Beruflich Dokumente
Kultur Dokumente
Distribution : 2006, 06
R1-SW24L2B
User's Manual
| Copyright |
Copyright 2006 by Corecess Inc. All rights reserved.
| Trademark Credit |
Corecess R1-SW24L2B is registered trademark of Corecess Inc.
Corecess Inc.
500-2, Sangdaewon-dong, Jungwon-ku, Sungnam-city, Kyungki-do, Korea, 462-120
TEL:+82-31-739-6600 FAX: :+82-31-739-6622
http://www.corecess.com
Manual Contents
This manual is organized as follows concerning the Corecess R1-SW24L2B:
Careful reading of this manual before using the Corecess R1-SW24L2B will alleviate the
complexity of manipulating the system. The user should read the chapters 1~3 to become
acquainted with the functions of the product, name and function of each part, and the
precautions before installation. Understanding chapters 1~3 will help a great deal for safety in
installing and using the product.
9 If you have any problems or questions during installation or while using the product,
contact your equipment provider or visit our website at www.corecess.com and leave
a message in Q&A.
Audience
This manual is designed for the users with basic knowledge in Ethernet. Thus, this manual
assumes that the reader is knowledgeable of basic concepts and terminology about Ethernet and
FTTH and does not provide separate explanations for these topics. If you feel that the contents
of this manual are difficult and require more detailed explanations, refer to other network
related books.
Revison History
Edition Date Description
00 October, 2005 First Draft
01 June, 2006 Second Draft
III
Notations
This manual uses the notations explained below for assisting readers in understanding the
contents of this manual.
y { A | B | C } means that one entry among A, B, and C must be selected and entered.
y [A | B | C] means that one entry among A, B, and C may or may not be selected and
entered.
Note: Introduces useful item for the use of product, reference, and its related materials
Caution: Explains possible situations or conditions of improper operation and possibility of losing data and
provides suggestions how to deal with those cases.
Warning: Explains situtations in which product can be damaged or danger can be imposed to users physically,
and informs you how to respond to those situations.
V
Organization
The chapters of this manual are organized as follows:
Chapter 1 Overview
This chapter introduces the Corecess R1-SW24L2B functions and features and describes several kinds of
network examples configurable with the Corecess R1-SW24L2B.
Chapter 4 Installation
This chapter describes how to mount the Corecess R1-SW24L2B on a rack, connect the cables to the ports,
and connect the power.
VII
Table of Contents
IX
Connecting Network Devices ....................................................... 4-8
10/100Base-TX Port.................................................................................... 4-8
1000Base-PX SFP Port ................................................................................ 4-8
100/1000Base-LX/SX Port ........................................................................ 4-8
10/100/1000Base-TX Port ......................................................................... 4-8
10/100/1000Base-TX Port ......................................................................... 4-8
Connecting a Console Terminal................................................... 4-8
Configuring a Console Terminal.............................................................. 4-8
Connecting a Console Terminal ............................................................... 4-8
Connecting Power to the System................................................. 4-8
Starting the System...................................................................... 4-8
XI
Trap...................................................................................................................... 8-8
Configuring SNMP..................................................................................... 8-8
SNMP Default Configuration .......................................................................... 8-8
Setting the System Contact and Location Information ................................ 8-8
Configuring Community Strings .................................................................... 8-8
Configuring Trap Type..................................................................................... 8-8
Configuring Trap Host ..................................................................................... 8-8
Configuring SNMP Access Groups ................................................................ 8-8
Displaying SNMP Information................................................................. 8-8
Displying SNMP Configuration Information................................................ 8-8
Displaying SNMP Community Strings .......................................................... 8-8
Displaying SNMP Statistics.............................................................................. 8-8
Displaying SNMP Trap Hosts ......................................................................... 8-8
Configuring RMON....................................................................... 8-8
RMON (Remote MONitoring) Overview ............................................... 8-8
Configuring RMON ................................................................................... 8-8
Enabling RMON ................................................................................................ 8-8
Configuring History Groups............................................................................ 8-8
Configuring Statistics Groups.......................................................................... 8-8
Configuring Event Groups............................................................................... 8-8
Configuring Alarm Groups.............................................................................. 8-8
Displaying RMON Information ............................................................... 8-8
SNMP and RMON Configuration Commands .............................. 8-8
XIII
Applying Service Policies to the System ...................................................... 10-8
Security Configuration Commands ............................................ 10-8
XV
List of Tables
Table 3-1 The Number of Required Person to Lift The System ................... 3-8
Table 3-2 Temperature and humidity condition............................................ 3-8
Table 3-3 Power condition ........................................................................... 3-8
XVII
Table 9-4 Changing CoS, IP Precedence, or DSCP value .......................... 9-8
Table 9-5 Configuring packet filtering of a traffic class in a policy map ....... 9-8
Table 9-6 Configuring a transmission queue for a traffic class .................... 9-8
Table 9-7 Specifying a priority of a traffic class in a policy map................... 9-8
Table 9-8 Configuring rate-limint of a traffic class in a policy map............... 9-8
Table 9-9 Applying QoS service policy ........................................................ 9-8
Table 9-10 Configuring CoS value ............................................................... 9-8
Table 9-11 Configuring rate limiting on a port .............................................. 9-8
Table 9-12 Configring the precedence of values for CoS field .................... 9-8
Table 9-13 Specifying priority for transmission queue ................................. 9-8
Table 9-14 Configuring Shaping .................................................................. 9-8
Table 9-15 Configuring broadcast suppression ........................................... 9-8
Table 9-16 QoS configuration commands.................................................... 9-8
Table 10-1 Changing timeout for an unattended telent session ................ 10-8
Table 10-2 Defining access lists ................................................................ 10-8
Table 10-3 Applying the access list to terminal line ................................... 10-8
Table 10-4 Applying the access list to SNMP access................................ 10-8
Table 10-5 Filtering DHCP offer................................................................. 10-8
Table 10-6 Filtering File and Resource Sharing Protocol .......................... 10-8
Table 10-7 Filtering Default Traffic............................................................. 10-8
Table 10-8 Creating a class map ............................................................... 10-8
Table 10-9 Creating a policy map for packet filtering................................. 10-8
Table 10-10 Applying service policies........................................................ 10-8
Table 10-11 Security configuration commands.......................................... 10-8
XIX
XX R1-SW24L2B Users Manual
Chapter 1 Overview
This chapter introduces the Corecess R1-SW24L2B functions and features and describes several kinds of
network examples configurable with the Corecess R1-SW24L2B.
9 Introduction 1-2
Since the Corecess R1-SW24L2B provides 24 auto-sensing 10/100Base-TX Fast Ethernet ports and
supports the switching speed of 8.8Gbps@full-duplex and the packet processing speed of
5.9Mpps@64bytes, the maximum wire speed assigned to each port can be guaranteed. The
Corecess R1-SWL2B can trunk the Gigabit Ethernet ports to extend uplink bandwidth using
IEEE 802.3ad LACP.
Since Gigabit Ethernet option modules can be installed in the option slot on the Corecess R1-
SW24L2B, it is easy to configure networks that can flexibly respond to a variety of
environmental needs. As it can connect to a remotely located large Gigabit Ethernet backbone
device by installing option module into the option slot of the Corecess R1-SW24L2B, it can be
used as an intermediate backbone network device of a large network as well as a mid-range
workgroup network.
The Corecess R1-SW24L2B supports high perfomance QoS (Quality of Service). Thus users can
control the various types of traffic (voice, video and other important data) easily. For example,
users can set priority of data to provide the serive without interrupt.
The Corecess R1-SW24L2B is easy to use and can be easily installed as well. Just like an Ethernet
hub, it can be used by connecting cables to the target device. And LEDs on the front panel of the
Corecess R1-SW24L2B make it easy to manage the product and networks through notifying the
operation status, port conditions and fault occurrence.
Memory
y Main Memory (Protocol processing) : 64Mbytes
Interface
The Corecess R1-SW24L2B supports the following interfaces:
y Various type of uplink interface
Overview 1-3
Software Features
y Supports Port based VLAN and IEEE 802.1q Tagged VLAN (Maximum: 254)
Security
The Corecess R1-SW24L2B supports the following security fuctions:
y System access control through Telnet or SNMP using access lists
y CIFS filtering using MAC address, IP address and TCP/UDP port number
Network Management
The Corecess R1-SW24L2B supports the SNMP and RMON for network management and port
mirroring feature for solving the network problem. You can monitor and control the Corecess
R1-SW24L2B network via the console port, Telnet session, or the Corecess NMS, ViewlinX.
y RMON
The Corecess R1-SW24L2B provides four RMON groups (history, statistics, alarms, and events) in
each port as traffic management, monitoring and analysis tools.
y Port Mirroring
The Corecess R1-SW24L2B allows you to use the port mirroring feature without effecting the switching
performance.
y Software Maintenance
The Corecess R1-SW24L2B provides easy-to-upgrade using FTP and TFTP in a remote place.
Switching
y MAC Address
The Corecess R1-SW24L2B saves 8,192 MAC adresses which may be changed using software.
y Port Trunking
The Corecess R1-SW24L2B provides port trunking functionality which combines the bandwidths of ports
to serve as much as a single port.
Overview 1-5
Network Configurations
This section describes example applications for the Corecess R1-SW24L2B.
L2 Switch
Overview 1-7
1-8 R1-SW24L2B Users Manual
Chapter 2 Hardware
This chapter introduces the structures of the front and rear side of the Corecess R1-SW24L2B and
describes the function and appearance of the cards provided for the Corecess R1-SW24L2B.
On the front panel of the Corecess R1-SW24L2B, there are LEDs, ports, an uplink slot and
power devices; thus users can monitor the switch status immediatly, and connect cables easily.
Ground Connector Reset Switch RUN LED Fast Ethernet Port LED
Console Port
Ground Connector
Ground connector is used to ground the Corecess R1-SW24L2B for preventing damage from
electrostatic discharge or lightning. Before connecting power to the system, connect it according
to local site practice.
Power Input
The power input is a terminal that connects external AC power of 100 - 240VAC by using a
power cord.
Power Switch
The power switch is used when turning the Corecess R1-SW24L2B on and off.
Option Slots
On the left of the 10/100Base-TX port, there are an option slot in which an option module can
be installed. The Corecess R1-SW24L2B provides a variety of option modules that support
gigabit ports of various interfaces. The kinds of option modules that can be installed in the
option slots of the Corecess R1-SW24L2B are described in the Option Modules section in this
chapter.
Console Port
The console port is used to connect a console terminal for monitoring and configuring the
Corecess R1-SW24L2B. To connect the console port to a console terminal, use the included
console cable. A PC or workstation installed with a terminal emulation program or VT-100
terminal can be used as a console terminal. Chapter 4/ Installation describes how to connect a
console terminal to the console port.
RUN LED
The RUN LEDs, which indicate the operating state of the Corecess R1-SW24L2B, operate as follows
according to the system status:
Hardware 2-3
Fast Ethernet Port LEDs
The Fast Ethernet port LEDs (LINK/ACT) indicates the data transmission/reception status and
connection speed of each port.
The LINK/ACT LED display the information on the port connection and data transmission as
follows:
Item Specification
Interface 10/100Base-TX
Port Number 24
This section describes the types and functions of option module that can be installed in the
option slot of the Corecess R1-SW24L2B.
Hardware 2-5
OPT-N1ES1CD
The OPT-N1ES1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo
port. The SFP type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit
Ethernet PON port (1000Base-PX) provides maximum 10Km of service length.
100/1000Base-SX/LX
1000Base-PX port SFP port 10/100/1000Base-T port
Table 2-5 LED Functions of Gigabit Ethernet PON Port on the OPT-N1ES1CD Module
On Indicates that the port have established a valid link with the network.
LINK Green Blink Indicates that the port is transmitting or receiving data.
Indicates that the port have not established a valid link with the
Off
network.
ACT Yellow Blink Indicates that the port is transmitting or receiving data.
The following table lists the specifications of the Gigabit Ethernet PON port on the OPT-
N1ES1CD module:
Port Number 1
Both the RJ-45 connector and the LC connector (SFP module) cannot be used as Gigabit Ethernet
port at the same time. For example, if a RJ-45 connector of 10/100/1000Base-T port is connected
to a Gigabit Ethernet device, a LC connector of SFP port is automatically disabled.
The following table lists the specifications of the Gigabit Ethernet port on the OPT-N1ES1CD
module:
Hardware 2-7
Gigabit Ethernet Port LED (B)
The following table describes the information indicated by LEDs of the Gigabit Ethernet port on
the OPT-N1ES1CD module:
Table 2-8 LED Functions of Gigabit Ethernet Port on the OPT-N1ES1CD Module
On Indicates that the port have established a valid link with the network.
ACT/
LINK Green Blink Indicates that the port is transmitting or receiving data.
(A, B) Indicates that the port have not established a valid link with the
Off
network.
OPT-N1EL1CD
The OPT-N1EL1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo
port. The SFP type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit
Ethernet PON port (1000Base-PX) provides maximum 20Km of service length.
100/1000Base-SX/LX
1000Base-PX port SFP port 10/100/1000Base-T port
On Indicates that the port have established a valid link with the network.
LINK Green Blink Indicates that the port is transmitting or receiving data.
Indicates that the port have not established a valid link with the
Off
network.
ACT Yellow Blink Indicates that the port is transmitting or receiving data.
The following table lists the specifications of the Gigabit Ethernet PON port on the OPT-
N1EL1CD module:
Table 2-10 Specifications of Gigabit Ethernet PON Port on the OPT-N1EL1CD Module
Port Number 1
Hardware 2-9
Both the RJ-45 connector and the LC connector (SFP module) cannot be used as Gigabit Ethernet
port at the same time. For example, if a RJ-45 connector of 10/100/1000Base-T port is connected
to a Gigabit Ethernet device, a LC connector of SFP port is automatically disabled.
The following table lists the specifications of the Gigabit Ethernet port on the OPT-N1EL1CD
module:
Table 2-12 LED Functions of Gigabit Ethernet Port on the OPT-N1EL1CD Module
On Indicates that the port have established a valid link with the network.
ACT/
LINK Green Blink Indicates that the port is transmitting or receiving data.
(A, B) Indicates that the port have not established a valid link with the
Off
network.
Both the RJ-45 connector and the LC connector (SFP module) cannot be used as Gigabit Ethernet
port at the same time. For example, if a RJ-45 connector of 10/100/1000Base-T port is connected
to a Gigabit Ethernet device, a LC connector of SFP port is automatically disabled.
The following table lists the specifications of the Gigabit Ethernet port on the OPT-N2CD
module:
Hardware 2-11
Gigabit Ethernet Port LED (A, B)
The following table describes the information indicated by LEDs of the OPT-N2CD module:
On Indicates that the port have established a valid link with the network.
ACT/
LINK Green Blink Indicates that the port is transmitting or receiving data.
(A, B) Indicates that the port have not established a valid link with the
Off
network.
OPT-N2CS
The OPT-N2CS module provides two Gigabit Ethernet combo ports (RJ-45, SFP). The SFP type
of the Gigabit Ethernet ports supports 1000M speed.
The following table lists the specifications of the Gigabit Ethernet port on the OPT-N2CS
module:
On Indicates that the port have established a valid link with the network.
ACT/
LINK Green Blink Indicates that the port is transmitting or receiving data.
(A, B) Indicates that the port have not established a valid link with the
Off
network.
Hardware 2-13
2-14 R1-SW24L2B Users Manual
Chapter 3 Before Installaion
This chapter describes the precautions for installation of the Corecess R1-SW24L2B and
installation environment for the normal operation. It also describes the way to unpack box of the
Corecess R1-SW24L2B and verify the contents.
9 Precautions 3-2
9 Unpacking 3-10
Precautions
Warning: Before you install the Corecess R1-SW24L2B, read this section. This section contains important safety
information you should know before working with the system.
General Precautions
y While or after installing the equipment, keep the equipment clean and free from dust all the
time.
y After removing the cover of the equipment, keep the cover in safe place.
y Any tool or cable should not be left on the way of passage for better safety.
y When installing the equipment, the installer should not wear baggy clothing so that tie, scarf,
and sleeves should not be caught in the equipment. Keep tie and scarf from getting slack,
and roll up the sleeves.
y Avoid any harmful action that damages the people or the equipment.
y In case that opening the case for repairing or test is required, contact the sales agency where
you purchased this equipment, or directly contact Corecess Inc. for professional help.
Power Considerations
y Be careful when connecting the system to the supply circuit so that wiring is not overloaded.
y When plugging in a power socket or handling any power source, avoid ring, necklace, metal
watch for better safety. If these materials touch the power socket or ground of the product,
the parts can be burnt out.
y Always verify whether there is any possible danger in the workshop. Wet floor, ungrounded
extension, rubbed-off power code, or unsafe (or ungrounded) floor might be dangerous.
y Ensure that the plug-socket combination is accessible at all times, because it serves as the
main disconnecting device.
y Always wear an ESD-preventive wrist or ankle strap when handling electronic components.
Connect one end of the strap to an ESD jack or an unpainted metal component on the system
(such as a captive installation screw).
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Avoid contact between the cards and clothing. The wrist strap only protects the card from
ESD voltages on the body; ESD voltages on clothing can still cause damage.
y For safety, periodically check the resistance value of the antistatic strap. The measurement
should be between 1 and 10 Mohms.
y Remove all jewelry (including rings and chains) or other items that could get caught in the
system or heat up and cause serious burns.
y Do not touch the backplane or mid-plane with your hand or metal tools.
y Do not perform any action that creates a potential hazard to people or makes the equipment
unsafe.
y Locate the emergency power-off switch for the room before working with the system.
y Turn off the power and disconnect the power from the circuit when working with
components that are not hot-swappable or when working near the system backplane or mid-
plane. If the system does not have an on/off switch, unplug the power cord.
y To completely de-energize the system, disconnect the power connection to all power supplies.
y For DC power supplies, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the off position, and tape the switch handle of the circuit
breaker in the off position.
y Do not touch the power supply when the power cord is connected. Line voltages are present
within the power supply even when the power switch is off and the power cord is connected.
Connecting Cables
When you connect cables, note the following guidelines.
y Use caution when installing or modifying telephone lines to prevent electric shock.
y Do not work on the system or connect or disconnect cables during periods of lightning activity.
y Do not touch uninsulated telephone wires or terminals unless the telephone line has been
disconnected at the network interface.
y Hazardous network voltages are present in WAN ports regardless of whether power to the
system is off or on. When you detach cables, detach the end away from the system first.
y Do not use a telephone to report a gas leak in the vicinity of the leak.
y Do not install telephone jacks in wet locations unless the jack is specifically designed for wet
locations.
y To avoid exposure to radiation, do not stare into the aperture of a fiber-optic port. Invisible
radiation might be emitted from the aperture of the port when no fiber cable is connected.
y Always keep unused fiber-optic ports capped with a clean dust cap.
Preventing EMI
When you run wires for any significant distance in an electromagnetic field, electromagnetic
interference (EMI) can occur between the field and the signals on the wires.
y Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the
signal drivers and receivers in the system, and can even create an electrical hazard by
conducting power surges through lines and into the system.
y If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.
y Help contain electromagnetic interference (EMI) that might disrupt other equipment
y Install the system in an open rack whenever possible. If installation in an enclosed rack is
unavoidable, ensure that the rack has adequate ventilation.
y Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted,
or if the intake air is too warm, an over temperature condition can occur.
y Avoid placing the system in an overly congested rack or directly next to another equipment
rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over
temperature condition.
y Equipment near the bottom of a rack might generate excessive heat that is drawn upward
and into the intake ports of the equipment above. The warm air can cause an over
temperature condition in the equipment above.
y Ensure that cables from other equipment do not obstruct the airflow through the chassis or
impair access to the power supplies or cards.
y Load the rack from the bottom to the top, with the heaviest system at the bottom.
y If there is equipment already installed in the rack, select the location for the system carefully
considering the size of the system:
y Ensure that your footing is solid and the weight of the system is evenly distributed between
your feet.
y Lift the system slowly, keeping your back straight. Lift with your legs, not with your back.
Bend at the knees, not at the waist.
y Do not attempt to lift the system with the handles on the power supplies or on any of the
cards. These handles are not designed to support the weight of the system.
y To lift and move the system, following number of people or a crane should be needed
depends on weight of the system:
18~32Kg 2
32~55Kg 3
Environmental Requirements
For the safe installation and use of the Corecess R1-SW24L2B, the place for installation should
satisfy the following requirements:
y While or after installing the product, keep the product clean all the time.
y The system should be installed in a cool place where has no direct ray of sunlight. Any tool
or equipment should not be place on the way of passage.
y The following ambience condition for temperature and humidity should always be kept.
Power Supply
y The Corecess R1-SW24L2B should be installed in the place where power supply satisfying
the following condition is provided.
Feature AC
Frequency 50/60Hz
y Verify the power (source) be clean. If there is too much noise or spark, it is better to have the
power control equipment.
y Locate an electric outlet near the system for easy installation of power cable.
y Be careful with connecting power supply equipment and avoiding overload wiring.
1. Open the shipping carton of the Corecess R1-SW24L2B. There is this manual, desiccant, a
power cable(s), and a console cable on the cushion inserted- Corecess R1-SW24L2B.
2. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe
place.
3. And then, verify whether there is a plastic bag that contains rack brackets and screws under
the shipping carton.
Corecess R1-SW24L2B
Recommendation: After unpacking, do not throw away the box including cushions and keep them in a safe
place in case the product is relocated, it is better to move the product after packing with the box including
cushions.
Note: If there are some missing contents or damaged components, contact the sales agency where you
purchased this product to replace them with new ones.
This chapter describes how to mount the Corecess R1-SW24L2B on a rack, connect the cables
to the ports, and connect the power.
9 Rack-Mounting 4-3
The following summarizes the installation procedure for the Corecess R1-SW24L2B. The next
section will describe in detail the step-by-step procedures for each step.
1. Rack-mount
The design allows the Corecess R1-SW24L2B to be mounted on a 19-inch rack. Rack brackets
and screws needed for rack mounting are enclosed with the product.
Caution: Before installing the system in a rack, read the Rack-Mounting the System section in the
Chapter 3/ Before Installation to familiarize yourself with the proper site and environmental conditions.
Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to
the system and components.
y Make sure that the 19-inch rack is placed on a convenient location for the Corecess R1-SW24L2B
installation. At least, the space of 550 x 750 (width x length)mm is needed to install the 19-inch rack.
y Check to see if there is a vertical space of around two rack units (2U) in the rack because of the
Corecess R1-SW24L2B (1U) and air flow space (1U).
R1-SW24L2B 1U
19-inch Rack
Installation 4-3
Mounting the System on a Rack
To mount the Corecess R1-SW24L2B on a 19-inch rack, you need the following tools and
equipment:
y A Philips screwdriver
y Electrostatic discharge (ESD) grounding strap
y Rack Brackets and Screws (provided along with the product)
Two (2) rack brackets
Four (4) binder-head screws (M5, 8mm)
Eight (8) pan-head screws (M3, 6mm)
Note: For more information about ESD, refer to the Chapter 3 Before Installation.
Once all the tools and equipment are prepared, mount the Corecess R1-SW24L2B on a 19-inch
rack according to the following procedure:
1. Place the Corecess R1-SW24L2B on a spacious floor or a sturdy table near the rack. And
check the tools and equipment.
2. There are four screw holes on each side of the Corecess R1-SW24L2B. As shown in the figure,
place the rack brackets to the screw holes and fix them using pan-head screws.
4. Lift up the Corecess R1-SW24L2B installed with rack brackets as high as the available space in
the 19-inch rack.
5. Place the rack brackets installed on the Corecess R1-SW24L2B to the holes of the 19-inch
rack. And fix the brackets using four binder-head screws.
Caution: The following explanations should be noticed when installing the Corecess R1-SW24L2B into the 19-
inch rack:
y Locate the heavy things at the bottom of the rack. If there is another equipment already installed in the rack,
select the location for the Corecess R1-SW24L2B carefully considering the size of the Corecess R1-SW24L2B.
y If the rack is empty, you should install the Corecess R1-SW24L2B at the bottom of the rack.
Installation 4-5
Connecting Network Devices
This section describes how to connect the 10/100Base-TX ports located on the front panel of the
Corecess R1-SW24L2B and the ports on the option module installed in the option slots to
network devices. The kinds of cables used for port connection are described in Chapter 3/ Before
Installation and Appendix B/ Connectors and Cables Specifications.
10/100Base-TX Port
The 10/100Base-TX port on the front of the Corecess R1-SW24L2B can be connected with the
Fast Ethernet network that supports the transmission speed up to 100Mbps.
Using the RJ-45 UTP cable, connect the 10/100Base-TX port to the Fast Ethernet device as
follows:
R1-SW24L2B
UTP cable
y 10Mbps : Category-3,4
y 100Mbps : Category-5
y 1000Mbps : Category-5+, 6
y MAX. cable length : 100m
PC
Hub or Switch
Prepare the single mode fiber optic cable (Rx: 1310nm, Tx: 1490nm), then connect the cable to
the 1000Base-PX SFP port of the OPT-N1ES1CS or OPT-N1EL1CS module and a Gigabit
Ethernet PON device.
R1-SW24L2B
Single Mode Fiber Optic Cable
y Connector : Simplex SC/APC
y Wavelength : 1310nm (Rx), 1490nm (Tx)
y Max. cable length : 10/20Km
Installation 4-7
100/1000Base-LX/SX Port
The 100/1000Base-SX/LX SFP module can be installed in the SFP slot of the uplink modules on
the Corecess R1-SW24L2B, and the Corecess R1-SW24L2B can be connected to the core network
using the 100/1000Base-SX/LX SFP module. Depends on the type of SFP modules, connect
cables as follows:
R1-SW24L2B
Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable
y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 850nm (Rx, Tx)
y Max. cable length : 10Km y Max. cable length : 550m
R1-SW24L2B
Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable
y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 1310nm (Rx, Tx)
y Max. cable length : 15/40Km y Max. cable length : 2Km
Installation 4-9
10/100/1000Base-TX Port
The RJ-45 port of the uplink modules on the Corecess R1-SW24L2B supports 10/100/1000Base-
T interface, and the RJ-45 port can be connected with the Gigabit Ethernet device that support
the transmission speed up to 1000Mbps.
Using the twisted-pair cable, connect the 10/100/1000Base-T port to the Gigabit Ethernet
device.
R1-SW24L2B
Twisted pair cable
y 10Mbps : Category-3, 4
y 100Mbps : Category-5
y 1000Mbps : Category-5+, 6
y Max. cable length : 100m
Note: The 10/100/1000Base-T port on the uplink module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.
y Can browse various network statistics information and the status of the switch and ports.
y Can change the switch configuration for changing the topology, improving the switch performance or
controlling the network traffic.
y Can browse the logs of various events and traps occurring at the switch.
y Can strengthen the system security through specifying hosts that can access switches.
y Out-of-Band: The console port on the front panel of the Corecess R1-SW24L2B is directly
connected to a VT-100 terminal or a PC that is to be used as a console terminal using a
console cable comes with the Corecess R1-SW24L2B.
y In-Band: Access is gained from a PC or a VT-100 terminal emulator through Telnet sessions
to the Corecess R1-SW24L2B. To use this method, the IP address and subnet mask of the
Corecess R1-SW24L2B need to be designated. See the Chapter 5/ Basic Configuration to designate
the IP address and subnet mask of the Corecess R1-SW24L2B.
Installation 4-11
Connecting a Console Terminal
Connect the PC or terminal to the console port on the Corecess R1-SW24L2B using the console
cable included with the Corecess R1-SW24L2B.
R1-SW24L2B
Console cable (RJ-45 - DB-9)
y Console cable included with the system
y Max. cable length : 15m
Console Terminal
2. Connect the power cord, which is provided with the product, to the power input located on
the front panel of the Corecess R1-SW24L2B. And plug the power cord into an outlet.
R1-SW24L2B
Installation 4-13
Starting the System
Start the Corecess R1-SW24L2B according to the following order after installation:
1. Check the followings once again before operating the Corecess R1-SW24L2B:
2. Turn on the power of the console terminal and execute the terminal emulator program.
3. Turn on the Corecess R1-SW24L2Bs power by pressing the power switch (towards I) on
the front panel of the Corecess R1-SW24L2B.
5. If power is properly supplied to the Corecess R1-SW24L2B, the RUN LED turns on in green.
And you will see the following message on the console terminal:
CPU: IBM PowerPC 405GP Rev. E at 200 MHz (PLB=100, OPB=33, EBC=50 MHz)
PCI async ext clock used, internal PCI arbiter enabled
16 kB I-Cache 8 kB D-Cache
Board: Corecess R-405
I2C: ready
DRAM: 60 MB
FLASH: 512 kB
In: serial
Out: serial
Err: serial
PHYADD:not found.
OneNAND 32MB 2.65/3.3V 16-bit KFG5616U1M Samsung
BEDBUG:ready
Press CTRL-C to stop autoboot: 0
Loading from device onenand(0:0xf00000) to 0x1000000 ... 100%. complete.
## Booting image at 01000000 ...
Image Name: Linux-2.4.20-pre2-initrd
Created: 2005-10-27 7:20:03 UTC
6. Once the initialization is properly completed in a short while, the RUN LED flickers in green.
And the following login message is displayed on the console screen.
login:
Now, the Corecess R1-SW24L2B is properly installed. If you want to log into the console and to
configure the system at the console, refer to Chapter 5/ Basic Configuration.
Installation 4-15
4-16 R1-SW24L2B Users Manual
Chapter 5 Basic Configuration
This chapter briefs general configuration method of the Corecess R1-SW24L2B. The Corecess
R1-SW24L2B already has configured with default upon the shipment and can immediately be
used without additional configuration explained in this chapter. If the default configuration should
be changed according to users network environment, refer to the contents in this chapter.
1. To access the Corecess CLI on the console screen, the console port on the Corecess R1-
SW24L2B should be connected to a serial port (DB-9) of the console terminal using a console
cable as the following figure:
R1-SW24L2B
Console cable (RJ-45 - DB-9)
y Console cable included with the system
y Max. cable length : 15m
Console Terminal
2. Make sure that you have started the emulation software program such as HyperTerminal
from your console terminal.
3. Press [Enter] and the following login message is displayed on the console terminal:
login:
login: corecess
Password:
Last login: Wed Feb 25 14:28:13 on console
localhost>
5. To configure the Corecess R1-SW24L2B, enter the Privileged mode by enable command.
If you enter Privileged mode, the prompt is changed from localhost> to localhost#.
localhost> enable
localhost#
Note: After specifying the IP address of the NMS port(Management interface), you can access the Corecess R1-
SW24L2B CLI through the Telnet session or NMS.
In this mode, you can display information and perform basic tasks such as
User
Ping and Telnet.
In this mode, you can use the same commands as those at the User
Privileged mode plus configuration commands that do not require saving the
changes to the system-configure file.
The interface mode allows you to configure the features for the
Interface
specific VLAN interface.
The Policy-map class mode allows you to assign the class map to be
Policy-map-class
applied to QoS policy-map.
You can enter the each command mode by entering the following command.
localhost> enable
localhost#
To exit from Privileged mode, enter disable privileged mode command. The CLI prompt will
be changed from # to > returning to the user mode from Privileged mode.
localhost# disable
localhost>
If you enter the exit privileged mode command, you can exit form the CLI.
corecess# exit
login:
To enter Global configuration mode from Privileged mode, enter the configure terminal
privileged mode command. The CLI prompt will be changed localhost(config)# entering
Global configuration mode.
To exit from Global configuration mode, enter end configuration mode command. The CLI
prompt will be changed to localhost# returning to Privileged mode.
localhost(config)# end
localhost#
This example shows how to return to Privileged mode from the policy-map mode by using the
exit command:
localhost(config-pmap)# exit
localhost(config-qos)# exit
localhost(config)# exit
localhost#
This example shows how to return to Privileged mode from the policy-map mode by using the
end command:
localhost(config-pmap)# end
localhost#
This example shows how to log out from the CLI at Privileged mode. After logging out from the
CLI, login prompt will be displayed as follow.
localhost# exit
login:
localhost(config-qos)#
Node name Command mode
The default node name is localhost. This default node name is used for the prompt until you
change them. The following table provides the prompt of the main command modes.
Privileged corecess #
Global corecess(config)#
Interface corecess(config-if)#
QoS corecess(config-qos)#
Configuration
Class-map corecess(config-cmap)#
Policy-map corecess(config-pmap)#
Policy-map-class corecess(config-pmap-c)#
Note: You can change the node name of the Corecess R1-SW24L2B by using hostname global
configuration mode command.
This section describes how to use help system for the Corecess R1-SW24L2B CLI.
y To obtain a list of commands that are available for each command mode, enter a question
mark (?) at the prompt:
# ?
calendar calendar
clear Reset functions
clock System clock
close Close the terminal
cls Clear a screen
configure Configuration from vty interface
copy Copy from one file to another
debug
delete Delete
diag Diagnosis mode
disable Turn off privileged mode command
enable enable
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
ping send echo messages
reset reset
session Create Session
show Show
ssh Open a ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also 'debug')
update Update Images
write Write running configuration to memory, network, or terminal
#
# list
calendar set WORD [WORD] [WORD] [WORD]
clear arp
clear arp A.B.C.D
clear arp-cache
clear diag port (fastethernet|gigabitethernet|adsl|vdsl|shdsl) WORD
clear host-entries
clear host-entries A.B.C.D
clear interface vlan id <1-4094>
:
:
update rootfs image id <1-100>
write file
write memory
write terminal
write terminal port (fastethernet|gigabitethernet|adsl|vdsl|shdsl
|switchfabric|stacking) WORD
#
y To obtain a list of any command's associated keywords and arguments, enter a question
mark (?) after a partial command followed by a space:
# clear ip ?
dhcp Dynamic Host Configuration Protocol
igmp Internet Group Management Protocol
netflow netflow
route Clear all routing table
static Static routing table & configuration
# clear ip
The CLI commands of the Corecess R1-SW24L2B have the following characteristics:
y The CLI supports command completion, so you do not need to enter the entire name of a
command or option. As long as you enter enough characters of the command or option name
to avoid ambiguity with other commands or options, the CLI understands what you are
typing. For example, you can enter only con t to execute the configure terminal
command at Privileged command mode.
localhost# con t
localhost(config)#
But if you enter only co t, the following error message will be displayed. Because there are
copy and configure command and the system cant distinguish the two commands.
localhost# co t
% Ambiguous command :co t
y To complete a command, press Tab key. If you enter a few known characters, then press Tab
key, the CLI displays the rest characters of the command. For example, if you enter only con,
then press Tab key, the CLI displays configure on the terminal.
y To display a list of available commands or command options, enter ?. If you have not
entered part of a command at the command prompt, all the commands supported at the
current CLI mode are listed. If you enter part of a command, then enter ?, the CLI lists the
options you can enter at the point in the command string.
y Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1
on the option module installed in the slot 1.
y Use dash (-) to specify consecutive number of ports. For example, enter 2/3-6 instead of
entering 2/3 2/4 2/5 2/6.
y Use comma (,) to specify non-consecutive number of ports. For example, enter 2/1,2/3-4
instead of entering 2/1 2/3 2/4.
Slot 1 Slot 2
Editing Commands
The CLI supports the following line editing commands. To enter a line-editing command, use
the CTRL-key combination for the command by pressing and holding the CTRL key, then
pressing the letter associated with the command.
Ctrl-Key
Description
Combination
Ctrl+u Deletes all characters from the cursor to the beginning of the command line.
y IP address
y CLI users
y System name
To set the management Ethernet (management) interface IP address, follow this procedure:
Command Task
enable 1. Enter Privileged mode.
configure terminal 2. Enter Global configuration mode.
3. Enter Interface configuration mode for configuring management
interface management
interface.
4. Assign an IP address and subnet mask to the management
ip address Ethernet interface.
<ip-address>/<M> y <ip-address>: IP address for the interface.
y <M>: Subnet mask.
5. Exit from Interface configuration mode and return to Global
exit
configuration mode.
ip route default 6. Specify a default gateway address.
<gateway-address> y <gateway-address>: Default gateway address.
end 7. Return to Privileged mode.
show interface management 8. Verify the IP address configuration.
9. Check the network connectivity.
ping <host> y <host>: The IP address of the host or the network number to
ping.
write memory 10. Save the IP address configuration.
> enable
# config t
(config)# interface management
(config-if)# ip address 172.27.68.100/16
(config-if)# exit
(config)# ip route default 172.27.1.254
(config)# end
(config)# show interface management
Interface management
index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:90:a3:cd:0e:b0
inet 172.27.68.100/16 broadcast 172.27.255.255
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# ping 172.27.2.49
Command Task
enable 1. Enter Privileged mode.
configure terminal 2. Enter Global configuration mode.
3. Add a user.
username <name>
y <name>: The user ID for entering the CLI.
password <password> [8]
y <password>: The password for the user.
end 4. Return to Privileged mode.
show username 5. Verify the list of user configuration
write memory 6. Save the IP address configuration.
The following example adds a user whose id is kka and password is violet and verifies the
configuration:
# configure terminal
(config)# username kka passwd violet
(config)# end
# show username
corecess console Sat Nov 12 12 14:41:45 +0900 2005
kka none none **Never logged in**
# write memory
Building Configuration...
[OK]
#
Command Task
configure terminal 1. Enter Global configuration mode..
# configure terminal
(config)# username kka password R1SW24L2B
(config)# end
# write memory
Building Configuration...
[OK]
#
Deleting a User
To delete a user, follow this procedure:
Command Task
configure terminal 1. Enter Global configuration mode.
2. Delete a user.
no username <name>
y <user-name>: The user name to delete.
end 3. Return to Privileged mode.
show username 4. Verify the list of users.
write memory 5. Save the configuration change.
# configure terminal
(config)# no username kka
(config)# end
# show username
# write memory
Building Configuration...
[OK]
#
y System name
To change the system name, use the hostname command in Global configuration mode:
Command Task
configure terminal 1. Enter Global configuration mode.
To adjust the system time, use calendar and clock read-calendar commands in
Privileged mode:
Command Task
enable 1. Enter Privileged mode.
2. Specify the current system time and date.
y <time>: Current time in hours, minutes, and seconds (in the
clock set <time> [<date>] format hh:mm:ss, example : 16:24:00)
[<month>] [<year>] y <day>: Current day (by date) in the month.
y <month>: Current month (1 ~ 12, or name).
y <year>: Current year (no abbreviation).
show clock 3. Reads manually the calendar into the system clock.
write memory 4. Verify the configuration.
The following is an example of adjusting the system calendar and changing the system clock
into the system calendar:
To change the current software clock (calendar) to the system clock, use the clock read-
calendar command in Privileged mode.
# show calendar
Sat Nov 12 15:00:08 2005 -0.747987 seconds
# clock read-calendar
Note: calendar clock is erased when the system is turned off or reboot. It is different to the system clock that
maintains time information even the system turned off or reboot.
y Broadcast client mode: In broadcast client mode, local network equipment, such as a router,
regularly broadcasts the time information. The Corecess R1-SW24L2B listens for the
broadcast messages and set the system clock.
y Multicast client mode: Multicast mode acts the same as broadcast client mode, only instead of
broadcast messages (IP address 255.255.255.255) multicast messages are sent (IP address
224.0.1.1).
y Server mode: In server mode, the Corecess R1-SW24L2B regularly request the time
information to an NTP server.
Command Task
configure terminal 1. Enter Global configuration mode.
2. Set the NTP mode.
y broadcast: Configure the system in NTP broadcast client mode.
y multicast <group-address>: Configure the system in NTP
multicast client mode.
ntp config type
- <group-address>: Multicast group address
{broadcast |
y server <poll> <ip-address>: Configure the system in NTP
multicast <group-
server mode.
address> | server
- <poll>: The polling interval.
<poll> <ip-address>
- <ip-address>: The IP address of the NTP server.
preset {on | off}}
y preset: Whether to preset the system clock to the time received from
NTP server.
- on: Preset.
- off: Not preset.
ntp enable 3. Enable NTP on the system.
The following example shows how to configure the system in NTP server mode and verify the
configuration:
Command Task
configure terminal 1. Enter Global configuration mode.
Running Configuration
The running configuration is the current (unsaved) configuration that reflects the most recent
configuration changes. You can upload or download the running configuration file via FTP or
TFTP.
Startup Configuration
The startup configuration is the saved configuration in NVRAM and is used when the system
initializes. You can upload or download the startup configuration file via FTP or TFTP.
Caution: Whenever you make changes to the Corecess R1-SW24L2B configuration, you must save the
changes to memory so they will not be lost if the system is rebooted.
# show running-config
Building configuration...
Current configuration:
!
! version 0.75
!
hostname localhost
multicast
!
snmp-server contact Unknown
snmp-server location Unknown
snmp-server enable rmon
!
system fan disable
system temperature enable 90 80
!
port gigabitethernet 1/1 flowctl on
port gigabitethernet 1/1 duplex full
port gigabitethernet 1/1 media-type mdix
!
Command
Write memory
write file
The following example shows how to save the configuration changes to NVRAM using the
write memory command:
# write memory
Building Configuration...
[OK]
#
The following example shows how to save the configuration changes to NVRAM using the
write file command:
# write file
Building Configuration...
[OK]
#
The following example shows how to save the configuration changes to NVRAM using the
copy running-config startup-config command:
Commands Task
# show cpuinfo
cpu : 405GP
clock : 200MHz
revision : 1.69 (pvr 4011 0145)
bogomips : 197.04
machine : IBM Walnut
plb bus clock : 100MHz
pci bus clock : 33MHz#
#
The following table describes the fields shown by show cpuinfo command:
Field Description
Bogomips is the number of million times per second a CPU can do absolutely nothing
bogomips
and is used for a measurement of speed for the non Intel CPUs.
# show meminfo
total: used: free: shared: buffers: cached:
Mem: 57360384 44961792 12398592 0 3313664 24461312
Swap: 0 0 0
MemTotal: 56016 kB
MemFree: 12108 kB
MemShared: 0 kB
Buffers: 3236 kB
Cached: 23888 kB
SwapCached: 0 kB
Active: 7676 kB
Inactive: 30008 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 56016 kB
LowFree: 12108 kB
SwapTotal: 0 kB
SwapFree: 0 kB
#
The table below describes the fields shown by the show meminfo command:
Field Description
Amount of free memory which is not mapping to kernel directly. This is different
HighFree
according to the type of the used kernel.
Amount of free memory which is not mapping to kernel directly. This is different
LowFree
according to the type of the used kernel.
# show module
Codes : * - Internal/Built-in Module, N - Network Attached Module
X - Switch Fabric Module
The table below describes the fields shown by the show module command:
Field Description
# show system
System Information
-----------------------------------------------------
Subscriver/Service Interface Board(s)
SIB [ 1] Normal
SIB [ 2] Normal
Auxiliary Information
-----------------------------------------------------
Fan (`C(`F)) -
Disabled
Temperature (`C(`F)) -
Current Temperature : 30 ( 86 )
Max/Min Threshold : 90/ 80 (194/176)
#
Each field shown by the show system command describes the following information about
system state:
Field Description
System Information The state of the main and option slot, power, and fan module.
The range of the normal temperature of the fan module. The
Fan Max/Min Threshold
Corecess R1-SW24L2B doesnt provide this information
Current Temperature Current temperature of the inside of the system ()
Temperature
Max/Min Threshold The range of the normal temperature of the system.
To check whether the Corecess R1-SW24L2B is properly connected and configured, use the
following commands in Privileged mode:
Commands Task
# ping 172.27.2.49
PING 172.27.2.49 (172.27.2.49) from 172.27.2.100 : 56(84) bytes of data.
64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=955 usec
64 bytes from 172.27.2.49: icmp_seq=1 ttl=128 time=817 usec
64 bytes from 172.27.2.49: icmp_seq=2 ttl=128 time=816 usec
64 bytes from 172.27.2.49: icmp_seq=3 ttl=128 time=8.284 msec
64 bytes from 172.27.2.49: icmp_seq=4 ttl=128 time=820 usec
64 bytes from 172.27.2.49: icmp_seq=5 ttl=128 time=815 usec
64 bytes from 172.27.2.49: icmp_seq=6 ttl=128 time=821 usec
64 bytes from 172.27.2.49: icmp_seq=7 ttl=128 time=817 usec
64 bytes from 172.27.2.49: icmp_seq=8 ttl=128 time=826 usec
64 bytes from 172.27.2.49: icmp_seq=10 ttl=128 time=779 usec
64 bytes from 172.27.2.49: icmp_seq=11 ttl=128 time=765 usec
64 bytes from 172.27.2.49: icmp_seq=12 ttl=128 time=763 usec
64 bytes from 172.27.2.49: icmp_seq=13 ttl=128 time=761 usec
64 bytes from 172.27.2.49: icmp_seq=14 ttl=128 time=760 usec
The following messages are displayed according to the status of host and network:
This example shows how to perform a traceroute to the host whose IP address is 192.1.1.1:
# traceroute 192.1.1.1
traceroute to 192.1.1.1 (192.1.1.1), 30 hops max, 38 byte packets
1 * 172.27.1.254 (172.27.1.254) 4.204 ms 9.754 ms
2 * 192.168.11.126 (192.168.11.126) 1.640 ms 1.317 ms
3 61.107.96.1 (61.107.96.1) 1.825 ms 1.778 ms 1.441 ms
4 61.96.195.249 (61.96.195.249) 1.723 ms 1.812 ms 1.838 ms
5 172.30.4.1 (172.30.4.1) 2.375 ms 1.838 ms 1.856 ms
6 172.30.100.33 (172.30.100.33) 2.212 ms 1.813 ms 1.838 ms
7 172.30.100.10 (172.30.100.10) 2.404 ms 1.888 ms 2.277 ms
8 211.61.251.1 (211.61.251.1) 2.305 ms 1.861 ms 1.802 ms
9 211.61.251.4 (211.61.251.4) 3.338 ms 2.812 ms 2.811 ms
.
.
.
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
# traceroute 61.107.97.51
traceroute to 61.107.97.51 (61.107.97.51), 30 hops max, 40 byte packets n
1 172.26.1.254 (172.26.1.254) 14.812 ms 29.758 ms 22.752 ms
2 192.168.11.126 (192.168.11.126) 0.497 ms 0.454 ms 0.360 ms
3 61.107.97.51 (61.107.97.51) 14.812 ms 29.758 ms 22.752 ms
o p q
#
The table below describes the fields shown by the traceroute command:
Field Description
n Maximum TTL value and the size of the ICMP datagrams being sent
o Indicates the sequence number of the switch router in the path to the host
q Round-trip time for each of the three probes that are sent
The following example shows how to display the interface information of the using the show
interface management command:
# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
Command Task
The following example configures the sys events of the lower levels (Emergency, Alert, Critical,
and Errors) than Errors level (level 4) to be stored in the system log file:
# configure terminal
(config) # logging level sys 4
(config) # end
# show logging
onsole logging is disable
logging buffer is enable
logging file is disable
logging buffer size is 128 kbytes
Command Task
The following example configures the log messages to display on the console screen and check
the result:
Command Task
The following example configures the system log to display on the remote host whose IP address
is 172.10.1.0:
Command Task
The following example configures the system log to display on Telnet sessions:
# configure terminal
(config)# logging session enable
(config)# end
# write memory
Building Configuration...
[OK]
#
To configure the log messages to be saved in a log file, use the following command in Global
configuration mode:
Command Task
The following example shows how to configure the log message to be save in a file:
Command Task
The following table describes the fields shown by the show logging buffer command:
No Description
n Date and time that the event occurred (month date hour:minute:second)
o System name
Corecess R1-SW24L2B
Network
Source server
Console
Remote telnet
To download software from a remote TFTP server to the Corecess R1-SW24L2B, perform this
task in Privileged mode:
Command Task
10/100Base-TX Auto
Data
1000Base-PX
trasmission
1000Base-LX
mode Full-duplex, depending on option modules
1000Base-SX
1000Base-TX
10/100Base-TX 19
1000Base-PX
Cost
1000Base-LX
4
1000Base-SX
1000Base-TX
VLAN All ports belong to the default VLAN (ID : 1, name: vlan1)
When change the Ethernet port configurations, the change becomes part of the running
configuration. The change does not automatically become part of the startup configuration file
in Flash memory. If you do not save your changes to Flash memory, they are lost when the
system restarts. To save the Ethernet port configuration changes to Flash memory, you must
enter the write memory command in Privileged mode.
Command Task
1. Enable or disable the specified port.
y <port-type>: The type of Ethernet port to configure.
- fastethernet: Configures Fast Ethernet port.
port <port-type> <slot>/<port> - gigabitethernet: Configures Gigabit Ethernet port.
admin {enable | disable} y <slot>: Slot number (1 ~ 2)
y <port>: Port number (1 ~ 24)
y enable: Administratively enables the port.
y disable: Administratively disables the port.
To change transmission mode of a port, use the following command in Global configuration
mode:
Command Task
1. Change transmission mode of the specified port.
y <port-type>: The type of Ethernet port to configure.
- fastethernet: Configures Fast Ethernet port.
- gigabitethernet: Configures Gigabit Ethernet port.
port <port-type> <slot>/<port> y <slot>: Slot number (1 ~ 2)
duplex <duplex-mode> y <port>: Port number (1 ~ 24)
y <duplex-mode>: Duplex mode of the port.
- auto: Auto negotiation.
- half: Half duplex mode.
- full: Full duplex mode.
The following example changes the transmission mode of the Fast Ethernet port 2/1 to full
duplex:
Note: Gigabit Ethernet ports supports the following transmission mode depending on option modules.
y 1000Base-SX/LX and 1000Base-PX ports support auto and full-duplex mode.
To set the port speed for a port, use the following command in Global configuration mode:
Command Task
The following is an example of setting port speed of the Fast Ethernet port 2/1:
Note: Gigabit Ethernet ports supports the following port speed depending on option modules.
y 1000Base-SX/LX and 1000Base-PX ports support auto and 1000 Mbps.
To change flow control status, use the following command in Global configuration mode:
Command Task
1. Configure the flow control of the specified port.
y <port-type>: The type of Ethernet port to configure.
- fastethernet: Configures Fast Ethernet port.
- gigabitethernet: Configures Gigabit Ethernet port.
port <port-type> <slot>/<port> y <slot>: Slot number (1 ~ 3)
flowctl <status> y <port>: Port number (1 ~ 8/24)
y <status>: Flow control status
- auto: Auto negotiation.
- off: Disables flow control on the port.
- on: Enables flow control on the port.
The following example enables flow control on the Gigabit Ethernet port 1/2:
Command Task
The following is an example of setting the name of the gigabit Ethernet port 1/1:
Setting Trap
You can enable or disable the operation of the standard SNMP link trap for a port. By default,
the SNMP link trap of the ports on the Corecess R1-SW24L2B is disabled.
To set trap for a port, use the following command in Global configuration mode:
Command Task
The following example enables the SNMP link trap on the Fast Ethernet port 2/1-24:
# show port
Port Name Status Vlan FlwCtl Duplex Speed Type
---- ------------- ---------- ----- ------- ------- -------- ----------
1/1 uplink-port connected 1 on full 1000 1000BasePON
1/2 DEFAULT notconnect 1 on full 1000 1000BaseSX
2/1 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
2/2 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
2/3 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
2/4 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
.
.
.
2/21 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
2/22 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
2/23 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
2/24 DEFAULT notconnect 1 a-off a-half a-0 100BaseT
#
The table below describes the fields shown by the show port command:
Field Description
If Index Logical ID
---------- ----------
87
access-type : eferred nt
Extension status
N/A
#
The table below describes the fields shown by the show port command with a port number:
Field Description
shortCRC Number of frames less than 64 bytes in length, received with CRC error.
Number of frames with lengths between 64 bytes and the maximum frame
input normalCRC
size, received with an integral number of bytes and a CRC error.
Number of frames with lengths between 64 bytes and the maximum frame
nomalAlign
size, received with a non integral number of bytes and a CRC error.
Number of frames, larger then the maximum frame size, received with a CRC
longCRC
error.
output Number of frames deferred at the first transmit attempt due to a busy line in
eferred
half duplex mode.
This chapter describes how to configure the VLAN and VLAN interface.
Default Configuration
The table below shows the default VLAN configuration for the Corecess R1-SW24L2B:
Parameter Default
VLAN ID 1
IP address 0.0.0.0
Tag Untagged
After modifying the default VLAN configuration, modified configuration will be applied
immediately without rebooting system or using additional command. To maintain the modified
configuration after rebooting the system, save the configuration using write memory
command in Privileged mode.
You can configure VLAN on the Corecess R1-SW24L2B using the following procedures:
User-configured VLANs have unique IDs from 2 to 4094. Enter a vlan command with an unused
ID to create a VLAN. Enter a vlan command for an existing VLAN to modify the VLAN.
Commands Task
2. Add a VLAN.
vlan id <vlan-id>
y <vlan-id>: VLAN ID
name <vlan-name>
y <vlan-name>: VLAN name
# configure terminal
(config)# vlan id 2 name test
(config)# end
# show vlan
VLAN Name Status Slot/Port(s)
---- ----------------- -------- ------------------------------------
1 DEFAULT active 1/1-2
2/1-24
2 test active
VLAN Interface IGMPs STP Private Promisc Port(s)
---- ---------- -------- -------- -------- ------------------------
1 disable disable enable Disable None
2 disable disable enable Disable None
#
(config)# no vlan id 2
(config)#
Commands Task
The following example adds the ports 2/1 to the VLAN whose id is 2:
Commands Task
This example shows how to specify the IP address of the VLAN whose id is 1:
To specify the secondary IP address to the VLAN, use the following command in Global
configuration mode:
Commands Task
1. Enter Interface configuration mode.
interface vlan {id <vlan-id> |
y <vlan-id>: ID of the VLAN to configure.
name <vlan-name>}
y <vlan-name>: Name of the VLAN to configure.
2. Specify the secondary IP address of the VLAN.
ip address <network-num>/<M>
y <network-num>: IP address.
secondary
y <M>: subnet mask.
This example shows how to specify the secondary IP address of the VLAN whose id is 1:
# configure terminal
(config)# interface vlan id 1
(config-if)# ip address 172.25.1.100/16 secondary
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
inet 172.25.1.100/16 broadcast 172.25.255.255 secondary
input packets 14926, bytes 899535, dropped 0, multicast packets 6491
# write memory
Building Configuration...
[OK]
#
When you configure 802.1Q tunneling on the Corecess R1-SW24L2B, traffic to be tunneled
comes into the Corecess R1-SW24L2B from an 802.1Q trunk port on a neighboring device and
enters the Corecess R1-SW24L2B through a port configured to support 802.1Q tunneling (a
tunnel port). When the tunnel port receives traffic from an 802.1Q trunk port, it does not strip
the 802.1Q tags from the frame header; instead, the tunnel port leaves the 802.1Q tags intact and
puts all the received 802.1Q traffic into the VLAN assigned to the tunnel port. The VLAN
assigned to the tunnel port carries the tunneled customer traffic to the other neighboring
devices participating in the tunnel port VLAN. When the tunneled traffic is received by an
802.1Q trunk port on a neighboring device, the 802.1Q tag is stripped and the traffic is removed
from the tunnel.
The following table shows how to configure trunk port on the Corecess R1-SW24L2B:
Commands Task
# configure terminal
(config)# vlan id 2 port gigabitethernet 1/2
(config)# dot1q port gigabitethernet 1/2 tag 1-2
(config)# end
# show dot1q
Port allowed 802.1q Static and Dynamic Vlans created by GVRP
-------- ------------------------------------------------------
1/2 1-2
# show dot1q port gigabitethernet 1/2
Port PVID Acceptable frame types Ingress filter
---------- ---- ---------------------- --------------
1/2 2 all off
Port allowed 802.1q Vlans
-------- ------------------------------------------------------
1/2 1-2
This chapter describes how to configure SNMP and RMON on the Corecess R1-SW24L2B.
y Managed Device
y SNMP Manager
SNMP
Manager
Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a
managed network. Managed devices collect and store management information and make this
information available to NMSs using SNMP. Managed devices, sometimes called network
elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or
printers.
y Get a MIB variable: The SNMP agent initiates this function in response to a request from the NMS. The
agent retrieves the value of the requested MIB variable and responds to the NMS with that value.
y Set a MIB variable: The SNMP agent initiates this function in response to a message from the NMS. The
SNMP agent changes the value of the MIB variable to the value requested by the NMS.
The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event
has occurred on the agent. Examples of traps conditions include, but are not limited to, when a
port or module goes up or down, when spanning-tree topology changes occur, and when
authentication failures occur.
The MIB is the information base, the SNMP agent must keep available for the managers. This
information base contains objects whose values provide information on the status of the
checked system or objects whose values can be modified by a manager to control the system.
Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB
and enterprise-specific MIB.
SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP
agent and sometimes sends warning messages depending on the each SNMP agent relations. In
other words, the actual data is collected from SNMP agent and this data will be processed by
management module and saved. To request information or configuration changes, respond to
requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages
(Get, GetNext, Set, trap). For more information on these messages, refer to the following section.
y Set-Request Message
y Trap Message
Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it
requests information about a single MIB entry on an SNMP agent. For example, the amount of
free drive space.
GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse
the entire tree of management objects. When processing a Get-next request for a particular
object, the agent returns the identity and value of the object which logically follows the object
from the request. The Get-next request is useful for dynamic tables, such as an internal IP route
table.
Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated
MIB value to the agent.
Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects
that a certain type of event has occurred locally on the managed device. For example, a trap
message might be sent on a system restart event.
Types Authenication
Gives read access to authorized management stations to all objects in the MIB
Read-only
except the community strings, but does not allow write access
Gives read and write access to authorized management stations to all objects in the
Read-write
MIB, but does not allow access to the community strings
Gives read and write access to authorized management stations to all objects in the
Read-write-all
MIB, including the community strings
Trap
Trap is a defined status of event or system. For example, event generated when port
configuration is changed or a host having not-allowed IP address accesses can be defined as a
trap. You can configure the level of trap according to the kind of events. If a trap occurs on the
system, the SNMP agent send SNMP trap message to the registered trap host.
RMON Enabled
Command Task
Parameter Value
# configure terminal
(config)# snmp-server contact Dial System Administrator at phone #2734
(config)# snmp-server location 1st_floor lab
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
:
# write memory
Building Configuration...
[OK]
#
Command Task
# configure terminal
(config)# snmp-server community R1SW24 rw
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
Community-Access Community-String
---------------- ----------------
read-write R1SW24
:
:
bridge Sends a trap message when there are spanning tree topology changes.
repeater Sends a trap message when Ethernet hub repeater state is changed.
ip_permit Sends a trap message when there are access attempts with unauthorized IP address.
sysconfig Sends a trap message when the system backup configuration is changed.
Sends a trap message when there is Entity Management Information Base (MIB)
entity
change.
cpuload Sends a trap message when CPU load limitations are exceeded.
Sends a trap message when there are access attempts with unauthorized community
auth
string.
sysauth Sends a trap message when unauthorized user attempts access to the system.
Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is
dhcp
changed.
When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or
if problem occurs in the part defined by the trap, such error status (trap message) are
transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are
disabled. To send traps to the trap hosts, the trap types should be enabled.
Command Task
# configure terminal
(config)# snmp-server enable traps port
(config)# snmp-server enable traps auth
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
:
:
Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled
dhcp disabled
#
To disable the trap type, use the no snmp-server enable traps command as follows:
To add or modify trap hosts, use the following commands in Privileged mode:
Command Task
configure terminal 1. Enter Global configuration mode.
# configure terminal
(config)# snmp-server host 172.168.2.23 R1SW24 port default
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
:
:
rap-Rec-Address Version Trap-Rec-Community
---------------------------- ------- ----------------------
udp:172.168.2.23:162 v2c R1SW24
:
:
# write memory
Building Configuration...
[OK]
#
To configure SNMP access group by using access lists, use the following commands in
Privileged mode:
Command Task
The hosts that belong to 192.89.55.0 network can access to the system via SNMP.
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
Community-Access Community-String
---------------- ----------------
read-write R1SW24
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled
bgp disabled
dhcp disabled
atm disabled
adslAtuc enabled
adslAtur disabled
mac-flood disabled
#
The table below describes the fields shown by the show snmp-server community-list
command output:
Table 8-10 show snmp-server community-list field descriptions
Field Description
community SNMP community strings
The following is sample output from the show snmp-server statistics command:
The table below describes the fields shown by the show snmp-server statistics
command output:
Field Description
SNMP packets input Total number of SNMP packets input.
Bad SNMP version errors Number of packets with an invalid SNMP version.
Unknown community name Number of SNMP packets with an unknown community name.
Illegal operation for Number of packets requesting an operation not allowed for that
community name supplied community.
Number of requested
Number of variables requested by SNMP managers.
variables
SNMP packet output Total number of SNMP packets sent by the router.
Number of SNMP packets which were larger than the maximum packet
Too big errors
size.
Number of SNMP requests that specified an MIB object which does not
No such name errors
exist.
Number of SNMP set requests that specified an invalid value for an MIB
Bad values errors
object.
Number of SNMP set requests that failed due to some other error. (It
General errors was not a noSuchName error, badValue error, or any of the other
specific errors.)
The following example shows how to display the list of the trap receiver hosts:
The table below describes the fields shown by the show snmp-server traphost command
output:
Field Description
host Protocol : IP address of a trap receiver host: port number.
The RMON MIB provides a standard method to monitor the basic operations of the Ethernet,
providing inoperability between SNMP management stations and monitoring agents. The
RMON also provides a powerful alarm and event mechanism for setting thresholds and for
notifying you of changes in network behavior.
You can use the RMON to analyze and monitor network traffic data within remote LAN
segments from a central location. This allows you to detect, isolate, diagnose, and report
potential and actual network problems before they escalate to crisis situations. For example, the
Corecess R1-SW24L2B can identify the hosts on a network that generate the most traffic or
errors.
The RMON allows you to set up automatic histories, which the RMON agent collects over a
period of time, providing trending data on such basic statistics as utilization, collisions, and so
forth. The RMON monitors nine MIB groups including network statistics. The following table
lists the RMON MIB groups:
Group Description
Enabling RMON
To enable RMON, perform this task in Privileged mode:
Command Task
This example shows how to enable the RMON on the Corecess R1-SW24L2B and how to verify
that RMON is enabled:
# configure terminal
(config)# snmp-server enable rmon
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
sysContact TEL:+82-2-3016-6900
sysLocation Sandaewon-dong Sungnam Korea
.
.
You can configure the operation of the RMON history that periodically samples any Ethernet
port for statistical data. All ports are preconfigured with histories for 30-second and 30-minute
intervals, and 50 buckets with one sample per bucket. However, you can create additional
histories for a specific port. This allows you to configure the time interval to take the sample
and the number of samples you want to save.
To configure an RMON history group, use the following commands in Global configuration
mode:
Command Task
# configure terminal
(config)# rmon historycontrol 1 gigabitethernet 1/1 owner aaa 50 30
(config)# end
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
.
.
To display the detail information on a history group, enter the show rmon history
command with the history number:
To configure an RMON statistics group, use the following commands in Global configuration
mode:
Table 8-16 Configuring RMON statistics group
Command Task
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
2 valid ifIndex.3 (Fa 3/1)
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
.
.
#
To display the detail information on a statistics group, enter the show rmon statistics
command with the statistics number:
To delete a statistics group, enter the no rmon etherstats command in Global configuration
mode:
In order for RMON to generate trap events, you must set up the SNMP managers table based on
the SNMP community strings (for example, public) you are using with the network
management application and the hosts on which you are running applications. If you fail to
make these changes, the system will be unable to send trap events to the network management
station.
Command Task
This example shows how to configure an event group on the Corecess R1-SW24L2B and how to
verify that they are configured:
Parameter Value
Event index 10
Event description Event to create log entry and SNMP notification
Event type log, trap
Community public
Owner help_desk
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
2 valid ifIndex.2 (Fa 2/1)
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
[alarm]
index status sample
----- -------------- -----------------------------
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#
To display the detail information on an event group, enter the show rmon events command
with the event number:
Each alarm is linked to an event in the event group. An event defines an action that will be
triggered when the alarm threshold is exceeded.
The alarm group periodically takes statistical samples from variables and compares them to
previously configured thresholds. The Alarm Table stores configuration entries that define a
variable, a polling period, and threshold parameters. If the RMON agents determines that a
sample crosses the threshold values, it generates an event. You can specify rising or falling
thresholds, indicating network faults such as slow throughput or other network-related
performance problems. You specify rising thresholds when you want to be notified that an
alarm has risen above the threshold you specified. You specify falling thresholds when you
want to be notified that the network is behaving normally again. For example, you might
specify a falling threshold of 30 collisions per second to indicate a return to acceptable behavior.
When you configure an alarm condition, you must define the following values:
y Rising and falling thresholds used to detect when network trouble starts and when it ends.
An RMON event is the action that occurs when an associated RMON alarm is triggered. When an
alarm event occurs, it can be configured to generate a log event, a trap to an SNMP network
management station, or both. For information on viewing alarm events in log files.
RMON allows you to configure two types of sampling, absolute and delta:
y Absolute sampling compares the sample value directly to the threshold. This sampling is
similar to a gauge, recording values that go up or down.
y Delta sampling subtracts the current sample value from the last sample taken, and then
compares the difference to the threshold. This sampling is similar to a counter, recording a
value that is constantly increasing.
Command Task
The following example shows how to configure RMON alarm group and check the result:
# configure terminal
(config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index 1
1 owner aaa
(config)# end
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#
Before configure RMON alarm group, you should verify that the statistics group
(<StatisticsIndex>) is defined. If you specify undefined statistics group, the Can't fetch
the MIB values message will be displayed:
(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 100 event-
index 1 1 owner kimka
Can't fetch the MIB values
(config)#
To display the detail information on an alarm group, enter the show rmon alarm command
with the alarm number:
To delete a RMON alarm group, enter the no rmon alarm command in Global configuration
mode:
If you do not specify any option, the contents of the RMON alarm table, event table, history table, and
statistics table are displayed. The following is a sample output of the show rmon command:
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.1 (Gi 1/1)
[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
#
Field Description
Command Function
show snmp-server
Displays SNMP community configuration.
community-list
show snmp-server
Displays SNMP statistics.
statistics
show snmp-server traphost Displays the list of the trap receiver hosts.
show snmp-server Save the system configuration automatically at least 24 hour
write-interval intervals
Displays the contents of the RMON alarm table, event table,
show rmon
history table, and statistics table.
Limits hosts which can access to the system through SNMP based
snmp-server group access
on the access list.
This chapter describes how to configure QoS (Quality of Service) on the Corecess R1-
SW24L2B.
QoS consists of the Classifier and the Traffic manager. The Classifier classifies traffic, and the
Traffic Manager processes the classified traffic as follows:
Packet Buffer Queue Packet
Classifier Marker Policer
In Manager Scheduler Out
Traffic Manager
The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic
manager marks the QoS level to the packet header or processes a packet that is in permitted
bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or
prefers which packet transmits first.
The following section describes parameters to classify packets and how to classify packet.
Classification Standard
The classifier uses the following values to decide the packet level.
y Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number from zero
to seven is stuffed in the three bit field.
The following values are set in the eight bit of TOS field - also called DSCP field - in the header of Layer
3 packet.
bits bits 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
DSCP C
IP-Prec TOS MRZ U
Class Selector
D T R C
The classifier can classify the following types of category with the classification standard.
y Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address and
y Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port
Number, Destination MAC Address and Destination IP Address
y Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet?
And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port
Number, Destination MAC Address and Destination IP Address and TCP/UDP Port Number
Classification Table
The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a
packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate)
classifier that recognizes the packet decided QoS level.
MF classifier uses the following table to decide QoS level and to recognize a QoS profile.
Source Destination
Input Output Source Destination VLAN Source Destination Protocol TCP QoS
Rule# 802.1P TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID IP IP ID Flag Profile
Port # Port #
1
2
3
4
5
6
7
.
.
.
Source Destination
Input Output Source Destination VLAN Protocol TCP QoS
Rule# 802.1P Source IP Destination IP TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID ID Flag Profile
Port # Port #
1
2
3
4 * * * * 0x0800 * 1.1.1.0/24 20.1.1.0/24 6 * * 80 *
5
6
The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of
802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following
field values are defined. One of the profiles is applied to the packet by the field values.
TOS/DSCP/IP-Prec
802.1p Table
Table
802.1p Field Value QoS Profile ToS Field Value QoS Profile
0 0
1 1
2 2
3 3
4 4
5 5
6
7 255
Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic
flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged
bandwidth.
Policer consists of metering and action block. Metering measures traffic flow rate and compares
the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action
block. Action block decide how to process traffic depending on the result.
Policer Variables
To use Policer function, you should understand the following variables.
EBS
time
Token Bucket
There are several implementation of policer function, and the typical implementation is the
token bucket. The token bucket contains tokens, each of which can represent a unit of bytes.
Token is filled up in the token bucket for a certain rate. When packets are arrived, the same
amount of tokens is removed from the token bucket.
Packet
Token Bucket
Bucket Size
Token Rate
Token
The variables of policer can be substituted for the element of token bucket as follows:
There are two method of token bucket - single token bucket, dual token bucket. Single token
method uses only one bucket, and dual token method uses two bucket.
In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR
rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the
second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally
becomes the non-conforming packet. If a packet that is specified as conforming in the first bucket
becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming
packet.
Dual token bucket method can control the packet with detailed classification above.
The following graph shows the dual token bucket method.
There are various queues scheduling method, and the following methods are generally used.
400B 500B 500B 400B 300B 600B 400B 500B 500B 200B 300B 400B 100B 300B
This method is easy to implement, but if there are plenty of packets that flows into the high
priority queue, packets in the low priority queue can not be transmitted at all. This is called
starvation.
[Q1] Weight: 2
200B 300B 400B 100B 300B
If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It
means that two packets are transmitted through the first queue (Q1), and a packet is
transmitted through the second queue (Q2), then a packet is transmitted through the third
queue (Q3).
WRR method can specify priority to each queue and prohibit starvation as above. The
disadvantage of WRR is not useful in IP network that packet size is variable because weight is
ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is
1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even
though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but
the 1500byte data packet can be sent through the low weight queue.
Packet Segmentation
Last bit of Last bit of Last bit of
400B Pkt 300B Pkt 500B Pkt
[Q2] Weight: 1
Packet
400B 500B 500B
Reassembler
Bit-by-Bit WRR
[Q3] Weight: 1 Scheduler Last bit of Last bit of Last bit of
300B Pkt 400B Pkt 300B Pkt
Bit-by-Bit Service Ratio Last bit of
400B 300B 600B
= Q1:Q2:Q3 = 2:1:1 200B Pkt Last bit of
100B Pkt
400B 400B 500B 300B 200B 600B 300B 500B 400B 100B 300B
Output Port
This method can transmit packets without the packet size at the ratio that is specified in the
queue, but it is complicated to implement.
For example, there is a queue that quantum value is 1000bytes. If 500byte packet, 300byte
packet, and 300byte packet are in a queue, only 500byte packet and 300byte packet can be
processed because the queue can process up to 1000bytes. Then, deficit counter becomes 200.
After other queues process their packet, the queue become in the order. The deficit counter
value becomes 1200, and the queue can process up to 1200byte.
Deficit counter memorizes the size of packet that was not transmitted as the ratio of weight, and
transmits the packet next time.
Lets look at the operation principal of DWRR. There are three queues in an output port as
below. In each queue, 2:1:1 of weight is assigned. The quantum values of each queue are set as
1000byte, 500byte and 500byte. The deficit counter values are set as 0 (Picture 1).
[Picture 1] [Picture 2]
The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes
1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the
transmission, the deficit counter value becomes 200 (Picture 2).
The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the
value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter
value becomes 0. The next time the number 3 of queue should be processed, but the first packet
in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case,
deficit counter is not changed, and no packet is transmitted.
The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to
the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and
the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be
transmitted, then deficit counter becomes 700 (Picture 3).
[Q1] Weight: 2
1200B - 300B - 200B [Q1] Weight: 2
Quantum=1000, DeficiCounter=700B Quantum=1000, DeficiCounter=0B
[Picture 3] [Picture 4]
There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of
queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2
of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets
Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue.
The traffic that is more than target traffic rate is stored into the buffer. If there is enough
bandwidth to transmit, the stored traffic is transmitted.
Bandwidth(bps) Bandwidth(bps)
Offered Traffic Buffered
This method is more flexible than policing, but is not useful in real-time traffic such as voice
traffic because transfer delay occurs.
Tail Drop
In Tail drop method, if there is no space to store Drop Probability
Q0 Output
port #1 TC #1
Q1 TC #1
.
.
TC #1
Q6
Classifier
Input port #1 Q7
match
match
. .
. match .
. . .
.
. .
.
Input port #n . .
.
Q0 Output
port #n
Q1
.
. TC #216
Q6 TC #217
Q7 TC #218
The Corecess R1-SW24L2B classifies the packets from ingress (incoming) port according to the
criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and
transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.
Packet Classification
Packet classification partitions traffic into multiple priority levels, or classes of service. The
Corecess R1-SW24L2B uses the values in the following fields of the layer 1 ~ layer 4 IP packet
header as a criterion to classify packets:
y Layer 2: Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID
The Corecess R1-SW24L2B supports marking based on the following bits in the CoS (Class of
Service) filed for the packet:
y DSCP value
y CoS value
y VLAN priority
Policing
The Corecess R1-SW24L2B supports Policing. Policing is the process by which the system limits
the bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic
flow by using a policy map or limit the full bandwidth of a port.
Transmit Queue
The Corecess R1-SW24L2B provides eight transmit queues for each engress port. These transmit
queues are scheduled by the Strict Priority Queueing (SPQ) mechanism. You can use the
following value to determine queue priority:
y Users priority (The value that is set by using the priority command in Policy-map class configuration
mode)
y DSCP
y CoS
y VLAN priority
When the transmit queue is full, frames at the end of the queue are dropped (tail drop).
The following diagram shows steps for configuring QoS service policy:
You can classify packets and assign them to specific queues based on the following criteria:
CoS field can not be included with DSCP or IP precedence in the same class-map. To make the
CoS field available, enable IEEE 802.1p using 802.1p classification enable command.
If IEEE 802.1p is enabled, DSCP and IP precedence criteria in class-maps are not available. To
use the DSCP or IP precedence instead of CoS, disable the IEEE 802.1p using 802.1p
After creating class-maps, system checks the inbound or outbound packets by the criteria in
class-maps. QoS actions defined in the policy-map for the class will be applied to the classified
packets into classes.
You can create a class-map by using the class-map command in QoS configuration mode.
When you enter the class-map command, the Corecess R1-SW24L2B enters the class-map
configuration mode. In this mode, the match criterion is defined for the traffic by using the
match command.
To create a class-map and add the criteria to the class-map, use the following command in the
Privileged mode:
To create a class map and specify the way in which the Corecess R1-SW24L2B should classify
traffic, enter the following commands in Global configuration mode:
Command Task
qos 1. Enter QoS configuration mode.
Note : To delete a class map, enter the no class-map <class-map-name> command in the qos
configuration mode. To delete the criteria, enter the no match command in the qos configuration mode.
The following example shows how to create a class map and define a classification criterion by
using the source IP address:
(config)# qos
(config-qos)# class-map class1
(config-cmap)# match ip-sa 172.27.2.16 0.0.255.255
(config-cmap)# end
# show classmap
ClassMap
--------------------------------------------------
Name : class1
Match Content : ip-sa 172.27.2.16/0.0.255.255
Total Entries = 1
# write memory
Building Configuration...
[OK]
The following example shows how to create a class map and define the criteria by using the
destination IP address and the destination TCP port number:
(config)# qos
(config-qos)# class-map class2
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255
Total Entries = 2
# write memory
Building Configuration...
[OK]
y mark : Action for configuring the values to be set in the DSCP, IP precedence, ToS, or
802.1P field of the packets which belong to the traffic class.
y priority : Action for configuring the priority(high or low) of the traffic. The priority is
used for selecting the traffic to be discarded when the system congestion.
y bandwidth : Action for configuring the minimum transmission bandwidth for the traffic
class.
y weight : Action for configuring the ration of the minimum transmission bandwidth for
the traffic class.
To apply multiple QoS actions to a traffic class, multiple QoS actions can be included in a
policy-map.
Command Task
qos 1. Enter QoS configuration mode.
2. Create a policy map and enter the policy-map
configuration mode.
policy-map <policy-map-name>
y <policy-map-name>: Name of a policy map to
define.
3. Specify the class to which the policy map applies and
enter the policy-map-class configuration mode.
class <class-name>
y <class-name>: The name of the class to which
the policy map applies.
mark {cos|dscp|ip-prec} <value>
filter {deny|permit|to-proc}
bandwidth <bandwidth> 4. Configures Qos actions for the class. Refer to the
weight <percentage> following sections for configuring QoS actions in the
priority <value> policy-map class configuration mode.
rate-limit rate <target-rate>
tcflow monitoring
end 5. Return to the Privileged mode.
show policymap 6. Verify the policy map configuration.
write memory 7. Save the configuration changes.
The sections which describes how to add the QoS actions in the Step 4 and how to verify the
policy map configuration in Step 5 will follow.
The following example shows how to create a policy map and specify a class map to which the
policy map applies:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# priority 7
(config-pmap-c)# end
# show policymap policy1
PolicyMap
--------------------------------------------------
Name : policy1
Linked ClassMap : class1
You can delete a policy-map using the no policy-map command in the QoS configuration
mode. This example shows how to delete a policy-map:
(config)# qos
(config-qos)# no policy-map TEST
(config-qos)#
You can remove a class-map from the policy-map, using the no class command in the
policy-map configuration mode. The no class command does not delete the class-map but
disconnects the relation between the policy-map and the class-map. To delete a class-map, use
the no class-map command in the QoS configuration mode. This example shows how to
remove a class-map from the policy-map and verify the result:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# no class class1
(config-pmap)# end
# show policy-map
Policy-map polmap6
To set the QoS fields of packets, which belong to the policy-map class to the specified values,
perform this task in the Global configuration mode.
Table 9-4 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map
Command Task
3. Specify the class to which the policy map applies and enter policy-map-
class <class-name> class configuration mode.
y <class-name>: The name of the class to which the policy map applies.
This example configure remarking feature to set the CoS field to 7 of the traffic class class1 in
the policy map policy1:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# mark cos 7
(config-pmap-c)#
To add a criterion for deciding whether filtering packets or forwarding, perform this task in the
Global configuration mode.
Command Task
policy-map <policy- 2. Create a policy map and enter policy-map configuration mode.
map-name> y <policy-map-name>: The name of a policy-map.
3. Specify the class to which the policy map applies and enter policy-map-
class <class-name> class configuration mode.
y <class-name>: The name of the class to which the policy map applies.
This example configure to discard the traffic class class2 in the policy map policy1:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class2
(config-pmap-c)# filter deny
(config-pmap-c)#
To configure the minimum transmission bandwidth for a traffic class in a policy-map, perform
this task in the Global configuration mode.
Command Task
3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name> y <class-name>: The name of the class to which the policy map
applies.
5. Specify the bandwidth ratio of the transmission queue for the traffic
class.
weight <percentage> y <percentage> : Percentage of available bandwidth to be assigned to
the class (0 ~ 100)
Both bandwidth and weight cannot be applied together. You can set only one command
between bandwidth command and weight command.
This example configures the bandwidth of the transmission queue for the traffic class class1 in
the policy map class policy1:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# bandwidth 10000
rate is adjusted to 9984 kbps
(config-pmap-c)#
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class2
(config-pmap-c)# weight 25
(config-pmap-c)#
The following is a procedure for specifying the user-defined priority for a traffic class:
Command Task
3. Specify the class to which the policy map applies and enter policy-map-
class <class-name> class configuration mode.
y <class-name>: The name of the class to which the policy map applies.
This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map
policy1:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class4
(config-pmap-c)# priority 7
(config-pmap-c)#
Rate limiting is the process by limiting the bandwidth consumed by a flow of traffic. After a
packet is classified, the rate limiting process can begin. The rate limiting involves creating a
policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are
dropped.
To configure the rate limiting feature in a policy map, perform this task in the Global
configuration mode:
Command Task
qos 1. Enter QoS configuration mode.
policy-map 2. Enter policy-map configuration mode.
<policy-map-name> y <policy-map-name>: The name of a policy-map.
3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.
4. Specifies the limited rate to be applied to traffic of the class in the
specific policy-map
rate-limit rate
y <target-rate>: Average rate to be applied to the traffic which
<target-rate>
meets the condition of the class(0 ~ 1000000Kbps). The value must be
in increments of 64 kbps.
Note : Policing can be applied to a specific port as well as a specific traffic class. Entering the rate-limit
commandin the QoS configuration mode sepcifies the target bandwdith to be applied to both incoming
and outgoing traffic through a port. How to configure policing for a port will be described later in this
chapter.
This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting in
the policy map policy1:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class5
(config-pmap-c)# rate-limit rate 640
(config-pmap-c)#
By default, the Corecess R1-SW24L2B can apply the QoS policy to both inbound and outbound
traffic on all interfaces. You can attach a single policy map to one or more ports to specify the
service policy for those ports. The class policies comprising the policy map are then applied to
packets that satisfy the class map match criteria for the class.
To apply a policy map to the ports, enter the following command in the Global configuration
mode:
Command Task
qos 1. Enter the QoS configuration mode.
This example applies the policy map named policy1 to the Gigabit Ethernet port 1/2 and
verifies the configuration:
(config)# qos
(config-qos)# service-policy service1 policy-map policy1 input-port gigabitethernet
1/2 output-port gigabitethernet 1/2
(config-qos)# end
# show service-policy
ServicePolicy
Name : service1
Linked PolicyMap : policy1
Port(In ) : 1/2
Port(Out) : 1/2
Total Entries = 1
# write memory
Building Configuration...
[OK]
By default, 802.1p CoS is disabled on the Corecess R1-SW24L2B. When the 802.1p CoS is
disabled, the IP precedence and DSCP values are used for QoS. To enable the 802.1p CoS and
assign the priority to a interface for 802.1p class of service, perform this task in the Global
configuration mode:
Command Task
qos 1. Enter QoS configuration mode.
8021p enable 2. If necessary, enable 802.1p class of service on the system.
Note : If you do not specify the port, assigned priority are applied to all ports in the specified VLAN.
(config)# qos
(config-qos)# 8021p user-priority 6 vlan 1 port gigiabitethernet 1/1
(config-qos)# 8021p enable
(config-qos)# end
# show user-priority
Default User Priority
--------------------------------------------------
Entry[ 1]
Vlan : 1
Priority : 6
Port : 1/1
Enter the following command in Global configuration mode to configure rate limiting on a
specific port:
Command Task
The following example shows how to configure input rate limiting for the class:
(config)# qos
(config-qos)# rate-limit input-port fastethernet 2/1 output-port fastethernet
2/1 rate 24000
(config-qos)# end
# show rate-limit
RateLimit
--------------------------------------------------
Rate : 24000
Port(In ) : 2/1
Port(Out) : 2/1
Total Entries = 1
#
To configure the precedence of the values for the CoS field of the outgoing packet, perform the
following task in the Global configuration mode:
Command Task
2. Input the values (tos, user, vlan) in the order of high priority.
y <value1>: Specify the highest priority value to be used in CoS field.
8021p-precedence
y <value2>: Specify the second-highest priority value. This value is
<value1> <value2>
<value3> used when the <vlaue1> can not be used.
y <value3>: Specify the third-highest priority value. This value is used
when the <vlaue1> and <vlaue2> can not be used.
show
4. Verify the configuration.
8021p-precedence
The following example shows how to configure the precedence of the values for the CoS field
to the order of VLAN priority Tos CoS:
(config)# qos
(config-qos)# 8021p-precedence vlan tos user
(config-qos)# end
# show 8021p-precedence
8021p precedence odering
vlan tos user
#
The following is a procedure for specifying a value used as the packet priority for choosing a
packet transmission queue:
Command Task
2. Input the values (tos, user, vlan, or class) in the order of high priority.
y <value1>: Specify the highest priority value.
y <value2>: Specify the second-highest priority value. This value is
queue-precedence
used when the <vlaue1> can not be used.
<value1> <value2>
<value3> <value4> y <value3>: Specify the third-highest priority value. This value is used
when the <vlaue1> and <vlaue2> can not be used.
y <value4>: Specify the lowest priority value. This value is used when
the <vlaue1>, <vlaue2>, and <vlaue3> can not be used.
show
4. Verify the configuration.
queue-precedence
The following example shows how to configure the precedence of the values used for
transmission queue priority to the order of VLAN priority Users priority Class ToS:
(config)# qos
(config-qos)# queue-precedence vlan user class tos
(config-qos)# end
# show queue-precedence
queue precedence odering
vlan user class tos
#
Command Task
shaping output-port 2. Configure shaping for traffic that transmits through the specified output
<port-type> port.
<slot>/<port> y <port-type> Port type (fastethernet, gigabitethernet)
rate <target-rate> y <slot>/<port> Slot number and port number
y <targe-rate> Target bandwidth (1~1000000Kbps, in 64Kbps step)
The following example shows how to configure shaping for the traffic that is transmitted
through the Gigabit Ethernet port 1/1.
Shaping : 128000
Port(In ) :
Port(Out) : 1/1
Total Entries = 1
#
Command Task
qos 1. Enter QoS configuration mode.
The following example enables the broadcast storm on the default VLAN:
(config)# qos
(config-qos)# broadcast-storm-control vlan id 1 pps 4096
(config-qos)# end
# show running-config
Building configuration...
Current configuration:
.
.
qos
broadcast-storm-control vlan id 1 pps 4096
queue-precedence vlan user class tos
8021p-precedence vlan tos user
Command Function
Enables QoS based on IEEE 802.1p CoS (Class of Service) on the Corecess
8021p enable R1-SW24L2B.
8021p user-priority Assigns the priority for 802.1p class of service to a port or a VLAN
dhcp-offer filter
discard Filters the DHCP server packets received from the specified port.
match ip-da Specifies the destination IP address as a match criterion of a class map.
match ip-sa Specifies the source IP address as a match criterion of a class map.
match mac-da Specifies the destination MAC address as a match criterion of a class map.
match mac-sa Specifies the source MAC address as a match criterion of a class map.
match tcp-flag Specifies the TCP flag as a match criterion of a class map.
netbios filter
discard Filters the NetBIOS packets received from the specified port.
Enters QoS policy map configuration mode to configure the QoS policy
policy-map map.
priority Specifies the priority of a traffic class during network congestion condition.
service-policy Defines a service policy to attach a policy map to the input/output ports.
This chapter describes how to configure security features on the Corecess R1-SW24L2B.
Configuring Password
You can provide access control on a terminal line by entering the password and establishing
password checking.
> passwd
Changing password for corecess
Old password:: ******** Enter the current password.
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
New password: ******** Enter the new password.
Re-enter new password: ******** Enter the new password again.
Password changed.
>
The User mode is signified on the system by the > prompt. In this mode, you can enter a variety
of commands to view statistics on the system, but you cannot change the configuration of the
system.
You can specify the password for the Privileged mode using enable passwd command in the
Global configuration mode. The following example sets the Privileged mode password to
R1SW24 by the enable passwd command configuration in the Global mode.
After setting the Privileged mode password, you should enter the password to go to the
Privileged mode from user mode as follows:
> enable
Password: R1SW24
Privileged mode is signified by the # prompt. In the Privileged mode, you can enter all
commands to view statistics and configure the system.
You can hide clear-text passwords by storing passwords in an encrypted manner so that anyone
entering write terminal commands will not be able to determine the clear-text password.
The following example shows how to encrypt a user password and display the password on the
terminal line:
# configure terminal
(config)# username guest passwd guest
(config)# end
# write terminal
Building configuration...
Current configuration:
!
! version 0.75
!
hostname localhost
username guest passwd 8 $1$$ysap7EeB9ODCrO46Psdbq/
:
:
The default timeout for an unattended telnet session is 10 minutes. To change the login timeout,
enter the following command in the global configuration mode:
Command Task
line vty 1. Enter the VTY-line configuration mode.
2. Set the login timeout.
exec-timeout <minute>
y <minute>: Timeout in minutes ( 1 ~ 600)
end 3. Return to the privileged mode.
write memory 4. Save the configuration changes.
Access Lists
Access lists filter network traffic by controlling whether routed packets are forwarded or
blocked at the system's interfaces. Your system examines each packet to determine whether to
forward or drop the packet, based on the criteria you specified within the access lists.
Access list criteria could be the source address of the traffic, the destination address of the traffic,
the upper layer protocol, or other information. Note that sophisticated users can sometimes
successfully evade or fool basic access lists because no authentication is required.
You can use standard access lists to control the Telnet or SNMP access methods to management
functions on the Corecess R1-SW24L2B.
Server A
Server B
R1-SW24L2B
Access list
x Source IP address : 172.20.128.64
x Permit/deny : Permit
x Flow : Out
Host A Host B
IP: 172.20.128.10 IP: 172.20.128.64
In the above example, the access list allows access from the 172.20.128.64 host. Therefore the
host B connected to the Corecess R1-SW24L2B can access to the Server A or Server B and the
host A cant access to the Servers.
Command Task
Note:
x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros.
Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value
matches. For example, the <source-ip> and <wild-card> values 209.157.22.26 0.0.0.255 mean that all
hosts in the Class C sub-net 209.157.22.x match the policy.
x The packets that do not match any entries in an access list are denied.
# configure terminal
(config)# access-list 1 permit 192.5.34.0 0.0.0.255
(config)# access-list 1 permit 128.88.0.0 0.0.255.255
(config)# access-list 1 permit 36.0.0.0 0.255.255.255
(config)# end
# show access-list
Standard IP access list 1
permit 192.5.34.0, wildcard bits 0.0.0.255
permit 128.88.0.0, wildcard bits 0.0.255.255
permit 36.0.0.0, wildcard bits 0.255.255.255
#
The following example shows how to define an access list which deny the access from the
specified host:
# config t
(config)# access-list 2 deny host 171.69.198.102
(config)# access-list 2 permit any
(config)# end
# show access-list
Standard IP access list 2
deny 171.69.198.102
permit any
#
Command Task
line vty 1. Enter the VTY-line configuration mode.
The following example shows how to apply the access list to terminal line. The Corecess R1-
SW24L2B allows Telnet access to all IP addresses except the hosts listed in access list 2.
The following example show how to apply the access list to terminal line. The Corecess R1-
SW24L2B denies connections to networks other than network 192.89.55.0:
# configure terminal
(config)# access-list 12 permit 192.89.55.0 0.0.0.255
(config)# line vty 0 5
(config-line)# access-class 12 out
(config-line)# end
# write memory
Building Configuration...
[OK]
To restrict SNMP access to the system using access lists, enter commands such as the following:
Command Task
configure terminal 1. Enter the global configuration mode.
snmp-server group 2. Apply the access list to SNMP access.
access <list-number> y <list-number>: Standard access list number (1 ~ 99, 1300 ~ 1999)
end 3. Return to the privileged mode.
write memory 4. Save the configuration changes.
The following example shows how to apply the access list to SNMP access. The Corecess R1-
SW24L2B allows SNMP access to all IP addresses except the hosts listed in access list 2.
# configure terminal
(config)# snmp-server group access 2
(config)# end
# write memory
Building Configuration...
[OK]
Packet Filtering
Type of Packet Filtering
The Corecess R1-SW24L2B supports the following types of packet filtering:
If a host connected to the Corecess R1-SW24L2B runs a private DHCP server, other hosts
connected to the Corecess R1-SW24L2B may receive an invalid IP address from that private
DHCP server. To prevent this, you can filter DHCP Offer packets received from a host.
Internet or LAN
Corecess R1-SWL2B
Filters DHCP Offer packets received
from hosts.
To discard the all DHCP OFFER packets, enter the following command in Global configuration
mode:
Command Task
qos 1. Enter QoS configuration mode.
(config)# qos
(config-qos)# dhcp-offer filter discard
(config-qos)# end
# show dhcp-offer-filter
Dhcp Offer Filter Ports
--------------------------------------------------
Discard : All Ports
#
Corecess R1-SW24L2B
Host Host
To filter the packet of file and resource sharing protocol, use the following commands.
Command Task
upnp filter discard 2-4. Refuse UPnP packets. This command is applied to all ports.
(config)# qos
(config-qos)# apple-filesharing-protocol filter discard
(config-qos)# netbios filter discard
(config-qos)# rendezvous filter discard
(config-qos)# upnp filter discard
(config-qos)# end
# show running-config
.
.
!
qos
netbios filter discard
rendezvous filter discard
apple-filesharing-protocol filter discard
upnp filter discard
hsrp filter discard
!
.
.
Command Task
The following example shows how to refuse default traffic that is not classified with class map.
(config)# qos
(config-qos)# default traffic deny
(config-qos)# end
# show default-traffic-policy
Default QoS Traffic Policy
--------------------------------------------------
Deny
#
The following is the steps for configure filtering policy on the Corecess R1-SW24L2B.
1. Creating Classes
Create a class map and define the classification criteria for the class map.
2. Creating a Policy
Create a policy map, specify the class to which the policy map applies, and define the actions
that you want the system to take for the particular class of traffic.
This section describes how to create a QoS service policy according to the above steps.
Note : For more detail information about QoS (Quaility of Service), refer to the Chapter 9/ Configuring QoS
in this manual..
Command Task
qos 1. Enter the QoS configuration mode.
class-map 2. Create a class map and enter class-map configuration mode.
<class-map-name> y <class-map-name>: Class map name.
match ip-da 3. Specify the destination IP address as a match criterion of a class map.
<destination-ip> y <destination-ip>: The destination IP address
<wildcard> y <wildcard>: Wildcard bit to be applied to <dest-ip>.
match ip-sa 4. Specify the source IP address as a match criterion of a class map.
<source-ip> y <source-ip>: The source IP address
<wildcard> y <wildcard>: Wildcard bit to be applied to <source-ip>.
5. Specify the destination TCP port number as a match criterion of a class
match tcp-dpn
map.
<tcp-port-num>
y <tcp-port-num>: The destination TCP port number (0 ~ 65535)
6. Specify the source TCP port number as a match criterion of a class
match tcp-spn
map.
<tcp-port-num>
y <tcp-port-num>: The source TCP port number (0 ~ 65535)
7. Specify the destination UDP port number as a match criterion of a
match udp-dpn
class map.
<udp-port-num>
y <udp-port-num>: The destination UDP port number (0 ~ 65535)
The following example shows how to create a class map and define a classification criterion by
using the destination IP address and the destination TCP port number:
(config)# qos
(config-qos)# class-map class101
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255
(config-cmap)# match tcp-dpn 25
(config-cmap)# end
Name : class101
Match Content : ip-da 10.10.10.1/0.0.0.255
: tcp-dpn 25
# write memory
Building Configuration...
[OK]
Command Task
qos 1. Enter the QoS configuration mode.
policy-map 2. Create a policy map and enter the policy-map configuration mode.
<policy-map-name> y <policy-map-name>: Name of a policy map to define.
3. Specify the class to which the policy map applies and enter the
class <class-name> policy-map-class configuration mode.
y <class-name>: Class map name.
The following example shows how to define QoS policy that you want the system to filter that
particular class of traffic:
(config)# qos
(config-qos)# policy-map filter-policy
(config-pmap)# class class101
(config-pmap-c)# filter deny
(config-pmap-c)# end
# show policymap filter-policy
PolicyMap
--------------------------------------------------
Name : filter-policy
Linked ClassMap : class101
Action : Deny
# write memory
Building Configuration...
[OK]
Command Task
qos 1. Enter the QoS configuration mode.
2. Applies the service policy you specify to both inbound and
service-policy
outbound traffic.
<service-policy-name>
y <service-policy-name>: The name of a service policy.
policy-map
y <policy-map-name>: The name of a policy map to be
<policy-map-name>
applied.
end 3. Return to the Privileged mode.
show service-policy 4. Verify that the policy map is applied to the system.
[<service-policy-name>] y <service-policy-name>: The name of a service policy.
write memory 5. Save the configuration changes.
The following example shows how to apply a policy map, filter-policy, to the inbound and
outbound traffic:
(config)# qos
(config-qos)# service-policy service1 policy-map filter-policy
(config-qos)# end
# show service-policy service1
ServicePolicy
--------------------------------------------------
Name : service1
Linked PolicyMap : filter-policy
Port(In ) :
Port(Out) :
# write memory
Building Configuration...
[OK]
Command Function
Default traffic deny Discard all packets that is not classified by class map.
dhcp-offer filter Discards the all DHCP OFFER packets received (packets received
discard through the UDP port 67).
Sets the interval that the EXEC command interpreter waits until user
exec-timeout
input is detected.
rendezvous filter
Refuse rendezvous packets.
discard
service-policy Applies a policy map to all packets received or sent to the system.
Limits hosts which can access to the system through SNMP based on
snmp-server group access
the access list.
This chapter describes how to configure IGMP snooping on the Corecess R1-SW24L2B.
IGMP snooping manages multicast traffic at Layer 2 on the Corecess R1-SW24L2B by allowing
directed switching of IP multicast traffic. Switches can use IGMP snooping to configure Layer 2
interfaces dynamically so that IP multicast traffic is forwarded only to those interfaces
associated with IP multicast devices.
When IGMP snooping is enabled on the Corecess R1-SW24L2B, the route processor sends out
periodic general queries to all VLANs. The switch processor responds to the route processors
queries with only one join request per MAC multicast group. The switch processor creates one
entry per VLAN in the Layer 2 forwarding table for each MAC group from which it receives an
IGMP join request. All hosts interested in this multicast traffic send join requests and are added
to the port mask of this forwarding table entry.
To globally enable IGMP snooping on the Corecess R1-SW24L2B and enable VLAN IGMP
snooping, use the following command in Global configuration mode:
Command Description
ip igmp snoop
y <vlan-id>: ID of a VLAN to enable IGMP snooping.
[vlan id <vlan-id>]
The following example enables global IGMP snooping and disables IGMP snooping on the
VLAN 2:
However, if a multicast router receives a membership query message from the Corecess R1-
SW24L2B, which is not a multicast route, but a system that provides IGMP snooping functions,
and recognizes it as a multicast router, it may stop its role as the IGMP querier (if the IP address
of the Corecess R1-SW24L2B is smaller than the IP address of the multicast router). If this
happens, a problem may occur in which the multicast router stops forwarding multicast traffic
from outside the network into the LAN. Therefore, membership query messages must not be
sent from the Corecess R1-SW24L2B to the multicast router. In order to do so, the port
connected to the multicast router must be manually set as a router port.
To configure a static router port, use the command in the Global configuration mode:
Command Task
The following example adds the Gigabit Ethernet port 1/1 as a router port:
To remove a multicast router port, use the no ip igmp snoop mrouter command in Global
configuration mode.
Note: Multicast routers that support only IGMPv1 cannot process host membership report messages received
from devices that support IGMPv2. In addition, multicast routers which support only IGMPv1 cannot understand
Leave messages, which are sent by hosts leaving multicast groups. Since there is no way for IGMP snooping
devices, such as the Corecess R1-SW24L2B, to automatically recognize ports connected to these IGMPv1
multicast routers, the user must manually specify them.
To enable IGMP immediately leave feature on a port interface, use the following command in
Global configuration mode:
Command Task
This example shows how to enable IGMP fast-leave processing on the Gigabit Ethernet port 1/1:
To disable IGMP fast-leave processing, use the no ip igmp snoop fast-leave command
in Global configuration mode:
To add a port as a member of a multicast group, use the following command in Global
configuration mode:
Command Task
This example shows how to add the Fast Ethernet port 2/1 as a member of the group
01:00:5e:02:02:03:
To remove the port from the multicast group, use the no ip igmp snoop mgroup
command in Global configuration mode.
The default value of IGMP group membership time is 260 seconds. To change IGMP group
membership time, use the following command in Global configuration mode:
Command Task
ip igmp snoop membership y <seconds>: The IGMP group membership time in seconds
timeout <seconds> from 1 to 1200 seconds. Default is 260.
Command Task
The following example shows how to specify the number of multicast groups for the Fast
Ethernet port 2/1 to 2048 and verify the result:
To restore the default value, enter the no ip igmp snoop group-number-limit command
in Global configuration mode.
Command Description
show ip igmp snoop y <vlan-id> VLAN ID (1 ~ 4094). Displaying IGMP snooping
[vlan id <vlan-id>] information for a specific VLAN interface.
The following example displays the multicast groups that are directly connected to the Corecess
R1-SW24L2B and that were learned via IGMP snooping:
The following table describes the fields in the show ip igmp snoop command output:
Filed Description
group ip IP Address of the multicast group. In case of a static multicast group, 0.0.0.0 is displayed.
How long in seconds until the entry is removed from the IGMP groups table. In
timeout left
case of a static multicast group, 0 is displayed.
The following example shows how to display information on all multicast router interfaces on
the Corecess R1-SW24L2B:
The following table describes the fields in the show ip igmp snoop mrouter command
output:
Filed Description
port Slot number and port number of the multicast router port
vlan ID of the VLAN that the multicast router port belongs to.
router ip IP address of multicast router that the multicast port is connected to.
Total Number The number of multicast router ports that are registered to the system.
The following is the sample output from show ip igmp snoop fast-leave command:
Command Description
ip igmp snoop Configure the maximum number of multicast groups that a port can
group-number-limit belong to.
show ip igmp snoop Display the list of the VLANs and ports which IGMP immediately
fast-leave leave feature is enabled on
For high bandwidth connection, use trunking group which allows several ports to be connected
together to operate as a single link. This chapter describes how to configure a trunking group by
using LACP (Link Aggregation Control Protocol).
For example, the maximum bandwidth of the port that connects the system A and the system B
is 1Gbps, but the amount of data that receives and transmits between two systems can exceed
1Gbps. In this case, it is considered that several ports are connected between two systems. But,
if there are several connections (links) between systems, only one link is used automatically by
STP protocol because a loop can occur. If STP protocol is not used to prevent this situation,
communication might not operate because loops can not be detected.
Port trunking can be used in the case. Several ports act as single port, so it can be easily
managed by VLAN, STP and IGMP. Port trunking also effects stability of the system. Even if
some ports that are included in a trunking group are not operating normally, communication
can be continued by rest ports.
In the Corecess R1-SW24L2B, port trunking can be implemented by 802.ad link aggregation,
and 802.3ad link aggregation uses LACP (Link Aggregation Control Protocol). LACP allows
ports that have the same link aggregation key value to configure themselves into a trunking
group.
y All trunk group members (ports) should have the same media type (10/100Base-T or Gigabit
Ethernet).
y All trunk group members (ports) should be set to the same port speed, tramsmission mode,
and flow control.
y All trunk group members (ports) should be set to the full-duplex mode.
y If LACP operation mode is set to active on a port that is located in the end of a trunk, trunk is
set automatically.
When a QoS trunk is specified, the aggregated ID of the trunk group is used. The aggregated ID
is decided by the following rules.
y Odd number of port > Gigabit Ethernet port > Even number of port (Up Down)
y The same add or even number : Higher number of port (Right Left)
For example, if 1/1, 1/2, 1/3 and 1/4 ports aggregates, odd number of ports (1/1, 1/3) is
selected properly, then higher port (1/3) is decided to the aggregated ID.
LACP Mode
You can enable the feature on an individual port basis, in active, passive, or passive manual mode.
y Passive mode
When you enable a port for passive link aggregation, the Corecess R1-SW24L2B port can
exchange LACPDU messages with the port at the remote end of the link, but the Corecess
R1-SW24L2B port cannot search for a link aggregation port or initiate negotiation of an
aggregate link. Thus, the port at the remote end of the link must initiate the LACPDU
exchange.
y Manual mode
When you enable a port for manual link aggregation, you can manually configure aggregate
links containing multiple ports
Switch A Switch B
To configure an aggregation link manually, both ends of the aggregation link should be
configured to LACP manual mode.
Switch A Switch B
Port X : LACP mode : Manual Port X : LACP mode : Manual
Passive Passive
To assign the LACP admin key and set LACP mode, perform this task in the Privileged mode:
Command Task
configure terminal 1. Go to the global configuration mode.
2. Assign LACP admin key and specify the LACP mode for the
specific ports.
y <key-num>: LACP key value (0 65535).
y <port-type>: The type of the port.
- fastethernet : Fast Ethernet port.
lacp key <key-num> port
- gigabitethernet : Gigabit Ethernet port.
<port-type> <slot>/<port>
y <slot>/<port>: The slot number and port number of the
mode {active|passive|
port.
manual}
y active: Enables active mode.
y passive : Enables passive mode.
y manual : Enables manual mode. You can manually configure
an aggregation link, which will enable the aggregation of
multiple ports without LACP protocol.
end 3. Return to the privileged mode.
# configure terminal
(config)# lacp key 10 port fastethernet 2/1 mode active
(config)# end
# show lacp port fastethernet 2/1
* Actor key is the operational key value assigned to the port by the Actor.
* Partner key is the operational key value assigned to the port associated with this link by the Partner.
To configure LACP partner key to be assigned to the port on the other side of the aggregation
link, perform this task in the Privileged mode:
Command Task
configure terminal 1. Enter Global configuration mode.
The following example assigns 15 to the port connected to the Fast Ethernet port 2/1 for link
aggregation key:
# configure terminal
(config)# lacp force-partner-key 15 port fastethernet 2/1
(config)# end
# show lacp port fastethernet 2/1
Switch A
Active <-----> Passive
Trunk group
y Port : 2/1-4 on Switch A
2/1-4 on Switch B Switch B
y LACP admin key : 33
Switch A
The following shows how to configure link aggregation on the switch A:
Switch B
The following shows how to configure link aggregation on the switch B:
This chapter describes how to configure STP (Spanning Tree Protocol) on the Corecess R1-
SW24L2B.
STP Overview
Introduction
A network that has several paths for one destination is fault-tolerant. It is because packets can
be transmitted through other paths even if one of paths can not be used on the network. But,
loops might occur on the network. If a loop is occurs between two nodes, when packets are
broadcasted, the packet transmission is repeated infinitely. Because of the loop, the network can
be congested, then the network becomes instable.
In the following network configuration, there are two paths from Switch A to Switch C. One of
the path is path 2 connected directly and the other path is path 1 and path 2 through Switch B.
A loop is formed in this network because multiple active paths exist between Switch A and
Switch C. In this network, end stations might receive duplicate messages. For example, if Switch
A broadcasts packets, Switch C broadcasts the received packets to Switch A, and Switch A
broadcast the packets again.
Switch A
Path 1 Path 2
Path 3
Switch B Switch C
STP (Spanning Tree Protocol) prevents the loop on the network in which several paths are
existed. STP defines a tree with a root switch. When two interfaces on a switch are part of a loop,
the spanning-tree port priority and path cost settings determine which interface is put in the
forwarding state and which is put in the blocking state. Spanning tree forces redundant data
paths into a standby (blocked) state. Therefore, when traffic is processed, packets are only
transmitted through paths of non-blocking state.
Switch A
Path 1 Path 2
(Forwarding) (Forwarding)
Path 3
Switch B (Blocking) Switch C
Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at
regular intervals. The switches do not forward these frames, but use the frames to construct a
loop-free path.
If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree
algorithm recalculates the spanning-tree topology and activates the standby path.
Root Switch
Designated Designated
Switch Switch
Designated Port
Designated
Switch
y Unique bridge ID of the switch that the sending switch identifies as the root switch
Bridge ID determines the selection of the root switch. Each VLAN on the switch has a unique 8-
byte bridge ID; the two most-significant bytes are used for the switch priority, and the
remaining six bytes are derived from the switch MAC address. The switch with the highest
switch priority (the lowest numerical priority value) is elected as the root switch. If all switches
are configured with the default priority (32768), the switch with the lowest MAC address in the
VLAN becomes the root switch.
Path cost determines the selection of the root port and designated switch. The port that provides
the best path (lowest cost) when the switch forwards packets to the root switch is called the root
port. The switch that provides the lowest path cost when forwarding packets from that LAN to
the root switch is called the designated switch. The port through which the designated switch is
attached to the LAN is called the designated port.
BPDU has three spanning-tree timers (hello, forward delay, max age). The following table
describes the timers that affect the entire spanning-tree performance:
Timer Description
When this timer expires, the interface sends out a Hello message to the neighboring
Hello timer
nodes.
Forward delay Determines how long each of the listening and learning states last before the
timer interface begins forwarding.
Determines the amount of time the switch stores protocol information received on an
Max age timer
interface.
y Blocking: The port does not participate in frame forwarding. (Default state)
y Listening: The first transitional state after the blocking state when the spanning tree determines that the
port should participate in frame forwarding.
y Disabled: The port is not participating in spanning tree because of a shutdown port, no link on the port,
or no spanning-tree instance running on the port.
Blocking State
BPDU Transmission
Learning State
Forward delay
Forwarding State
A port that STP is operating always starts at the blocking state. When a switch is initialized, the
switch assumes that the switch is the root switch and transmits BPDU to connected devices
through all ports. Ports of the blocking state discards all frames except BPDU. Ports that receive
BPDU become the listening state.
Ports of the listening state exchange BPDUs with other devices and select the root switch. Then,
after forward delay time is passed, the listening state becomes the learning state.
Ports of the disabled state do not participate in the spanning tree. These ports neither transmit
or receive BPDUs and do not transmit frames.
Selecting Path
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected
network as the root of the spanning tree. The algorithm calculates the best loop-free path
through a switched Layer 2 network by assigning a role to each port based on the role of the
port in the active topology.
When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost
settings determine which interface is put in the forwarding state and which is put in the
blocking state. The port priority value represents the location of an interface in the network
topology and how well it is located to pass traffic. The path cost value represents media speed.
Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment
in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates
the spanning-tree topology and activates the standby path.
The key difference between STP and RSTP is the transition states of a port. STP moves a port
from the blocking state to the forwarding state after the listening and the learning state. RSTP
reduces the transition steps by moving directly a port from the blocking state to the forwarding
state. This allows rapid reconfiguration capability when the topology has changed.
10Mbps 2,000,000
10Gbps 2,000
y Setting spanning tree timers (Hello time, Max age, Forward delay)
Command Task
configure terminal 1. Enter global configuration mode.
# configure terminal
(config)# stp vlan id 1
(config)# stp protocol-version stp vlan id 1
(config)# end
# show stp vlan id 1
Disable STP only if you are sure there are no loops in the network topology . When STP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable STP on a per-VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable STP on the VLAN whose ID is 1:
If you disable STP on a VLAN, STP is disabled on all ports belongs to the VLAN.
Command Task
configure terminal 1. Enter global configuration mode.
The following example enables STP on the port 1/1 and 2/1:
Command Task
configure terminal 1. Enter global configuration mode.
2. Set the bridge ID for a specific VLAN.
stp bridge-priority
y <priority>: Bridge ID (0 ~ 65535). A higher numerical value means
<priority> vlan id
a lower priority; thus, the highest priority is 0.
<vlan-id>
y <vlan-id>: VLAN ID (1 ~ 4094)
end 3. Return privileged mode.
show stp vlan id 4. Verify the STP configuration change.
<vlan-id> y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to set bridge ID for a VLAN to 3000 (hexa-decimal : 0x0BB8):
# configure terminal
(config)# stp bridge-priority 3000 vlan id 2
(config)# end
# show stp vlan id 2
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x0BB8-00905ACC0202
Time since topology change: 281(s)
To restore the bridge ID for a VLAN to the default priority (32768, hexa decimal : 0x8000), enter
the no stp bridge-priority command in Global configuration mode:
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-00905ACC0202
Time since topology change: 1968(s)
.
.
.
#
Note: The default path cost for the Ethernet ports on the Corecess R1-SW24L2B is derived from STP prottocol
version and the media speed of the port as follows:
10Mbps 100
100Mbps 19
1Gbps 4
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for an Ethernet port, perform this task in Privileged mode:
Command Task
configure terminal 1. Enter global configuration mode.
Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port Number(logical): 129
Port Priority: 0x8
Designated Path Cost: 10
AdminEdge: false
#
Recommand: We recommand that you set the path cost as follows according to the running STP prottocol
version and the media speed of the port:
100Mbps 10 ~ 60
1Gbps 3 ~ 10
10Gbps 1~5
By default, RSTP is enabled on the Corecess R1-SW24L2B and the default STP encoding mode is
32 bits. To configure the type of STP encoding mode, perform this task in Privileged mode:
Command Task
configure terminal 1. Enter global configuration mode.
The following example shows how to configure the type of STP encoding mode to 16 bits:
VLAN ID: 1
Protocol Operation: enabled
Root Bridge: yes
STP version: stpCompatible(0)
Pathcost Encoding: 16bit
BridgeID: 0x8000-00905ACC0201
.
.
#
To configure the port priority of an Ethernet port, perform this task in Privileged mode:
Command Task
configure terminal 1. Enter global configuration mode.
2. Sets the spanning-tree port priority for a specified Ethernet port.
y <port-type>: The type of Ethernet port.
- fastethernet: Fast Ethernet port
port <port-type> <slot>/ - gigabitethernet: Gigabit Ethernet port
<port> priority <priority> y <slot>/<port>: The slot number and port number of the
Ethernet port.
y <priority>: The value of the STP port priority (0 ~ 15,
default:8)
end 3. Return to privileged mode.
4. Verify the STP configuration change.
show stp port <port-type> y <port-type>: The type of Ethernet port.
<slot>/<port> y <slot>/<port>: The slot number and port number of the
Ethernet port .
The following examples shows how to configure the port priority of the Fast Ethernet port 2/1
to 1:
Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port Number(logical): 129
Port Priority: 0x1
.
.
You can set spanning tree timers for individual VLANs. To set spanning tree timers for a
specific VLAN, perform this task in Privileged mode:
Command Task
configure terminal 1. Enter Global configuration mode.
The following example shows how to set STP hello timers to 5 seconds for a VLAN:
# configure terminal
(config)# stp hello-time 5 vlan id 2
(config)# end
# show stp vlan id 2
To return the STP hello timers to the default value, use the no form of these command in Global
configuration mode:
The following example shows how to set STP forward delay timers to 20 seconds for a VLAN:
# configure terminal
(config)# stp forward-delay 20 vlan id 2
(config)# end
# show stp vlan id 2
VLAN ID: 2
Protocol Operation: enabled
.
.
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 20(s)
.
.
#
To return the STP forward delay timers to the default value, use the no form of these command
in Global configuration mode:
VLAN ID: 2
.
.
HelloTime: 2(s)
ForwardDelay: 15(s)
Bridge MaxAge: 25(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 20(s)
.
.
#
To return the STP max age timers to the default value, use the no form of these command in
Global configuration mode:
y Setting spanning tree timers (Hello time, Max age, Forward delay)
In the configuration procedure, Enable STP on a port, Setting the bridge ID, Configuring the port
priority and Setting spanning tree timers (Hello time, Max age, Forward delay) are explained in the
previous section.
Command Task
The following example shows how to enable RSTP on the VLAN whose ID is 2:
# configure terminal
(config)# stp vlan id 1
(config)# end
# show stp vlan id 1
VLAN ID: 1
Protocol Operation: enabled
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001020000DB
Time since topology change: 1539(s)
Topology changes: 0
.
.
.
#
If you disable RSTP on a VLAN, STP is disabled on all ports belongs to the VLAN.
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for the specified port, use the following commands.
Command Task
configure terminal 1. Enter Global configuration mode.
The following example shows how to set the path cost for the Fast Ethernet port 2/1 to 20000:
Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port Number(logical): 129
Port Priority: 0x8
Designated Path Cost: 20000
AdminEdge: false
Recommendation: We recommend that you set the path cost as follows according to the running RSTP
protocol version and the media speed of the port:
To change path cost of 16 bits to path cost of 32 bits again, use the following commands.
Command Task
stp pathcost-encoding
2. Configure the type of RSTP encoding mode.
stp8021t2001
The following example shows how to configure the type of STP encoding mode to 32 bits:
To set spanning tree protocol to STP on a particular VLAN, use the following commands.
Command Task
stp protocol-version 2. Set spanning tree protocol to STP on the specified VLAN.
stp vlan id <vlan-id> y <vlan-id> VLAN ID (1 ~ 4094)
The following example shows how to set spanning tree protocol to STP on the VLAN whose ID
is 2:
Edge ports assume designated port roles. Port flapping does not cause any topology change
events on Edge ports since RSTP does not consider Edge ports in the spanning tree calculations.
However, if any incoming BPDU is received from a previously configured Edge port, RSTP
automatically makes the port as a non-edge port. This is extremely important to ensure a loop
free Layer 2 operation since a non-edge port is part of the active RSTP topology.
Command Task
The following example shows how to configure the Gigabit Ethernet port 2/1 as an Edge port:
Command Description
port pathcost Sets the spanning-tree port path cost for the specified Ethernet port.
port priority Sets the spanning-tree port priority for the specified Ethernet port.
show stp port Displays spanning-tree information for the specified port.
show stp vlan Displays spanning-tree information for the specified VLAN interface.
stp max-age Sets the bridge maximum aging time for a VLAN.
stp pathcost-encoding Configures the type of Spanning Tree Protocol encoding mode.
Configure the type of Spanning Tree Protocol mode to run for a specific
stp protocol-version
VLAN.
stp vlan Enables the spanning tree algorithm for a specific VLAN.
Switching Fabric
Memory
AC Power Supply
y Frequency : 50/60Hz
y Input Voltage : 100 ~ 240VAC
y Input Voltage Range : 88 ~ 264VAC
Temperature
Cables
Packages
y Console Cable (RJ-45 DB-9)
Manual
VLAN Function
y Support Port based VLAN, IEEE 802.1q tagged VLAN (Maximum 254)
y Support Spanning Tree and Multicast per VLAN
Multicasting Function
y IGMP v2.0
y IGMP snooping
QoS Function
Function
y Multi field packet classification
y 802.1p CoS Marking, Reclassification
y TOS Marking, Reclassification
y DSCP Marking, Reclassification
y Scheduling: SP (Strict Priority)
Security Function
y Access List
y MAC Filtering
y DHCP Filtering
y NetBIOS Filtering
y Console
- Local : RJ-45 Console Port (Out-band)
- Remote : Telnet and Web based Console (In-band)
y CLI (In-band, Out-band)
y NMS (ViewlinX Manager/EMS)
Function y Port mirroring
y SNMP v1/v2c
y RMON
- Group 1 (Statistics), Group 2 (History), Group 3 (Alarm), Group 9 (Events)
- Extended RMON
y System log file (configuration log)
y Remote software upgrade (FTP/TFTP)
y CORECESS-BASIC-MIB
y CORECESS-SMI
y RFC 1213 MIB-II
MIB y RFC 1493 BRIDGE-MIB
y RFC 1757 RMON-MIB
y RFC 1907 SNMPv2-MIB
y RFC 2233 IF-MIB
Appendix B describes the specifications of the ports on the Corecess R1-SW24L2B. In addition, the kinds
and specifications of cables needed for the connection of each port.
RJ-45 Connector
10/100/1000Base-T Port
10/100/1000Base-T ports on the uplink modules have the 8-pin RJ-45 connector. The
cable used for connecting 10/100/1000Base-T port is twisted-pair cable with RJ-45
8 1 connectors at both ends.
Console Port
1 8 The CONSOLE port on the front panel of the Corecess R1-SW24L2B has an 8-pin RJ-45
connector. The cable used for connecting console port is serial cable with an RJ-45
connector and a DB-9 at each end.
Pin Signal
2 Tx
3 Rx
5 GND
1000Base-SX Port
100/1000Base-SX ports on the uplink modules have Duplex LC connectors. The cable
used for connecting these LC connectors is multi mode fiber optic cable
(transmitting/receiving wavelength: 850nm).
1000Base-LX Port
100/1000Base-LX ports on the uplink modules have Duplex LC connectors. The cable
used for connecting these LC connectors is multi mode fiber optic cable
(transmitting/receiving wavelength: 1310nm).
SC/APC Connector
1000Base-PX Port
There are two types of twisted pair cables: UTP (unshielded twisted pair) cable and STP
(shielded twisted pair) cable. The following figure shows a twisted pair cable with RJ-45
connectors at both ends.
Fiber
Module Connector Interface Optic Wave Length(nm)
Cable
Multi-
OPT-N1ES1CD 100/1000Base-SX y Rx/Tx : 850nm
OPT-N1EL1CD mode
OPT-N2CD Duplex LC
OPT-N2CS Single
100/1000Base-LX y Rx/Tx : 1310nm
mode
<Pin Configuration>
Note: Before connecting the console port, ensure that console terminal is configured as follows:
Baud rate Data bit Parity Stop bit Flow control
9600 8 None 1 None