
(config-pmap-c)# filter deny
(config-pmap-c)#

Configuring Minimum Transmission Bandwidth
The Corecess R1-SWL2B can specify the minimum transmission bandwidth which should be
guaranteed for a specific traffic class when congestion occurs. You can set this minimum
transmission bandwidth to either speed or ratio. Beyond the guaranteed bandwidth, the traffic
will be dropped in the event of congestion.
To configure the minimum transmission bandwidth for a traffic class in a policy-map, perform
this task in the Global configuration mode.
Table 9-6 Configuring a transmission queue for a traffic class
Command Task
qos 1. Enter the QoS configuration mode.

class configuration mode.
class <class-name> y <class-name>: The name of the class to which the policy map
applies.
4. Specifies minimum bandwidth guarantee, in Kbps, for the traffic class.

bandwidth <bandwidth> y <bandwidth>: The minimum bandwidth (0 ~ 100000Kbps).
5. Specify the bandwidth ratio of the transmission queue for the traffic
class.
weight <percentage> y <percentage> : Percentage of available bandwidth to be assigned to
the class (0 ~ 100)
Both bandwidth and weight cannot be applied together. You can set only one command
between bandwidth command and weight command.
This example configures the bandwidth of the transmission queue for the traffic class class1 in
the policy map class policy1:
(config)# qos
(config-pmap-c)# bandwidth 10000
rate is adjusted to 9984 kbps
(config-pmap-c)#

This example designates 25% for the bandwidth ratio of the transmission queue for the traffic
class class2 in the policy map class policy1:
(config)# qos
(config-pmap-c)# weight 25
(config-pmap-c)#
Configuring Policy-Map Class Priority

The priority command in the policy-map configuration mode can assign the user-defined
priority to a traffic class. This user-defined priority is used for selecting one of eight
transmission queues in an output port for buffering packets. It is also used as the value for CoS
field. By default, a transmission queue is select by this user-defined priority. However, you can
use the CoS, DSCP, or VLAN ID when selecting a transmission queue. To do this, use the
queue-precedence command in the QoS configuration mode.
The following is a procedure for specifying the user-defined priority for a traffic class:
Table 9-7 Specifying a priority of a traffic class in a policy map
Command Task

4. Gives priority to a class of traffic belonging to a policy-map.

priority <value> y <value>: Priority (0 ~ 7). 0 is the highest priority queue and 7 is the
lowest priority queue.
This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map
policy1:
(config)# qos
(config-pmap-c)# priority 7
(config-pmap-c)#

Configuring Policy-Map Class Policing (Rate-Limiting)
In a policy map, you can configure the rate limiting feature which discards the packets that
exceed the bandwidth limits.
Rate limiting is the process by limiting the bandwidth consumed by a flow of traffic. After a
packet is classified, the rate limiting process can begin. The rate limiting involves creating a
policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are
dropped.
To configure the rate limiting feature in a policy map, perform this task in the Global
configuration mode:
Table 9-8 Configuring rate-limint of a traffic class in a policy map
Command Task
policy-map 2. Enter policy-map configuration mode.
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.
4. Specifies the limited rate to be applied to traffic of the class in the
specific policy-map
rate-limit rate
y <target-rate>: Average rate to be applied to the traffic which
<target-rate>
meets the condition of the class(0 ~ 1000000Kbps). The value must be
in increments of 64 kbps.
Note : Policing can be applied to a specific port as well as a specific traffic class. Entering the rate-limit
commandin the QoS configuration mode sepcifies the target bandwdith to be applied to both incoming
and outgoing traffic through a port. How to configure policing for a port will be described later in this
chapter.
This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting in
the policy map policy1:
(config)# qos
(config-pmap-c)# rate-limit rate 640
(config-pmap-c)#

Configuring Service Policy
The service policy is a process of mapping the policy maps and physical ports. After
configuring policy maps and QoS actions for the policy-map classes, attach the policy maps to
the physical input/output ports to apply the QoS action.
By default, the Corecess R1-SW24L2B can apply the QoS policy to both inbound and outbound
traffic on all interfaces. You can attach a single policy map to one or more ports to specify the
service policy for those ports. The class policies comprising the policy map are then applied to
packets that satisfy the class map match criteria for the class.
To apply a policy map to the ports, enter the following command in the Global configuration
mode:
Table 9-9 Applying QoS service policy
Command Task
2. Attach a policy map to an input port or an output port, to be used

service-policy
as the service policy for that port.
<service-name>
y <service-name>: Name of the service map.
policy-map
y <policy-map-name>: Name of the policy map to be applied.
<policy-map-name>
y input-port: Attach the policy map to input traffic.
[input-port <port-type>
y output-port: Attach the policy map to output traffic.
<slot>/<port>]
y <port-type>: Type of the port (gigabitethernet, fastethernet).
[output-port <port-type>
y <slot>/<port>: Slot number(1~8) and port number (1~4) of
<slot>/<port>]
the port.

show service-policy 4. Verify the service policy configuration.
[<service-name>] y <service-name>: Name of the service map.
This example applies the policy map named policy1 to the Gigabit Ethernet port 1/2 and
verifies the configuration:
(config)# qos
(config-qos)# service-policy service1 policy-map policy1 input-port gigabitethernet
1/2 output-port gigabitethernet 1/2
(config-qos)# end
# show service-policy
ServicePolicy

--------------------------------------------------
Name : service1
Linked PolicyMap : policy1
Port(In ) : 1/2
Port(Out) : 1/2
Total Entries = 1
# write memory
[OK]

Configuring Non-Class-map QoS Features
The previous sections describe QoS features for the traffics classified by class maps(classifiers).
The Corecess R1-SW24L2B has QoS features which can be applied without classifiers. This
section describes how to configure these non-class-map QoS features.
Configuring CoS (Class of Service)

QoS classifies traffic by assigning priority-indexed 802.1p class of service (CoS) values to frames
at ingress ports. If traffic is tagged with a CoS value at the ingress port, the switch forwards the
value. If traffic is native, then the switch can rewrite the CoS tag. QoS implements scheduling
on supported egress ports based on the 802.1p CoS values to give preference to higher-priority
traffic.
By default, 802.1p CoS is disabled on the Corecess R1-SW24L2B. When the 802.1p CoS is
disabled, the IP precedence and DSCP values are used for QoS. To enable the 802.1p CoS and
assign the priority to a interface for 802.1p class of service, perform this task in the Global
configuration mode:
Table 9-10 Configuring CoS value
Command Task
8021p enable 2. If necessary, enable 802.1p class of service on the system.
3. Assigns the priority to the specific VLAN interface.

8021p user-priority
y <priority>: The priority (0 ~ 7)
<priority> vlan <vlan-id>
y <vlan-id>: VLAN ID (1 ~ 4094)
[port <port-type>
<slot>/<port>]
y <slot>/<port>: Slot number and port number of the port.
4. Apply the configuration of step 2 to the system. After this command

8021p enable
is executed, the priority is applied.
end 5. Return to the privileged mode.
show user-priority 6. Verify the assigned CoS value.
Note : If you do not specify the port, assigned priority are applied to all ports in the specified VLAN.

The following example shows how to assign a priority of 6 to the Gigabit Ethernet port 1/1
which belongs to the default VLAN:
(config)# qos
(config-qos)# 8021p user-priority 6 vlan 1 port gigiabitethernet 1/1
(config-qos)# 8021p enable
(config-qos)# end
# show user-priority
Default User Priority
--------------------------------------------------
Entry[ 1]
Vlan : 1
Priority : 6
Port : 1/1

Configuring Rate Limiting on a Port
Rate limiting can be applied to individual port. This feature allows you to control the maximum
bandwidth of traffic transmitted or received on a port. The packets that exceed the bandwidth
limits are discarded.
Enter the following command in Global configuration mode to configure rate limiting on a
specific port:
Table 9-11 Configuring rate limiting on a port
Command Task
2. Configure the maximum bandwidth of a specific port.

rate-limit input-port y input-port: Applies rate limiting on an input port.
<port-type> y output-port: Applies rate limiting on a output port.
<slot>/<port>
[output-port <port-
type> <slot>/<port>] y <slot>/<port>: Slot number and port number of the port.
rate <target-rate> y <rate>: The maximum bandwidth (0 ~ 1000000Kbps, in 64Kbps
step).
show rate-limit 4. Verify the configuration.
The following example shows how to configure input rate limiting for the class:
(config)# qos
(config-qos)# rate-limit input-port fastethernet 2/1 output-port fastethernet
2/1 rate 24000
(config-qos)# end
# show rate-limit
RateLimit
--------------------------------------------------
Rate : 24000
Port(In ) : 2/1
Port(Out) : 2/1
Total Entries = 1
#

Specifying Precedence of Values for CoS Field
You can specify the precedence of the values which can be filled with the CoS field of the packet
when the packet is transmitted through the port. The available values for the CoS field are as
follows.
y tos: Value of ToS field (IP-precedence or DSCP)
y user: User-defined priority (default)
y valn: Destination VLAN priority
To configure the precedence of the values for the CoS field of the outgoing packet, perform the
following task in the Global configuration mode:
Table 9-12 Configring the precedence of values for CoS field
Command Task
2. Input the values (tos, user, vlan) in the order of high priority.
y <value1>: Specify the highest priority value to be used in CoS field.
8021p-precedence
y <value2>: Specify the second-highest priority value. This value is
<value1> <value2>
<value3> used when the <vlaue1> can not be used.
y <value3>: Specify the third-highest priority value. This value is used
when the <vlaue1> and <vlaue2> can not be used.
show
4. Verify the configuration.
8021p-precedence
The following example shows how to configure the precedence of the values for the CoS field
to the order of VLAN priority Tos CoS:
(config)# qos
(config-qos)# 8021p-precedence vlan tos user
(config-qos)# end
# show 8021p-precedence
8021p precedence odering
vlan tos user
#

Specifying Priority for a Transmission Queue
The transmission queue for a packet is selected from eight transmission queues in a port
according to priority of the packet. By default, the packet priority for choosing a transmission
queue is the user-defined priority. However, CoS, IP precedence, DSCP, or VLAN priority can
be used as the packet priority.
The following is a procedure for specifying a value used as the packet priority for choosing a
packet transmission queue:
Table 9-13 Specifying priority for transmission queue
Command Task
2. Input the values (tos, user, vlan, or class) in the order of high priority.
y <value1>: Specify the highest priority value.
y <value2>: Specify the second-highest priority value. This value is
queue-precedence
used when the <vlaue1> can not be used.
<value1> <value2>
<value3> <value4> y <value3>: Specify the third-highest priority value. This value is used
when the <vlaue1> and <vlaue2> can not be used.
y <value4>: Specify the lowest priority value. This value is used when
the <vlaue1>, <vlaue2>, and <vlaue3> can not be used.
show
queue-precedence
The following example shows how to configure the precedence of the values used for
transmission queue priority to the order of VLAN priority Users priority Class ToS:
(config)# qos
(config-qos)# queue-precedence vlan user class tos
(config-qos)# end
# show queue-precedence
queue precedence odering
vlan user class tos
#

Configuring Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into
the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted.
To configure shaping in the Corecess R1-SW24L2B, use following commands.
Table 9-14 Configuring Shaping
Command Task
shaping output-port 2. Configure shaping for traffic that transmits through the specified output
<port-type> port.
<slot>/<port> y <port-type> Port type (fastethernet, gigabitethernet)
rate <target-rate> y <slot>/<port> Slot number and port number
y <targe-rate> Target bandwidth (1~1000000Kbps, in 64Kbps step)
show shaping 4. Verify shaping configuration.
The following example shows how to configure shaping for the traffic that is transmitted
through the Gigabit Ethernet port 1/1.
(config-qos)# shaping output-port gigabitethernet 1/1 rate 128000

(config-qos)# end
# show shaping
Shaping
--------------------------------------------------
Shaping : 128000
Port(In ) :
Port(Out) : 1/1
Total Entries = 1
#

Configuring Broadcast Suppression
Broadcast suppression prevents LAN interfaces from being disrupted by a broadcast storm. A
broadcast storm occurs when broadcast or multicast packets flood the subnet, creating excessive
traffic and degrading network performance. Errors in the protocol-stack implementation or in
the network configuration can cause a broadcast storm. Broadcast suppression uses filtering
that measures broadcast activity in a subnet over a 1-second interval and compares the
measurement with a predefined threshold. If the threshold is reached, further broadcast activity
is suppressed for the duration the interval.
Broadcast suppression is disabled by default. To enable broadcast suppression, enter the

broadcast-storm-control command in QoS configuration mode:
Table 9-15 Configuring broadcast suppression
Command Task
2. Enables broadcast suppression on a VLAN interface.

broadcast-storm-control y <port-type> Port type (fastethernet, gigabitethernet)
[port <port-type> y <slot>/<port> Slot number and port number
<slot>/<port> | vlan id y <vlan-id>: VLAN ID to enable the broadcast storm control (1 ~
<vlan-id>] 4094).
pps <packet-number> y <packet-number>: The maximum number of broadcast packet
per second. Valid range is from 16 to 1048560.
show running-config 4. Verify the configuration.
The following example enables the broadcast storm on the default VLAN:
(config)# qos
(config-qos)# broadcast-storm-control vlan id 1 pps 4096
(config-qos)# end
.
.
qos
broadcast-storm-control vlan id 1 pps 4096
queue-precedence vlan user class tos
8021p-precedence vlan tos user

8021p enable
8021p user-priority 6 vlan 1 port fastethernet 2/1
!
#

QoS Configuration Commands
The following table lists the commands for configuring QoS on the Corecess R1-SW24L2B:
Table 9-16 QoS configuration commands
Command Function
Enables QoS based on IEEE 802.1p CoS (Class of Service) on the Corecess
8021p enable R1-SW24L2B.
8021p user-priority Assigns the priority for 802.1p class of service to a port or a VLAN
bandwidth Specifies the minimum bandwidth of a traffic class.
Enters Policy-map class configuration mode to specify a previously created

class
class map to be included in the policy map.
class-map Enters the class-map configuration mode to configure class maps.
dhcp-offer filter
discard Filters the DHCP server packets received from the specified port.
filter Configures filtering a class of traffic which belongings to a policy map.
Configures the remarking feature which modifies the CoS, IP precedence, or

mark
DSCP field of a traffic class.
match cos Specifies the CoS as a match criterion of a class map.
match dscp Specifies the DSCP as a match criterion of a class map.
match ip-da Specifies the destination IP address as a match criterion of a class map.
match ip-prec Specifies the IP precedence as a match criterion of a class map.
match ip-sa Specifies the source IP address as a match criterion of a class map.
match mac-da Specifies the destination MAC address as a match criterion of a class map.
match mac-sa Specifies the source MAC address as a match criterion of a class map.
match tcp-dpn Identifies destination TCP port numbers as match criteria.
match tcp-flag Specifies the TCP flag as a match criterion of a class map.
match tcp-spn Identifies source TCP port numbers as match criteria.
match tos Specifies the ToS as a match criterion of a class map.
match udp-dpn Identifies destination UDP port numbers as match criteria.
match udp-spn Identifies source UDP port numbers as match criteria.
netbios filter
discard Filters the NetBIOS packets received from the specified port.

Command Function
Enters QoS policy map configuration mode to configure the QoS policy
policy-map map.
priority Specifies the priority of a traffic class during network congestion condition.
rate-limit Configures the rate limiting to a traffic class.
rate-limit Applies the rate limiting feature to the specified port.
service-policy Defines a service policy to attach a policy map to the input/output ports.
weight Specifies the ratio of the bandwidth to be assigned to a traffic class.

Chapter 10 Configuring Security
This chapter describes how to configure security features on the Corecess R1-SW24L2B.
9 Configuring Password and Session Timeouts 10-2
9 Configuring Access Lists 10-6
9 Configuring Packet Filtering 10-11
9 Security Configuration Commands 10-23

Configuring Password and Session Timeouts
This section describes how to prevent unauthenticated users from logging in to the Corecess R1-
SW24L2B.
Configuring Password
You can provide access control on a terminal line by entering the password and establishing
password checking.
Setting the Login Password

By default, the Corecess R1-SW24L2B requires a user name or password when you log in to the
CLI. The default user name and password are corecess. To change the default login password,
perform the following tasks in User mode:
> passwd
Changing password for corecess
Old password:: ******** Enter the current password.
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
New password: ******** Enter the new password.
Re-enter new password: ******** Enter the new password again.
Password changed.
>
The User mode is signified on the system by the > prompt. In this mode, you can enter a variety
of commands to view statistics on the system, but you cannot change the configuration of the
system.

Setting the Privileged Mode Password
You can set the Privileged mode password that controls access to privilege mode. By default,
the Corecess R1-SW24L2B does not require the Privileged mode password for entering the
Privileged mode.
You can specify the password for the Privileged mode using enable passwd command in the
Global configuration mode. The following example sets the Privileged mode password to
R1SW24 by the enable passwd command configuration in the Global mode.
(config)# enable passwd R1SW24

(config)#
After setting the Privileged mode password, you should enter the password to go to the
Privileged mode from user mode as follows:
> enable
Password: R1SW24
Privileged mode is signified by the # prompt. In the Privileged mode, you can enter all
commands to view statistics and configure the system.
# The privileged mode prompt
Configuring Security 10-3

Password Encryption
All passwords on the system can be viewed by using the write terminal command in
Privileged mode.
You can hide clear-text passwords by storing passwords in an encrypted manner so that anyone
entering write terminal commands will not be able to determine the clear-text password.
The following example shows how to encrypt a user password and display the password on the
terminal line:
(config)# username guest passwd guest
(config)# end
# write terminal
!
! version 0.75
!
hostname localhost
username guest passwd 8 $1$$ysap7EeB9ODCrO46Psdbq/
:
:

Session Timeouts
The timeout for an unattended telnet session provides an additional security measure. If the
telnet line is left unattended in Privileged mode, any user can modify the system configuration.
The default timeout for an unattended telnet session is 10 minutes. To change the login timeout,
enter the following command in the global configuration mode:
Table 10-1 Changing timeout for an unattended telent session
Command Task
line vty 1. Enter the VTY-line configuration mode.
2. Set the login timeout.
exec-timeout <minute>
y <minute>: Timeout in minutes ( 1 ~ 600)
The following commands change the timeout to 1 minute:
(config)# line vty

(config-line)# exec-timeout 1
(config-line)# end
# write memory
[OK]

Configuring Access Lists
Access Lists
Access lists filter network traffic by controlling whether routed packets are forwarded or
blocked at the system's interfaces. Your system examines each packet to determine whether to
forward or drop the packet, based on the criteria you specified within the access lists.
Access list criteria could be the source address of the traffic, the destination address of the traffic,
the upper layer protocol, or other information. Note that sophisticated users can sometimes
successfully evade or fool basic access lists because no authentication is required.
You can use standard access lists to control the Telnet or SNMP access methods to management
functions on the Corecess R1-SW24L2B.
Server A
Router Internet or LAN
Server B
R1-SW24L2B
Access list
x Source IP address : 172.20.128.64
x Permit/deny : Permit
x Flow : Out
Host A Host B
IP: 172.20.128.10 IP: 172.20.128.64
In the above example, the access list allows access from the 172.20.128.64 host. Therefore the
host B connected to the Corecess R1-SW24L2B can access to the Server A or Server B and the
host A cant access to the Servers.

Defining Access Lists
The Corecess R1-SW24L2B provides basic traffic filtering capabilities with access control lists.
You can configure access lists at your system to control access to a network: access lists can
prevent certain traffic from entering or exiting a network.
To define access lists, enter the following command in Privileged mode:
Table 10-2 Defining access lists
Command Task
configure terminal 1. Enter the Global configuration mode.
2. Configure an ACL with the IP addresses you want to allow or

deny to access the system.
access-list <list-number>
y <list-number>: Number of the standard access list (1 ~
{permit|deny} <source-ip>
99, 1300 ~ 1999)
[<wildcard>]
y permit: Permits the frame whose source address matches
the condition.
y deny: Denies the frame whose source address matches the
condition.
y dynamic: Permits the frame whose source address
access-list <list-number>
matches the condition dynamically.
{permit|deny}
y <source-ip>: The IP address of the source network or
host <host-addr>
host in hexadecimal form (xxx.xxx.xxx.xxx).
y <wildcard>: Wildcard bit to be applied to <source-
ip>. The wildcard is a four-part value in dotted-decimal
notation (IP address format) consisting of ones and zeros.
Zeros in the mask mean the packet's source address must
access-list <list-number> match the <source-ip>. Ones mean any value matches.
{permit|deny} any y host: Indicates only the specified IP address for which the
access actions are available.
y any: Configures the policy to match on all host addresses.
show access-list 4. Verify the defined access lists.
Note:
x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros.
Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value
matches. For example, the <source-ip> and <wild-card> values 209.157.22.26 0.0.0.255 mean that all
hosts in the Class C sub-net 209.157.22.x match the policy.
x The packets that do not match any entries in an access list are denied.

The following example shows how to define an access list which permit the access from hosts in
the specified network:
(config)# end
# show access-list
Standard IP access list 1
permit 192.5.34.0, wildcard bits 0.0.0.255
#
The following example shows how to define an access list which deny the access from the
specified host:
# config t
(config)# access-list 2 deny host 171.69.198.102
(config)# access-list 2 permit any
(config)# end
# show access-list
Standard IP access list 2
deny 171.69.198.102
permit any
#

Applying the Access List to Terminal Line
After you create an access list, you can apply it to terminal line. In this case, access lists can be
applied on both outbound and inbound flows. To restrict terminal line access to the system
using access lists, enter commands such as the following:
Table 10-3 Applying the access list to terminal line
Command Task
line vty 1. Enter the VTY-line configuration mode.
2. Apply the access lists to terminal line.

y <list-number>: Number of an IP access list (1 ~ 99, 1300 ~
1999).
access-class <list-number>
{in | out}
y in: Restricts incoming connections between the system and
the addresses in the access list.
y out: Restricts outgoing connections between the system and
the addresses in the access list.
write memory 4. Save the configuration.
The following example shows how to apply the access list to terminal line. The Corecess R1-
SW24L2B allows Telnet access to all IP addresses except the hosts listed in access list 2.
(config)# line vty

(config-line)# access-class 2 in
(config-line)# end
# write memory
[OK]
The following example show how to apply the access list to terminal line. The Corecess R1-
SW24L2B denies connections to networks other than network 192.89.55.0:
(config)# line vty 0 5
(config-line)# access-class 12 out
(config-line)# end
# write memory
[OK]

Note : To remove access restrictions, use the no access-class <list-number> {in |
out} command.
Applying the Access List to SNMP Access

After you create an access list, you can apply it to SNMP access. In this case, access lists can be
applied on inbound flow.
To restrict SNMP access to the system using access lists, enter commands such as the following:
Table 10-4 Applying the access list to SNMP access
Command Task
configure terminal 1. Enter the global configuration mode.
snmp-server group 2. Apply the access list to SNMP access.
access <list-number> y <list-number>: Standard access list number (1 ~ 99, 1300 ~ 1999)
The following example shows how to apply the access list to SNMP access. The Corecess R1-
SW24L2B allows SNMP access to all IP addresses except the hosts listed in access list 2.
(config)# snmp-server group access 2
(config)# end
# write memory
[OK]

Configuring Packet Filtering
Packet filtering can help limit network traffic and restrict network use by certain users or
devices. This section describes packet filtering feature on the Corecess R1-SW24L2B.
Packet Filtering
Type of Packet Filtering
The Corecess R1-SW24L2B supports the following types of packet filtering:
DHCP Packet Filtering

Filters DHCP Offer packets received from hosts to prevent the hosts from operating hosts private DHCP
server.
File and Resource Sharing Protocol Filtering

Filter the following protocols to prevent file and resource sharing among hosts in the same
VLAN.
- Apple FileSharing Protocol
- Rendezvous Protocol
- NetBIOS Protocol
- UpnP (Universal Plug & Play) Protocol
Default Traffic Filtering

Filter default traffic that is not classified by class map.
Broadcast Packet Filtering

Filter broadcast packets of a particular port to prevent unnecessary broadcast packets from
hosts.
CIFS (Cognitive Information Filtering System)

Filters the particular class of traffic based on the following criteria:
- CoS field value
- ToS field value
- IP precedence field value
- DSCP field value
- The TCP flag

- The destination MAC address
- The source MAC address
- The destination IP address
- The source IP address
- The destination TCP port number (0 ~ 65535)
- The source TCP port number (0 ~ 65535)
- The destination UDP port number (0 ~ 65535)
- The source UDP port number (0 ~ 65535)

Filtering DHCP Offer Packets
You can filter DHCP Offer packets received from host to prevent the hosts from being assigned
invalid IP address by another hosts private DHCP server.
If a host connected to the Corecess R1-SW24L2B runs a private DHCP server, other hosts
connected to the Corecess R1-SW24L2B may receive an invalid IP address from that private
DHCP server. To prevent this, you can filter DHCP Offer packets received from a host.
Internet or LAN
Corecess R1-SWL2B
Filters DHCP Offer packets received
from hosts.
DHCP server DHCP server DHCP server
To discard the all DHCP OFFER packets, enter the following command in Global configuration
mode:
Table 10-5 Filtering DHCP offer
Command Task
2. Configure the specified port to filter DHCP OFFER packets

dhcp-offer filter discard
received.
[port <port-type>
y <port-type>: Type of the port (fastethernet, gigabitethernet)
<slot>/<port>]
y <slot>/<port>: Slot number and port number of the port.
4. Display the ports configured to filter the DHCP packets received

show dhcp-offer-filter
from hosts.

The following example configures to discard all the DHCP OFFER packets received:
(config)# qos
(config-qos)# dhcp-offer filter discard
(config-qos)# end
# show dhcp-offer-filter
Dhcp Offer Filter Ports
--------------------------------------------------
Discard : All Ports
#

File and Resource Sharing Protocol Filtering
To prevent hosts that are connected on the same VLAN from sharing files and resources, the
R1-SW24L2B can filter protocols as follows:
Ethernet Switch Internet or LAN
Corecess R1-SW24L2B
Host Host
To filter the packet of file and resource sharing protocol, use the following commands.
Table 10-6 Filtering File and Resource Sharing Protocol
Command Task
2. Set to deny receiving particular protocol packets.
apple-filesharing-protocol 2-1. Refuse Apple FileSharing packets. This command is applied

filter discard to all ports.
2-2. Refuse NetBIOS packet received to the specified port.

netbios filter discard
y <port-type> Port type
[port <port-type>
(fastethernet, gigabitethernet)
<slot>/<port>]
y <slot>/<port> Slot number and port number
2-3. Refuse Rendezvous packets. This command is applied to all

rendezvous filter discard
ports.
upnp filter discard 2-4. Refuse UPnP packets. This command is applied to all ports.
show running-config 4. Verify the filtering configuration.

The following example shows how to filter the file and resource sharing protocols received to
all ports.
(config)# qos
(config-qos)# apple-filesharing-protocol filter discard
(config-qos)# netbios filter discard
(config-qos)# rendezvous filter discard
(config-qos)# upnp filter discard
(config-qos)# end
.
.
!
qos
netbios filter discard
rendezvous filter discard
apple-filesharing-protocol filter discard
upnp filter discard
hsrp filter discard
!
.
.

Default Traffic Filtering
Default traffic is traffic that is not classified with defined class map in the Corecess R1-
SW24L2B. If default traffic is filtered, traffic that is not specified by network operators is
discarded, so it can prevent traffic that is not permitted from receiving.
To filter default traffic, use the following commands.
Table 10-7 Filtering Default Traffic
Command Task
default traffic deny 2. Set default traffic to be refused.
show default-traffic-policy 4. Verify the filtering configuration..
The following example shows how to refuse default traffic that is not classified with class map.
(config)# qos
(config-qos)# default traffic deny
(config-qos)# end
# show default-traffic-policy
Default QoS Traffic Policy
--------------------------------------------------
Deny
#

CIFS (Cognitive Information Filtering System)
You can filter the particular class of traffic by using the QoS policy supported by the Corecess
R1-SW24L2B.
The following is the steps for configure filtering policy on the Corecess R1-SW24L2B.
1. Creating Classes
Create a class map and define the classification criteria for the class map.
2. Creating a Policy
Create a policy map, specify the class to which the policy map applies, and define the actions
that you want the system to take for the particular class of traffic.
3. Applying the Service Policy

Apply the policy map to both inbound and outbound traffics on the system.
This section describes how to create a QoS service policy according to the above steps.
Note : For more detail information about QoS (Quaility of Service), refer to the Chapter 9/ Configuring QoS
in this manual..

Creating a Class Map
To create a class map and specify the way in which the Corecess R1-SW24L2B should classify
traffic, enter the following commands in the Global configuration mode:
Table 10-8 Creating a class map
Command Task
class-map 2. Create a class map and enter class-map configuration mode.
<class-map-name> y <class-map-name>: Class map name.
match ip-da 3. Specify the destination IP address as a match criterion of a class map.
<destination-ip> y <destination-ip>: The destination IP address
<wildcard> y <wildcard>: Wildcard bit to be applied to <dest-ip>.
match ip-sa 4. Specify the source IP address as a match criterion of a class map.
<source-ip> y <source-ip>: The source IP address
<wildcard> y <wildcard>: Wildcard bit to be applied to <source-ip>.
5. Specify the destination TCP port number as a match criterion of a class
match tcp-dpn
map.
<tcp-port-num>
y <tcp-port-num>: The destination TCP port number (0 ~ 65535)
6. Specify the source TCP port number as a match criterion of a class
match tcp-spn
map.
<tcp-port-num>
y <tcp-port-num>: The source TCP port number (0 ~ 65535)
7. Specify the destination UDP port number as a match criterion of a
match udp-dpn
class map.
<udp-port-num>
y <udp-port-num>: The destination UDP port number (0 ~ 65535)
8. Specify the source UDP port number as a match criterion of a class

match ucp-spn
map.
<udp-port-num>
y <udp-port-num>: The source UDP port number (0 ~ 65535)
show classmap
10. Verify the class map configuration.
[<class-map-name>]
The following example shows how to create a class map and define a classification criterion by
using the destination IP address and the destination TCP port number:
(config)# qos
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255
(config-cmap)# match tcp-dpn 25
(config-cmap)# end

# show classmap class101
ClassMap
--------------------------------------------------
Name : class101
Match Content : ip-da 10.10.10.1/0.0.0.255
: tcp-dpn 25
# write memory
[OK]

Creating a Policy Map
To create a policy map and define the actions that you want the system to take for the particular
class of traffic, enter the following commands in the global configuration mode:
Table 10-9 Creating a policy map for packet filtering
Command Task
policy-map 2. Create a policy map and enter the policy-map configuration mode.
<policy-map-name> y <policy-map-name>: Name of a policy map to define.
3. Specify the class to which the policy map applies and enter the
class <class-name> policy-map-class configuration mode.
y <class-name>: Class map name.
4. Specify whether to filter the traffic class or not.

filter {deny | permit} y deny: Discards the class of traffic belonging to a policy map.
y permit: Permits the class of traffic belonging to a policy map.
show policymap 6. Verify the QoS policy.
[<policy-map-name>] y <policy-map-name>: Name of a policy map to verify.
qos 7. Save the configuration changes.
The following example shows how to define QoS policy that you want the system to filter that
particular class of traffic:
(config)# qos
(config-qos)# policy-map filter-policy
(config-pmap-c)# filter deny
(config-pmap-c)# end
# show policymap filter-policy
PolicyMap
--------------------------------------------------
Name : filter-policy
Linked ClassMap : class101
Action : Deny
# write memory
[OK]

Applying Service Policies to the System
After you create the service policies, you must apply the service policies to the packets arriving
and departing the interface.
Table 10-10 Applying service policies
Command Task
2. Applies the service policy you specify to both inbound and
service-policy
outbound traffic.
<service-policy-name>
y <service-policy-name>: The name of a service policy.
policy-map
y <policy-map-name>: The name of a policy map to be
<policy-map-name>
applied.
show service-policy 4. Verify that the policy map is applied to the system.
[<service-policy-name>] y <service-policy-name>: The name of a service policy.
The following example shows how to apply a policy map, filter-policy, to the inbound and
outbound traffic:
(config)# qos
(config-qos)# service-policy service1 policy-map filter-policy
(config-qos)# end
# show service-policy service1
ServicePolicy
--------------------------------------------------
Name : service1
Linked PolicyMap : filter-policy
Port(In ) :
Port(Out) :
# write memory
[OK]

Security Configuration Commands
The following table lists the commands for configuring security on the Corecess R1-SW24L2B:
Table 10-11 Security configuration commands
Command Function
Restricts incoming and outgoing connections between the Corecess

access-class
R1-SW24L2B virtual terminal and the addresses in an access list.
Defines a standard IP access list using source addresses for filtering

access-list (Standard)
packets received/transmitted through the specific interface.
apple-filesharing-
Refuse the apple filesharing packets.
protocol filter discard
Enters Policy-map class configuration mode to specify a previously

class
created class map to be included in the policy map.
class-map Enters the class-map configuration mode to configure class maps.
Default traffic deny Discard all packets that is not classified by class map.
dhcp-offer filter Discards the all DHCP OFFER packets received (packets received
discard through the UDP port 67).
enable passwd Sets the Privileged mode password.
Sets the interval that the EXEC command interpreter waits until user
exec-timeout
input is detected.
Configures filtering a class of traffic which belongings to a policy

filter
map.
match Specifies a match criterion for a class map.
netbios filter discard Filters NetBIOS packets
passwd Specifies or changes the CLI login password
Enters QoS policy map configuration mode to configure the QoS

policy-map
policy map.
rendezvous filter
Refuse rendezvous packets.
discard
service-policy Applies a policy map to all packets received or sent to the system.
Limits hosts which can access to the system through SNMP based on
snmp-server group access
the access list.
Upnp filter discard Refuse UPnP packets.

Chapter 11 Configuring IGMP Snooping
This chapter describes how to configure IGMP snooping on the Corecess R1-SW24L2B.
9 IGMP (Internet Group Management Protocol) 11-2
9 Configuring IGMP Snooping 11-3
9 Configuring IGMP Information 11-10
9 IGMP Snooping Commands 11-14

IGMP (Internet Group Management Protocol)
IGMP is used to dynamically register individual hosts in a multicast group on a particular LAN.
Hosts identify group memberships by sending IGMP messages to their local multicast router.
Under IGMP, routers listen to IGMP messages and periodically send out queries to discover
which groups are active or inactive on a particular subnet.
IGMP snooping manages multicast traffic at Layer 2 on the Corecess R1-SW24L2B by allowing
directed switching of IP multicast traffic. Switches can use IGMP snooping to configure Layer 2
interfaces dynamically so that IP multicast traffic is forwarded only to those interfaces
associated with IP multicast devices.
When IGMP snooping is enabled on the Corecess R1-SW24L2B, the route processor sends out
periodic general queries to all VLANs. The switch processor responds to the route processors
queries with only one join request per MAC multicast group. The switch processor creates one
entry per VLAN in the Layer 2 forwarding table for each MAC group from which it receives an
IGMP join request. All hosts interested in this multicast traffic send join requests and are added
to the port mask of this forwarding table entry.

Configuring IGMP Snooping
This section describes how to configure the IGMP snooping on the Corecess R1-SW24L2B. To
configure the IGMP snooping, perform the following tasks:
y Enabling IGMP snooping.

y Configuring a multicast router port
y Enabling IGMP immediately leave feature on a port interface
y Configuring a host statically to join a group
y Changing the IGMP group membership time
y Specifying the maximum number of multicast groups
Enabling IGMP Snooping

By default, IGMP snooping is globally disabled on the Corecess R1-SW24L2B. When globally
enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces. IGMP
snooping is by default disabled on all VLANs, but can be enabled and disabled on a per-VLAN
basis. Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is
disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or
disable VLAN snooping.
To globally enable IGMP snooping on the Corecess R1-SW24L2B and enable VLAN IGMP
snooping, use the following command in Global configuration mode:
Command Description
ip igmp snoop
y <vlan-id>: ID of a VLAN to enable IGMP snooping.
[vlan id <vlan-id>]
The following example enables global IGMP snooping and disables IGMP snooping on the
VLAN 2:
(config)# ip igmp snoop

(config)# no ip igmp snoop vlan id 2
(config)#
Configuring IGMP Snooping 11-3

To disable IGMP snooping, use the no ip igmp snoop command in Global configuration
mode:
(config)# no ip igmp snoop

(config)# ip igmp snoop vlan id 2
(config)#
Configuring a Multicast Router Port

If membership query messages are forwarded from the Corecess R1-SW24L2B to a multicast
router, there is a possibility that the router may not operate normally. According to IGMP rules,
if there are two or more IGMP querier in one LAN, the IGMP querist with the smaller IP
address operates as the IGMP querier. This is because if two or more multicast routers are
connected to one LAN, the two routers both receive multicast traffic from outside the network,
and transfer the traffic to inside the network, resulting in the same data redundantly received
and transferred.
However, if a multicast router receives a membership query message from the Corecess R1-
SW24L2B, which is not a multicast route, but a system that provides IGMP snooping functions,
and recognizes it as a multicast router, it may stop its role as the IGMP querier (if the IP address
of the Corecess R1-SW24L2B is smaller than the IP address of the multicast router). If this
happens, a problem may occur in which the multicast router stops forwarding multicast traffic
from outside the network into the LAN. Therefore, membership query messages must not be
sent from the Corecess R1-SW24L2B to the multicast router. In order to do so, the port
connected to the multicast router must be manually set as a router port.
To configure a static router port, use the command in the Global configuration mode:
Command Task
y <port type>: Type of the port to configure a router port.

ip igmp snoop mrouter - fastethernet: Fast Ethernet port.
port <port-type> - gigabitethernet: Gigabit Ethernet port.
<slot>/<port>
y <slot>/<port>: Slot number and port number.
[vlan id <vlan-id>]
The following example adds the Gigabit Ethernet port 1/1 as a router port:
(config)# ip igmp snoop mrouter port gigabitethernet 1/1

(config)# end
# show ip igmp snoop mrouter
---------- ----- ---------------
port vlan router ip
---------- ----- ---------------
internal N/A 0.0.0.0
1/1 1 0.0.0.0
---------- ----- ---------------
Total Number : 2
---------- ----- ---------------
#
To remove a multicast router port, use the no ip igmp snoop mrouter command in Global
configuration mode.
(config)# no ip igmp snoop mrouter port gigabitethernet 1/1

(config)#
Note: Multicast routers that support only IGMPv1 cannot process host membership report messages received
from devices that support IGMPv2. In addition, multicast routers which support only IGMPv1 cannot understand
Leave messages, which are sent by hosts leaving multicast groups. Since there is no way for IGMP snooping
devices, such as the Corecess R1-SW24L2B, to automatically recognize ports connected to these IGMPv1
multicast routers, the user must manually specify them.

Enabling IGMP Fast Leave
When you enable IGMP fast leave feature, the Corecess R1-SW24L2B immediately removes a
port when it detects an IGMP version 2 leave message on that port.
To enable IGMP immediately leave feature on a port interface, use the following command in
Command Task
y <port type>: Type of the port to enable IGMP fast-leave.

ip igmp snoop fast-leave - fastethernet: Fast Ethernet port.
{port <port-type> <slot>/ - gigabitethernet: Gigabit Ethernet port.
<port> | vlan id <vlan-
id>}
This example shows how to enable IGMP fast-leave processing on the Gigabit Ethernet port 1/1:
(config)# ip igmp snoop fast-leave port gigabitethernet 1/1

(config)#
To disable IGMP fast-leave processing, use the no ip igmp snoop fast-leave command
in Global configuration mode:
(config)# no ip igmp snoop fast-leave port gigabitethernet 1/1

(config)#

Configuring a Host Statically to Join a Group
Hosts normally join multicast groups dynamically, but you can also configure a host statically
on an interface.
To add a port as a member of a multicast group, use the following command in Global
configuration mode:
Command Task
y <group-address>: MAC address of multicast group.

ip igmp snoop mgroup y <port type>: Type of the port to configure of a member port.
<group-address> port - fastethernet: Fast Ethernet port.
<port-type> <slot>/<port> - gigabitethernet: Gigabit Ethernet port.
[vlan id <vlan-id>] y <slot>/<port>: Slot number and port number.
This example shows how to add the Fast Ethernet port 2/1 as a member of the group
01:00:5e:02:02:03:
(config)# ip igmp snoop mgroup 01:00:5e:00:02:03 port fastethernet 2/1

(config)# end
# show ip igmp snoop
---- ------------------ ------------------ ---------- ------- ------------
vlan mac group ip group ports type timeout left
---- ------------------ ------------------ ---------- ------- ------------
1 1:0:5e:0:2:3 0.0.0.0 1/1,2/1 static 0
---- ------------------ ------------------ ---------- ------- ------------
Total number : 1
---- ------------------ ------------------ ---------- ------- ------------
#
To remove the port from the multicast group, use the no ip igmp snoop mgroup
command in Global configuration mode.
(config)# no ip igmp snoop mgroup 01:00:5e:00:02:03 port fastethernet 2/1

(config)#

Changing the IGMP Group Membership Time
IGMP group membership time defines how long a group will remain active on an interface in
the absence of a group report. You can specify how many seconds an IP Multicast group can
remain on a Corecess R1-SW24L2B interface in the absence of a group report.
The default value of IGMP group membership time is 260 seconds. To change IGMP group
membership time, use the following command in Global configuration mode:
Command Task
ip igmp snoop membership y <seconds>: The IGMP group membership time in seconds
timeout <seconds> from 1 to 1200 seconds. Default is 260.
The following example changes IGMP membership time to 200 seconds:
(config)# ip igmp snoop membership timeout 200

(config)# end
# show ip igmp snoop membership timeout
200
#

Specifying the Maximum Number of Multicast Groups
By default, each port of the Corecess R1-SW24L2B can belong to up to 1024 multicast groups. To
configure the maximum number of multicast groups that a port can belong to, use the following
command in Global configuration mode:
Command Task
ip igmp snoop y <number>: The number of multicast groups (1 ~ 4094)

group- number-limit y <port type>: Type of the port
<number> port - fastethernet: Fast Ethernet port.
<port-type> - gigabitethernet: Gigabit Ethernet port.
<slot>/<port> y <slot>/<port>: Slot number and port number.
The following example shows how to specify the number of multicast groups for the Fast
Ethernet port 2/1 to 2048 and verify the result:
(config)# ip igmp snoop group-number-limit 2049 port fastethernet 2/1 2048

(config)# end
# show ip igmp snoop port fastethernet 2/1
Port 2/1(2/1) BridgeIndex(65) (link down) ref(2)
fast-leave (off), access-group (none)
group(s): static/dynamic/mrouter (0/0/0) limit(2048)
host(s): 0
stats : received (report/leave/query) 0/0/0
: sent (report/leave/query) 0/0/0
#
To restore the default value, enter the no ip igmp snoop group-number-limit command
in Global configuration mode.
(config)# no ip igmp snoop group-number-limit port fastethernet 2/1

(config)#

Displaying IGMP Information
This section describes how to display IGMP configuration:
y Displaying Multicast Group Information
y Displaying Multicast Router Interface
y Displaying the List of Interfaces IGMP Fast-leave is Enabled
y Displaying IGMP Group Membership Time
Displaying Multicast Group Information

To display the multicast groups that are directly connected to the Corecess R1-SW24L2B and
that were learned via IGMP snooping, use the show ip igmp snoop command in Privileged
mode.
Command Description
show ip igmp snoop y <vlan-id> VLAN ID (1 ~ 4094). Displaying IGMP snooping
[vlan id <vlan-id>] information for a specific VLAN interface.
The following example displays the multicast groups that are directly connected to the Corecess
R1-SW24L2B and that were learned via IGMP snooping:
# show ip igmp snooping

---- --------------- --------------- ---------- ------- -------
vlan mac group group ip ports type timeout
---- --------------- --------------- ---------- ------- -------
1 1:0:5e:64:64:65 239.100.100.101 1/1-4,2/1 static N/A
2 0:a0:cc:77:a1:8d 224.1.2.3 3/1-4 dynamic 240
---- --------------- --------------- ---------- ------- -------
Total number : 2
---- --------------- --------------- ---------- ------- -------
#

The following example displays the multicast groups for the default VLAN:
# show ip igmp snoop vlan id 1

---- --------------- --------------- ---------- ------- -------
vlan mac group group ip ports type timeout
---- --------------- --------------- ---------- ------- -------
1 1:0:5e:64:64:65 239.100.100.101 1/1-4,2/1 static N/A
---- --------------- --------------- ---------- ------- -------
Total number : 1
---- --------------- --------------- ---------- ------- -------
#
The following table describes the fields in the show ip igmp snoop command output:
Table 12-17 show ip igmp snoop field descriptions
Filed Description
vlan VLAN ID of the multicast group.
mac group MAC Address of the multicast group.
group ip IP Address of the multicast group. In case of a static multicast group, 0.0.0.0 is displayed.
ports Interface through which the group is reachable.

How the multicast group is registered.
type - static : Multicast groups that are directly connected to the system.
- dynamic : Multicast groups that were learned by IGMP snooping.
How long in seconds until the entry is removed from the IGMP groups table. In
timeout left
case of a static multicast group, 0 is displayed.

Displaying Multicast Router Interface
When you enable IGMP snooping, the Corecess R1-SW24L2B automatically learns to which
interface a multicast router is connected. To display information on dynamically learned and
manually configured multicast router interfaces, use the show ip igmp snoop mrouter
The following example shows how to display information on all multicast router interfaces on
the Corecess R1-SW24L2B:
# show ip igmp snoop mrouter

---------- ----- ---------------
port vlan router ip
---------- ----- ---------------
2/1 1 172.19.2.1
---------- ----- ---------------
Total Number : 1
---------- ----- ---------------
#
The following table describes the fields in the show ip igmp snoop mrouter command
output:
Table 11-1 show ip igmp snoop mrouter field descriptions
Filed Description
port Slot number and port number of the multicast router port
vlan ID of the VLAN that the multicast router port belongs to.
router ip IP address of multicast router that the multicast port is connected to.
Total Number The number of multicast router ports that are registered to the system.

Displaying the List of Interfaces IGMP Fast-leave is Enabled
To display the list of the VLANs and ports which IGMP fast-leave feature is enabled on, use the
show ip igmp snoop fast-leave command in Privileged mode. If you enable IGMP fast-
leave feature, the system immediately removes a port when it detects an IGMP version 2 leave
message on that VLAN or port.
The following is the sample output from show ip igmp snoop fast-leave command:
# show ip igmp snoop fast-leave

vlan : 1
port : 1/1
#
Displaying IGMP Group Membership Time

To display IGMP group membership time which defines how long a group will remain active
on an interface in the absence of a group report, use the show ip igmp snoop membership
timeout command in Privileged mode.
# show ip igmp snoop membership timeout

260
#

IGMP Snooping Commands
The following table lists the commands for configuring IP multicast on the Corecess R1-
SW24L2B and displaying IP multicast configuration:
Table 11-2 IP Snooping commands
Command Description
ip igmp snoop Enables IGMP snooping feature on the router.
Enables IGMP immediately leave feature which is the router

ip igmp snoop
immediately removes a port when it detects an IGMP version 2 leave
fast-leave
message on that port.
ip igmp snoop Configure the maximum number of multicast groups that a port can
group-number-limit belong to.
Specifies IGMP group membership time which defines how long a

ip igmp snoop
group will remain active on an interface in the absence of a group
membership timeout
report.
ip igmp snoop mgroup Adds a port as a member of a multicast group.
ip igmp snoop mrouter Configures a static router port.
Displays the multicast groups with receivers that are directly

show ip igmp snoop connected to the router, and that were learned through IGMP
snooping.
show ip igmp bypass Displays bypass mode information.
show ip igmp snoop Display the list of the VLANs and ports which IGMP immediately
fast-leave leave feature is enabled on
show ip igmp snoop

Display hosts included in IGMP group.
host
Displays IGMP group membership time which defines how long a

show ip igmp snoop
group will remain active on an interface in the absence of a group
membership
report.
show ip igmp snoop Displays information on dynamically learned and manually

mrouter configured multicast router interfaces
show ip igmp snoop

Display IGMP snooping information for each port.
port
show ip igmp snoop

Display the IGMP snooping statistics information.
statistics
show ip igmp snoop

Display the IGMP snooping summary information.
summary

Chapter 12 Configuring LACP
For high bandwidth connection, use trunking group which allows several ports to be connected
together to operate as a single link. This chapter describes how to configure a trunking group by
using LACP (Link Aggregation Control Protocol).
9 LACP (Link Aggregation Control Protocol) 12-2
9 Configuring Link Aggregation 12-4

LACP (Link Aggregation Control Protocol)
In the Corecess R1-SW24L2B, several physical links can be configured to single logical link to
connect backbone devices that request high bandwidth or to connect networks that bottle neck
of traffic might occur. This feature is called port trunking or link aggregation, and the group of
port in the same trunk is called trunk group. The one logical port supports the same amount of
bandwidth as the total amount of bandwidth that adds each physical port.
For example, the maximum bandwidth of the port that connects the system A and the system B
is 1Gbps, but the amount of data that receives and transmits between two systems can exceed
1Gbps. In this case, it is considered that several ports are connected between two systems. But,
if there are several connections (links) between systems, only one link is used automatically by
STP protocol because a loop can occur. If STP protocol is not used to prevent this situation,
communication might not operate because loops can not be detected.
Port trunking can be used in the case. Several ports act as single port, so it can be easily
managed by VLAN, STP and IGMP. Port trunking also effects stability of the system. Even if
some ports that are included in a trunking group are not operating normally, communication
can be continued by rest ports.
In the Corecess R1-SW24L2B, port trunking can be implemented by 802.ad link aggregation,
and 802.3ad link aggregation uses LACP (Link Aggregation Control Protocol). LACP allows
ports that have the same link aggregation key value to configure themselves into a trunking
group.

Notes for LACP Trunk Configuration
When configuring and connecting the LACP trunk on the Corecess R1-SW24L2B, be aware of
the following:
y You can configure up to 256 trunking groups on the Corecess R1-SW24L2B.
y You can configure up to 16 ports in a trunking group.
y All trunk group members (ports) should have the same media type (10/100Base-T or Gigabit
Ethernet).
y All trunk group members (ports) should be set to the same port speed, tramsmission mode,
and flow control.
y All trunk group members (ports) should be set to the full-duplex mode.
y If LACP operation mode is set to active on a port that is located in the end of a trunk, trunk is
set automatically.
y STP, IGMP and QoS are applied to all trunks.
y Configured trunking groups by LACP can be connected, regardless a device vendor.
QoS of Trunk Group

When QoS is configured, a trunk group acts as single port. Instead, the maximum bandwidth
that is the same as total bandwidth of ports can be specified to the trunk group. QoS
configuration that was configured to ports before aggregation is not applied after aggregation.
If ports are released from the trunk group, previous QoS configuration is applied to ports again.
When a QoS trunk is specified, the aggregated ID of the trunk group is used. The aggregated ID
is decided by the following rules.
y Odd number of port > Gigabit Ethernet port > Even number of port (Up Down)
y The same add or even number : Higher number of port (Right Left)
For example, if 1/1, 1/2, 1/3 and 1/4 ports aggregates, odd number of ports (1/1, 1/3) is
selected properly, then higher port (1/3) is decided to the aggregated ID.
Configuring LACP 12-3

Configuring Link Aggregation
This section describes how to configure link aggregation on the Corecess R1-SW24L2B.
Setting LACP Key and Operation Mode

Link aggregation support is disabled by default. You can enable link aggregation on the
Corecess R1-SW24L2B by assigning the LACP admin key and by setting the LACP mode.
LACP Admin Key

LACP administrative key is used to identify each aggregation link. An aggregation link will
only be formed between ports having the same administrative key.
LACP Mode
You can enable the feature on an individual port basis, in active, passive, or passive manual mode.
y Active mode (Default)

When you enable a port for active link aggregation, the Corecess R1-SW24L2B port can
exchange standard LACP Protocol Data Unit (LACPDU) messages to negotiate trunk group
configuration with the port on the other side of the link. In addition, the Corecess R1-
SW24L2B port actively sends LACPDU messages on the link to search for a link aggregation
partner at the other end of the link, and can initiate an LACPDU exchange to negotiate link
aggregation parameters with an appropriately configured remote port.
y Passive mode
When you enable a port for passive link aggregation, the Corecess R1-SW24L2B port can
exchange LACPDU messages with the port at the remote end of the link, but the Corecess
R1-SW24L2B port cannot search for a link aggregation port or initiate negotiation of an
aggregate link. Thus, the port at the remote end of the link must initiate the LACPDU
exchange.
y Manual mode
When you enable a port for manual link aggregation, you can manually configure aggregate
links containing multiple ports

To configuring a dynamic aggregation link, one end of the aggregation link should be
configured to LACP active mode and the other end of the aggregation link should be
configured to LACP active or LACP passive mode.
Switch A Switch B
Port X : LACP mode : Active Port X : LACP mode : Active

Active Active
Port Y : LACP mode : Active Port Y : LACP mode : Passive
Active Passive
To configure an aggregation link manually, both ends of the aggregation link should be
configured to LACP manual mode.
Switch A Switch B
Port X : LACP mode : Manual Port X : LACP mode : Manual
Passive Passive
To assign the LACP admin key and set LACP mode, perform this task in the Privileged mode:
Table 12-1 Configuring link aggregation
Command Task
configure terminal 1. Go to the global configuration mode.
2. Assign LACP admin key and specify the LACP mode for the
specific ports.
y <key-num>: LACP key value (0 65535).
y <port-type>: The type of the port.
- fastethernet : Fast Ethernet port.
lacp key <key-num> port
- gigabitethernet : Gigabit Ethernet port.
<port-type> <slot>/<port>
y <slot>/<port>: The slot number and port number of the
mode {active|passive|
port.
manual}
y active: Enables active mode.
y passive : Enables passive mode.
y manual : Enables manual mode. You can manually configure
an aggregation link, which will enable the aggregation of
multiple ports without LACP protocol.

y <port-type>: Type of the port to display the 802.3ad link
show lacp port <port-type> aggregation configuration information.
<slot>/<port> - fastethernet : Fast Ethernet port.
- gigabitethernet : Gigabit Ethernet port.

The following example shows how to configure link aggregation parameters for the 2/1 Fast
Ethernet port:
(config)# lacp key 10 port fastethernet 2/1 mode active
(config)# end
# show lacp port fastethernet 2/1
Link State: down

Port Index: 769
Oper Mode: Active
Actor Port Admin Key: 10
Actor Admin State: 0x07
Partner Port Admin Key: 769

Partner Admin State: 0x06
# write memory
[OK]
#

Setting LACP Partner Key
When you connect the Corecess R1-SW24L2B and other manufactures device, you may need to
configure LACP partner key. All LACP ports in an aggregate link have both actor key and
partner key. The Corecess R1-SW24L2B uses these keys internally but some other devices dont.
These devices can configure an aggregation link only when the partner key of the port on the
device matches the actor key of the port on the other side of the link. To connect the Corecess
R1-SW24L2B and these devises, you should set the partner key.
Switch A (Corecess) Switch B (Riverstone)

Aggregation
Port X : y Actor key : 10 Port X : y Actor key : 33
y Partner key: 33 y Partner key: 10
* Actor key is the operational key value assigned to the port by the Actor.
* Partner key is the operational key value assigned to the port associated with this link by the Partner.
To configure LACP partner key to be assigned to the port on the other side of the aggregation
link, perform this task in the Privileged mode:
Table 12-2 Configuring LACP partner key
Command Task
2. Configure LACP partner key of the specified port.

lacp force-partner-key y <key-num>: Link aggregation to be assigned (1 ~ 65535).
<key-num> y <port-type>: The type of the port.
port <port-type> - fastethernet : Fast Ethernet port.
<slot>/<port> - gigabitethernet : Gigabit Ethernet port.
y <slot>/<port>: The slot number and port number of the port.
show lacp lag all 4. Verify the LACP configuration.
The following example assigns 15 to the port connected to the Fast Ethernet port 2/1 for link
aggregation key:
(config)# lacp force-partner-key 15 port fastethernet 2/1
(config)# end
# show lacp port fastethernet 2/1

Link State: down
Port Index: 769
Oper Mode: Active
Actor Port Admin Key: 10
Actor Admin State: 0x07
Partner Port Admin Key: 15

Partner Admin State 0x06

LACP Configuration Example
The following link aggregation configuration example configures a link aggregation between
two Corecess R1-SW24L2Bs.
Switch A
Active <-----> Passive
Trunk group
y Port : 2/1-4 on Switch A
2/1-4 on Switch B Switch B
y LACP admin key : 33
Switch A
The following shows how to configure link aggregation on the switch A:
Switch A # configure terminal

Switch A(config)# lacp key 33 port fastethernet 2/1-4 mode active
Switch A(config)# end
Switch A# write memory
[OK]
Switch B
The following shows how to configure link aggregation on the switch B:
Switch B# configure terminal

Switch B(config)# lacp key 33 port fastethernet 2/1-4 mode passive
Switch B(config)# end
Switch B# write memory
[OK]

Chapter 13 Configuring STP/RSTP
This chapter describes how to configure STP (Spanning Tree Protocol) on the Corecess R1-
SW24L2B.
9 Understanding STP 13-2
9 Configuring STP 13-8
9 Configuring RSTP 13-21
9 STP Configuration Commands 13-29

Understanding STP
This section introduces some basic information on STP (Spanning Tree Protocol) and RSTP
(Rapid STP).
STP Overview
Introduction
A network that has several paths for one destination is fault-tolerant. It is because packets can
be transmitted through other paths even if one of paths can not be used on the network. But,
loops might occur on the network. If a loop is occurs between two nodes, when packets are
broadcasted, the packet transmission is repeated infinitely. Because of the loop, the network can
be congested, then the network becomes instable.
In the following network configuration, there are two paths from Switch A to Switch C. One of
the path is path 2 connected directly and the other path is path 1 and path 2 through Switch B.
A loop is formed in this network because multiple active paths exist between Switch A and
Switch C. In this network, end stations might receive duplicate messages. For example, if Switch
A broadcasts packets, Switch C broadcasts the received packets to Switch A, and Switch A
broadcast the packets again.
Switch A
Path 1 Path 2
Path 3
Switch B Switch C
STP (Spanning Tree Protocol) prevents the loop on the network in which several paths are
existed. STP defines a tree with a root switch. When two interfaces on a switch are part of a loop,
the spanning-tree port priority and path cost settings determine which interface is put in the
forwarding state and which is put in the blocking state. Spanning tree forces redundant data
paths into a standby (blocked) state. Therefore, when traffic is processed, packets are only
transmitted through paths of non-blocking state.

If the path 3 is blocked in the network configuration mentioned previously, you can have a
loop-free path between Switch A and Switch C as follows:
Switch A
Path 1 Path 2
(Forwarding) (Forwarding)
Path 3
Switch B (Blocking) Switch C
Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at
regular intervals. The switches do not forward these frames, but use the frames to construct a
loop-free path.
If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree
algorithm recalculates the spanning-tree topology and activates the standby path.
BDPU(Bridge Data Protocol Unit)

Spanning tree consists of a root switch, designated switches, root port, and designated ports.
The root switch is the logical center of the spanning-tree topology in a switched network. A
designated switch is a switch used to forward packets from that LAN to the root switch. A root
port is a forwarding port elected for the spanning-tree topology. A designated port is a
forwarding port elected for every switched LAN segment.
Root Switch
Root Port Root Port
Designated Designated
Switch Switch
Designated Port
Designated
Switch
Configuring STP/RSTP 13-3

When the switches in a network are powered up, each function operates as the root switch.
Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and
compute the spanning-tree topology. Each configuration BPDU contains this information:
y Unique bridge ID of the switch that the sending switch identifies as the root switch
y Spanning-tree path cost to the root
y Bridge ID of the sending switch
y Aging time of BPDU
y Interface ID that transmits BPDU
y Spanning tree timer values (Hello, Forward delay, Max-age)
Bridge ID determines the selection of the root switch. Each VLAN on the switch has a unique 8-
byte bridge ID; the two most-significant bytes are used for the switch priority, and the
remaining six bytes are derived from the switch MAC address. The switch with the highest
switch priority (the lowest numerical priority value) is elected as the root switch. If all switches
are configured with the default priority (32768), the switch with the lowest MAC address in the
VLAN becomes the root switch.
Path cost determines the selection of the root port and designated switch. The port that provides
the best path (lowest cost) when the switch forwards packets to the root switch is called the root
port. The switch that provides the lowest path cost when forwarding packets from that LAN to
the root switch is called the designated switch. The port through which the designated switch is
attached to the LAN is called the designated port.
BPDU has three spanning-tree timers (hello, forward delay, max age). The following table
describes the timers that affect the entire spanning-tree performance:
Table 13-1 STP Timers
Timer Description
When this timer expires, the interface sends out a Hello message to the neighboring
Hello timer
nodes.
Forward delay Determines how long each of the listening and learning states last before the
timer interface begins forwarding.
Determines the amount of time the switch stores protocol information received on an
Max age timer
interface.

Spanning-Tree Port States
Each port on the switch using spanning tree exists in one of these states:
y Blocking: The port does not participate in frame forwarding. (Default state)
y Listening: The first transitional state after the blocking state when the spanning tree determines that the
port should participate in frame forwarding.
y Learning: The port prepares to participate in frame forwarding.
y Forwarding: The port forwards frames.
y Disabled: The port is not participating in spanning tree because of a shutdown port, no link on the port,
or no spanning-tree instance running on the port.
The following picture shows process of five port states.
Blocking State
BPDU Transmission
Listening State Disabled

State
Forward delay (Listening State)
Learning State
Forward delay
Forwarding State
A port that STP is operating always starts at the blocking state. When a switch is initialized, the
switch assumes that the switch is the root switch and transmits BPDU to connected devices
through all ports. Ports of the blocking state discards all frames except BPDU. Ports that receive
BPDU become the listening state.
Ports of the listening state exchange BPDUs with other devices and select the root switch. Then,
after forward delay time is passed, the listening state becomes the learning state.

Ports of the learning state learn MAC addresses to transmit frames. Then, after forward delay
time is passed, the learning state becomes the forwarding state. Frames that are received before
ports become the forwarding state are discarded. After the forwarding, received frames are
transmitted through ports.
Ports of the disabled state do not participate in the spanning tree. These ports neither transmit
or receive BPDUs and do not transmit frames.
Selecting Path
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected
network as the root of the spanning tree. The algorithm calculates the best loop-free path
through a switched Layer 2 network by assigning a role to each port based on the role of the
port in the active topology.
When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost
settings determine which interface is put in the forwarding state and which is put in the
blocking state. The port priority value represents the location of an interface in the network
topology and how well it is located to pass traffic. The path cost value represents media speed.
Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment
in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates
the spanning-tree topology and activates the standby path.

RSTP (Rapid Spanning Tree Protocol)
While STP is enabled, and BPDU is spread, topology is changed continuously on other parts of
the network. It takes a lot of time that the changed topology is applied to spanning tree. RSTP
802.1W improve disadvantage of STP.
The key difference between STP and RSTP is the transition states of a port. STP moves a port
from the blocking state to the forwarding state after the listening and the learning state. RSTP
reduces the transition steps by moving directly a port from the blocking state to the forwarding
state. This allows rapid reconfiguration capability when the topology has changed.
Port State of RSTP

There are three port states - discarding, learning, forwarding - in RSTP 802.1W. The learning
state and the forwarding state are the same as the states of STP, and the discarding state
includes the disable state, the blocking state and the listening state of STP. The following table
provides a comparison of STP and RSTP port states.
Table 13-2 Comparison of STP and RSTP port states
Is Port Included in the Is port learning MAC

STP Port State RSTP Port State Operational Status
Active Topology? Addresses?
Blocking Discarding Enabled No No
Listening Discarding Enabled No No
Learning Learning Enabled No Yes
Forwarding Forwarding Enabled Yes Yes
Disabled Discarding Disabled No No

Configuring STP
These sections describe how to configure spanning-tree features on the Corecess R1-SW24L2B.
Default STP Configuration

The following table shows the default STP configuration.
Table 13-3 Default STP configuration
Feature Default Setting
VLAN STP State RSTP is enabled by default on all VLANs.
Port STP State Disabled
VLAN ID (Switch priority) 32768
Spanning-tree port priority 128
10Mbps 2,000,000
Spanning-tree 100Mbps 200,000

port cost 1Gbps 20,000
10Gbps 2,000
Incoding method for port cost 32 bit (1 ~ 200,000,000)
Hello time 2 seconds
Timer Forward delay 15 seconds
Max age 20 seconds
Admin Edge Disabled
STP Version RSTP version 2

Procedures for STP Configuration
You can configure the following STP features on the Corecess R1-SW24L2B:
y Enabling or disabling STP on a VLAN
y Enabling or disabling STP on a Port
y Configuring the bridge ID
y Configuring the path cost
y Configuring STP encoding mode
y Configuring the port priority
y Setting spanning tree timers (Hello time, Max age, Forward delay)
Enabling or Disabling STP on a VLAN

You can enable or disable STP on a per-VLAN basis. RSTP is enabled by default on the default
VLAN and on all newly created VLANs. To reenable STP on a VLAN after disabling it, perform
this task in Privileged mode:
Table 13-4 Enabling STP on a VLAN
Command Task
configure terminal 1. Enter global configuration mode.
2. Enable STP on the specific VLAN.

stp vlan id <vlan-id>
stp protocol-version 3. Set spanning tree protocol to STP.
stp vlan id <vlan-id> y <vlan-id> VLAN ID (1 ~ 4094)
end 4. Return to privileged mode.
show stp vlan 5. Verify the STP configuration.
{all | id <vlan-id>} y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to enable STP on a VLAN:
(config)# stp vlan id 1
(config)# stp protocol-version stp vlan id 1
(config)# end
# show stp vlan id 1

LAN ID: 1
Protocol Operation: enabled
Root Bridge: yes
STP version: stpCompatible(0)
Pathcost Encoding: 32bit
BridgeID: 0x8000-00905ACC0201
Time since topology change: 2453(s)
.
.
.
#
Disable STP only if you are sure there are no loops in the network topology . When STP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable STP on a per-VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable STP on the VLAN whose ID is 1:
(config)# no stp vlan id 1

(config)#
If you disable STP on a VLAN, STP is disabled on all ports belongs to the VLAN.

Enabling or Disabling STP on a Port
If you enable STP on a VLAN, the change does not affects all ports belong to the VLAN.
Therefore you should enable STP on all Ethernet ports within the VLAN.
To enable STP on a port, perform this task in Privileged mode:
Table 13-5 Enabling STP on a port
Command Task
2. Enable STP on a specific Ethernet port.

y <port-type>: The type of Ethernet port to enable STP on.
port <port-type> - fastethernet: Fast Ethernet port
<slot>/ <port> stp - gigabitethernet: Gigabit Ethernet port
Ethernet port.
4. Verify the STP configuration.

y <port-type>: The type of Ethernet port
show stp port <port-type> - fastethernet: Fast Ethernet port
<slot>/<port> - gigabitethernet: Gigabit Ethernet port
Ethernet port.
The following example enables STP on the port 1/1 and 2/1:
(config)# port gigabitethernet 1/1 stp

(config)# port fastethernet 2/1 stp
(config)# end
# show stp port fastethernet 2/1
Link State: up
Port Number(logical): 65
Port Priority: 0x08
.
.

To disable STP on a specific port, enter the no stp port command in Global configuration
mode. The following example disables STP on the Fast Ethernet port 2/1:
(config)# no stp port fastethernet 2/1

(config)#
Setting the Bridge ID (Priority)

You can configure the bridge ID for individual VLANs. Bridge ID is used to identify the root
bridge in a spanning tree. The default bridge priority for all VLANs on the Corecess R1-
SW24L2B is 32768. The bridge with the lowest value has the highest priority and is the root. To
make the switch the root bridge, set the bridge ID to the lowest value. If you change the bridge
ID, the spanning tree for the VLAN is reconfigured.
To change the bridge ID of a VLAN, perform this task in Privileged mode:
Table 13-6 Configuring the bridge ID for a VLAN
Command Task
2. Set the bridge ID for a specific VLAN.
stp bridge-priority
y <priority>: Bridge ID (0 ~ 65535). A higher numerical value means
<priority> vlan id
a lower priority; thus, the highest priority is 0.
<vlan-id>
end 3. Return privileged mode.
show stp vlan id 4. Verify the STP configuration change.
<vlan-id> y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to set bridge ID for a VLAN to 3000 (hexa-decimal : 0x0BB8):
(config)# stp bridge-priority 3000 vlan id 2
(config)# end
VLAN ID: 2
Root Bridge: yes
STP version: rstp(2)
BridgeID: 0x0BB8-00905ACC0202

Topology changes: 0
Designated Root BridgeID: 0x8000-00905ACC0202
.
.
#
To restore the bridge ID for a VLAN to the default priority (32768, hexa decimal : 0x8000), enter
the no stp bridge-priority command in Global configuration mode:
(config)# no stp bridge-priority vlan id 2

(config)# end
VLAN ID: 2
Root Bridge: yes
.
.
.
#

Configuring the Path Cost
If a loop occurs, spanning tree uses cost when selecting a port to put in the forwarding state.
You can assign lower cost values to ports that you want selected first and higher cost values to
ports that you want selected last. If all ports have the same cost value, spanning tree puts the
port with the lowest interface number in the forwarding state and blocks the other ports.
Note: The default path cost for the Ethernet ports on the Corecess R1-SW24L2B is derived from STP prottocol
version and the media speed of the port as follows:
Port Speed STP
10Mbps 100
100Mbps 19
1Gbps 4
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for an Ethernet port, perform this task in Privileged mode:
Table 13-7 Configuring the path cost
Command Task
2. Set the path cost for a specific Ethernet port.

y <port-type>: The type of Ethernet port.
- fastethernet: Fast Ethernet port
port <port-type>
- gigabitethernet: Gigabit Ethernet port
<slot>/ <port>
y <slot>/<port>: The slot number and port number to set
pathcost <path-cost>
the path cost.
y <path-cost>: The port's cost as a path to the spanning tree's
root bridge (STP: 1~65525)
4. Verify the STP configuration change.

show stp port <port-type>
<slot>/<port>
y <slot>/<port>: The slot number and port number.

The following example shows how to set the path cost for the Fast Ethernet port 2/1 running
STP protocol:
(config)# port fastethernet 2/1 pathcost 10

(config)# end
Link State: up
Port Priority: 0x8
Designated Path Cost: 10
AdminEdge: false
#
Recommand: We recommand that you set the path cost as follows according to the running STP prottocol
version and the media speed of the port:
Port Speed STP
10Mbps 50~ 600
100Mbps 10 ~ 60
1Gbps 3 ~ 10
10Gbps 1~5

Configuring STP Encoding Mode
While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits
(1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. You can not
configure the STP encoding mode for individual VLANs and the change affects to all spanning
trees.
By default, RSTP is enabled on the Corecess R1-SW24L2B and the default STP encoding mode is
32 bits. To configure the type of STP encoding mode, perform this task in Privileged mode:
Table 13-8 Configuring STP encoding mode
Command Task
stp pathcost-encoding 2. Configure the type of STP encoding mode.

stp8021d1998 y stp8021d1998: Calculates STP cost using 16 bits.

show stp vlan id <vlan-id>
The following example shows how to configure the type of STP encoding mode to 16 bits:
(config)# stp pathcost-encoding stp8021d1998

(config)# end
VLAN ID: 1
Root Bridge: yes
.
.
#

Configuring the Port Priority
If all ports have the same path cost, spanning tree uses the port priority when selecting a port to
put into the forwarding state. You can assign higher priority values (lower numerical values) to
ports that you want selected first, and lower priority values (higher numerical values) that you
want selected last.
To configure the port priority of an Ethernet port, perform this task in Privileged mode:
Table 13-9 Configuring the port priority
Command Task
2. Sets the spanning-tree port priority for a specified Ethernet port.
port <port-type> <slot>/ - gigabitethernet: Gigabit Ethernet port
<port> priority <priority> y <slot>/<port>: The slot number and port number of the
Ethernet port.
y <priority>: The value of the STP port priority (0 ~ 15,
default:8)
show stp port <port-type> y <port-type>: The type of Ethernet port.
<slot>/<port> y <slot>/<port>: The slot number and port number of the
Ethernet port .
The following examples shows how to configure the port priority of the Fast Ethernet port 2/1
to 1:
(config)# port fastethernet 2/1 priority 1

(config)# end
Link State: up
Port Priority: 0x1
.
.

Setting Spanning Tree Timers
BPDU contains spanning tree timers (hello, forward delay, and max-age timers) that affect the
performance of the entire spanning tree. By default, the following values are set to the timers:
y Hello Timer : 2 seconds
y Max age Timer : 20 seconds
y Forward delay Timer : 15 seconds
You can set spanning tree timers for individual VLANs. To set spanning tree timers for a
specific VLAN, perform this task in Privileged mode:
Table 13-10 Setting spanning tree timers
Command Task
2. Set the STP hello time for a VLAN.

y <value>: The STP hello time. The hello time is the interval
stp hello-time <value>
between the generation of configuration messages by the root
vlan id <vlan-id>
switch (1 ~ 10 seconds, default: 2 seconds)
3. Sets the STP maximum aging time for a VLAN.

y <value>: The STP maximum aging time. The maximum aging
stp max-age <value> time is the number of seconds a switch waits without receiving
vlan id <vlan-id> spanning-tree configuration messages before attempting a
reconfiguration. (6 ~ 40 seconds, default: 20 seconds)
4. Set the STP forward delay for a specific VLAN.

y <value>: The STP forward time . The forward delay is the
stp forward-delay
number of seconds a port waits before changing from its
<value> vlan id
spanning-tree learning and listening states to the forwarding
<vlan-id>
state. (4 ~ 30 seconds, default: 15 seconds)

show stp vlan <vlan-id>
The following example shows how to set STP hello timers to 5 seconds for a VLAN:
(config)# stp hello-time 5 vlan id 2
(config)# end

VLAN ID: 2
.
.
.
ForwardDelay: 15(s)
Bridge MaxAge: 20(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 15(s)
.
.
#
To return the STP hello timers to the default value, use the no form of these command in Global
configuration mode:
(config)# no stp hello-time vlan id 2

(config)#
The following example shows how to set STP forward delay timers to 20 seconds for a VLAN:
(config)# stp forward-delay 20 vlan id 2
(config)# end
VLAN ID: 2
.
.
.
.
#
To return the STP forward delay timers to the default value, use the no form of these command
in Global configuration mode:
(config)# no stp forward-delay vlan id 2

(config)#

The following example shows how to set STP max age timers to 25 seconds for a VLAN:
(config)# stp max-age 30 vlan id 2

(config)# end
VLAN ID: 2
.
.
HelloTime: 2(s)
ForwardDelay: 15(s)
Bridge MaxAge: 25(s)
.
.
#
To return the STP max age timers to the default value, use the no form of these command in
(config)# no stp max-age vlan id 2

(config)#

Configuring RSTP
This section describes how to configure RSTP on the Corecess R1-SW24L2B.
Configuration Procedure of RSTP

The following procedure describes how to configure RSTP.
y Enabling RSTP on a VLAN
y Enable STP on a port
y Setting the bridge ID
y Configuring the path cost
y Configuring STP encoding
y Configuring the port priority
y Setting spanning tree timers (Hello time, Max age, Forward delay)
y Configuring spanning tree protocol type
y Configuring edge port
In the configuration procedure, Enable STP on a port, Setting the bridge ID, Configuring the port
priority and Setting spanning tree timers (Hello time, Max age, Forward delay) are explained in the
previous section.

Enabling RSTP on a VLAN
You can enable or disable RSTP on a per-VLAN basis. RSTP is enabled by default on all VLANs
and on all newly created VLANs. Because RSTP is enabled by default, there is no additional
configuration. If you disable RSTP and enable RSTP again on a VLAN, use the following
commands.
Table 13-11 Enabling RSTP on a VLAN
Command Task
2. Enable RSTP on a specified VLAN.

stp vlan id <vlan-id>
y <vlan-id> VLAN ID (1 ~ 4094)
show stp vlan

4. Verify STP configuration.
{all | id <vlan-id>}
The following example shows how to enable RSTP on the VLAN whose ID is 2:
(config)# stp vlan id 1
(config)# end
VLAN ID: 1
BridgeID: 0x8000-0001020000DB
Topology changes: 0
.
.
.
#

Disable RSTP only if you are sure there are no loops in the network topology . When RSTP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable RSTP on a per-VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable RSTP on the VLAN whose ID is 2:
(config)# no stp vlan id 1

(config)#
If you disable RSTP on a VLAN, STP is disabled on all ports belongs to the VLAN.

Configuring the Path Cost
When spanning tree is configured, if there are over two paths, lower cost of the path is selected.
By default, path cost of a port is decided by physical link speed as follows:
y Ethernet link (10Mbps): 2,000,000
y Fast Ethernet link (100Mbps): 2000,000
y Gigabit Ethernet link (1Gbps): 20,000
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for the specified port, use the following commands.
Table 13-12 Configuring the path cost
Command Task
2. Set the path cost for a specific port..

port <port-type>
<slot>/<port>
- gigabitethernet: Gigabit Ethernet port
pathcost <path-cost>
y <slot>/<port> slot/port number of a port
y <path-cost> path cost of a port (1 ~ 200000000).
show stp port <port-
4. Verify the configuration result.
type> <slot>/<port>
The following example shows how to set the path cost for the Fast Ethernet port 2/1 to 20000:
(config)# port fastethernet 2/1 pathcost 20000

(config)# end
Link State: up
Port Priority: 0x8
Designated Path Cost: 20000
AdminEdge: false

#
Recommendation: We recommend that you set the path cost as follows according to the running RSTP
protocol version and the media speed of the port:
Port Speed Range

10Mbps 200000 ~ 20000000
100Mbps 20000 ~ 2000000
1Gbps 2000 ~ 200000
10Gbps 200 ~ 20000

Configuring RSTP Encoding
While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits
(1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. By default,
RSTP is enabled, so path cost of 32 bits are used in the Corecess R1-SW24L2B, but encoding of
path cost can generally be changed to 16 bits for STP compatible. To change path cost to 16 bits,
refer table 15-8 Configuring STP encoding mode. You can not configure the STP encoding mode
for individual VLANs and the change affects to all spanning trees.
To change path cost of 16 bits to path cost of 32 bits again, use the following commands.
Table 13-13 Configuring RSTP encoding mode
Command Task
stp pathcost-encoding
2. Configure the type of RSTP encoding mode.
stp8021t2001
show stp vlan id

<vlan-id>
The following example shows how to configure the type of STP encoding mode to 32 bits:
(config)# stp pathcost-encoding stp8021t2001

(config)#

Configuring Spanning Tree Protocol Type
The Corecess R1-SW24L2B supports both 802.1D STP and 802.1W RSTP. By default, spanning
tree protocol that is operating on a VLAN is 802.1W TSTP. For compatible of other device or
other reasons, you can set STP to operate on a particular VLAN.
To set spanning tree protocol to STP on a particular VLAN, use the following commands.
Table 13-14 Configuring Spanning Tree Protocol Type
Command Task
stp protocol-version 2. Set spanning tree protocol to STP on the specified VLAN.
stp vlan id <vlan-id> y <vlan-id> VLAN ID (1 ~ 4094)
show stp vlan id

<vlan-id>
The following example shows how to set spanning tree protocol to STP on the VLAN whose ID
is 2:
(config)# stp protocol-version stp vlan id 2

(config)# end
VLAN ID: 2
Root Bridge: yes
BridgeID: 0x8000-0001AB0DEF11
.
.
.
#

Configuring an Edge Port
The Corecess R1-SW24L2B allows ports that are configured as Edge ports to be present in an
RSTP topology. STP edge ports are bridge ports that do not need STP enabled, where loop
protection is not needed out of that port or an STP neighbor does not exist out of that port.
Edge ports assume designated port roles. Port flapping does not cause any topology change
events on Edge ports since RSTP does not consider Edge ports in the spanning tree calculations.
However, if any incoming BPDU is received from a previously configured Edge port, RSTP
automatically makes the port as a non-edge port. This is extremely important to ensure a loop
free Layer 2 operation since a non-edge port is part of the active RSTP topology.
To configure an edge port, use the following commands:
Table 13-15 Configuring an Edge Port
Command Task
2. Configures a port as an Edge port.

stp adminEdge port y <port-type>: The type of Ethernet port.
<port-type> - fastethernet: Fast Ethernet port
<slot>/<port> - gigabitethernet: Gigabit Ethernet port
y <slot>/<port> The slot number and port number of the port
show stp port <port-

type> <slot>/<port>
The following example shows how to configure the Gigabit Ethernet port 2/1 as an Edge port:
(config)# stp adminEdge port fastethernet 2/1

(config)# end
Corecess # show stp port fastethernet 2/1
Link State: up
Port Priority: 0x8
AdminEdge: true
#

STP Configuration Commands
The following table lists the commands for configuring STP on the Corecess R1-SW24L2B:
Table 13-16 STP configuration commands
Command Description
port pathcost Sets the spanning-tree port path cost for the specified Ethernet port.
port priority Sets the spanning-tree port priority for the specified Ethernet port.
Enables or disables STP(Spanning Tree Protocol) on the specified

port stp
Ethernet port.
show stp port Displays spanning-tree information for the specified port.
show stp vlan Displays spanning-tree information for the specified VLAN interface.
stp adminEdge port Configures a port as an Edge port.
stp bridge-priority Sets the bridge ID for a VLAN.
stp forward-delay Sets the bridge forward delay for a VLAN.
stp hello-time Sets the bridge hello time for a VLAN.
stp max-age Sets the bridge maximum aging time for a VLAN.
stp pathcost-encoding Configures the type of Spanning Tree Protocol encoding mode.
Configure the type of Spanning Tree Protocol mode to run for a specific
stp protocol-version
VLAN.
stp vlan Enables the spanning tree algorithm for a specific VLAN.

Appendix A Product Specifications
Appendix A describes the specifications of the Corecess R1-SW24L2B.
9 Hardware Specification A-2
9 Software Specification A-3

Hardware Specifications
Table A-1 Corecess R1-SW24L2B hardware specifications
Switching Fabric
y Switching throughput : 8.8Gbps full-duplex

y Performance : 13Mpps (64 byte packets)
y MAC address : Maximum 8K (Layer 2)
Memory
y Main memory : 64MB (SDRAM)

Hardware y Flash memory : 64MB
System Dimension and Weight
y Size : 440 x 44 x 220mm (W x H x D)
AC Power Supply
y Frequency : 50/60Hz
y Input Voltage : 100 ~ 240VAC
y Input Voltage Range : 88 ~ 264VAC
Temperature
y Operating Range : -20 ~ 60C

Operational y Storage Range : -30 ~ 75C
Environment
Humidity
y Operating Range : 10 ~ 95% (40C, non-condensing)
Rack Installation Kit
y Four binder-head screws
Cables
Packages
y Console Cable (RJ-45 DB-9)
Manual
y User Reference Manual
A-2 R1-SW24L2B Users Manual

Software Specifications
Table A-2 Corecess R1-SW24L2B software specifications
VLAN Function
y Support Port based VLAN, IEEE 802.1q tagged VLAN (Maximum 254)
y Support Spanning Tree and Multicast per VLAN
Link aggregation Function
y IEEE 802.3ad Link aggregation

y Support the maximum 16 of aggregation Groups
Multicasting Function
y IGMP v2.0
y IGMP snooping
QoS Function
Function
y Multi field packet classification
y 802.1p CoS Marking, Reclassification
y TOS Marking, Reclassification
y DSCP Marking, Reclassification
y Scheduling: SP (Strict Priority)
Security Function
y Access List
y MAC Filtering
y DHCP Filtering
y NetBIOS Filtering
Internet Access Function
y NTP (Network Time Protocol)
Product Specifications A-3

(Continued)
Management Function
y Console
- Local : RJ-45 Console Port (Out-band)
- Remote : Telnet and Web based Console (In-band)
y CLI (In-band, Out-band)
y NMS (ViewlinX Manager/EMS)
Function y Port mirroring
y SNMP v1/v2c
y RMON
- Group 1 (Statistics), Group 2 (History), Group 3 (Alarm), Group 9 (Events)
- Extended RMON
y System log file (configuration log)
y Remote software upgrade (FTP/TFTP)
y RFC 768 UDP

y RFC 791 IP
y RFC 792 ICMP
y RFC 826 ARP
y RFC 768 UDP
y RFC 783 TFTPv2
y RFC 793 TCP
y RFC 826 ARP
y RFC 854 Telnet
y RFC 951 BOOTP
IETF Standard
y RFC 1112 Host Extensions for IP Multicasting
y RFC 1157 SNMPv1
y RFC 1165 NTP
y RFC 1256 ICMP Router Discover Message
y RFC 1349 Type of Service in the Internet Protocol Suite
y RFC 1542 Clarifications and Extensions for the Bootstrap Protocol
y RFC 2573 SNMP Applications
y RFC 3195 Syslog
y RFC 1901 SNMP v2
y RFC 2236 Internet Group Management Protocol, Version 2
y CORECESS-BASIC-MIB
y CORECESS-SMI
y RFC 1213 MIB-II
MIB y RFC 1493 BRIDGE-MIB
y RFC 1757 RMON-MIB
y RFC 1907 SNMPv2-MIB
y RFC 2233 IF-MIB
A-4 R1-SW24L2B Users Manual

Appendix B Connector & Cable Specifications
Appendix B describes the specifications of the ports on the Corecess R1-SW24L2B. In addition, the kinds
and specifications of cables needed for the connection of each port.
9 Connector Specifications B-2
9 Cable Specifications B-4

Connector Specifications
RJ-45 Connector
10/100/1000Base-T Port
10/100/1000Base-T ports on the uplink modules have the 8-pin RJ-45 connector. The
cable used for connecting 10/100/1000Base-T port is twisted-pair cable with RJ-45
8 1 connectors at both ends.
Pin configuration of 10/100/1000Base-T port is as follows:
Table B-1 Pin Configuration of 10/100/1000Base-T Port
Pin Signal Pin Signal
1 Tx, Rx+ (1 pair) 5 Tx, Rx+ (3 pair)
2 Tx, Rx- (1 pair) 6 Tx, Rx- (2 pair)
3 Tx, Rx+ (2 pair) 7 Tx, Rx+ (4 pair)
4 Tx, Rx- (3 pair) 8 Tx, Rx- (4 pair)
Console Port
1 8 The CONSOLE port on the front panel of the Corecess R1-SW24L2B has an 8-pin RJ-45
connector. The cable used for connecting console port is serial cable with an RJ-45
connector and a DB-9 at each end.
Pin configuration of Console port is as follows:
Table B-2 Pin Configuration of Console Port
Pin Signal
2 Tx
3 Rx
5 GND
B-2 R1-SW24L2B Users Manual

LC Connector
1000Base-SX Port
100/1000Base-SX ports on the uplink modules have Duplex LC connectors. The cable
used for connecting these LC connectors is multi mode fiber optic cable
(transmitting/receiving wavelength: 850nm).
1000Base-LX Port
100/1000Base-LX ports on the uplink modules have Duplex LC connectors. The cable
used for connecting these LC connectors is multi mode fiber optic cable
(transmitting/receiving wavelength: 1310nm).
SC/APC Connector
1000Base-PX Port
1000Base-PX ports on the OPT-N1ES1CD module and OPT-N1EL1CD module have

simplex SC/APC connectors. The cable used for connecting these SC connectors is
single mode fiber optic cable (transmitting/receiving wavelength: 1490/1310nm).
Connector & Cable Specifications B-3

Cable Specifications
Twisted Pair Cable

The 10/100/1000Base-T ports on the uplink modules are connected by using twisted pair cables
with RJ-45 connectors at both ends.
There are two types of twisted pair cables: UTP (unshielded twisted pair) cable and STP
(shielded twisted pair) cable. The following figure shows a twisted pair cable with RJ-45
connectors at both ends.
According to the speed of devices to be connected: Category-3, 4, 5, 5+, 6

The category of twisted pair cable to be used is determined by the speed of the devices to be
connected to RJ-45 port. In case of connecting with a device that operates at 10Mbps, category 3
and 4 cable is used. In case of connecting with a device that operates at 100Mbps, category 5
cable is used. In case of connecting with a device that operates at 1000Mbps, category 5+ or
category 6 cable is used.
According to the kinds of devices to be connected: Straight-through, Crossover

Either straight-through cable or crossover cable is used according to the kinds of devices to be
connected to RJ-45 port. In case the device to be connected is such terminal (MDI) as PC
equipped with NIC (Network Interface Card), straight-through cable is used. On the other hand,
crossover cable is used for connecting the ports of network devices (MDI-X) such as hub or
switch.

Fiber Optic Cable
The system modules with fiber optic ports are connected using fiber optic cables as follows:
Table B-3 System Modules with Fiber Optic Ports
Fiber
Module Connector Interface Optic Wave Length(nm)
Cable
Multi-
OPT-N1ES1CD 100/1000Base-SX y Rx/Tx : 850nm
OPT-N1EL1CD mode
OPT-N2CD Duplex LC
OPT-N2CS Single
100/1000Base-LX y Rx/Tx : 1310nm
mode
OPT-N1ES1CD Single y Rx : 1310nm

OPT-N1EL1CD Simplex SC/APC 1000Base-PX
mode y Tx : 1490nm
Duplex LC Fiber Optic Cable

The cable used for connecting the 1000Base-SX/LX SFP ports on the uplink modules is fiber-optic
cable with duplex LC connectors at both ends (transmitting/receiving wavelength: 1310nm).

Simplex SC/APC Fiber Optic Cable
The cable used for connecting the 1000Base-PX SFP port on the OPT-N1ES1CD module and OPT-
N1EL1CD module is fiber-optic cable with simplex SC/APC connectors at both ends
(transmitting/receiving wavelength: 1490/1310nm).

Console Cable
Console cable is used to connect the console port to a console terminal (ASCII terminals or PCs
equipped with terminal emulation programs). Console cable has an RJ-45 connector and a DB-9
connector at each ends.
Console Port DB-9 Connector
Console Port DB9 Connector
<Pin Configuration>
Note: Before connecting the console port, ensure that console terminal is configured as follows:
Baud rate Data bit Parity Stop bit Flow control
9600 8 None 1 None


R1 Ethernet Switch User Guide

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

R1 Ethernet Switch User Guide

Hochgeladen von

Copyright:

Verfügbare Formate

Edition : 00

Corecess Layer2 Ethernet Switch

No Part of this book shall be reproduced, stored in a retrieval system, or

The specifications and information regarding the products in this manual

Other product names or company names mentioned in this manual are

y Introduction to functions and features

y Name and function of each part

y How to install on a rack and connect cable to each port

y How to configure the Corecess R1-SW24L2B

9 This manual can also be downloaded from Corecess website www.corecess.com.

Notations in Console Screen

y Text displayed on console screen is shown in Courier New.

y Values entered by user are displayed in bold Courier New.

Notations in Command Syntax

y Console commands are indicated in bold Courier New.

y Parameters that need to be entered are indicated in Courier New.

y Parameters in [ ] are parameters that can be ignored.

IV R1-SW24L2B Users Manual

Recommendation: Introduces recommendatory item for the use of product..

Chapter 2 Hardware Description

Chapter 3 Before Installation

Chapter 5 Basic Configuration

Chapter 6 Configuring Ports

Chapter 7 Configuring VLAN

Chapter 8 Configuring SNMP and RMON

Chapter 9 Configuring QoS

VI R1-SW24L2B Users Manual

Chapter 11 Configuring IGMP Snooping

Chapter 12 Configuring LACP

Chapter 13 Configuring STP/RSTP

Appendix A Product Specifications

Appendix B Connector and Cable Specifications

Manual Contents ............................................................................ III

Chapter 1 Overview 1-8

Chapter 2 Hardware 2-8

VIII R1-SW24L2B Users Manual

Chapter 3 Before Installaion 3-8

Chapter 4 Installation 4-8

Chapter 5 Basic Configuration 5-8

X R1-SW24L2B Users Manual

Chapter 6 Configuring Ports 6-8

Chapter 7 Configuring VLAN 7-8

Chapter 8 Configuring SNMP and RMON 8-8

Chapter 9 Configuring QoS 9-8

XII R1-SW24L2B Users Manual

Chapter 10 Configuring Security 10-8

Chapter 11 Configuring IGMP Snooping 11-8

Chapter 12 Configuring LACP 12-8

Chapter 13 Configuring STP/RSTP 13-8

XIV R1-SW24L2B Users Manual

Appendix A Product Specifications A-8

Appendix B Connector & Cable Specifications B-8

Table 1-1 Types of Uplink module ............................................................... 1-8

Table 2-1 RUN LED descriptions ................................................................. 2-8

Table 4-1 Configuring a console terminal .................................................... 4-8

Table 5-1 CLI modes.................................................................................... 5-8

XVI R1-SW24L2B Users Manual

Table 6-1 Default port configuration............................................................. 6-8

Table 7-1 Default VLAN configuration.......................................................... 7-8

Table 8-1 Types of community strings ......................................................... 8-8

Table 9-1 Criteria for packet classification ................................................... 9-8

Table 11-1 show ip igmp snoop mrouter field descriptions........................ 11-8

Table 12-1 Configuring link aggregation .................................................... 12-8

Table 13-1 STP Timers .............................................................................. 13-8