You are on page 1of 771

Edition: 0003

Distribution: 4/2008

Corecess Scalable Broadband Service Platform

Corecess S5 System

„ User's Guide
| Copyright |
Copyright ©2007 by Corecess Inc. All rights reserved.

No Part of this book shall be reproduced, stored in a retrieval system, or


transmitted by any means, electronic, mechanical, photocopying,
recording, or otherwise, without written permission from the publisher.

The specifications and information regarding the products in this manual


are subject to changed without notice.

| Trademark Credit |
Corecess S5 System is registered trademark of Corecess Inc.

Other product names or company names mentioned in this manual are


registered trademarks of the appropriate company.

Corecess Inc.
500-2, Sangdaewon-dong, Jungwon-ku, Sungnam-city, Kyungki-do, Korea, 462-120
TEL:+82-31-739-6600 FAX: :+82-31-739-6622
http://www.corecess.com
Manual Contents

Manual Contents
This instruction consists of following materials about Corecess S5 series which is multi-
functional broadband platform from Corecess Inc.

y Introduction to functions and features

y Name and function of each part

y How to install on a rack and connect cable to each port

y How to configure the Corecess S5 System

Careful reading of this manual before using the Corecess S5 System will alleviate the
complexity of manipulating the system. The user should read the chapters 1~3 to become
acquainted with the functions of the product, name and function of each part, and the
precautions before installation. Understanding chapters 1~3 will help a great deal for safety in
installing and using the product.

Note: Corecess S5 series provides for the flexibility for operator to deploy chassis, SCM board and LIM borad
adapted to its access network. Basic command is the same as it was. There might be additiional command
according to module.

9 If you have any problems or questions during installation or while using the product,
contact your equipment provider or visit our website at www.corecess.com and leave
a message in Q&A.

Audience
This manual is designed for the users with basic knowledge in Ethernet and FTTH. Thus, this
manual assumes that the reader is knowledgeable of basic concepts and terminology about
Ethernet and FTTH and does not provide separate explanations for these topics. If you feel that
the contents of this manual are difficult and require more detailed explanations, refer to other
network related books.

Revison History
Edition Date Description
0002 4/2008 Second Edition

III
Notations

Notations
This manual uses the notations explained below for assisting readers in understanding the
contents of this manual.

Notations in Console Screen


When indicating text displayed on the console screen, the following indications are used:

y Text displayed on console screen is shown in Courier New.

y Values entered by user are displayed in bold Courier New.

Notations in Command Syntax


In this manual, the following indications are used to explain the syntax of console commands:

y Console commands are indicated in bold Courier New.

y Parameters that need to be entered are indicated in Courier New.

y Parameters in [ ] are parameters that can be ignored.

y { A | B | C } means that one entry among A, B, and C must be selected and entered.

y [A | B | C] means that one entry among A, B, and C may or may not be selected and
entered.

Acronyms & Terminology


GigabitEhternet : GbE
GE-PON, EPON : E-PON

IV Corecess S5 System User's Guide


Notations

Conventions
This manual uses the following conventions:

Recommendation: Introduces recommendatory item for the use of product.

Note: Introduces useful item for the use of product, reference, and its related materials.

Caution: Explains possible situations or conditions of improper operation and possibility of losing data and
provides suggestions how to deal with those cases.

Warning: Explains situtations in which product can be damaged or danger can be imposed to users physically,
and informs you how to respond to those situations.

V
Organization

Organization
The chapters of this manual are organized as follows:

Chapter 1 Overview
This chapter introduces the Corecess S5 System functions and features and describes several kinds of
network examples configurable with the Corecess S5 System.

Chapter 2 Hardware Description


This chapter introduces the structures of the front and rear side of the Corecess S5 System and describes
the function and appearance of the modules provided for the Corecess S5 System.

Chapter 3 Before Installation


This chapter describes the precautions for the Corecess S5 System installation and installation environment
for the normal operation. It also describes the way to unpack the Corecess S5 System box and verify the
contents.

Chapter 4 Installation
This chapter describes how to mount the Corecess S5 System on a rack, connect the cables to the ports,
and connect the power.

Chapter 5 Configuring Basic Features


This chapter describes how to configure basic features to operate the Corecess S5 System.

Chapter 6 Configuring Ports and Links


This chapter describes how to configure Gigabit Ethernet ports and Gigabit Ethernet PON ports in SCM/LIM
module. This chapter also describes how to configure logical links of Gigabit Ethernet and ONU connected
with Gigabit Ethernet PON ports.

Chapter 7 Configuring VLAN


This chapter describes how to configure the VLAN and VLAN interface on the Corecess S5 System.

Chapter 8 Configuring SNMP and RMON


This chapter describes how to configure SNMP and RMON on the Corecess S5 System.

VI Corecess S5 System User's Guide


Organization

Chapter 9 Configuring QoS


This chapter describes how to configure Quality of Service (QoS) features on the Corecess S5 System.

Chapter 10 Configuring DHCP


This chapter describes how to configure DHCP server or DHCP Relay Agent on the Corecess S5 System.

Chapter 11 Configuring NetSnoop


This chapter describes how to configure NetSnoop features on the Corecess S5 System.

Chapter 12 Configuring Security


This chapter describes how to configure security features on the Corecess S5 System

Chapter 13 Configuring Multicast


.This chapter describes how to manage multicast group information using IGMP to process multicast traffic
on the Corecess S5 System. It also describes how to configure multicast routing protocols such as PIM-SM,
PIM-DM and DVMRP.

Chapter 14 Configuring Routing Protocol


This chapter describes how to configure the routing protocols - BGP, OSPF, and RIP, supported by the
Corecess S5 System.

Chapter 15 Configuring LACP


This chapter describes how to configure a trunking group by using Link Aggregation Control Protocol
(LACP).

Chapter 16 Configuring STP and RSTP


This chapter describes how to configure STP and RSTP to avoid a loop on the network of the Corecess S5
System.

Chapter 17 Configuring VRRP


This chapter describes how to configure VRRP (Virtual Router Redundancy Protocol) on the Corecess S5
System.

Chapter 18 Redundancy Configuration


This chapter describes how to configure Redundancy on the Corecess S5 System.

VII
Organization

Chapter 19 M5 SuperPON MUX Platform


This chapter introduces the Corecess M5 SuperPON MUX Platform functions and features and installation.

Appendix A Product Specifications


Appendix A describes (the) hardware and software specifications of the Corecess S5 System.

Appendix B Connector and Cable Specifications


Appendix B describes the SCM/LIM port specifications and the cables specifications needed for the
connection of each port.

Appendix C Operation and Maintenance


Appendix C describes how to replace the broken module and fan with new one. This chapter also describes
how to clean the fan filter.

VIII Corecess S5 System User's Guide


Table of Contents

Table of Contents

Manual Contents ..................................................................................................III


Audience .................................................................................................................................... III
Revison History ........................................................................................................................ III
Notations ............................................................................................................. IV
Notations in Console Screen................................................................................................... IV
Notations in Command Syntax.............................................................................................. IV
Acronyms & Terminology ...................................................................................................... IV
Organization........................................................................................................ VI
Table of Contents ................................................................................................ IX
List of Tables..................................................................................................... XIX

Chapter 1 Overview 1-1


Introduction ........................................................................................................1-2
Hardware Features ............................................................................................1-4
Slot Configuration ................................................................................................................... 1-4
Chassis....................................................................................................................................... 1-4
Switching & Control Module ................................................................................................ 1-5
Line Interface Module............................................................................................................. 1-5
Software Features ..............................................................................................1-7
Applications......................................................................................................1-11
All Fiber Network with S5 System ..................................................................................... 1-11
Deep Fiber Network with S5 System ................................................................................. 1-12
WDM PON Solution with S5 Series ................................................................................... 1-12

Chapter 2 Hardware Description 2-1


System Chassises..............................................................................................2-2
S511 Chassis ............................................................................................................................. 2-2
S518 Chassis ............................................................................................................................. 2-4
S506(S505) Chassis................................................................................................................... 2-6
Chassis Common Items .......................................................................................................... 2-8
System Modules...............................................................................................2-10
Slot Configuration ................................................................................................................. 2-10
SCM Module ....................................................................................................2-11
SCM Slot Capacity................................................................................................................. 2-11
Performance of Switching and Routing............................................................................. 2-12
Memory................................................................................................................................... 2-12
System Status LED (Run, Master)....................................................................................... 2-12

IX
Table of Contents

Reset Switch (Reset) .............................................................................................................. 2-13


Port Type................................................................................................................................. 2-13
SCM-B72G .............................................................................................................................. 2-16
SCM-B24G .............................................................................................................................. 2-16
SCM-20G ................................................................................................................................. 2-17
LIM Module ......................................................................................................2-18
Run LED.................................................................................................................................. 2-18
Port LED.................................................................................................................................. 2-19
Port Type................................................................................................................................. 2-19
LIM-D16GT(LIM-D8GT) ...................................................................................................... 2-22
LIM-D16GF(LIM-D8GF,LIM-D4GF) .................................................................................. 2-22
LIM-EP4G-GR ........................................................................................................................ 2-23
LIM-GW16GF......................................................................................................................... 2-23
Support Devices ...............................................................................................2-24
E-PON Splitter ....................................................................................................................... 2-24
WDM Filter............................................................................................................................. 2-24
L1-SLS16 Supported GW-PON Network .......................................................................... 2-25
Cable Connecting .................................................................................................................. 2-25
M5 SuperPon Mux Platform................................................................................................ 2-26
Cable Connecting .................................................................................................................. 2-27

Chapter 3 Before Installation 3-1


Precautions ........................................................................................................3-2
General Precautions ................................................................................................................ 3-2
Power Considerations............................................................................................................. 3-2
Preventing ESD........................................................................................................................ 3-4
Installing and Servicing the System ..................................................................................... 3-4
Rack-Mounting the System.................................................................................................... 3-7
Lifting the System.................................................................................................................... 3-8
Disposing of the System ......................................................................................................... 3-8
Installation Place ................................................................................................3-9
Environmental Requirements ............................................................................................... 3-9
Power Supply........................................................................................................................... 3-9
Unpacking ........................................................................................................3-10

Chapter 4 Installation 4-1


Installation Procedure.........................................................................................4-2
Rack-Mounting ...................................................................................................4-3
Checking the Rack-Mount Space .......................................................................................... 4-3
Mounting the System on a Rack ........................................................................................... 4-4
Installing Modules ..............................................................................................4-5
Switching & Control Module ................................................................................................ 4-5

X Corecess S5 System User's Guide


Table of Contents

Line Interface Module............................................................................................................. 4-5


Installing modules in slots ..................................................................................................... 4-6
Installing / Removing SFP module...................................................................................... 4-7
Connecting Network Devices ...........................................................................4-10
Connecting Gigabit Ethernet Uplink Port ......................................................................... 4-11
Connecting Gigabit Ethernet PON Line Port.................................................................... 4-13
Connecting Gigabit Ethernet Line Port.............................................................................. 4-14
Connecting the System Management Device ..................................................4-15
Connecting the Console Port ............................................................................................... 4-16
Connecting Ethernet Management Port ............................................................................ 4-17
Connecting Power ............................................................................................4-18
Connecting DC Power .......................................................................................................... 4-18
Connecting AC Power .......................................................................................................... 4-21
Starting the System ..........................................................................................4-22

Chapter 5 Configuring Basic Features 5-1


Before Configuration ..........................................................................................5-2
Accessing the CLI .................................................................................................................... 5-2
Command Modes .................................................................................................................... 5-4
Prompt....................................................................................................................................... 5-8
Getting Help............................................................................................................................. 5-9
CLI Command Usage Basics ............................................................................................... 5-11
Configuring Basic System Parameters.............................................................5-13
Setting an IP Address for management ............................................................................. 5-13
User Management ................................................................................................................. 5-15
Specifying System Name and System Time...................................................................... 5-18
Configuration File Management .......................................................................5-23
Displaying the Current Running Configuration.............................................................. 5-24
Saving the Current Running Configuration ..................................................................... 5-26
Restoring Default Configuration ........................................................................................ 5-27
Monitoring and Maintaining the System ...........................................................5-28
Monitoring Network Connectivity..................................................................................... 5-28
Displaying CPU Utilization ................................................................................................. 5-32
Displaying Memory Usage .................................................................................................. 5-33
Displaying System Module Information ........................................................................... 5-35
Displaying System Module Status...................................................................................... 5-36
Managing System Log......................................................................................5-38
Specifying Event Level ......................................................................................................... 5-38
Specifying Screen to Display Log ....................................................................................... 5-41
Saving Log Message in Log File.......................................................................................... 5-43
Displaying Contents of Log File ......................................................................................... 5-44
Clearing System Log ............................................................................................................. 5-45
Upgrading Software..........................................................................................5-46

XI
Table of Contents

Chapter 6 Configuring Ports and Links 6-1


Configuring Gigabit Ethernet port.......................................................................6-2
Basic Configuration of Gigabit Ethernet Port ..................................................................... 6-2
Configuring Gigabit Ethernet port ....................................................................................... 6-3
Display the Gigabit Ethernet Port Information .................................................................. 6-8
Configuring the Gigabit Ethernet PON Port......................................................6-11
Basic Configuration of the Gigabit Ethernet PON Port .................................................. 6-11
Configuring Gigabit Ethernet PON Port ........................................................................... 6-12
Monitoring the Gigabit Ethernet PON Port ...................................................................... 6-21
Configuring the Link of the Gigabit Ethernet PON Port ....................................6-25
Basic Configuration of the Gigabit Ethernet PON Link.................................................. 6-25
Configuring Gigabit Ethernet PON Link .......................................................................... 6-26
Configuring Bridging Mode of Link .................................................................................. 6-32
Monitoring Link Information .............................................................................................. 6-55
Configuring ONU ..............................................................................................6-59
Basic Configuration of ONU ............................................................................................... 6-59
Configuring ONU ................................................................................................................. 6-60
Monitoring ONU ................................................................................................................... 6-75
Profile ...............................................................................................................6-78
General LLID profile Creation ............................................................................................ 6-78
Default LLID profile.............................................................................................................. 6-80
General ONU profile............................................................................................................. 6-82
Default ONU profile ............................................................................................................. 6-84

Chapter 7 Configuring VLAN 7-1


VLAN Configuration............................................................................................7-2
Default Configuration............................................................................................................. 7-2
Basic VLAN Configuration.................................................................................................... 7-3
Configuring 802.1Q Trunk..................................................................................................... 7-9
Configuring VLAN Interface..............................................................................7-11
Entering Interface Configuration Mode ............................................................................ 7-11
Configuring OSPF on the VLAN Interface ....................................................................... 7-12
Configuring IS-IS on the VLAN Interface ......................................................................... 7-19
Configuring RIP on the VLAN Interface........................................................................... 7-27
Enabling Multicasting on the VLAN Interface................................................................. 7-32
Shutting Down the VLAN Interface................................................................................... 7-33
Configuring IP Parameters .................................................................................................. 7-34

Chapter 8 Configuring SNMP and RMON 8-1


Configuring SNMP .............................................................................................8-2
SNMP(Simple Network Management Protocol) Overview ............................................. 8-2

XII Corecess S5 System User's Guide


Table of Contents

Configuring SNMP ................................................................................................................. 8-6


Displaying SNMP Information ........................................................................................... 8-13
Configuring RMON ...........................................................................................8-18
RMON (Remote MONitoring) Overview.......................................................................... 8-18
Configuring RMON .............................................................................................................. 8-19
Displaying RMON Information .......................................................................................... 8-32
SNMP and RMON Configuration Commands ..................................................8-34

Chapter 9 Configuring QoS 9-1


QoS Overview ....................................................................................................9-2
QoS (Quality of Service) ......................................................................................................... 9-2
Classifier ................................................................................................................................... 9-3
Packet Marker .......................................................................................................................... 9-6
Policer........................................................................................................................................ 9-6
Queue Scheduler ..................................................................................................................... 9-9
Buffer Manager ...................................................................................................................... 9-14
QoS of the Corecess S5 System............................................................................................ 9-15
Configuring QoS Service Policy Map ...............................................................9-17
Configuring QoS Service Policy.......................................................................................... 9-17
Configuring a Class Map ..................................................................................................... 9-18
Configuring a Policy Map.................................................................................................... 9-21
Configuring Service Policy .................................................................................................. 9-28
Configuring Non-Class-map QoS Features......................................................9-29
Specifying Priority for VLAN or Port ................................................................................ 9-29
Applying Policing to a Port ................................................................................................. 9-31
Specifying Priority for CoS Field ........................................................................................ 9-32
Specifying Priority for a Transmission Queue ................................................................. 9-33
Configuring Shaping ............................................................................................................ 9-34
Controlling Broadcast Storm ............................................................................................... 9-35
Configuring Packet Filtering ............................................................................................... 9-36
QoS Configuration Commands ........................................................................9-42

Chapter 10 Configuring DHCP 10-1


DHCP (Dynamic Host Configuration Protocol) Overview .................................10-2
Configuring DHCP Server ................................................................................10-4
Procedure of DHCP Server Configuration........................................................................ 10-4
Parameter Values for Configuration DHCP Server......................................................... 10-4
Enabling DHCP Server......................................................................................................... 10-5
Configuring the Global DHCP Server Parameters .......................................................... 10-5
Verifying the DHCP Subnet for the Interface ................................................................. 10-11
Configuring DHCP Server Parameters for Each Subnet............................................... 10-12
Specifying IP Address Pool for DHCP Clients ............................................................... 10-13

XIII
Table of Contents

Defining Subnet for DHCP Relay Configuration........................................................... 10-15


Configuring Static Host...................................................................................................... 10-16
Configuring the Maximum and Minimum Number of IP Address for a Subnet..... 10-17
Configuring DHCP Relay Agent .....................................................................10-18
DHCP Relay Agent Overview........................................................................................... 10-18
Configuring DHCP Relay .................................................................................................. 10-21
Displaying DHCP Configuration .....................................................................10-26
Displaying DHCP Server Configuration ......................................................................... 10-26
Displaying DHCP Relay Configuration .......................................................................... 10-33
DHCP Configuration Commands ...................................................................10-37
Configuring DHCP Server(Only S518) ...........................................................10-39
Sequence to configure DHCP Server................................................................................ 10-39
Values to be identified ........................................................................................................ 10-39
Activating DHCP Server .................................................................................................... 10-40
Configuring GLOBAL DHCP Parameters ...................................................................... 10-41
Creating IP Pool................................................................................................................... 10-44
Setting IP Pool Parameters................................................................................................. 10-48
Configuring Pool Chaining................................................................................................ 10-51
IP allocation by DHCP option ........................................................................................... 10-52
Configuring DHCP Relay Agent(Only S518) ..................................................10-54
Activating DHCP Relay ..................................................................................................... 10-54
Designating DHCP Server ................................................................................................. 10-55
Designating DHCP Secondary weight............................................................................. 10-56
Configuring DHCP Proxy Server(Only S518) .................................................10-57
Designating DHCP Server ................................................................................................. 10-58
Displaying DHCP Configuration information(Only S518)................................10-59
Displaying DHCP Activation information...................................................................... 10-59
Displaying IP Pool Configuration information .............................................................. 10-60
Displaying allocated lease information ........................................................................... 10-62
Displaying DHCP Packet statistics information ............................................................ 10-65

Chapter 11 Configuring Netsnoop 11-1


Understanding NetSnoop .................................................................................11-2
Understanding NetSnoop .................................................................................................... 11-2
Configuring DHCP Snoop ................................................................................................... 11-4
Configuring ARP Snoop .................................................................................11-15

Chapter 12 Configuring Security 12-1


Managing Password and Session ....................................................................12-2
Configuring Password.......................................................................................................... 12-2
Configuring Telnet Session Timeouts ................................................................................ 12-5
Configuring Access Lists ..................................................................................12-6

XIV Corecess S5 System User's Guide


Table of Contents

Access Lists............................................................................................................................. 12-6


Security Configuration Commands.................................................................12-11

Chapter 13 Configuring Multicast 13-1


Multicast Routing Overview..............................................................................13-2
IGMP (Internet Group Management Protocol) ................................................................ 13-4
DVMRP (Distance-Vector Multicast Routing Protocol).................................................. 13-5
PIM (Protocol Independent Multicast) .............................................................................. 13-6
Configuring IP Multicast Routing ....................................................................13-10
Enabling Multicast Routing ............................................................................................... 13-10
Configuring a Static Multicast Route ............................................................................... 13-16
Configuring PIM.................................................................................................................. 13-17
Configuring PIM-SM .......................................................................................................... 13-19
Configuring PIM-DM ......................................................................................................... 13-30
Configuring DVMRP .......................................................................................................... 13-31
Configure IGMP .................................................................................................................. 13-32
Configuring IGMP Snooping ............................................................................................ 13-38
Monitoring IP Multicast Routing......................................................................13-44
Displaying the Contents of IP Multicast Routing Table ............................................... 13-44
Displaying PIM Information ............................................................................................. 13-47
Displaying DVMRP Information ...................................................................................... 13-54
Displaying IGMP Information .......................................................................................... 13-58
IP Multicast Routing Commands ....................................................................13-64

Chapter 14 Configuring Routing Protocol 14-1


Configuring Static Route ..................................................................................14-2
Type of Static Route .............................................................................................................. 14-2
Configuring the Standard Route......................................................................................... 14-3
Configuring the VLAN Interface Route ............................................................................ 14-4
Configure the Loopback Route ........................................................................................... 14-5
Configuring the Null Route................................................................................................. 14-6
Configuring the Default Gateway ...................................................................................... 14-7
Configuring BGP ..............................................................................................14-8
BGP(Border Gateway Protocol) Overview........................................................................ 14-8
Basic BGP Configuration.................................................................................................... 14-11
Displaying BGP Configuration Information................................................................... 14-39
BGP Commands .................................................................................................................. 14-54
Configuring OSPF ..........................................................................................14-57
OSPF (Open Shortest Path First) Overview .................................................................... 14-57
Configuring OSPF ............................................................................................................... 14-59
Displaying OSPF Configuration Information................................................................. 14-73
OSPF Commands ................................................................................................................ 14-80

XV
Table of Contents

Configuring IS-IS............................................................................................14-82
IS-IS Overview ..................................................................................................................... 14-82
Configuring IS-IS................................................................................................................. 14-86
Displaying IS-IS Configuration Information .................................................................. 14-98
IS-IS Commands ................................................................................................................14-103
Configuration RIP.........................................................................................14-105
RIP (Routing Information Protocol) Overview ............................................................14-105
Configuring RIP.................................................................................................................14-110
Displaying RIP Configuration Information ..................................................................14-118
RIP Commands ..................................................................................................................14-121

Chapter 15 Configuring LACP 15-1


Port Trunking Overview....................................................................................15-2
Notes for LACP Trunk Configuration ............................................................................... 15-3
QoS of Trunk Group ............................................................................................................. 15-3
Configuring LACP Trunk ..................................................................................15-4
Setting LACP Key and Operation Mode ........................................................................... 15-4
Setting LACP Partner Key ................................................................................................... 15-7
LACP Configuration Example ............................................................................................ 15-9

Chapter 16 Configuring STP and RSTP 16-1


Understanding STP and RSTP ........................................................................16-2
STP Overview ........................................................................................................................ 16-2
RSTP (Rapid Spanning Tree Protocol) ............................................................................... 16-7
Default STP Configuration .................................................................................................. 16-8
Configuring STP...............................................................................................16-9
Procedures for STP Configuration...................................................................................... 16-9
Enabling STP .......................................................................................................................... 16-9
Enabling or Disabling STP on a Port................................................................................ 16-11
Setting the Bridge ID (Priority) ......................................................................................... 16-12
Configuring the Path Cost ................................................................................................. 16-13
Configuring STP Encoding ................................................................................................ 16-15
Configuring the Port Priority ............................................................................................ 16-16
Setting Spanning Tree Timers ........................................................................................... 16-17
Configure RSTP .............................................................................................16-20
Configuration Procedure of RSTP .................................................................................... 16-20
Enabling RSTP on a VLAN ................................................................................................ 16-20
Configuring the Path Cost ................................................................................................. 16-22
Configuring RSTP Encoding ............................................................................................. 16-24
Configuring Spanning Tree Protocol Type ..................................................................... 16-25
Configuring an Edge Port .................................................................................................. 16-26
STP and RSTP Configuration Commands .....................................................16-28

XVI Corecess S5 System User's Guide


Table of Contents

Chapter 17 Configuring VRRP 17-1


Configuring VRRP ............................................................................................17-2
VRRP (Virtual Router Redundancy Protocol) Overview ............................................... 17-2
Configuring VRRP ................................................................................................................ 17-4
VRRP Configuration Example .......................................................................................... 17-12
Displaying VRRP Configuration Information...................................................17-14
Displaying VRRP Configuration Information ................................................................ 17-14
VRRP Commands ..........................................................................................17-15

Chapter 18 Redundancy Configurating 18-1


Redundancy Configurating...............................................................................18-2
Redundancy ........................................................................................................................... 18-2
Redundant Configuration Information Outputting ...........................................18-14
Redundant Configurtion Information Outputting ........................................................ 18-14
Instructions of Redundancy............................................................................18-16

Chapter 19 M5 SuperPON MUX Platform 19-1


Overview ..........................................................................................................19-2
SuperPON Operation Principles......................................................................................... 19-3
M5 Platform Operating Environmental Characteristics ................................................. 19-4
SuperPON (S5 & M5) Platform Key Applications ........................................................... 19-4
M5 SuperPON MUX Chassis............................................................................................... 19-6
Product Ordering & Specifications..................................................................................... 19-6
Hardware description .......................................................................................19-8
System Chassis....................................................................................................................... 19-8
Front ........................................................................................................................................ 19-8
System Module .................................................................................................................... 19-13
M5-SLU-16CH...................................................................................................................... 19-14
M5-SLU-8CH........................................................................................................................ 19-14
M5-OLU-WE16CH .............................................................................................................. 19-17
M5-OLU-WE8CH ................................................................................................................ 19-17
M5-OLU-GW16CH ............................................................................................................. 19-20
M5-OLU-GW8CH ............................................................................................................... 19-20
Before Installing .............................................................................................19-22
Precautions related to Static Electricity ........................................................................... 19-24
Precautions for Installation and Services ........................................................................ 19-24
Precautions related to Installation .................................................................................... 19-26
Precautions when transporting the product ................................................................... 19-26
Precautions when disposing product .............................................................................. 19-27
Installation Location ........................................................................................................... 19-28
Installation ......................................................................................................19-29

XVII
Table of Contents

Installation Process.............................................................................................................. 19-29


Installing on Rack ................................................................................................................ 19-30
Mounting the Module......................................................................................................... 19-31
Connecting to S5 and WDM system................................................................................. 19-33
Connecting Power ............................................................................................................... 19-40
Running the System ............................................................................................................ 19-42

Appendix A Product Specifications A-1


Hardware Specifications.................................................................................... A-2
Software Specifications ..................................................................................... A-4
Optical Splitter Specifications............................................................................ A-7

Appendix B Connector and Cable Specifications B-1


Connector Specifications................................................................................... B-2
RJ-45 Connector .......................................................................................................................B-2
LC Connector ...........................................................................................................................B-4
SC Connector............................................................................................................................B-4
Cable Specifications.......................................................................................... B-5
Twisted Pair Cable ..................................................................................................................B-5
Fiber Optic Cable.....................................................................................................................B-6
Console Cable for SCM-20G ..................................................................................................B-8
Console Cable for SCM-B24G,SCM-B72G...........................................................................B-9

Appendix C Maintaining C-1


Replacing Module ............................................................................................. C-2
Location of Module Installation........................................................................................... C-2
Required Tool.......................................................................................................................... C-3
Replacing Modules................................................................................................................. C-3
Replacing Fan Tray ........................................................................................... C-4
Cleaning Fan Filter ............................................................................................ C-5

XVIII Corecess S5 System User's Guide


List of Tables

List of Tables

Table 2-1 Corecess S5 System Slot ..................................................................................................... 2-8


Table 2-2 Slot configuration of Corecess S5 system.......................................................................... 2-11
Table 2-3 System Status LED Functions on the SCM Module ........................................................... 2-12
Table 2-4 LED Functions of Ethernet Management Port on the SCM Module................................... 2-13
Table 2-5 Gigabit Ethernet Port Specification for SCM Module ......................................................... 2-14
Table 2-6 10/100/1000Base-T Port LED Function of SCM Module.................................................... 2-15
Table 2-7 Port LED Function of SCM Module..................................................................................... 2-15
Table 2-8 Gigabit Ethernet Port Specification for SCM Module ......................................................... 2-15
Table 2-9 Corecess S5 LIM Module.................................................................................................... 2-18
Table 2-10 Run LED Functions on the LIM-EP4G-GR Module .......................................................... 2-18
Table 2-11 LED Functions of 1000Base-PX SFP E-PON Port........................................................... 2-19
Table 2-12 Specifications of 1000Base-PX SFP E-PON Port ............................................................ 2-20
Table 2-13 Specifications of SFP GbE Port........................................................................................ 2-20
Table 2-14 Specifications of 1000Base-T Port ................................................................................... 2-20
Table 3-1 Power condition .................................................................................................................... 3-9
Table 4-1 Kinds of Module and Slot Number installed in each slot ...................................................... 4-5
Table 5-1 CLI modes............................................................................................................................. 5-4
Table 5-2 Command mode access method .......................................................................................... 5-5
Table 5-3 Prompt of the main command modes................................................................................... 5-8
Table 5-4 CLI Edititng command......................................................................................................... 5-12
Table 5-5 Setting the IP address......................................................................................................... 5-13
Table 5-6 Adding a new user .............................................................................................................. 5-15
Table 5-7 Changing a user password ................................................................................................. 5-16
Table 5-8 Deleting a user .................................................................................................................... 5-17
Table 5-9 Changing system name ...................................................................................................... 5-18
Table 5-10 Adjusting system time ....................................................................................................... 5-19
Table 5-11 Configuring NTP ............................................................................................................... 5-20
Table 5-12 Set the time zone .............................................................................................................. 5-21
Table 5-13 Show the current running configuration............................................................................ 5-24
Table 5-14 Commands for saving the current running configuration.................................................. 5-26
Table 5-15 Restoring default configuration ......................................................................................... 5-27
Table 5-16 Checking network connectivity ......................................................................................... 5-28
Table 5-17 PING field descriptions ..................................................................................................... 5-29
Table 5-18 traceroute field descriptions.............................................................................................. 5-30
Table 5-19 show cpuinfo field descriptions ......................................................................................... 5-32
Table 5-20 show meminfo field descriptions....................................................................................... 5-33
Table 5-21 show module field descriptions......................................................................................... 5-35
Table 5-22 show system field descriptions ......................................................................................... 5-37
Table 5-23 Changing the event level .................................................................................................. 5-39
Table 5-24 Configuring log messages to display on the console ....................................................... 5-41
Table 5-25 Configuring log messages to display on a remote host.................................................... 5-42
Table 5-26 Configuring log messages to display on a Telnet session ............................................... 5-43
Table 5-27 Downloading software from a remote TFTP server.......................................................... 5-46

XIX
List of Tables

Table 6-1 Type of the Gigabit Ethernet port.......................................................................................... 6-2


Table 6-2 Basic Configuration of the Gigabit Ethernet Port.................................................................. 6-2
Table 6-3 Enabling or Disabling the Gigabit Ethernet Port ................................................................... 6-3
Table 6-4 Link State and Auto Sensing Function.................................................................................. 6-4
Table 6-5 Configuring auto sensing function ........................................................................................ 6-4
Table 6-6 Changing the Port and the transfer mode ............................................................................ 6-5
Table 6-7 Configuring Flow Control Function ....................................................................................... 6-6
Table 6-8 Setting the Port Name........................................................................................................... 6-6
Table 6-9 Setting the port trap .............................................................................................................. 6-7
Table 6-10 show port field descriptions ................................................................................................ 6-8
Table 6-11 show port with port argument field descriptions ................................................................. 6-9
Table 6-12 Basic Configuration of the Gigabit Ethernet PON Port..................................................... 6-11
Table 6-13 Enabling or Disabling the Gigabit Ethernet PON Port ...................................................... 6-12
Table 6-14 Setting the Maximum Bandwidth ...................................................................................... 6-13
Table 6-15 Setting the Polling Interval of the Bandwidth Group......................................................... 6-14
Table 6-16 IGMP Configuring the Maximum Number of IGMP Groups ............................................. 6-15
Table 6-17 Configuring Loopback Parameters ................................................................................... 6-16
Table 6-18 Clearing the MAC Address ............................................................................................... 6-17
Table 6-19 Resetting the Gigabit Ethernet PON Port ......................................................................... 6-17
Table 6-20 Restoring the Default Configuration.................................................................................. 6-18
Table 6-21 Clearing the Statistics Information .................................................................................... 6-18
Table 6-22 Upgrading Firm ware ........................................................................................................ 6-19
Table 6-23 Displaying the Chip Information........................................................................................ 6-21
Table 6-24 show port epon information field description .................................................................... 6-21
Table 6-25 Displaying the Link Information......................................................................................... 6-22
Table 6-26 Displaying the Statistics Information................................................................................. 6-23
Table 6-27 show port epon counter field description .......................................................................... 6-23
Table 6-28 Displaying Register Information of ONU........................................................................... 6-24
Table 6-29 show port epon discovery field description....................................................................... 6-24
Table 6-30 Basic Configuration of the Gigabit Ethernet PON Link..................................................... 6-25
Table 6-31 Type of SLA Parameter .................................................................................................... 6-26
Table 6-32 Configuring SLA Parameters ............................................................................................ 6-27
Table 6-33 Setting Encryption Key Exchange Timer .......................................................................... 6-28
Table 6-34 Adding MAC Address........................................................................................................ 6-29
Table 6-35 Controlling Link Registration............................................................................................. 6-30
Table 6-36 Rediscovering Links.......................................................................................................... 6-31
Table 6-37 Clearing Link Configuration .............................................................................................. 6-31
Table 6-38 Configure Simple bridge Mode ......................................................................................... 6-34
Table 6-39 Configuring Transparent VLAN mode............................................................................... 6-36
Table 6-40 Configuring Single VLAN .................................................................................................. 6-38
Table 6-41 Configuring Double VLAN................................................................................................. 6-40
Table 6-42 Configuring Shared VLAN................................................................................................. 6-42
Table 6-43 Configuring Translated VLAN ........................................................................................... 6-45
Table 6-44 Configuring Priority VLAN ................................................................................................. 6-47
Table 6-45 Configuring Priority Shared VLAN .................................................................................... 6-51
Table 6-46 Connecting two links ......................................................................................................... 6-53
Table 6-47 Displaying Bridging Mode Information.............................................................................. 6-55
Table 6-48 Displaying VLAN Tag Information..................................................................................... 6-56

XX Corecess S5 System User's Guide


List of Tables

Table 6-49 show show port epon link-id tag-map field decryption...................................................... 6-56
Table 6-50 Displaying Bandwidth Information .................................................................................... 6-57
Table 6-51 show show port epon link-id field description ................................................................... 6-57
Table 6-52 Displaying Statistics Information....................................................................................... 6-58
Table 6-53 show show port epon link-id counter field description ...................................................... 6-58
Table 6-54 Basic Configuration of ONU.............................................................................................. 6-59
Table 6-55 Setting Enable Status ....................................................................................................... 6-60
Table 6-56 Configuring Permission Mode........................................................................................... 6-61
Table 6-57 Configuring Upstream Queue ........................................................................................... 6-62
Table 6-58 Configuring Downstream Queue ...................................................................................... 6-64
Table 6-59 Specifying Packet Classification and Forward Queue...................................................... 6-65
Table 6-60 Configuring Ethernet port.................................................................................................. 6-68
Table 6-61 Specifying Number of Maximum MAC Address ............................................................... 6-70
Table 6-62 Clearing MAC address...................................................................................................... 6-71
Table 6-63 Restoring Configuration .................................................................................................... 6-71
Table 6-64 Resetting ONU.................................................................................................................. 6-72
Table 6-65 Clearing Statistics Information .......................................................................................... 6-72
Table 6-66 Upgrading Firmware ......................................................................................................... 6-73
Table 6-67 Displaying Index Number and MAC Address ................................................................... 6-75
Table 6-68 Displaying Configuration Information................................................................................ 6-75
Table 6-69 show port epon onu information field description ............................................................. 6-76
Table 6-70 Displaying Statistic Information......................................................................................... 6-77
Table 6-71 show port epon onu counter field description ................................................................... 6-77
Table 7-1 Default VLAN configuration .................................................................................................. 7-2
Table 7-2 Creating VLAN ...................................................................................................................... 7-4
Table 7-3 Assigning ports to a VLAN .................................................................................................... 7-5
Table 7-4 Assigning IP address to a VLAN........................................................................................... 7-6
Table 7-5 Assigning secondary IP address to a VLAN......................................................................... 7-7
Table 7-6 802.1 Configuring trunk port ................................................................................................. 7-9
Table 7-7 Configuring OSPF on the VLAN Interface .......................................................................... 7-12
Table 7-8 Setting Simple Password Authentication Method............................................................... 7-13
Table 7-9 IS-IS interface parameters .................................................................................................. 7-19
Table 7-10 RIP interface parameters .................................................................................................. 7-27
Table 7-11 Setting MD5 Authentication Mode .................................................................................... 7-28
Table 7-12 Setting Simple Password Authentication Mode................................................................ 7-29
Table 7-13 Specifying RIP Version ..................................................................................................... 7-30
Table 7-14 Enabling Split-Horizon ...................................................................................................... 7-31
Table 7-15 Enabling Multicasting on the VLAN Interface ................................................................... 7-32
Table 7-16 Shutting Down the VLAN Interface ................................................................................... 7-33
Table 7-17 Type and Function of IP Parameter.................................................................................. 7-34
Table 7-18 Configuring IP Parameters................................................................................................ 7-34
Table 8-1 Types of community.............................................................................................................. 8-5
Table 8-2 Default SNMP configuration.................................................................................................. 8-6
Table 8-3 Setting the system contact and location information ............................................................ 8-6
Table 8-4 Configuring SNMP community.............................................................................................. 8-7
Table 8-6 Enabling a trap type ............................................................................................................ 8-10
Table 8-7 Configuring a trap host........................................................................................................ 8-11
Table 8-8 Restrict Host Access........................................................................................................... 8-12

XXI
List of Tables

Table 8-9 show snmp-server field descriptions................................................................................... 8-14


Table 8-10 show snmp-server community-list field descriptions ........................................................ 8-15
Table 8-11 show snmp-server statistics field descriptions.................................................................. 8-16
Table 8-12 show snmp-server traphost field descriptions .................................................................. 8-17
Table 8-13 Enabling RMON ................................................................................................................ 8-19
Table 8-14 Configuring RMON statistics group .................................................................................. 8-20
Table 8-15 Configuring RMON history group...................................................................................... 8-22
Table 8-16 Configuring Alarm Groups ................................................................................................ 8-26
Table 8-17 Configuring RMON event group ....................................................................................... 8-29
Table 8-18 Collecting Bandwidth Information of Traffic ...................................................................... 8-31
Table 8-19 show rmon field descriptions ............................................................................................ 8-33
Table 8-20 SNMP & RMON Configuration Commands ...................................................................... 8-34
Table 9-1 Criteria for packet classification .......................................................................................... 9-18
Table 9-2 Creating a class map .......................................................................................................... 9-19
Table 9-3 QoS action supported by the Corecess S5 System ........................................................... 9-21
Table 9-4 Creating a policy map ......................................................................................................... 9-22
Table 9-5 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map ............. 9-23
Table 9-6 Configuring packet filtering of a traffic class in a policy map.............................................. 9-24
Table 9-7 Configuring a transmission queue for a traffic class........................................................... 9-25
Table 9-8 Specifying a priority of a traffic class in a policy map ......................................................... 9-26
Table 9-9 Configuring rate-limit of a traffic class in a policy map ....................................................... 9-27
Table 9-10 Applying QoS service policy ............................................................................................. 9-28
Table 9-11 Specifying User Priority..................................................................................................... 9-29
Table 9-12 Applying Policing to a Port................................................................................................ 9-31
Table 9-13 Specifying Priority for CoS Field ....................................................................................... 9-32
Table 9-14 Specifying priority for transmission queue........................................................................ 9-33
Table 9-15 Configuring Shaping ......................................................................................................... 9-34
Table 9-16 Controlling Broadcast Storm............................................................................................. 9-35
Table 9-17 Filtering DHCP Offer Packet............................................................................................. 9-37
Table 9-18 Filtering File and Resource Sharing Protocol ................................................................... 9-39
Table 9-19 Filtering Default Traffic...................................................................................................... 9-40
Table 9-20 Filtering Broadcast Packet................................................................................................ 9-41
Table 9-21 QoS Configuration Commands......................................................................................... 9-42
Table 10-1 Parameters for Configuration DHCP Server..................................................................... 10-4
Table 10-2 Enabling DHCP server...................................................................................................... 10-5
Table 10-3 Global DHCP server parameters ...................................................................................... 10-5
Table 10-4 Configuring the global DHCP server parameters ............................................................. 10-6
Table 10-5 Verifying the DHCP subnet for the Interface .................................................................. 10-11
Table 10-6 Configuring DHCP server parameters for each subnet.................................................. 10-12
Table 10-7 Specifying IP address pool for DHCP clients ................................................................. 10-13
Table 10-8 Configuring Static Host ................................................................................................... 10-16
Table 10-10 Enabling DHCP relay .................................................................................................... 10-21
Table 10-11 Adding DHCP server for the DHCP relay ..................................................................... 10-22
Table 10-12 Enabling DHCP relay security ...................................................................................... 10-23
Table 10-13 Assigning the weight to the secondary IP address....................................................... 10-24
Table 10-14 show dhcpserver Field Description............................................................................... 10-26
Table 10-15 show dhcpserver subnet all field descriptions .............................................................. 10-29
Table 10-16 show dhcpserver subnet field descriptions................................................................... 10-29

XXII Corecess S5 System User's Guide


List of Tables

Table 10-17 show dhcpserver subnet <subnet-name> iprange field description ............................. 10-29
Table 10-18 show dhcpserver lease field descriptions ..................................................................... 10-31
Table 10-19 show dhcpserver lease field descriptions ..................................................................... 10-31
Table 10-20 show dhcpserver host field descriptions....................................................................... 10-32
Table 10-21 show dhcprealy field descriptions ................................................................................. 10-33
Table 10-22 show dhcprealy serverlist field descriptions ................................................................. 10-34
Table 10-23 show dhcp statistics field descriptions .......................................................................... 10-36
Table 10-24 DHCP configuration commands ................................................................................... 10-37
Table 11-1 Kinds of Global DHCP snoop Packet Control Parameters ...................................... 11-11
Table 12-1 Configuring Telnet Session Timeouts............................................................................... 12-5
Table 12-2 Defining Access Lists........................................................................................................ 12-7
Table 12-3 Applying the access list to terminal line............................................................................ 12-9
Table 12-4 Applying the Access List to SNMP Access..................................................................... 12-10
Table 12-5 Security configuration commands................................................................................... 12-11
Table 13-1 Enabling PIM-SM ............................................................................................................ 13-10
Table 13-2 Enabling PIM-DM............................................................................................................ 13-12
Table 13-3 Enabling DVMRP ............................................................................................................ 13-13
Table 13-4 Configuring a Static Multicast Route............................................................................... 13-16
Table 13-5 Enabling router compatibility with RFC 2362.................................................................. 13-28
Table 13-6 show ip mroute Field Description.................................................................................... 13-46
Table 13-7 show ip pim configuration field descriptions ................................................................... 13-48
Table 13-8 show ip pim interface field descriptions .......................................................................... 13-49
Table 13-9 show ip pim interface detail field descriptions ................................................................ 13-50
Table 13-10 show ip pim neighbor field descriptions........................................................................ 13-51
Table 13-11 show ip pim bsr-router field descriptions ...................................................................... 13-52
Table 13-12 show ip pim rp mapping Field Description.................................................................... 13-53
Table 13-13 show ip dvmrp configuration filed descriptions ............................................................. 13-54
Table 13-14 show ip dvmrp interface field descriptions.................................................................... 13-55
Table 13-15 show ip dvmrp neighbor field descriptions.................................................................... 13-56
Table 13-16 show ip dvmrp route field descriptions ......................................................................... 13-57
Table 13-17 show ip dvmrp prune field descriptions ........................................................................ 13-57
Table 13-18 show ip igmp configuration field descriptions ............................................................... 13-58
Table 13-19 show ip igmp group field descriptions........................................................................... 13-60
Table 14-1 Configuring the Standard Route ....................................................................................... 14-3
Table 14-2 Configuring the VLAN Interface Route ............................................................................. 14-4
Table 14-3 Configure the Loopback Route ......................................................................................... 14-5
Table 14-4 Configuring the Null Route................................................................................................ 14-6
Table 14-5 Configuring the Default Gateway...................................................................................... 14-7
Table 14-6 Enabling BGP ................................................................................................................. 14-11
Table 14-7 Specifying Router ID ....................................................................................................... 14-12
Table 14-8 BGP neighbor Parameters.............................................................................................. 14-18
Table 14-9 BGP neighbor Timer ....................................................................................................... 14-30
Table 14-10 BGP Parameters........................................................................................................... 14-34
Table 14-11 show ip bgp field description......................................................................................... 14-39
Table 14-12 show ip bgp attribute-info Field Description.................................................................. 14-41
Table 14-13 show ip bgp cidr-only Field Description ........................................................................ 14-42
Table 14-14 show ip bgp community-info Field Description ............................................................. 14-43
Table 14-15 show ip bgp community Field Description .................................................................... 14-44

XXIII
List of Tables

Table 14-16 show ip bgp community-list Field Descriptions............................................................. 14-45


Table 14-17 show ip bgp filter-list Field Descriptions ....................................................................... 14-47
Table 14-18 show ip bgp neighbors Field Description...................................................................... 14-48
Table 14-19 show ip bgp neighbors path Filed Descriptions ............................................................ 14-50
Table 14-20 show ip bgp regexp Field Descriptions......................................................................... 14-51
Table 14-21 show ip bgp scan Field Description .............................................................................. 14-52
Table 14-22 show ip bgp summary Field Descriptions ..................................................................... 14-53
Table 14-23 BGP Commands ........................................................................................................... 14-54
Table 14-24 OSPF Parameters......................................................................................................... 14-66
Table 14-25 SPF Timer ..................................................................................................................... 14-70
Table 14-26 show ip ospf command Field Description ..................................................................... 14-74
Table 14-27 show ip ospf border-routers Field Description .............................................................. 14-75
Table 14-28 show ip ospf database Command Option..................................................................... 14-75
Table 14-29 show ip ospf interface Filed Description ....................................................................... 14-76
Table 14-30 show ip ospf neighbor Field Description....................................................................... 14-78
Table 14-31 show ip ospf route Field Description............................................................................. 14-79
Table 14-32 OSPF Commands......................................................................................................... 14-80
Table 14-33 IS-IS NET Structure ...................................................................................................... 14-84
Table 14-34 Enabling IS-IS ............................................................................................................... 14-86
Table 14-35 IS-IS Parameters .......................................................................................................... 14-88
Table 14-36 show isis counter Field Description .............................................................................. 14-99
Table 14-37 show isis database Field Description ......................................................................... 14-100
Table 14-38 show isis interface Field Description........................................................................... 14-101
Table 14-39 show isis topology Field Description........................................................................... 14-102
Table 14-40 IS-IS Commands......................................................................................................... 14-103
Table 14-41 Differences of RIPv1 and RIPv2 ................................................................................. 14-106
Table 14-42 Fields of RIP Route Entry ........................................................................................... 14-106
Table 14-43 Timers for RIP............................................................................................................. 14-108
Table 14-44 RIP Parameters .......................................................................................................... 14-111
Table 14-45 RIP Timers .................................................................................................................. 14-116
Table 14-46 show ip rip Field Description....................................................................................... 14-118
Table 14-47 show ip rip interface Field Description........................................................................ 14-120
Table 14-48 RIP Commands........................................................................................................... 14-121
Table 15-1 Setting LACP Operation Mode ......................................................................................... 15-5
Table 15-2 Setting LACP Partner key ................................................................................................. 15-7
Table 16-1 STP Timers ....................................................................................................................... 16-4
Table 16-2 Comparison of STP and RSTP port states....................................................................... 16-7
Table 16-3 Default STP Configuration ................................................................................................ 16-8
Table 16-4 Enabling STP on a VLAN.................................................................................................. 16-9
Table 16-5 Enabling STP on a port................................................................................................... 16-11
Table 16-6 Setting the Bridge ID....................................................................................................... 16-12
Table 16-7 Configuring the path cost ................................................................................................ 16-13
Table 16-8 Configuring STP encoding mode.................................................................................... 16-15
Table 16-9 Configuring the port priority ............................................................................................ 16-16
Table 16-10 Setting spanning tree timers ......................................................................................... 16-17
Table 16-11 Enabling RSTP on a VLAN........................................................................................... 16-21
Table 16-12 Configuring the path cost .............................................................................................. 16-22
Table 16-13 Configuring RSTP encoding mode ............................................................................... 16-24

XXIV Corecess S5 System User's Guide


List of Tables

Table 16-14 Configuring Spanning Tree Protocol Type ................................................................... 16-25


Table 16-15 Configuring an Edge Port ............................................................................................. 16-26
Table 16-16 STP and RSTP Configuration Commands ................................................................... 16-28
Table 17-1 Configuring the IP interface .............................................................................................. 17-5
Table 17-2 Creating a virtual router .................................................................................................... 17-6
Table 17-3 Enabling the virtual router ............................................................................................... 17-10
Table 17-4 show vrrp Field Description ............................................................................................ 17-14
Table 17-5 VRRP commands ........................................................................................................... 17-15
Table 19-1 Corecess M5 System Slot Composition ........................................................................... 19-6
Table 19-2 Corecess M5 System Slot............................................................................................... 19-10
Table 19-3 Corecess M5 System SLU Module................................................................................. 19-13
Table 19-4 Corecess M5 System OLU Module ................................................................................ 19-13
Table 19-5 M5-SLU-16CH and M5-SLU-16CH module system status LED .................................... 19-15
Table 19-6 M5-SLU-16CH and M5-SLU-8CH module Ethernet Management Port LED functions . 19-16
Table 19-7 M5-OLU-WE16CH and M5-OLU-WE8CH module Run LED functions.......................... 19-18
Table 19-8 Required manpower according to product weight .......................................................... 19-27
Table 19-9 System Use Environment ............................................................................................... 19-28
Table 19-10 System Power Specs.................................................................................................... 19-28
Table 19-11 Types of modules that can be attached to each system slot ....................................... 19-31
Table A-1 Corecess S5 System hardware specifications .....................................................................A-2
Table A-2 Corecess S5 System software specifications ......................................................................A-4
Table A-3 Corecess 4500 Optical Splitter Specification .......................................................................A-7
Table B-1 Pin Configuration of 10/100/1000Base-T Port .....................................................................B-2
Table B-2 Pin Configuration of Ethernet Management Port .................................................................B-2
Table B-3 Pin Configuration of Console Port ........................................................................................B-3
Table B-4 Pin Configuration of Console Port ........................................................................................B-3
Table B-5 System Modules with Fiber Optic Ports Duplex LC Fiber Optic Cable ................................B-6

XXV
List of Tables

XXVI Corecess S5 System User's Guide


Chapter 1 Overview

This chapter introduces the Corecess S5 System functions and features and describes several kinds of
network examples configurable with the Corecess S5 System.

9 Introduction 1-2

9 Applications 1-8
Introduction

Introduction

The Corecess S5 System is multi-functional platform used as AON switch, E-PON OLT and WDM-
PON OLT on Ethernet-based fiber optic network. The Corecess S5 System provides TPS (Triple Play
Service) solution that integrates broadband Internet, Broadcasting and telephone service.

y AON Switch : Active Optical Network Switch

y E-PON OLT : Passive Optical Network OLT (Optical Line Terminal)

y WDM-PON OLT : GW-PON( Gigabit Ethernet WDM PON) OLT , WE-PON (WDM E-PON) OLT

The S5 platform is high performance switch router that acts as PON OLT and Ethernet
Aggregation Switch. It provides various optical links while generating and controlling the
services. It offers the optical links of GEPON, Gigabit Ethernet and also acts as OLT for WDM
PON and Super PON if it combines with WDM multiplexer. The S5 platform makes access
network simple by integrating multiple functions into a single scalable platform. With its high
functionalities and scalability, it enables both of residential and commercial services with a
single platform.

1-2 Corecess S5 System User's Guide


Introduction

The S5 consists of 3 different types of chassis, various Switching & Control Module(SCM) and
Line Interface Module(LIM). The capacity of back plane, SCM and LIM are scalable in terms of
throughput and density. The 10 Gigabit Ethernet is ready for the service of today and future.
SCM and LIM are compatible between chassis to implement a system with mix and match. With
this modular designs, it provides the great flexibility for operators to have wide ranges of
options depending on their services and density while keeping simplicity with same function
and performance.

The Corecess S5 System supports the high performance QoS. Thus, the user can control several
kinds of traffic (voice, video and other important data) efficiently. The Corecess S5 System
provides reliable service that gives important packets high priority and processes the packet
faster than others .

The Corecess S5 System is easy to use and can be easily installed as well. And LEDs on the front
panel of the Corecess S5 System make it easy to manage the product and networks through
notifying the operation status, port conditions and fault occurrence.

Overview 1-3
Hardware Features

Hardware Features

Slot Configuration
Slot composition according to Corecess S5 series chassis is as follows:

Item S511CH S518CH S506CH

Number of total slot 10 18 5

Number of SCM slot 2 2 1

Location of SCM slot Top Center Top

Maximum backplane capacity 64G 64G 32G

Maximum slot capacity 8G 4G 8G

Chassis
S518 - 2 SCM slots, 16 LIM slots, 12 RU, DC only
S511 - 2 SCM slots, 8 LIM slots, 7 RU, DC/AC
S506 - 1 SCM slots, 4 LIM slots, 4 RU, DC/AC

1-4 Corecess S5 System User's Guide


Hardware Features

Switching & Control Module


Slot (Numner) Module Description
y 4 uplink ports for Gigabit Ethernet (SFP)
y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM-B72G y 2 uplink ports for 10G Ethernet (XFP,Optional)
y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)
y 4 uplink ports for Gigabit Ethernet (SFP)
SCM Slot y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM-24G
y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)

y 4 uplink ports for Gigabit Ethernet (RJ-45 or SFP)


SCM-20G y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)

Line Interface Module


Slot Module Description

LIM-GW16GF y 16 WDM-PON Ports (SC/APC)

LIM-D16GF y 16 Gigabit Ethernet Ports (SFP)

LIM-D8GF y 8 Gigabit Ethernet Ports (SFP)

LIM Slot
LIM-D4GF y 4 Gigabit Ethernet Ports (SFP)

LIM-D16GT y 16 Gigabit Ethernet Ports (1000Base-T, UTP)

LIM-D8GT y 8 Gigabit Ethernet Ports (1000Base-T, UTP)

LIM-EP4G-GR y Gigabit Ethernet PON Ports (1000Base-PX SFP)

Overview 1-5
Hardware Features

High performance OLT platform

y Future proofed optical links : GEPON, Gigabit Ethernet, WDM PON and Super PON

y Multiple function including control of services and management of subscribers

y Common platform for both of residential and commercial service

y Common platform for both of all-fiber network and deep-fiber network

Scalable and flexible architecture

y Capacity of back plane and SCM, throughput speed of interface and port density are scalable

y SCM and LIM are common and compatible for 3 different types of chassis

y Supports multiple topology of network including star, ring and tree

Easy deployment and maintenance

y Full front access and compliance on ETSI standard form factor

y Hot swappable SCM and LIM

y Integrated management including ONU and ONT

Superior performance of GEPON

y Supports multiple Logical Link Identifier

y Hardware based high speed Dynamic Bandwidth Allocation

High reliability and availability

y System redundancy : power and SCM

y Network redundancy : uplink and line link including GEPON

y Graceful restart

y H/W upgrade without service discontinuity

1-6 Corecess S5 System User's Guide


Software Features

Software Features

Layer 2 Switching

The Corecess S5 System provides the Layer 2 Switching function as follows:

y Supports IEEE 802.3x Flow control

y Supports IEEE 802.1p Traffic Priority (eight priority queues)

y Supports Port based VLAN and IEEE 802.1q tagged VLAN (maximum: 4,096)

y VLAN processing including 802.1Q and Q-in-Q

y Supports Link aggregation using trunk and IEEE802.3ad

y Supports STP(Spanning Tree Protocol) and RSTP(Rapid STP)

Layer 3 Switching and Routing

The Corecess S5 System supports Layer 3 switching. Because Layer 2 switches don’t support the
Layer 3 communication between VLANs, a separate router is needed to link the VLANs. But the
Corecess S5 System supporting Layer 3 switching can process all incoming packets without a
separate router.

The Corecess S5 System supports the following IP routing protocols:

y RIPv1 and RIPv2

y OSPF

y IS-IS

y BGPv4

y VRRP

Packet processing functionalities

y multiple priority queue support, congestion control, traffic shaping & policing and modification

y ACL based filtering

y DHCP server and relay

Overview 1-7
Software Features

QoS (Quality of Service)

The Corecess S5 System supports the following QoS functions:

y Packet classification and marking

y Class - based packet scheduling

Item SCM-20G SCM-24G SCM-72G

ACL table size 128 per port 2,048 2,048

Yes (Based on Yes (Based on Yes (Based on


S MFC support
L2/L3/L4~L7 fields) L2/L3/L4~L7 fields) L2/L3/L4~L7 fields)
e Marking & Yes Yes Yes
(CoS, DSCP or IP (CoS, DSCP or IP (CoS, DSCP or IP
c remarking support precedence, ToS) precedence, ToS) precedence, ToS)
No.
u Hierarchical No. (Only 1 stage queue No. (Only 1 stage queue
(Only 1 stage queue
queuing support support) support)
r support)

i No. of queues 8 per port 8 per port 8 per port

t Strict Priority
Yes Yes Yes
y (SP) support
Weight Fair Queue
No Yes Yes
T (WFQ) support
h Weight Round
e Robin (WRR) Yes Yes Yes
support
C Deficit Weighted
o Round Robin No Yes Yes
r (DWRR) support
e
128 per port 2,048 2,048
c ACL table size
e Maximum slot
4G 8G 8G
s capacity

1-8 Corecess S5 System User's Guide


Software Features

Multicasting

The Corecess S5 System supports the following multicasting protocols for the high quality
broadcasting service:

y IGMPv2 and IGMP snooping

y PIM-SM and PIM-DM

y DVMRP

y SLA using multiple LLID of GEPON

Security

S5 System provides the following security function:

y Supports system access control using access lists

y Supports DHCP filtering to prevent unauthorized operation of private DHCP Server

y Supports NetBIOS filtering to prevent file sharing among subscribers

y Supports CIFS filtering using MAC address, IP address and TCP/UDP port number

y Secured network from bad users’ threats

y Protection from IP/ARP spoofing, packet storming & TCP sync flooding

Network Management

The Corecess S5 System supports SNMP (Simple Network Management Protocol), RMON
(Rmote MONitoring) and port mirroring for network management. You can monitor and
control the Corecess S5 System network via the console port, Telnet session, or the Corecess
NMS, ViewlinX.

y CLI (Command Line Interface) Command


CLI is system control command to operate the Corecess S5 System through Telnet or the terminal
connected to console port. You can monitor the system status and configure the system. By default, 10
Telnet sessions can be opened at the same time to connect the Corecess S5 System.

y ViewlinX Manager / EMS


The ViewlinX Manager and ViewlinX EMS (Element Management System) are Corecess NMS (Network
Management System). The ViewlinX Manager and Viewlinx EMS have easy user interface and intuitive
screen configuration, so that users can manage a network easily and conveniently. And, because the
real pictures of devices presented the operating status and configuration are displayed, users can find
out and set devices at a glance.

Overview 1-9
Software Features

y Port Mirroring
The Corecess S5 System allows you to use the port mirroring function without affecting the switching
performance.

y RMON
The Corecess S5 System provides four RMON groups (history, statistics, alarms, and events) in each
port as traffic management, monitoring and analysis tools.

y Remote Software Update


The Corecess S5 System provides easy-to-upgrade using FTP and TFTP in a remote place.

1-10 Corecess S5 System User's Guide


Applications

Applications
This section describes example applications for the Corecess S5 System.

All Fiber Network with S5 System

Overview 1-11
Applications

Deep Fiber Network with S5 System

WDM PON Solution with S5 Series

GW-PON Network with S511-CH

1-12 Corecess S5 System User's Guide


Applications

SuperPon Network with M5 Mux Platform

Overview 1-13
Applications

1-14 Corecess S5 System User's Guide


Chapter 2 Hardware Description

This chapter introduces the structures of the front and rear side of the Corecess S5 System and describes
the function and appearance of the modules provided for the Corecess S5 System. This chapter also briefs
the devices connected to the Corecess S5 System.

9 System Chassis 2-1

9 System Module 2-6

9 Devices Connecting 2-14


System Chassises

System Chassises
This section describes the external features of the Corecess S5 System chassises.
Corecess S5 series consists of various chassises and SCM(Switching Control Module), LIM(Line
interface Module). Those help operator with flexible and economical configuration environment
enough to achieve the aimed network.

S511 Chassis

View

There are ten slots, rack blaket, fan tray and fan filter in front of Corecess S511 system. The SCM
and LIM module are equiped in the slots, and a back-plane board inside the chassis makes SCM
and LIM module communicate each other. Three power moudules supplies the Corecess S5
system with the ensured power. The default state of two of them is running and that of the
other is under earmark for stand-by. In the emergent event of a failure of source power to one

2-2 Corecess S5 System User's Guide


System Chassises

supply, or the failure of one power supply, the redundant power option guarantees stable and
uninterrupted opertion.

The view above displays that LIM-GW16GF, designed to be equipped in only S511, occupies
double slots. LIM module can be installed up to 8 from bottom.

Slot
SCM Slot (10)
SCM Slot (9)
LIM Slot (8)
LIM Slot (7)
LIM Slot (6)
LIM Slot (5)
LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)

S511 Features

Power is supplied in the form of module with DC -48V. Three power moudules supplies the
Corecess S5 system with the ensured power. The default state of two of them is running and
that of the other is under earmark for stand-by.

The function of hot swapping provided by Corecess S5 system allows operator to add, replace
or remove any modules without interrupting or shutting down the system power or interfaces.
The 9 and 10 number of SCM modules are under control of redundancy.

Hardware Description 2-3


System Chassises

S518 Chassis
There are 18 slots, rack bracket, fan tray and fan filter in font of Corecess S518 System. The SCM
and LIM module are equipped in the slots, and a back-plane board inside the chassis makes
SCM and LIM module communicate each other.

View

DC Power

Rack blaket

Fan filter
<Corecess S518>

Slot (S518)

System slot of Coreecess S5 518 may be equipped with 2 SCM modules for switching and
system control and 16 Lim modules that can be used for Gigabit Ethernet or Gigabit Ethernet
PON Interface. Type and slot numbers for Corecess S5 system slot are as follows. Slot numbers
are used when performing system setup or monitoring via CLI command.
LIM Slot 01
LIM Slot 02
LIM Slot 03
LIM Slot 04
LIM Slot 05
LIM Slot 06
LIM Slot 07
LIM Slot 08

LIM Slot 09
LIM Slot 10
LIM Slot 11
LIM Slot 12
LIM Slot 13
LIM Slot 14
LIM Slot 15
LIM Slot 16
SCM Slot 1
SCM Slot 2

2-4 Corecess S5 System User's Guide


System Chassises

S518 Features

Power is supplied in the form of power line duplication with DC -48V.


The function of hot swapping provided by Corecess S5 system allows operator to add, replace
or remove any modules without interrupting or shutting down the system power or interfaces.

Hardware Description 2-5


System Chassises

S506(S505) Chassis
There are five slots, rack bracket, fan tray and fan filter in font of Corecess S5 System. The SCM
and LIM module are equipped in the slots, and a back-plane board inside the chassis makes
SCM and LIM module communicate each other. Unlike the Corecess S505, the Corecess S506
provides maximum two AC power modules.

View

<Corecess S505>
Rack Braket Fan Tray Fan Filter Rack Braket

<Corecess S506>
AC Power Module AC Power Module

2-6 Corecess S5 System User's Guide


System Chassises

Slot(S505,S506)

The Corecess S506 has five slots in which one SCM module and four LIM modules can be
installed. The SCM module takes charge of switching and system control, and the LIM modules
provide Gigabit Ethernet PON interface. When you execute CLI commands for system
configuration or monitoring, use the slot number. Each slot’s type and number is as follows:

SCM Slot (5)


LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)

S506 Feature

The AC power modules supplies AC power (100V~220V) to the Corecess S5 System. The
Corecess S506 supports redundant AC-input power supplies. In the event of a failure of source
power to one supply, or the failure of one power supply, the redundant power option ensures
uninterrupted operation.

S505 Feature

The terminal block is used to connect external DC power supplies of –48VDC or rectifiers. There
are 3 terminals in the terminal block: FG, GND, and -48VDC. The Corecess S505 supports
redundant DC-input power supplies. In the event of a failure of source power to one supply, or
the failure of one power supply, the redundant power option ensures uninterrupted operation.

the Corecess S505 provides two terminal blocks on the rear of chassis

Hardware Description 2-7


System Chassises

Chassis Common Items

Table 2-1 Corecess S5 System Slot

Slot Rear of S505


Description

SCM Slot Installation of SCM modules that control overall performance of system and provide
switching functions

LIM Slot Installation of LIM modules that provides Gigabia Ethernet or PON interface for Gigabit
Ethernet

The Corecess S5 System’s slots support hot-swap function, and you can install a module into the
slot without turning the system off.

Note : For more information of modules, ports and LEDs, refer to System Modules in this chapter.

Rack Bracket

The rack bracket is used when equipping the Corecess S5 System to install it on a 19-inch rack.
Chapter 4 Installation describes how to mount the Corecess S5 System with a rack bracket on a 19-
inch rack.

Fan Tray

The system fan comes with cooling fan that maintain proper temperatures inside the chassis.
The LED on the fan tray denotes power supply and operating status. During the fan module
operates normally, the LED is lit on green. When a user stops operating the cooling fan, the LED
is lit on orange. When the cooling fan has a problem, the LED is lit on red.

Fan Filter

The fan filter filters dust which comes into the system through the ventilation holes. The fan
filter should be checked depend on cleanliness of the location, and replaced or cleaned if
necessary.

2-8 Corecess S5 System User's Guide


System Chassises

Ground Terminal

The ground terminal is a terminal for the system ground. Connect the ground terminal to the
external ground using ground for preventing an electric shock or the system damage .

A ground terminal is generally on the rear of chassises, but S518 chassis is not.

<Corecess S505>
Ground Terminal

<Corecess S506> <Corecess S518>

Ventilation Holes

The ventilation holes are where heat, which is generated while the Corecess S5 System is
operating, comes out and external cold air is taken in. If the ventilation holes are blocked when
using the Corecess S5 System, the product may overheat because the internal hot air and
external cold air cannot circulate properly.

<Corecess S505> Ventilation Holes <Corecess S506>

Hardware Description 2-9


System Modules

System Modules

Slot Configuration
Operator can make his or her easier way to configure the aimed network with the help of
various chassis and module in Corecess S5 series.

The various modules can be installed as follows.

Item S511CH S518CH S505CH-GR S506CH-GR

Number of total slot 10 18 5 5

8 2 1 1

Location of SCM slot Top Center Top Top

Maximum backplane
capacity 64G 64G 32G 32G

Maximum slot capacity 8G 4G 8G 8G

2-10 Corecess S5 System User's Guide


SCM Module

SCM Module
The Corecess S5 system provides the following SCM module:

Table 2-2 Slot configuration of Corecess S5 system

Slot (Numner) Module Description


y 4 uplink ports for Gigabit Ethernet (SFP)
y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM-B72G y 2 uplink ports for 10G Ethernet (XFP,Optional)
y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)
y 4 uplink ports for Gigabit Ethernet (SFP)
SCM Slot
y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM-24G
y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)
y 4 uplink ports for Gigabit Ethernet (RJ-45 or SFP)
SCM-20G y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)

SCM Slot Capacity


Slot capacity SCM20G SCM-B24G SCM-B72G

S511 2G per slot 2G per slot 8G per slot

S518 1G per slot 1G per slot 4G per slot

S506 4G per slot 4G per slot 16G per slot

S505 4G per slot 4G per slot 16G per slot

Hardware Description 2-11


SCM Module

Performance of Switching and Routing


Item SCM20G SCM-B24G SCM-B72G

20G full duplex 24G full duplex 72G full duplex


Switching fabric capacity
(40G aggregate) (48G aggregate) (144G aggregate)
MAC address
16K entry 16K entry 16K entry
table size

VLAN table size 4K entry 4K entry 4K entry

IPv4 routing
Max. 64K entry 12288 12288
table size

Memory
Item SCM20G SCM-B24G SCM-B72G
Main Memory size 256Mbytes
Boot ROM size 512Kbytes
Packet buffer size
(per switching chip) 1Mbytes 2Mbytes 2Mbytes

System Status LED (Run, Master)


System Status LED displays the status of the Corecess S5 System and SCM module.

Table 2-3 System Status LED Functions on the SCM Module

LED Color State Description

On The system is being initialized.

Green Flashing The processor is operating normally after system initialization.


Run
Off Power is not being supplied to the system.

Red On The system is not operating normally.

On The module is operating as master mode.


Master Green
Off The module is operating as slave mode.

Note: Master LED is only operated when two SCM modules are installed in the system for redundancy.

2-12 Corecess S5 System User's Guide


SCM Module

Reset Switch (Reset)


The reset switch is used to reboot the Corecess S5 System. When the reset switch is pressed, all
configuration information that has not been saved is deleted, and the connections between each
port and other devices are disconnected. Use pointed objects like a ball-point pen when
pressing the reset switch.

Port Type

Console Port (Console)

The console port is used to connect a console terminal for monitoring and configuring the
Corecess S5 System. To connect the console port to a console terminal, use the included console
cable. A PC or a workstation installed with a terminal emulation program or VT-100 terminal
can be used as a console terminal.

Ethernet Management Port (Ethernet)

The Ethernet Management port is used for connecting the Corecess S5 System to the network to
manage the system by the NMS (Network Management System) or Telnet. The Ethernet
Management port is a 10/100Base-TX port. In connection with 10/100Base-TX port, the speed
(10Mbps or 100Mbps) and the transmission mode (full-duplex or half-duplex) are automatically
configured in accordance with the speed and transmission mode of the connected device. The
cables for connecting to the Ethernet Management port are twisted-pair category 3, 4 and 5 with
RJ-45 connectors at both ends.

The following table describes the information indicated by the Ethernet Management port
LEDs:

Table 2-4 LED Functions of Ethernet Management Port on the SCM Module

LED Color State Description

On The Port is operating and being connected to the device.


Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.

10/100 Yellow On The port is operating at 100Mbps.

Hardware Description 2-13


SCM Module

Off The port is operating at 10Mbps.

GbE(Gigabit Ethernet) Port


The Gigabit Ethernet port is an uplink port connected the Corecess S5 System to core network.
The SCM-Module has two types of Gigabit Ethernet port, and each Gigabit port has four ports.

y 10/100/1000Base-T Port (RJ-45 connector)

y SFP GbE Port

The couple of ports can be combined for its use. Therefore the one port is surely "off" in the case
of the 'on" status of the other.

10/100/1000Base-T Port SFP GbE Port

O O O X X X X O

The following table is the specifications of the Gigabit Ethernet port:

Table 2-5 Gigabit Ethernet Port Specification for SCM Module

Feature 10/100/1000Base-T Port SFP GbE Port


Full-duplex mode or Half-duplex mode
Transfer Mode Full-duplex mode
(Auto sensing)
Transfer Speed 10/100/1000Mbps 1000Mbps

Connector Type RJ-45 Optional

Port Number 4 4

Maximum
100m Optional
Transfer Distance

Transfer Media Twisted-pair category-5+, 6 cable Fiber(Optic)

2-14 Corecess S5 System User's Guide


SCM Module

The following table describes the information indicated by the 10/100/1000Base-T port LEDs:

Table 2-6 10/100/1000Base-T Port LED Function of SCM Module

LED Color State Description

On The Port is operating and being connected to the device.


Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.

1000 On The port is operating at 1000Mbps.


Yellow
10/100
Off The port is operating at 10/100Mbps.

The following table describes the information indicated by the port LEDs:

Table 2-7 Port LED Function of SCM Module

LED Color State Description

On The Port is operating and being connected to the device.


Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.

10G Ethernet Port

The Gigabit Ethernet port is an uplink port connected the Corecess S5 System to core network.
XFP 10GBaseR upilnk port requires additional 10GbE XFP transciver.

y 10 Gigabit Ethernet uplink interface (10GBase-R XFP)

The following table lists the specifications of the Gigabit Ethernet port on the SCMmodule:

Table 2-8 Gigabit Ethernet Port Specification for SCM Module

Feature 10GBase-R XFP Port

Transfer Mode Full-duplex mode

Transfer Speed 10Gbps

Connector Type SFP

Port Number 2

Hardware Description 2-15


SCM Module

SCM-B72G
SCM-B72G is switching control module that privide system control function and Layer 3
swithching. SCM-B72G module provides 4 Gigabit Ethernet uplink ports (SFP type), optional
two 10G Ethernet uplink ports(XFP type), optional 4 Gigabit Ethernet uplink ports (RJ-45),
console port and ethernet port.

SFP GbE Port SFP GbE Port LED

Reset Switch

System Status LED Console Port 10G XFP port

Ethernet Management Port

SCM-B24G
SCM-B24G is switching control module that privide system control function and Layer 3
swithching . SCM-B24G module provides 4 Gigabit Ethernet uplink ports (SFP type), optional 4
Gigabit Ethernet uplink ports (RJ-45), console port, and ethernet port.

10/100/1000Base-T SFP GbE Port SFP GbE Port LED

Reset Switch Port LED

System Status LED Console Port 10/100/1000Base-T Port

Ethernet Management Port

2-16 Corecess S5 System User's Guide


SCM Module

SCM-20G
SCM-20G is switching control module that privide system control function and Layer 3
swithching. The SCM-20G has four Gigabit Ethernet uplink ports (RJ-45 or SFP), the Console
port and the Ethernet port.

The function of parts, the front panel of SCM-20G module, is as follows:

10/100/1000Base-T SFP GbE Port SFP GbE Port LED

Reset Switch Port LED

System Status LED Console Port 10/100/1000Base-T Port

Ethernet Management Port

Hardware Description 2-17


LIM Module

LIM Module
The Corecess S5 system provides the following LIM module:

Table 2-9 Corecess S5 LIM Module

Slot Module Description

LIM-GW16GF y 16 WDM-PON Ports (SC/APC)

LIM-D16GF y 16 Gigabit Ethernet Ports (SFP)

LIM-D8GF y 8 Gigabit Ethernet Ports (SFP)

LIM Slot
LIM-D4GF y 4 Gigabit Ethernet Ports (SFP)

LIM-D16GT y 16 Gigabit Ethernet Ports (1000Base-T, UTP)

LIM-D8GT y 8 Gigabit Ethernet Ports (1000Base-T, UTP)

LIM-EP4G-GR y Gigabit Ethernet PON Ports (1000Base-PX SFP)

Run LED
Run LED displays the status of the LIM module.

Table 2-10 Run LED Functions on the LIM-EP4G-GR Module

LED Color State Description

On The module is being initialized.

Green Flashing The processor is operating normally after system initialization.


Run
Off Power is not being supplied to the system.

Red On The system is not operating normally.

2-18 Corecess S5 System User's Guide


LIM Module

Port LED
The following table describes the information indicated by port LEDs:

Table 2-11 LED Functions of 1000Base-PX SFP E-PON Port.

LED Color State Description

On The Port is operating and being connected to the device.


Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.

Port Type

GW-PON Port(Optical Link)

GW-PON port(optical link) in S5-LIM-GW16GF can transport the electric signal to the
multiplexed 16 channel in one fiber in one time.

Feature Specification

Forwarding capacity 16 Gbps full duplex

WDN-PON Optical link port connector 1 SC/APC

Seed light source input connector 2 SC/APC (with redundancy)

No.of Channel 16

Operation Wavelength C-band


ITU-T CH23~53, 200GHz Spacing
Center Wavelength
CH23= 1558.98nm, CH53=1535.04nm

1000Base-PX SFP E-PON Port

The 1000Base-PX SFP E-PON Port is connected to the maximum number of 32 ONT(Optical
Network Terminal) through a splitter.
The following table lists the specifications of the 1000Base-PX SFP E-PON Port.

Hardware Description 2-19


LIM Module

Table 2-12 Specifications of 1000Base-PX SFP E-PON Port

Feature Specification

Transfer Mode Full-duplex mode

Transfer Speed 1000Mbps

Connector Type Simplex SC/PC

Port Number 4
Branch Number per
32
Port

Maximum Transfer 1000Base-PX10 10Km


Distance 1000Base-PX20 20Km

1000Base-PX10 y Rx : 1310nm Single mode fiber optic cable


Transfer Media
1000Base-PX20 y Tx : 1490nm Single mode fiber optic cable

SFP GbE Port

The SFP GbE Port is used as downlink port connected to other Gigabit Ethernet devices.
The following table lists the specifications of the SFP GbE Port on the LIM module.

Table 2-13 Specifications of SFP GbE Port

Feature Specification

Transfer Mode Full-duplex mode

Transfer Speed 1000Mbps

Connector Type Optional

1000Base-T port

The 1000Base-T Port is used as downlink port connected to other Gigabit Ethernet devices.
The following table lists the specifications of the 1000Base-T Port on the LIM module.

Table 2-14 Specifications of 1000Base-T Port

Feature Specification
Transfer Mode Full-duplex mode or Half-duplex mode (Auto sensing)
Transfer Speed 10/100/1000Mbps
Connector Type RJ-45

2-20 Corecess S5 System User's Guide


LIM Module

Maximum Transfer
100m
Distance

Transfer Media Twisted-pair category-5+, 6 cable

Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the
aperture of the port when no fiber cable is connected. Thus, if you don’t use the fiber optic port for a long time
during the system operation, Close the port with a cap or Connect the port with a fiber optic cable.

Hardware Description 2-21


LIM Module

LIM-D16GT(LIM-D8GT)
LIM-D16GT module is a Gigabit Ethernet interface module. LIM-D16GT module can provide
10/100/1000Base-T Ports.

The function of parts, the front panel of LIM-D16GT(LIM-D8GT) module, is as follows:

10/100/1000Base-T Ports Port LED

Run LED

LIM-D16GF(LIM-D8GF,LIM-D4GF)
LIM-D16GF module is a Gigabit Ethernet interface module. LIM-D16GF module can provide
SFP GbE Ports.

The function of parts, the front panel of LIM-D16GF module, is as follows:

GbE Ports Port LED

Run LED

2-22 Corecess S5 System User's Guide


LIM Module

LIM-EP4G-GR
LIM-EP4G-GR module is a Gigabit Ethernet PON interface module. LIM-EP4G-GR module can
provide four 1000Base-PX SFP E-PON Ports.

The function of parts, the front panel of LIM-EP4G-GR module, is as follows:

1000Base-PX SFP E-PON Ports

Run LED 1000Base-PX SFP Port LED

LIM-GW16GF
LIM-GW16GF is marked by its only use for S511 chassis. It, along with L1-BLS-16CH, send
through optical link to 1 core fiber the multiplexed 16-channel GbE in accordance with wave-
length.

The function of each part comprising front-panel is as follows:

Port LED
Light Source port 2

Run LED Optical Link


Light Source port 1

Hardware Description 2-23


Support Devices

Support Devices

E-PON Splitter
The Corecess 4500 is an optical splitter connected to ONTs (Optical Network Terminal). The
Corecess 4500 provides the maximum number of 32 connections.

There are one OLT port connected to the Corecess S5 System and 32 ONT ports connected to
ONTs in front of the Corecess 4500 Optic Splitter.

ONT Port

OLT Port

WDM Filter
M5-GWDMX-16CH is characterized as the dimultiplexing device that receives GW-PON signal
from multiplexed 1 core and filter it to 16 CH.

16CH GbE Ports

GW-PON Port

2-24 Corecess S5 System User's Guide


Support Devices

L1-SLS16 Supported GW-PON Network


L1-SLS16 support seed light sorce to GW-PON network. It, along with LIM-GW16GF, sends to 1
core fiber the 16-channel GbE multiplexed in accordance with wave-length.

Cable Connecting

Hardware Description 2-25


Support Devices

M5 SuperPon Mux Platform

The M5 SuperPON MUX Platform is combined with S5 system to construct Corecess’ SuperPON service.

The M5 platform utilizes different types of OLU board, one for GW-PON, and the other for WE-PON,
to provide both services in a single common chassis.

The M5 chassis provides two slots for SLU (Seed Light source Unit), eight slots for OLU (Optical Link
Unit), and two slots for power modules. It also offers an additional slot for the fan module. The SLU
may be configured for 1+1 redundancy or each SLU may provide seed light for its side of four OLUs.
The power slots are redundant, and each slot is designed to power the whole system. The fan module is
removable and hot-swappable.

2-26 Corecess S5 System User's Guide


Support Devices

Cable Connecting

Splitter

ONT

RN

10Km

Down Up

1 2 3 4 5 6 7
1 2 3 4 5 6 7 8
8

RX TX

The chapter 19 M5 SuperPon Mux Platform will give you more detailed description as its
reference.

Hardware Description 2-27


Support Devices

2-28 Corecess S5 System User's Guide


Chapter 3 Before Installation

This chapter describes the precautions for the Corecess S5 installation and installation environment for the
normal operation. It also describes the way to unpack the Corecess S5 box and verify the contents.

9 Precautions 3-2

9 Installation Place 3-9

9 Unpacking 3-10
Precautions

Precautions

Warning: Before you install the Corecess S5 system, read this section. This section contains important safety
information you should know before working with the system.

General Precautions
y While or after installing the equipment, keep the equipment clean and free from dust all the
time.

y After removing the cover of the equipment, keep the cover in safe place.

y Any tool or cable should not be left on the way of passage for better safety.

y When installing the equipment, the installer should not wear baggy clothing so that tie, scarf,
and sleeves should not be caught in the equipment. Keep tie and scarf from getting slack,
and roll up the sleeves.

y Avoid any harmful action that damages the people or the equipment.

y In case that opening the case for repairing or test is required, contact the sales agency where
you purchased this equipment, or directly contact Corecess Inc. for professional help.

Power Considerations
y Be careful when connecting the system to the supply circuit so that wiring is not overloaded.

y When plugging in a power socket or handling any power source, avoid ring, necklace, metal
watch for better safety. If these materials touch the power socket or ground of the product,
the parts can be burnt out.

y Always verify whether there is any possible danger in the workshop. Wet floor, ungrounded
extension, rubbed-off power code, or unsafe (or ungrounded) floor might be dangerous.

3-2 Corecess S5 System User's Guide


Precautions

DC Power

y Connect DC-input power supplies only to a DC power source that complies with the safety
extra-low voltage (SELV) requirements in the UL 1950, CSA 950, EN 60950, and IEC 60950
standards.

y Incorporate a readily accessible two-poled disconnect device in the fixed wiring.

y Ensure that power is removed from the DC circuit before installing or removing power
supplies. Tape the switch handle of the DC circuit breaker in the off position.

y Use approved wiring terminations, such as closed-loop or spade-type with upturned lugs,
when stranded wiring is required. These terminations should be the appropriate size for the
wires and should clamp both the insulation and the conductor.

y Ensure that no exposed portion of the DC-input power source wire extends from the
terminal block plug. An exposed wire can conduct a harmful level of electricity.

AC Power

y The system is designed for connection to TN power systems. A TN power system is a power
distribution system with one point connected directly to earth (ground). The exposed
conductive parts of the installation are connected to that point by protective earth conductors.

y Ensure that the plug-socket combination is accessible at all times, because it serves as the
main disconnecting device.

Spare Power

If you purchase the product whose a spare power supply is installed, two power supplies are
connected to each input power. Then, if one of the power supplies is not working, the system
can be operating continuously.

Before Installation 3-3


Precautions

Preventing ESD
Electrostatic discharge (ESD) damage occurs when electronic cards or components are
mishandled and can result in complete or intermittent failures. Note the following guidelines
before you install or service the system:

y Always wear an ESD-preventive wrist or ankle strap when handling electronic components.
Connect one end of the strap to an ESD jack or an unpainted metal component on the system
(such as a captive installation screw).

y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.

y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.

y Avoid contact between the cards and clothing. The wrist strap only protects the card from
ESD voltages on the body; ESD voltages on clothing can still cause damage.

y For safety, periodically check the resistance value of the antistatic strap. The measurement
should be between 1 and 10 Mohms.

Installing and Servicing the System


y Before installation, the power switch of the system should be turned OFF and disconnect all
power and external cables.

y Remove all jewelry (including rings and chains) or other items that could get caught in the
system or heat up and cause serious burns.

y Do not touch the backplane or midplane with your hand or metal tools.

y Do not work alone under potentially hazardous conditions.

y Do not perform any action that creates a potential hazard to people or makes the equipment
unsafe.

3-4 Corecess S5 System User's Guide


Precautions

Disconnecting Power

When disconnecting power, note the following guidelines.

y Locate the emergency power-off switch for the room before working with the system.

y Turn off the power and disconnect the power from the circuit when working with
components that are not hot-swappable or when working near the system backplane or
midplane. If the system does not have an on/off switch, unplug the power cord.

y To completely de-energize the system, disconnect the power connection to all power supplies.

y For DC power supplies, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the off position, and tape the switch handle of the circuit
breaker in the off position.

y Do not touch the power supply when the power cord is connected. Line voltages are present
within the power supply even when the power switch is off and the power cord is connected.

Grounding the System

y Connect AC-powered systems to grounded power outlets.

y Do not defeat the ground conductor on an AC plug.

y Connect the system to earth (ground).

Connecting Cables

When you connect cables, note the following guidelines.

y Use caution when installing or modifying telephone lines to prevent electric shock.

y Do not work on the system or connect or disconnect cables during periods of lightning activity.

y Do not touch uninsulated telephone wires or terminals unless the telephone line has been
disconnected at the network interface.

y Hazardous network voltages are present in WAN ports regardless of whether power to the
system is off or on. When you detach cables, detach the end away from the system first.

y Do not use a telephone to report a gas leak in the vicinity of the leak.

y Do not install telephone jacks in wet locations unless the jack is specifically designed for wet
locations.

Before Installation 3-5


Precautions

Working with Lasers

If your system includes a fiber-optic port, note the following guidelines.

y To avoid exposure to radiation, do not stare into the aperture of a fiber-optic port. Invisible
radiation might be emitted from the aperture of the port when no fiber cable is connected.

y Always keep unused fiber-optic ports capped with a clean dust cap.

Preventing EMI

When you run wires for any significant distance in an electromagnetic field, electromagnetic
interference (EMI) can occur between the field and the signals on the wires.

y Bad plant wiring can result in radio frequency interference (RFI).

y Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the
signal drivers and receivers in the system, and can even create an electrical hazard by
conducting power surges through lines and into the system.

y If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.

Covering Blank Slots

Ensure that all cards, faceplates, and covers are in place. Blank faceplates and cover panels are
used to:

y Prevent exposure to hazardous voltages and currents inside the chassis

y Help contain electromagnetic interference (EMI) that might disrupt other equipment

y Direct the flow of cooling air through the chassis

3-6 Corecess S5 System User's Guide


Precautions

Rack-Mounting the System


The following explanations should be noticed when installing the system into the 19-inch rack.

y Install the system in an open rack whenever possible. If installation in an enclosed rack is
unavoidable, ensure that the rack has adequate ventilation.

y Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted,
or if the intake air is too warm, an over temperature condition can occur.

y Avoid placing the system in an overly congested rack or directly next to another equipment
rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over
temperature condition.

y Equipment near the bottom of a rack might generate excessive heat that is drawn upward
and into the intake ports of the equipment above. The warm air can cause an over
temperature condition in the equipment above.

y Ensure that cables from other equipment do not obstruct the airflow through the chassis or
impair access to the power supplies or cards.

y Bolt the rack to the floor for stability.

y Load the rack from the bottom to the top, with the heaviest system at the bottom.

y If there is equipment already installed in the rack, select the location for the system carefully
considering the size of the system:

Before Installation 3-7


Precautions

Lifting the System


When you lift the product to move or change the installation place, note the following
guidelines.
y Disconnect all power and external cables before lifting the system.

y Ensure that your footing is solid and the weight of the system is evenly distributed between
your feet.

y Lift the system slowly, keeping your back straight. Lift with your legs, not with your back.
Bend at the knees, not at the waist.

y Do not attempt to lift the system with the handles on the power supplies or on any of the
cards. These handles are not designed to support the weight of the system.

y To lift and move the system, following number of people or a crane should be needed
depends on weight of the system:

Weight of the system The Number of required persons

Below 18Kg 1

18~32Kg 2

32~55Kg 3

Above 55Kg Crane

Disposing of the System


Dispose of the system and its components (including batteries) as specified by all national laws
and regulations.

3-8 Corecess S5 System User's Guide


Installation Place

Installation Place

Environmental Requirements
For the safe installation and use of the Corecess S5, the place for installation should satisfy the
following requirements:

y While or after installing the product, keep the product clean all the time.

y The system should be installed in a cool place where has no direct ray of sunlight. Any tool
or equipment should not be place on the way of passage.

y The following ambience condition for temperature and humidity should always be kept.

Table 3-1 Temperature and humidity condition

Operating temperature 0 ~ 40℃

Storage temperature -40 ~ 80℃

Operating humidity 10 ~ 95% (40℃, non-condensing)

Power Supply
y The Corecess S5 should be installed in the place where power supply satisfying the following
condition is provided.

Table 3-1 Power condition

Feature DC Power AC Power


Input Voltage
-48 VDC 100 ~ 240 VAC
Rating
Operating Range -36 ~ -72VDC 88 ~ 264 VAC

Frequency N/A 50/60Hz

y Power is supplied in the form of power line duplication with DC -48V

y Verify the power (source) be clean. If there is too much noise or spark, it is better to have the power
control equipment.

y Locate an electric outlet near the system for easy installation of power cable.

y Be careful with connecting power supply equipment and avoiding overload wiring.

Before Installation 3-9


Unpacking

Unpacking
As the following instructions, unpack the shipping carton and inspecting contents of the
shipping carton.

1. Open the shipping carton of the Corecess S5. There is this manual, desiccant, a power
cable(s), and a console cable on the cushion inserted- Corecess S5 system.

2. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe
place.
3. And then, verify whether there is a plastic bag that contains rack brackets and screws under
the shipping carton.

Corecess S5 System

Four binder-head screws

User’s Guide Console cable (RJ45-DB9)

Recommendation: After unpacking, do not throw away the box including cushions and keep them in a safe
place in case the product is relocated, it is better to move the product after packing with the box including
cushions.

Note: If there are some missing contents or damaged components, contact the sales agency where you
purchased this product to replace them with new ones.

3-10 Corecess S5 System User's Guide


Chapter 4 Installation

This chapter describes how mount the Corecess S5 System on a rack, install the SCM/LIM module and
connect the cables to the ports.

9 Installation Procedure 4-2

9 Rack-Mounting 4-3

9 Installing the Option Modules 4-5

9 Connecting Network Devices 4-10

9 Connecting the System Management Device 4-15

9 Connecting Power 4-17

9 Starting the System 4-20


Installation Procedure

Installation Procedure

Caution: Before starting the installation


y Be sure that the installation place is satisfied the requirements referred to the Chapter 3 Before
Installation.
yBe sure that the power switch is in the OFF (O) position and disconnect all connected cables.

The following summarizes the installation procedure for the Corecess S5. The next section will
describe in detail the step-by-step procedures for each step.

1. Rack-mount
The design allows the Corecess S5 System to be mounted on a 19-inch rack. The screws
needed for rack mounting are enclosed with the product.

2. Installing modules
Install SCM/LIM modules in the slots of the Corecess S5 system.

3. Connect network devices


Connect Gigabit Ethernet ports or Gigabit Ethernet PON ports on the SCM/LIM modules
with other network devices using appropriate network cables.

4. Connect a console terminal


Connect a console terminal/Ethernet LAN with Console port/Ethernet management port
to manage the Corecess S5 System.

5. Connect power to the system


Connect adjacent power after installing the Corecess S5 System.

6. Start the system


Turn the Corecess S5 System on and verify that the system is correctly installed by checking
that certain LEDs are lit.

4-2 Corecess S5 System User's Guide


Rack-Mounting

Rack-Mounting
The design allows the Corecess S5 System to be mounted on any kind of standard 19-inch racks.
This section describes how to install the Corecess S5 System on a 19-inch rack.

Caution: Before installing the system in a rack, read the Rack-Mounting the System section in the Chapter 3
Before Installation to familiarize yourself with the proper site and environmental conditions.

Checking the Rack-Mount Space


Before installing the Corecess S5 System in a 19-inch rack, check the rack-mount space as
follows:

y Make sure that the 19-inch rack is placed on a convenient location for the Corecess S5 System
installation. At least, the space of 550 x 750 (width x length)mm is needed to install the 19-inch rack.

y Check to see if there is a vertical space of around rack units in the rack because of the Corecess S5
System and air flow space (1U).

Air Flow Space (1U) Air Flow Space (1U)

Coreces S506 (3U)

Air Flow Space (1U)

Coreces S518 (12U)

Coreces S511 (7U)

Air Flow Space (1U) Air Flow Space (1U)

Installation 4-3
Rack-Mounting

Mounting the System on a Rack


To mount the Corecess S5 on a 19-inch rack, you need the following tools and equipment:

y A Philips screwdriver

y Electrostatic discharge (ESD) grounding strap

y Four (4) binder-head screws (M5, 8mm) (provided along with the product)

Note: For more information about ESD, refer to the Chapter 3/ Before Installation.

Once all the tools and equipment are prepared, mount the Corecess S5 on a 19-inch rack
according to the following procedure:

1. Place the Corecess S5 on a spacious floor or a sturdy table near the rack. And check the
tools and materials.

2. Lift up the Corecess S5 as high as the available space in the 19-inch rack.

3. Place the rack brackets installed on the Corecess S5 to the holes of the 19-inch rack. And fix
the brackets using four (4) binder-head screws.

Caution: The following explanations should be noticed when installing the Corecess S5 into the 19-inch rack:
y Locate the heavy things at the bottom of the rack. If there is another equipment already installed in the rack,
select the location for the Corecess S5 carefully considering the size of the Corecess S5.
y If the rack is empty, you should install the Corecess S5 System at the bottom of the rack.

4-4 Corecess S5 System User's Guide


Installing Modules

Installing Modules
The Corecess S5 System has five slots, and the following types of module can be installed.

Table 4-1 Kinds of Module and Slot Number installed in each slot

Switching & Control Module


Slot (Numner) Module Description
y 4 uplink ports for Gigabit Ethernet (SFP)
y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM-B72G y 2 uplink ports for 10G Ethernet (XFP,Optional)
y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)
y 4 uplink ports for Gigabit Ethernet (SFP)
y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM Slot SCM-24G
y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)

y 4 uplink ports for Gigabit Ethernet (RJ-45 or SFP)


SCM-20G y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)

Line Interface Module


Slot Module Description

LIM-GW16GF y 16 WDM-PON Ports (SC/APC)

LIM-D16GF y 16 Gigabit Ethernet Ports (SFP)

LIM-D8GF y 8 Gigabit Ethernet Ports (SFP)

LIM Slot
LIM-D4GF y 4 Gigabit Ethernet Ports (SFP)

LIM-D16GT y 16 Gigabit Ethernet Ports (1000Base-T, UTP)

LIM-D8GT y 8 Gigabit Ethernet Ports (1000Base-T, UTP)

LIM-EP4G-GR y Gigabit Ethernet PON Ports (1000Base-PX SFP)

Installation 4-5
Installing Modules

This section describes how to install modules in the Corecess S5 System slots.

Installing modules in slots


The installation procedure of SCM module and LIM module is the same. The following shows
the procedure of installing a module into the slot:

1. Select a slot compatible with the type of module.


2. If there is a module already installed in the slot where you want to install a module,
disconnect all the cables on the module. And loosen the screws on the module using a
Philips screwdriver.

Note: Place the removed module where there is no static electricity or keep it in an anti-static envelop.

3. When installing a module in an empty slot, loosen the screws on the blank bracket that
blocks the empty slot. And remove the blank bracket.

Note: When LIM module’s installation, it is convenient that installation proceed from the number 1 slot in
order.

4. Prepare a module that is to be installed. Check to see if there is any defect by examining the
exterior of the module.

5. Place module to the guide rail that is located in the both sides of the slot. Then, insert the
module carefully until it gets installed in the connector of the back plane. And push the
ejectors located in the both sides of the module.

6. Fasten the module firmly by tightening the two screws using a Philips screwdriver.

7. If the module is installed successfully, the Run LED on the module is turned on with green,
and then it is flashing. Connect cables to ports of the module, and configure the ports using
CLI commands if necessary.

Note: Since the Corecess S5 System provides the hot-swap functions, the system power doesn’t have to be
turned off.

4-6 Corecess S5 System User's Guide


Installing Modules

Installing / Removing SFP module


The SCM/LIM module of the Corecess S5 System has SFP module slots to install SFP modules.
This section describes how to install and remove the SFP module.

The SFP module should support the following interface as follows:

Note: 1000Base-PX module is included with LIM-EP4G-GR, but 1000Base-SX/LX SFP module is optional. For
more information, refer the manual or document.

Installation 4-7
Installing Modules

Installing SFP Module

The procedure to install a SFP module in a slot is as follows:

1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on the
chassis.

2. Take the SFP modules out of the packing and check carefully to see if there is any defect.

Dust plug

Actuator Button

3. Align a GBIC module in front of the GBIC module slot facing the letter-printed side
upward.

4. Insert the SFP module into the slot until you feel the connector on the module snap into
place in the rear of the slot.

Face letter-printed side


upward

5. If needed, configure the installed SFP module using CLI commands.

Caution: Do not remove the dust plugs from the fiber-optic SFP module port or the rubber caps from the fiber-
optic cable until you are ready to connect the cable. The plugs and caps protect the SFP module portsand cables
from contamination and ambient light.

4-8 Corecess S5 System User's Guide


Installing Modules

Removing SFP module

The procedure to install a SFP module in a slot is as follows:

1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on the
chassis.

2. Disconnect the fiber-optic cable from the SFP module and insert a dust plug into the optical
ports of the SFP module to keep the optical interfaces clean.

3. Press the actuator button to release the SFP module from the slot. Grasp the SFP module
between your thumb and index finger and carefully remove it from the module slot.

Actuator Button

4. Place the removed SFP module in an antistatic bag or other protective environment.

Installation 4-9
Connecting Network Devices

Connecting Network Devices


This chapter describes how to connect the ports on the SCM/LIM modules to other network
devices.

y Gigabit Ethernet Uplink Port (RJ-45, SFP)

y Gigabit Ethernet PON Line Port (1000Base-PX SFP)

y Gigabit Ethernet Line Port (SFP)

For the information of cables connected to each port, refer to Appendix B Connector and Cable
Specifications.

Caution: If the distance of two devices connected with a cable is farther than the distance described in this
manual, data can be lost during the transmission.

4-10 Corecess S5 System User's Guide


Connecting Network Devices

Connecting Gigabit Ethernet Uplink Port


The Corecess S5 System provides four Gigabit Ethernet uplink port. Each Gigabit Ethernet
uplink port is connected to the core network using a RJ-45 connector or a LC connector of SFP
module. This section describes how to connect Gigabit Ethernet uplink port depend on the type
of cables.

Caution: The RJ-45 connector and the LC connector of SFP module cannot be used at the same time. Only one
connector type should be used for each port.

Connecting RJ-45 Connector

The four RJ-45 ports on the SCM module support 10/100/1000Base-T interface, and the RJ-45
ports can be connected with the Gigabit Ethernet device that support the transmission speed up
to 1000Mbps.
Using the twisted-pair cable, connect the 10/100/1000Base-T port to the Gigabit Ethernet device.

Gigabit Ethernet Switch or Router


Twisted pair Cable
y 10Mbps : Category-3, 4
y 100Mbps : Category-5
y 1000Mbps : Category-5+, 6
y Max. cable length : 100m Corecess S506

Note: The 10/100/1000Base-T port on the SCM module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.

Note: Connecting the 10/100/1000Base-T port is the same, regardless of the Corecess chassis type. This
manual describes system installation based on the Corecess S506 chassis.

Installation 4-11
Connecting Network Devices

Connecting LC Connector on SFP Module

The 1000Base-SX/LX SFP module can be installed in the SFP slot of the SCM module, and the
Corecess S5 System can be connected to the core network using the 1000Base-SX/LX SFP
module. Depends on the type of SFP modules, connect cables as follows:

1000Base-SX SFP Module


When the 1000Base-SX SFP module is installed in the SFP module slot, use the 850nm Multi-
mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, then connect to the
Gigabit Ethernet network.

1000Base-LX SFP Module


When the 1000Base-LX SFP module is installed in the SFP module slot, use the 1310nm Single
mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, then connect to the
Gigabit Ethernet network.
1000Base-LX SFP Module
1000Base-SX SFP Module

Corecess S506

Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable


y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 850nm (Rx, Tx)
y Max. cable length : 10Km y Max. cable length : 550m

Gigabit Ethernet Switch or Router

Note: Connecting the 1000Base-SX/LX SFP module on the SCM is the same, regardless of the Corecess chassis
type. This manual describes system installation based on the Corecess S506 chassis.

4-12 Corecess S5 System User's Guide


Connecting Network Devices

Connecting Gigabit Ethernet PON Line Port


When the LIM-EP4G-GR module that supports Gigabit Ethernet PON interface is installed in
the Corecess S5 System, the Optical splitter can be connected to the 1000Base-PX SFP port on the
LIM-EP4G-GR.

Prepare the single mode fiber optic cable (Rx: 1310nm, Tx: 1490nm), then connect the cable to
the 1000Base-PX SFP port of the EP4G-GR module and the optical splitter. The optical splitter
can be connected to the maximum number of 32 ONT (Optical Network Terminal).

Corecess S506
Single Mode Fiber Optic Cable
y Connector : Simplex SC/APC
y Wavelength : 1310nm (Rx), 1490nm (Tx)
y Max. cable length : 10/20Km

Corecess 4500 Optical Splitter

Single Mode Fiber Optic Cable


y Connector : Simplex SC/APC
y Wavelength :1490nm (Rx),1310nm (Tx)
y Max. cable length : 20Km

Corecess 3804T ONT

Note: Connecting the 1000Base-PX SFP module on the LIM-EP4G-GR is the same, regardless of the Corecess
chassis type. This manual describes system installation based on the Corecess S506 chassis.

Installation 4-13
Connecting Network Devices

Connecting Gigabit Ethernet Line Port


When the LIM-D4GF module is installed in the Corecess S5 System, the 1000Base-Sx/LX SFP
module can be installed in the SFP slot and be connected to the Gigabit Ethernet network.
Depends on the type of SFP modules, connect cables as follows:

1000Base-SX SFP Module


When the 1000Base-SX SFP module is installed in the SFP module slot, use the 850nm Multi-
mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, then connect to the
Gigabit Ethernet network.

1000Base-LX SFP Module


When the 1000Base-LX SFP module is installed in the SFP module slot, use the 1310nm Single
mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, then connect to the
Gigabit Ethernet network.
1000Base-LX SFP Module
1000Base-SX SFP Module

Corecess S506

Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable


y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 850nm (Rx, Tx)
y Max. cable length : 10Km y Max. cable length : 550m

Gigabit Ethernet Switch or Router

Note: Connecting the 1000Base-SX/LX SFP module on the LIM-D4GF is the same, regardless of the Corecess
chassis type. This manual describes system installation based on the Corecess S506 chassis.

4-14 Corecess S5 System User's Guide


Connecting the System Management Device

Connecting the System Management Device


The Corecess S5 System supports two kinds of system management method as follows:

Local Management (Console)


If you connect the console port on ff module to the console terminal such as a PC or VT-100
terminal, you can use CLI commands to manage the Corecess S5 System through the emulator
terminal.

Remote Management (Ethernet)


The Ethernet Management port on the SCM module can be connected to the Ethernet LAN. You
can use CLI commands to manage the Corecess S5 System using PC installed ViewlinX or
Telnet session from a remote place. To use this remote management, IP address and subnet
mask are required.
To specify IP address and subnet mask, refer The chapter 5 Configuring Basic Features.

The Corecess S5 System can manage the following tasks through local or remote connection.

y Can browse various network statistics information and the status of the switch and ports.

y Can change the switch configuration for changing the topology, improving the switch
performance or controlling the network traffic.

y Can browse the logs of various events and traps occurring at the switch.

y Can download new software from ftp server.

y Can strengthen the system security through specifying hosts that can access switches.

This section describes how to connect the console port and the Ethernet management port to the
console terminal and the Ethernet LAN.

Installation 4-15
Connecting the System Management Device

Connecting the Console Port


Connect the console port on the SCM module to the console terminal such as a PC or VT-100
terminal using the included console cable.

Corecess S506

Console Cable (RJ-45 - DB-9) Console Teminal Configuration


y included with the product y Bit/Sec : 9600bps
y Max. cable length : 15m y Data Bit : 8bit
y Parity Bit : None
y Stop Bit : 1bit
Console Terminal
y Flow Control : None

Note: Note: Connecting the Console port on the SCM is the same, regardless of the Corecess chassis type. This
manual describes system installation based on the Corecess S506 chassis .

4-16 Corecess S5 System User's Guide


Connecting the System Management Device

Connecting Ethernet Management Port


Connect the Ethernet Management port on the SCM module to the local network (Ethernet
LAN) using the twisted pair cable which both sides of the connector are RJ-45.

Corecess S506
Twisted pair Cable
y 10Mbps : Category-3,4,5
Connect to the local network (Ethernet LAN)
y 100Mbps : Category-5
y Max. cable length : 100m

Note: The Ethernet Management port in the SCM module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.

Note: Connecting the Ethernet Management port on the SCM is the same, regardless of the Corecess chassis
type. This manual describes system installation based on the Corecess S506 chassis.

Installation 4-17
Connecting Power

Connecting Power
There two connecting power type of the Corecess S5 System. The Corecess S505(S511,518)
chassis can be connected with DC power. The Corecess S506 chassis, on the other hand, can be
connected with AC power. This section describes how to connect power to the Corecess S5
System.

Connecting DC Power
There are two or three terminal blocks in the Corecess S5 series(S505-Rear, Else-Front, ). If you
want to use power redundancy function, connect each terminal block to the different external
power supply. If you connect only one terminal block to the external power supply, the power
redundancy function is disabled.

Caution: Before connecting power,


y Be sure that the power to be connected to the system is satisfy the considerations referred to the Chapter
3/ Before Installation.
y Be sure that the power switch is turned off.

1. For safety, a transparent plastic cover is attached on the terminal block. Loosen the two
screws using a screw driver, and remove the plastic cover.

Plastic Cover

Plastic Cover

4-18 Corecess S5 System User's Guide


Connecting Power

2. Connect the DC power cable to the terminal block A. Loosen the screws from the terminal
block A, and put the rounded roop of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block A again.

Plastic Cover

3. Connect the DC power cable, connected with the terminal block A, to the external power
supply or the rectifier.

Installation 4-19
Connecting Power

4. Connect the DC power cable to the terminal block B. Loosen the screws from the terminal
block B, and put the rounded roop of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block B again.

Plastic Cover

5. Connect the DC power cable, connected with the terminal block B, to the external power
supply or the rectifier. For the power redundancy, the DC power cable should be connected
to the different external power supply from what connected to the terminal block A.

4-20 Corecess S5 System User's Guide


Connecting Power

Connecting AC Power
There are two power modules in font of the Corecess S506. If you want to use power
redundancy function, connect each terminal block to the different external power supply. If you
connect only one terminal block to the external power supply, the power redundancy function
is disabled.

Caution: Before connecting power,


y Be sure that the power to be connected to the system is satisfy the considerations referred to the Chapter
3/ Before Installation.
y Be sure that the power switch is turned off.

1. Be sure that the power switch on the power module is turned off.

2. Connect the power cable, which is provided with the Corecess S5 System, to the power
input on the power module. Then, plug opposite side of the power cable into an outlet.

Corecess S506

Installation 4-21
Starting the System

Starting the System


Start the Corecess S5 System according to the following order after installation:

1. Check the followings once again before operating the Corecess S5 System:
y Make sure that modules are properly inserted in the slot of the Corecess S5 System.
y Make sure that cables are properly connected to each port.
y Make sure that the power cable is properly connected.

2. Turn on the power of the console terminal and execute the terminal emulator program.

3. Supply power to the Corecess S5 System. In case of the Corecess S505, turn on the switches
of the external power supplies. In case of the Corecess S506, turn on the swithes of the
power modules on the Corecess S5 System.

4. Check to see if the cooling fans are operating.

5. If the power is properly supplied to the Corecess S5 System without any problem, the RUN
LED turns on in green, and the following message is displayed on the console terminal.

U-Boot 1.2.1 (Tue Feb 1 19:34:09 KST 2005)


SCM20G u-Boot Temporary Version (jubarley@janu.corecess.com)

IBM PowerPC 440 GP Rev. C


Board: Corecess SCM20G
VCO: 800 MHz
CPU: 400 MHz
PLB: 133 MHz
OPB: 66 MHz
EPB: 66 MHz
I2C: ready
DRAM: 248 MB
FLASH: 512 kB
PCI: Bus Dev VenId DevId Class Int
00 01 14e4 5695 0280 00
00 02 14e4 5695 0280 00
In: serial
Out: serial

4-22 Corecess S5 System User's Guide


Starting the System

Err: serial
IDE: Bus 0: OK

Device 0: Model: SanDisk SDCFB-128 Firm: Rev 3.03 Ser#: X0318 20021223051815
Type: Removable Hard Disk
Capacity: 122.2 MB = 0.1 GB (250368 x 512)
Device 1: not available
BEDBUG:ready
Press CTRL-C to stop autoboot: 0
.
.

6. Once the initialization is properly completed in a short while, the RUN LED is starting to
flash green. And the following login message is displayed on the console screen.

localhost login:

Now, the Corecess S5 System is properly installed. Log in the CLI of the Corecess system, then
configure the system depend on the environment of site.

Installation 4-23
Starting the System

4-24 Corecess S5 System User's Guide


Chapter 5 Configuring Basic Features

This chapter briefs general configuration method of the Corecess S5. The Corecess S5 has already
configured with default upon the shipment and can immediately be used without additional configuration
explained in this chapter. If the default configuration should be changed according to user’s network
environment, refer to the contents in this chapter.

9 Before Configuration 5-2

9 Configuring Basic System Parameters 5-13

9 Configuring File Management 5-23

9 Monitoring and Maintaining the System 5-28

9 System Log Management 5-38

9 Upgrading Software 5-46


Before Configuration

Before Configuration
This section describes how to access the Corecess S5 System CLI (Command Line Interface) and
provides information that you should know before using the Corecess S5 System CLI.

Note : Examples and pictures in this manual are explained on the basis of S505 and S506 systems. Many of
features in this manual are identical as S518 since S518 uses same protocol.

Accessing the CLI


When the Corecess S5 starts up for the first time, the only CLI access is available through the
console port. The following steps describe how to access the Corecess S5 CLI on the console
terminal connected to the console port:

1. To access the Corecess CLI on the console screen, the console port on the Corecess S5 System
should be connected to a serial port(DB-9) of the console using a console cable as the
following figure:

Corecess S506

Console cable (RJ-45 - DB-9) Console Terminal Configuration


y Console cable included y Bit/Second : 9600bps
with the system y Data Bit : 8bit
y Max. cable length : 15m y Parity Bit : None
y Stop Bit : 1bit
Console Terminal
y Flow Control : None

Note : Console port connection is identical regardless of S505, S506, and S518 types. This manual uses Corecess
S506 in the examples.

5-2 Corecess S5 System User's Guide


Before Configuration

2. Make sure that you have started the emulation software program such as HyperTerminal from
your console terminal.

3. Press [Enter], then the following login message is displayed on the console terminal:

login:

4. Enter the login ID and the password, then press the [Enter]. The default login id is ‘corecess’.
If you entered the login ID and the password correctly, localhost> prompt appears.

login: corecess
Password:
localhost>

5. To configure the Corecess S5, enter the ‘Privileged’ mode by enable command. If you enter
Privileged mode, the prompt is changed from localhost> to localhost#.

localhost> enable
localhost#

Note: After specifying the IP address of the NMS port (Management interface), you can access the Corecess S5
CLI through the Telnet session or NMS.

Configuring Basic Features 5-3


Before Configuration

Command Modes
The CLI of the Corecess S5 System supports various command modes. The CLI commands are
only executed in their command modes. The following table describes the type of command
modes and the tasks.

Table 5-1 CLI modes

Command Mode Description


In this mode, you can display information and perform basic tasks such as
User
Ping and Telnet.
In this mode, you can use the same commands as those at the User
Privileged mode plus configuration commands that do not require saving the
changes to the system-configure file.
The global mode allows you to globally configure access-lists, DHCP,
Global SNMP, and VLAN. You can also apply or modify parameters for ports
on the device.
In this mode, you can configure the BGP routing session which uses
Address-family
the standard IPv4/VPNv4 address prefix.
In this mode, you can configure the key groups used for RIP
Key-chain
authentication.
Key In this mode, you can configure the authentication key of the RIP.
The Route-map configuration mode allows you to define conditions for
Route-map redistributing the routes from a routing protocol to another routing
protocol.
The interface mode allows you to configure the features for the specific
Interface
VLAN interface.
Configuration The QoS configuration mode allows you to configure QoS (Quality of
QoS
Service) on the system.
The Class-map configuration mode allows you to configure QoS class-
Class-map
map.
The Policy-map configuration mode allows you to configure QoS
Policy-map
policy-map.
Policy-map- The Policy-map class mode allows you to assign the class map to be
class applied to QoS policy-map.
RIP In this mode, you can configure RIP routing protocol.
OSPF In this mode, you can configure OSPF routing protocol.
BGP In this mode, you can configure BGP routing protocol.
IS-IS In this mode, you can configure IS-IS routing protocol.
VRRP In this mode, you can configure VRRP.

5-4 Corecess S5 System User's Guide


Before Configuration

You can enter the each command mode by entering the following command.

Table 5-2 Command mode access method

To From CLI Command

Privileged User mode enable

Global Privileged mode configure terminal

Address-family BGP configuration address-family

Key-chain Global configuration key chain

Key Key-chain key

Route-map Global configuration route-map

Interface Global configuration interface

QoS Global configuration qos

Configuration Class-map QoS configuration class-map

Policy-map QoS configuration policy-map


Policy-map-
Policy-map configuration class
class
RIP Global configuration router rip

OSPF Global configuration router ospf

BGP Global configuration router bgp

IS-IS Global configuration router isis

VRRP Global configuration router vrrp

Entering Privileged Mode

When you start a session on the Corecess S5, you begin in User mode. Only a limited subset of
the commands is available in User mode. To have access to all commands, you must enter
Privileged mode. To enter Privileged mode from User mode, enter the enable command. The
CLI prompt will be changed from > to # entering Privileged mode.

localhost> enable
localhost#

Configuring Basic Features 5-5


Before Configuration

To exit from Privileged mode, enter disable command. The CLI prompt will be changed from #
to > returning to User mode from Privileged mode.

localhost# disable
localhost>

If you enter the exit command in Privileged mode, you can exit form the CLI.

localhost# exit

login:

Entering Global Configuration Mode

Global configuration mode allows you to change configuration for the Corecess S5 System. Also,
you can enter other configuration mode through Global configuration mode.

To enter Global configuration mode from Privileged mode, enter the configure terminal
command. The CLI prompt will be changed localhost(config)# entering Global configuration
mode.

localhost# configure terminal


localhost(config)#

To exit from Global configuration mode, enter end command. The CLI prompt will be changed
to localhost# returning to Privileged mode.

localhost(config)# end
localhost#

5-6 Corecess S5 System User's Guide


Before Configuration

Returning to Previous Command Mode

To log out from CLI, you should return to User mode or Privileged mode. Use the exit or end
command to return to User mode or Privileged mode from other command mode:

This example shows how to return to Privileged mode from Policy-map mode by using the
exit command:

localhost(config-pmap)# exit
localhost(config-qos)# exit
localhost(config)# exit
localhost#

To return to Privileged mode directly without what mode you are in, use the end command.
This example shows how to return to Privileged mode from Policy-map mode by using the end
command:

localhost(config-pmap)# end
localhost#

Logging out From CLI

To log out from the CLI, enter the exit command in User mode or Privileged mode.

This example shows how to log out from the CLI in Privileged mode. After logging out from
the CLI, login prompt will be displayed as follow.

localhost# exit

login:

Configuring Basic Features 5-7


Before Configuration

Prompt
On the Corecess S5 CLI prompt, the node name and current command mode are indicated as
follows:

localhost(config-qos)#
Node name Command mode

Node Name

The default node name is ‘localhost’. This default node name is used for the prompt until you
change it. If the proper node name is specified, it is useful to classify the product purpose or the
location.

Note: You can change the node name of the Corecess S5 System by using hostname command in global
configuration mode.

Current Command Mode

The following table describes the prompt of the main command modes.

Table 5-3 Prompt of the main command modes

Command Mode Prompt

User >

Privileged #

Global (config)#

Address-family (config-router-af)#

Key-chain (config-keychain)#

Key (config-keychain-key)#

Route-map (config-route-map)#

Configuration Interface (config-if)#

QoS (config-qos)#

Class-map (config-cmap)#

Policy-map (config-pmap)#

Policy-map-class (config-pmap-c)#

RIP, OSPF, BGP, IS-IS, VRRP (config-router)#

5-8 Corecess S5 System User's Guide


Before Configuration

Getting Help
The Corecess S5 CLI provides help system that shows the list of available commands or
parameters. You can also get information about their function and brief description of usage.

y To obtain a list of commands that are available for each command mode, enter a question
mark (?) at the prompt:

# ?
calendar calendar
clear Reset functions
clock System clock
close Close the terminal
cls Clear a screen
configure Configuration from vty interface
copy Copy from one file to another
debug
delete Delete
diag Diagnosis mode
disable Turn off privileged mode command
enable enable
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
ping send echo messages
quit Exit current mode and down to previous mode
reset reset
session Create Session
show Show
ssh Open a ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also 'debug')
update Update Images
write Write Information
#

Configuring Basic Features 5-9


Before Configuration

y To obtain the syntax for commands that are available for each command mode, enter the
list command at the prompt:

# list
calendar set WORD [WORD] [WORD] [WORD]
clear arp
clear arp A.B.C.D
clear arp-cache
clear dhcp statistics
clear dhcprelay lease all
clear dhcpserver lease all
clear dhcpserver lease ip A.B.C.D
clear dhcpserver lease mac A:B:C:D:E:F
.
.
update option image NAME slot <1-100>
update option image id <1-100> slot <1-100>
update port epon WORD onu mac WORD image NAME
update rootfs image NAME
update rootfs image id <1-100>
write dhcpserver leasefile
write file
write memory
write terminal
#

y To obtain a list of any command's associated keywords and arguments, enter a question
mark (?) after a partial command followed by a space:

# clear ip ?
bgp GP information
dhcp ynamic Host Configuration Protocol
igmp nternet Group Management Protocol
mroute elete multicast route table entries
ospf SPF information
pim rotocol Independent Multicast (PIM)
prefix-list uild a prefix list
rip lear rip routing table
route lear all routing table
static tatic routing table & configuration
vrrp RRP information
# clear ip

5-10 Corecess S5 System User's Guide


Before Configuration

CLI Command Usage Basics

Entering CLI Commands

To executing a CLI command, you should enter both the command and it’s parameter. You can
execute the commands in the command mode which the prompt is locating now.

The CLI commands of the Corecess S5 have the following characteristics:

y The CLI commands are case-sensitive.

y The CLI supports command completion, so you do not need to enter the entire name of a
command or parameter. As long as you enter enough characters of the command or
parameter to avoid ambiguity with other commands or parameters, the CLI understands
what you are typing. For example, you can enter only con t to execute the configure
terminal command at Privileged command mode.

localhost# con t
localhost(config)#

But if you enter only co t, the following error message will be displayed. Because there are
copy and configure command and the system can’t distinguish the two commands.

localhost# co t
% Unknown command.

y To complete a command, press Tab key. If you enter a few known characters, then press Tab
key, the CLI displays the rest characters of the command. For example, if you enter only con
in Privileged mode, then press Tab key, the CLI displays configure on the terminal.

Configuring Basic Features 5-11


Before Configuration

Specifying Ports

To specify ports as a parameter in the CLI, follow these rules.

y Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1
on the module installed in the slot 1.

y Use dash (-) to specify consecutive number of ports. For example, enter 1/1-4 instead of
entering 1/1, 1/2, 1/3 and 1/4.

y Use comma (,) to specify non-consecutive number of ports. For example, enter 1/1,1/3-4
instead of entering 1/1, 1/3 and 1/4.

y See the following figure to check the slot number:

Slot 5 (SCM Slot)


Slot 4 (LIM Slot)
Slot 3 (LIM Slot)
Slot 2 (LIM Slot)
Slot 1 (LIM Slot)

Editing Commands

The CLI supports the following line editing commands. To enter a line-editing command, use
the CTRL-key combination for the command by pressing and holding the CTRL key, then
pressing the letter associated with the command.

Table 5-4 CLI Edititng command.

Ctrl-Key
Description
Combination
Ctrl+a Moves to the first character on the command line.

Ctrl+b Moves the cursor back one character.

Ctrl+d Deletes the character at the cursor.

Ctrl+e Moves to the end of the current command line.

Ctrl+f Moves the cursor forward one character.

Ctrl+n Enters the next command line in the history buffer.

Ctrl+p Enters the previous command line in the history buffer.

Ctrl+u Deletes all characters from the cursor to the beginning of the command line.

5-12 Corecess S5 System User's Guide


Configuring Basic System Parameters

Configuring Basic System Parameters


This section describes the procedure of configuring the following basic system parameters:
y IP address
y CLI users
y System name
y System time and date

Setting an IP Address for management


Before you use Telnet or SNMP to manage the Corecess S5 System from remote place, you must
assign an IP address to the Ethenet management port (Ethernet port on the SCM module). You
can specify the subnet mask (netmask) using the number of subnet bits or using the subnet
mask in dotted decimal format.

To set the IP address of the Ethernet management port, follow this procedure:

Table 5-5 Setting the IP address

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global configuration mode.

interface 3. Enter Interface configuration mode for configuring the Ethernet management
management port.

4. Assign an IP address and subnet mask to the Ethernet management port.


ip address
y <ip-address>: IP address for the interface.
<ip-address>/<M>
y <M>: Subnet mask.

5. Exit from Interface configuration mode and return to Global configuration


exit
mode.

ip route default 6. Specify the default gateway address.


<gateway-address> y <default-gateway>: Default gateway address.

end 7. Return to Privileged mode.

show interface
8. Verify the IP address configuration.
management

9. Check the network connectivity.


ping <host>
y <host>: The IP address of the host or the network number to ping.

write memory 10. Save the IP address configuration.

Configuring Basic Features 5-13


Configuring Basic System Parameters

The following is an example of assigning an IP address and subnet mask to the Ethernet
management port and verifying the configuration:

> enable Enter the Privileged mode

# configure terminal Enter the Global Configuration mode

(config)# interface management Enter the interface mode of the Ethernet Manegement port
Specify the IP address and subnet mask of
(config-if)# ip address 172.27.68.100/16
the Ethernet Management port
(config-if)# exit Enter the Global Configuration Mode

(config)# ip route default 172.27.1.254 Specify the default gateway address


(config)# end Return to the Privileged mode
Display the configuration information of
# show interface management
the Ethernet Management port
Interface management
index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:90:a3:cd:0e:b0
inet 172.27.68.100/16 broadcast 172.27.255.255
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# ping 172.27.2.49 Verify communicating with other hosts on the same network

172.27.2.49 is alive!
# write memory Save the changed configuration to the backup configuration file

Building Configuration...
[OK]
#

5-14 Corecess S5 System User's Guide


Configuring Basic System Parameters

User Management
To access the CLI of the Corecess S5 System, you must login by entering the user name and the
password. By default, ‘corecess’ exists. This section describes how to add and delete user who
can login the CLI of the Corecess S5 System.

Adding a New User

The table below shows the commands to add a user:

Table 5-6 Adding a new user

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global configuration mode.

3. Add a user.
username <name> y <name> The user ID for entering the Corecess S5 System CLI.
password <password> [8] y <password> The password for the user.
y 8 Encrypts the password

end 4. Return to Privileged mode.

show username 5. Verify the list of user configuration

write memory 6. Save the user configuration.

The following example shows how to adds a user whose id is ‘kka’ and password is ‘violet’ and
verifies the configuration:

# configure terminal
(config)# username kka passwd violet
(config)# end
# show username
corecess none none **Never logged in**
kka none none **Never logged in**
# write memory
Building Configuration...
[OK]

Configuring Basic Features 5-15


Configuring Basic System Parameters

Changing a User Password

To change a user password for a user, execute the following procedure:

Table 5-7 Changing a user password

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global configuration mode.

3. Specify a new password.


username <name> passwd y <name> The user ID to modify password
<password> [8] y <password> New password
y 8 Encrypts the password

end 4. Return to Privileged mode.

write memory 5. Save the changed configuration.

The following example shows how to change a password of the user ‘kka’:

# configure terminal
(config)# user kka password corecess
(config)# end
# write memory
Building Configuration...
[OK]
#

5-16 Corecess S5 System User's Guide


Configuring Basic System Parameters

Deleting a User

To delete a user, execute the following procedure:

Table 5-8 Deleting a user

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global configuration mode.

3. Delete a user.
no username <user-name>
y <user-name>: The user name to delete

end 4. Return to Privileged mode.

show username 5. Verify the list of users.

write memory 6. Save the configuration change.

The following example shows how to delete the user ‘kka’ and verify the deletion:

# configure terminal
(config)# no username kka
(config)# end
# show username
corecess none none **Never logged in**
# write memory
Building Configuration...
[OK]
#

Configuring Basic Features 5-17


Configuring Basic System Parameters

Specifying System Name and System Time


This section describes the configuration of the following general system features:

y System name
y System date and time
y NTP (Network Time Protocol) mode and time zone
y Time zone

Changing System Name

The system name is used as the prompt on the console. Therefore, it is convenient for finding
out which device is connected to. To change the system name, use the following commands.

Table 5-9 Changing system name

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global configuration mode.

3. Specify the system name.


hostname <system-name>
y <system-name> The string used for system name

end 4. Return to Privileged mode.

write memory 5. Save the changed configuration.

The following example shows how to change the system name to ‘Corecess’:

localhost> enable
localhost# configure terminal
localhost(config)# hostname Corecess
Corecess(config)# end
Corecess# write memory
Building Configuration...
[OK]
Corecess#

5-18 Corecess S5 System User's Guide


Configuring Basic System Parameters

Adjusting System Date and Time

The system date and time is used in the log which is the record of the events occurred in the
system. When recording events or commands executed in the system into a log, the date and
time of the system is recorded with events or commands. Such logs can be used as an important
data in solving problems in the system, thus it is very important to accurately set the date and
time of the system.

The following describes how to set the system time and date.

Table 5-10 Adjusting system time

Command Task

enable 1. Enter Privileged mode.

2. Specify the current system time and date.


y <time>: Current time in hours, minutes, and seconds (in the format
clock set <time>
hh:mm:ss, example : 16:24:00)
[<date>] [<month>]
y <day>: Current day (by date) in the month.
[<year>]
y <month>: Current month (1 ~ 12, or name).
y <year>: Current year (no abbreviation).

show clock 3. Verify the configuration.

write memory 4. Save the changed information.

The following example shows how to adjust the system calendar and change the system clock
into the system calendar:

# clock set 33:20:10 8 mar 2004


# show clock
Fri Oct 8 17:37:49 2004 -0.066680 seconds
# write memory
Building Configuration...
[OK]
#

To use the current software clock (calendar) as the system clock, use the clock read-
calendar command in Privileged mode.

# show calendar
Fri Oct 8 11:26:38 KST 2004
# clock read-calendar
# show clock

Configuring Basic Features 5-19


Configuring Basic System Parameters

Fri Oct 8 11:26:38 2004 -0.440000 seconds


#

Note: The ‘calendar’ is a software clock that is erased when the system is powered off or reboot. The other
hand, the system clock run continuously, even if the system is powered off or reboot.

Setting NTP Mode

NTP (Network Time Protocol) synchronizes timekeeping among a set of distributed time
servers and clients. This synchronization allows events to be correlated when system logs are
created and other time-specific events occur.

The Corecess S5 supports the following NTP modes:


y Broadcast client mode
In broadcast client mode, local network equipment, such as a router, regularly broadcasts the
time information. The Corecess S5 System listens for the broadcast messages and set the
system clock.

y Multicast client mode


In multicast client mode, local network equipment, such as a router, regularly multicast the
time information to specific multicast group address.

y Server mode
In server mode, the Corecess S5 System regularly requests the time information to an NTP
server.

To configure NTP on the system, use the following commands:

Table 5-11 Configuring NTP

Command Task

configure terminal 1. Enter Global configuration mode.

5-20 Corecess S5 System User's Guide


Configuring Basic System Parameters

Command Task
2. Set the NTP mode.
y broadcast: Configure the system in NTP broadcast client mode.
y multicast <group-address>: Configure the system in NTP
multicast client mode.
ntp config type - <group-address>: Multicast group address
{broadcast | multicast y server <poll> <ip-address>: Configure the system in NTP
<group-address> | server server mode.
<poll> <ip-address> - <poll>: The polling interval.
preset {on | off}} - <ip-address>: The IP address of the NTP server.
y preset: Whether to preset the system clock to the time received
from NTP server.
- on: Preset.
- off: Not preset.
ntp enable 3. Enable NTP on the system

end 4. Return to Privileged mode.

show ntp config 5. Verify the NTP configuration.

The following example shows how to configure the system in NTP server mode and verify the
configuration:

(config)# ntp config type server 32 203.255.112.69 preset on


(config)# ntp enable
(config)# end
# show ntp config
ntp config type server 32 203.255.112.69 preset on
ntp enable
#

Setting the Time Zone

You can specify a time zone for the Corecess S5 System to display the time based on that time
zone. The Corecess S5 System learnt time from NTP sets its clock according to the specified time
zone and displays time. For example, when you set the time zone as ‘Seoul’ and ‘Los Angeles’,
the displayed date is different.
The default time zone is UTC. You must enable NTP before you set the time zone. If NTP is not
enabled, this command has no effect.

To set the time zone, use the following commands:

Table 5-12 Set the time zone

Configuring Basic Features 5-21


Configuring Basic System Parameters

Command Task

configure terminal 1. Enter Global configuration mode.

2. Set the time zone.


y <region> The region name. Select one of followings:
- Africa, America, Antarctica, Arctic, Asia, Atlantic,
ntp region <region>
Australia, Europe, Indian, Pacific
<area-code>
y <area> Area code(area code, 1 ~ 1000). You can see the area code
for the selected region by using the show ntp region in Privileged
mode.

end 3. Return to Privileged mode.

show ntp config 4. Verify the configuration.

write memory 5. Save the configuration changes.

reset system 6. Restart the system.

The following example shows how to set the time zone and the area code to Asia/Seoul:

(config)# ntp region Asia 54


New NTP region/area is Asia/Seoul(Seoul)

system must be rebooted.


(config)# end
# show ntp config
ntp region Asia 54
ntp enable
# reset system
.
.

5-22 Corecess S5 System User's Guide


Configuration File Management

Configuration File Management


The system configuration file is a text file that has commands for system configuration when the
system is booting. It is convenient that you do not need to input commands manually for the
system configuration, whatever the system booting.

The Corecess S5 System contains two types of configuration files: the running (current
operating) configuration and the startup (last saved) configuration.
The feature of the files is as follows:

Running configuration
The running configuration is the current (unsaved) configuration that reflects the most recent
configuration changes. When a user changes the system configuration, the system configuration
is saved in the running configuration file of RAM and is applied immediately to the system.
You can upload or download the running configuration file via FTP or TFTP.

Startup configuration
The startup configuration is the saved configuration in NVRAM and is used when the system
initializes. The startup configuration is not removed when the system power is turned off. You
can upload or download the startup configuration file via FTP or TFTP.

Caution: Whenever you make changes to the Corecess S5 System configuration, you must save the changes to
memory so they will not be lost if the system is rebooted.

Configuring Basic Features 5-23


Configuration File Management

Displaying the Current Running Configuration


To display the current running configuration, enter the show running-config command in
Privilege mode:

To display the current running configuration, follow this procedure:

Table 5-13 Show the current running configuration

Command Task

enable 1. Enter Privileged mode.

show running-config 2. Display the current running configuration.

The following example shows how to display the current running configuration file of the
Corecess S5 System.

# show running-config
Building configuration...

Current configuration:
!
! version 0.73
!
hostname Corecess
!
snmp-server community "public" ro
snmp-server community "private" rw
snmp-server contact Unknown
snmp-server location Unknown
snmp-server enable rmon
!
system fan enable 33 25
system temperature enable 90 80
!
port gigabitethernet 1/1 flowctl off
port gigabitethernet 1/1 duplex full
port gigabitethernet 1/2 flowctl off
port gigabitethernet 1/2 duplex full
port gigabitethernet 1/3 flowctl off
port gigabitethernet 1/3 duplex full
port gigabitethernet 1/4 flowctl off
port gigabitethernet 1/4 duplex full

5-24 Corecess S5 System User's Guide


Configuration File Management

!
interface management
ip address 172.18.22.6/16
!
ip multipath count 32
!
line vty
!
dhcprelay enable
dhcprelay serverlist 100.1.1.1
!
no ntp
!
.
.
#

Configuring Basic Features 5-25


Configuration File Management

Saving the Current Running Configuration


If you apply the current running configuration file when the next system’s booting, save the
current running configuration file to the startup configuration file before the system is reset or
powered off.

There are three commands to save the current running configuration file to the startup
configuration file.

Table 5-14 Commands for saving the current running configuration

Command Mode

write memory

write file Privileged

copy running-config startup-config

The following example shows how to save the current running configuration to the startup
configuration using the write memory command:

# write memory
Building Configuration...
[OK]
#

The following example shows how to save the current running configuration to the startup
configuration using the write file command:

# write file
Building Configuration...
[OK]
#

The following example shows how to save the current running configuration file to the startup
configuration file using the copy running-config startup-config command.

# copy running-config startup-config


Building Configuration...
[OK]
#

5-26 Corecess S5 System User's Guide


Configuration File Management

Restoring Default Configuration


To restore the default configuration, use the following commands:

Table 5-15 Restoring default configuration

Commands Task

enable 1. Enter Privileged mode.

copy factory-default
2. Restore the default configuration.
start-up config

reset system 3. Restart the Corecess S5 System.

The following example shows how to restore the default configuration.

# copy factory-default startup-config


done
# reset system
.
.

Configuring Basic Features 5-27


Monitoring and Maintaining the System

Monitoring and Maintaining the System


This section describes the commands you use to monitor the network connectivity and the state
of the system modules and display the system configuration. It also describes how to display
and manage the system log and how to download the software from the remote server.

Monitoring Network Connectivity


After you assign an IP address and a subnet mask of the Corecess S5 System and connect the
Ethernet Management port to the network, you should be able to communicate with other
nodes on the network.

To check whether the Corecess S5 System is properly connected and configured, use the
following commands:

Table 5-16 Checking network connectivity

Commands Task

enable 1. Enter Privileged mode.

2. Ping another node on the network.


y <destination>: The IP address of the host or the network
ping <destination> number to ping.
[count <packet-count>]
y count: Sends the specified number of ICMP packets.
- <packet-count>: The number of packets to send (1 ~ 512).

3. Trace the route of packets through the network to another node.


traceroute [<host-ip> y <host-ip>: Destination address.
| <host-name>]
y <host-name>: Host name.

show interface 4. If the host is unresponsive, check the IP address and the subnet mask
management in the configuration of the Ethernet Management port.

5. If the interface of the Ethernet Management port is properly


show ip route
configured, check the IP routing table.

This example shows how to ping a host with IP address 172.27.2.49:

# ping 172.27.2.49
PING 172.27.2.49 (172.27.2.49) from 172.27.2.100 : 56(84) bytes of data.
64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=955 usec
64 bytes from 172.27.2.49: icmp_seq=1 ttl=128 time=817 usec
64 bytes from 172.27.2.49: icmp_seq=2 ttl=128 time=816 usec

5-28 Corecess S5 System User's Guide


Monitoring and Maintaining the System

64 bytes from 172.27.2.49: icmp_seq=3 ttl=128 time=8.284 msec


64 bytes from 172.27.2.49: icmp_seq=4 ttl=128 time=820 usec
64 bytes from 172.27.2.49: icmp_seq=5 ttl=128 time=815 usec
64 bytes from 172.27.2.49: icmp_seq=6 ttl=128 time=821 usec
64 bytes from 172.27.2.49: icmp_seq=7 ttl=128 time=817 usec
64 bytes from 172.27.2.49: icmp_seq=8 ttl=128 time=826 usec
64 bytes from 172.27.2.49: icmp_seq=10 ttl=128 time=779 usec
64 bytes from 172.27.2.49: icmp_seq=11 ttl=128 time=765 usec
64 bytes from 172.27.2.49: icmp_seq=12 ttl=128 time=763 usec
64 bytes from 172.27.2.49: icmp_seq=13 ttl=128 time=761 usec
64 bytes from 172.27.2.49: icmp_seq=14 ttl=128 time=760 usec
64 bytes from 172.27.2.49: icmp_seq=15 ttl=128 time=762 usec

--- 172.27.2.49 ping statistics ---


16 packets transmitted, 15 packets received, 6% packet loss
round-trip min/avg/max/mdev = 0.760/1.304/8.284/1.866 ms
#

The following messages are displayed according to the status of host and network after
execution of the ping command:

Table 5-17 PING field descriptions

Connection Status message

64 bytes from <host> : Host or network is connected. (When the ICMP echo response
icmp_seq=n ttl=n time=n ms messages have been received from the host or network)
Destination does not respond. (When any packets have not
no answer from <host>
been received from the host or network)
<host> is unreachable Host is unreachable.

Network is unreachable. : 2 Network is unreachable.

This example shows how to perform a traceroute to the host whose IP address is 192.1.1.1:

# traceroute 192.1.1.1
traceroute to 192.1.1.1 (192.1.1.1), 30 hops max, 38 byte packets
1 * 172.27.1.254 (172.27.1.254) 4.204 ms 9.754 ms
2 * 192.168.11.126 (192.168.11.126) 1.640 ms 1.317 ms
3 61.107.96.1 (61.107.96.1) 1.825 ms 1.778 ms 1.441 ms
4 61.96.195.249 (61.96.195.249) 1.723 ms 1.812 ms 1.838 ms
5 172.30.4.1 (172.30.4.1) 2.375 ms 1.838 ms 1.856 ms
6 172.30.100.33 (172.30.100.33) 2.212 ms 1.813 ms 1.838 ms
7 172.30.100.10 (172.30.100.10) 2.404 ms 1.888 ms 2.277 ms
8 211.61.251.1 (211.61.251.1) 2.305 ms 1.861 ms 1.802 ms

Configuring Basic Features 5-29


Monitoring and Maintaining the System

9 211.61.251.4 (211.61.251.4) 3.338 ms 2.812 ms 2.811 ms


.
.
.
19 4.0.2.250 (4.0.2.250) 218.205 ms 4.1.81.1 (4.1.81.1) 220.789 ms *
20 4.1.138.38 (4.1.138.38) 220.070 ms 227.188 ms 4.1.81.1 (4.1.81.1) 23.769
ms
21 4.1.138.38 (4.1.138.38) 219.686 ms 192.1.101.81 (192.1.101.81) 222.896 ms
4.1.138.38 (4.1.138.38) 220.625 ms
22 * 192.1.101.81 (192.1.101.81) 219.597 ms 218.852 ms
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

The following example displays sample traceroute output when a destination host IP
address is specified:

# traceroute 61.107.97.51
traceroute to 61.107.97.51 (61.107.97.51), 30 hops max, 40 byte packets n
1 172.26.1.254 (172.26.1.254) 14.812 ms 29.758 ms 22.752 ms
2 192.168.11.126 (192.168.11.126) 0.497 ms 0.454 ms 0.360 ms
3 61.107.97.51 (61.107.97.51) 14.812 ms 29.758 ms 22.752 ms
o p q
#

The table below describes the fields shown by the traceroute command:

Table 5-18 traceroute field descriptions

Field Description

n Maximum TTL value and the size of the ICMP datagrams being sent

o Indicates the sequence number of the switch router in the path to the host

p IP address of the router

q Round-trip time for each of the three probes that are sent

5-30 Corecess S5 System User's Guide


Monitoring and Maintaining the System

If the host is irresponsible after execution of the PING or traceroute commands, check the
interface of the Ethernet Management port using the show interface management
command, and check the routing table using the show ip route command.

The following example shows how to display the interface of the Ethernet Management port
using the show interface management command.

# show interface management


Interface management
index 0 kernel index 2 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:11:a1:ca:00:01
inet 172.19.3.154/16 broadcast 172.19.255.255
input packets 1715511, bytes 159585565, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 436568, bytes 54251015, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

The following example shows how to display the IP routing table using the show ip route
command.

# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

S> * default [1/0] via 172.19.1.254, management


B> * 100.100.10.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
B> * 100.100.11.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
B> * 100.100.14.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
B> * 100.100.15.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
C * 172.19.0.0/16 is directly connected, vlan1
C> * 172.19.0.0/16 is directly connected, management

Route Source Num of Entries


connected 2
static 1
bgp 4
Total 7

Configuring Basic Features 5-31


Monitoring and Maintaining the System

Displaying CPU Utilization


You can display the utilization of the CPU on the Corecess S5 System using the show cpuinfo
command in Privileged mode. The following is a sample output of the show cpuinfo
command:

# show cpuinfo
cpu : 440GP Rev. C
revision : 4.129 (pvr 4012 0481)
bogomips : 595.96
vendor : IBM
machine : Ebony
#

The following table describes the fields shown by show cpuinfo command:

Table 5-19 show cpuinfo field descriptions

Field Description

cpu Model name of the CPU.

revision Version information of the CPU.

Bogomips is the number of million times per second a CPU can do absolutely nothing
bogomips
and is used for a measurement of speed for the non Intel CPUs.

vendor Maker of the CPU.

5-32 Corecess S5 System User's Guide


Monitoring and Maintaining the System

Displaying Memory Usage


You can display the usage of the memories on the Corecess S5 System using the show meminfo
command in Privileged mode. The following is a sample output of the show meminfo
command:

The following example shows how to display the information of the memory.

# show meminfo
total: used: free: shared: buffers: cached:
Mem: 250851328 106090496 144760832 0 3883008 40488960
Swap: 0 0 0
MemTotal: 244972 kB
MemFree: 141368 kB
MemShared: 0 kB
Buffers: 3792 kB
Cached: 39540 kB
SwapCached: 0 kB
Active: 8684 kB
Inactive: 77488 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 244972 kB
LowFree: 141368 kB
SwapTotal: 0 kB
SwapFree: 0 kB
#

The table below describes the fields shown by the show meminfo command:

Table 5-20 show meminfo field descriptions

Field Description

total Total amount of memory held in bytes.

used Total amount of used memory in bytes.

free Total amount of free memory in bytes.


Mem
shared Total amount of shared memory in bytes.

buffers Total amount of buffer memory in bytes.

cached Total amount of cache memory in bytes.

total Total amount of swap in bytes.

Swap used Total amount of used swap in bytes.

free Total amount of free swap in bytes.

Configuring Basic Features 5-33


Monitoring and Maintaining the System

(Continued)
Field Description

MemTotal Total amount of memory in Kilobytes.

MemFree Total amount of free memory in Kilobytes.

MemShared Total amount of shared memory in Kilobytes.

Buffers Total amount of buffer memory in Kilobytes.

Cached Total amount of cache memory in Kilobytes.

SwapCached Total amount of swap cache in Kilobytes.

Active Amount of buffer or cache memory currently allocated in kilobytes.

Inactive Amount of free buffer or cache memory in Kilobytes.

Amount of memory which is not mapping to kernel directly. This is different


HighTotal
according to the type of the used kernel.

Amount of free memory which is not mapping to kernel directly. This is


HighFree
different according to the type of the used kernel.

Amount of memory which is not mapping to kernel directly. This is different


LowTotal
according to the type of the used kernel.

Amount of free memory which is not mapping to kernel directly. This is


LowFree
different according to the type of the used kernel.

SwapTotal Total amount of swap in Kilobytes.

SwapFree Total amount of free swap in Kilobytes.

5-34 Corecess S5 System User's Guide


Monitoring and Maintaining the System

Displaying System Module Information


You can display the information of the modules installed in the slots on the Corecess S5 System
using the show module command in Privileged mode. The following is a sample output of the
show module command:

# show module
Mod Ports Description Status Serial No.
--- ----- --------------------------------- ---------------- ---------------
A N/A Control Module active N/A
1 4 LIM-EP4G-GR insert,up N/A
2 4 LIM-EP4G-GR insert,up N/A
3 4 LIM-EP4G-GR insert,up N/A
4 4 LIM-EP4G-GR insert,up N/A
5 4 SCM-20G insert,up N/A
Mod Version Hw Fw Sw
--- -------------------- ---------------- ---------------- ----------------
1 release.rev(patch) 0.0(3) N/A N/A
2 release.rev(patch) 0.0(3) N/A N/A
3 release.rev(patch) 0.0(3) N/A N/A
4 release.rev(patch) 0.0(3) N/A N/A
5 release.rev(patch) 0.0(2) N/A N/A
#

The table below describes the fields shown by the show module command:

Table 5-21 show module field descriptions

Field Description

Mod Slot number which the module is installed on.

Ports Number of the ports on the module.

Type of the module.


- LIM-EP4G-GR : 4 ports, Gigabit Ethernet PON module
Description
- LIM-D4GF : 4 ports, Gigabit Ethernet line module
- SCM-20G : 4 ports, Gigabit Ethernet uplink module

Status Equipment status and operating status of the module.

Serial No. Serial number of the module.

Hw Hardware version of the module.

Fw Firmware version of the module.

Sw Software version of the module.

Configuring Basic Features 5-35


Monitoring and Maintaining the System

Displaying System Module Status


You can display the equipment and running state of the system modules using the show system
command in Privileged mode.

The following is a sample output of the show system command:

# show system
System Information
-----------------------------------------------------
CoreCMR(Control Module Redundancy)
side : A
local status : active
remote status : not-exist

Subscriber/Service Interface Board(s)


SIB S[ 1] N / Normal
SIB S[ 2] N / Normal
SIB S[ 3] N / Normal
SIB S[ 4] N / Normal
SIB S[ 5] N / Normal

FAN S[ 1] N / Normal

Auxiliary Information
-----------------------------------------------------
Fan (`C(`F)) -
Max/Min Threshold : 33/ 25 ( 91/ 77)
Temperature (`C(`F)) -
Current Temperature : 47 (116 )
Max/Min Threshold : 90/ 80 (194/176)
#

5-36 Corecess S5 System User's Guide


Monitoring and Maintaining the System

Each field shown by the show system command describes the following information about
system state:

Table 5-22 show system field descriptions

Field Description

CoreCMR The redundancy status of the SCM module (Not supported).

The status of the SCM module and the LIM module.


y SIB S [1] : The status of LIM module installed in the number 1 slot
System Subscriber/Service y SIB S [2] : The status of LIM module installed in the number 2 slot
Information Interface Board(s) y SIB S [3] : The status of LIM module installed in the number 3 slot
y SIB S [4] : The status of LIM module installed in the number 4 slot
y SIB S [5] : The status of SCM module installed in the number 5 slot

FAN The status of the fan module

y Max Threshold : The temperature that the fan module operate


Fan
y Min Threshold : The temperature that the fan module stop
Auxiliary
y Current Temperature : The current temperature of the Corecess S5
Information
System
Temperature
y Max Threshold : The maximum temperature that the trap occurs
y Min Threshold : The minimum temperature thst the trap occurs

Configuring Basic Features 5-37


Managing System Log

Managing System Log


The Corecess S5 System maintains a log file of all error and status messages generated by each
module on the Corecess S5 System. Log file is stored in the Corecess S5 System. You can
transmit the system log file to a remote host to manage it separately. In this section, the
following issues will be described:

y Specifying level of the logs to be displayed on the console screen

y Specifying screens to display log messages

y Saving event messages in the log file

y Displaying system logs saved in the log file

y Clearing system logs in the log file

Specifying Event Level


The Corecess S5 System classify events into eight levesls, based on criticality of the system. All
events occurred in the Corecess S5 System don’t need to be stored in the system log file. You
can specify the top level of events to be stored using the logging level command in Global
configuration mode. The events of the upper levels than the level designated by the loggin
level command will be ignored (These events will be neither saved nor displayed). The
Corecess S5 System supports the following eight event levels. ‘1. Emergency’ event is the most
critical level and ‘8. Debug’ is the least critical level event.

1. Emergency
More critical
2. Alert
3. Critical
4. Errors
5. Warning
6. Notify
7. Inform
8. Debug Less critical

By default, all events of the Corecess S5 System are specified to the level 6. Thus, if the event
occurs from the level 1 to the level 6, the event message is displayed on the console screen or
the remote host screen.

5-38 Corecess S5 System User's Guide


Managing System Log

The event level can be changed. The following procedure describes how to change the event
level.

Table 5-23 Changing the event level

Commands Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global Configuration mode.

3. Specify the event level.


y <type> The type of the event
y <level> The event level (1 ~ 8, default: 6).

end 4. Return to Privileged mode.

show logging 5. Verify the configuration.

write memory 6. Save the changed configuration.

This example shows how to specify the sys event to the level 4 and verify the result.

# configure terminal
(config) # logging level sys 4
(config) # end
# show logging
console logging is disable
logging buffer is disable

Facility Default Severity Current Severity


----------- ------------------ ------------------
sys 6 4(*)
filesys 6 6
authorize 6 6
. . .

# write memory
Building Configuration...
[OK]
#

Configuring Basic Features 5-39


Managing System Log

Note : The Corecess S5 System supports the following types of events:

Event Description
sys Events related to system hardware
filesys Events related to file system
authorize Events related to security and authentication
port Events related to ports
interface Events related to interfaces
vlan Events related to VLAN (Virtual LAN)
spantree Events related to spanning tree and bridge
lacp Events related to LACP (Link aggregation Control Protocol)
gvrp Events related to GARP/GVRP
igmp Events related to IGMP and IGMP snoopping
pbnac Events related to PBNAC (Port Base Network Access Control)
mcast Events related to multicast
qos Events related to QoS (Quality Of Service)
acl Events related to access list
snmp Events related to SNMP
snmp_rmon Events related to SNMP RMON
dhcp Events related to DHCP
ntp Events related to NTP
route_main Events related to Main Routing Control
rip Events related to RIP
ospf Events related to OSPF
bgp Events related to BGP
dvmrp Events related to DVMRP
pim Events related to PIM

5-40 Corecess S5 System User's Guide


Managing System Log

Specifying Screen to Display Log


When an event is occurred, the information of the event can be appeared on the remote host
screen, a console screen, and telnet sessions.

Configuring to Display Log Messages on the Console Screen

To configure the log messages to display on the console screen, use the following commands:

Table 5-24 Configuring log messages to display on the console

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global Configuration mode.

3. Configure whether to display log messages on the console.


logging console
y enable Displays log messages on the console.
{enable | disable}
y disable Doesn’t display log messages on the console.

end 4. Return to Privileged mode.

show logging 5. Verify the result.

write memory 6. Save the changed configuration

The following example configures the log messages to display on the console screen and check
the result:

# configure terminal
(config)# logging console enable
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
1.1.1.1
.
.
# write memory
Building Configuration...
[OK]
#

Configuring Basic Features 5-41


Managing System Log

Configuring to Display Log Messages to a Remote Host

To configure the log messages to display on a remote host, use the following command:

Table 5-25 Configuring log messages to display on a remote host

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global Configuration mode.

3. Specify a remote host to display the log messages.


logging {<ip-address>
y <ip-address> IP address of a remote host
| <host-name>}
y <host-name> Name of a remote host

end 4. Return to Privileged mode.

show logging 5. Verify the configuration.

write memory 6. Save the changed configuration.

The following example configures the system log to display on the remote host whose IP address
is 172.10.1.0:

# configure terminal
(config)# logging 172.10.1.0
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
172.10.1.0
.
.
# write memory
Building Configuration...
[OK]
#

5-42 Corecess S5 System User's Guide


Managing System Log

Configuring to Display Log Messages to a Telnet Session

To configure the log messages to display on telnet sessions, use the following commands:

Table 5-26 Configuring log messages to display on a Telnet session

Command Task

enable 1. Enter Privileged mode.

configure terminal 2. Enter Global Configuration mode.

3. Configure whether to display log messages on telnet sessions.


logging session
y enable Displays log messages on telnet sessions.
{enable | disable}
y disable Doesn’t display log messages on telnet sessions.

end 4. Return to Privileged mode.

write memory 5. Save the changed configuration.

The following example configures the system log to display on telnet sessions:

# configure terminal
(config)# logging session enable
(config)# end
# write memory
Building Configuration...
[OK]
#

Saving Log Message in Log File


By default, the Corecess S5 System does not save the log messages in a log file. After
configuring the log messages to save using the logging file enable command, the log
message generated will be saved in a log file. Since you can see the log messages in the log file
whenever you need, it useful to manage the system.
If you set the Corecess S5 System not to save the log messages, use the logging file
disable command.

The following example shows how to configure the log message to be save in a file:

# configure terminal
(config)# logging file enable
(config)#

Configuring Basic Features 5-43


Managing System Log

Displaying Contents of Log File


To display the contents of the log file, use the show logging buffer command in Privileged
mode. You can specify a number from 1 to 100 as a parameter value, and it displays the number
of the resent saved log messages in the log file.

The following is a sample output of the show logging buffer command:

# show logging buffer 10


Jun 30 10:15:02 localhost SNMP_RMON-6-RMONENABLED: RMON agent enabled
Jun 30 10:15:02 localhost SYS-6-START_CONFIG: apply hot configuration module(1)
hwid(00000101)
Jun 30 10:15:04 localhost SYS-6-SYS_MODULE: module [1] is inserted
Jun 30 10:15:04 localhost SYS-6-SYS_MODULE: module [5] is inserted
Jun 30 10:15:04 localhost SYS-6-ALARM_FAN: Fan (1) : WORKING GOOD
Jun 30 10:15:04 localhost SYS-6-GBIC: 1/1 gbic is inserted
Jun 30 10:15:04 localhost SNMP-5-COLDSTART: Cold Start
Jun 30 10:15:17 localhost PORT-6-LINK_CHANGE: 1/1: ifIndex 8 Link Up (Up)
Jun 30 10:22:34 localhost AUTHORIZE-6-LOGIN: login corecess authentication
servi
ce(login) tty(/cinitrd/dev/ttyp0) from (172.18.80.14)
Jun 30 10:22:35 localhost AUTHORIZE-6-USER_LOGIN: corecess login from 172.18.80.
14
#

The following table describes the fields shown by the show logging buffer command:

Jun 30 10:15:02 localhost SNMP_RMON-6-RMONENABLED: RMON agent enabled


n o p

No Description

n Date and time that the event occurred (month, date, hour:minute:second)

o System name

p The brief description of the event

5-44 Corecess S5 System User's Guide


Managing System Log

Clearing System Log


To clear the system log file, the clear logging buffer command in Privileged mode. The
following example shows how to clear the logs in the log file and verifying the result:

# clear logging buffer


# show logging buffer 1
#

Configuring Basic Features 5-45


Upgrading Software

Upgrading Software
You can download the software for the modules on the Corecess S5 System from a remote TFTP
or FTP server. To download software from a remote TFTP or FTP server to the Corecess S5
System, perform this task:

Table 5-27 Downloading software from a remote TFTP server

Command Task

enable 1. Enter Privileged mode.

2. Download specified file from the TFTP or FTP server.


copy {tftp <host-ip> |
ftp <host-ip> [id y <host-ip> IP address of the TFTP or FTP server
<login-id> passwd y <login-id> Login ID of FTP server
<password>]} flash image y <password> Login password of FTP server
<file-name>
y <file-name> file name to download

show flash image 3. Verify software download.

4. Apply the download file to the system.


update flash image id
y <file-name> File name to apply
{<file-name> | <file-id>}
y <file-id> File ID to apply

reset system 5. Reboot the system.

The following example shows how to download the image file from TFTP server and apply the
download file to the system.

# copy tftp 172.27.2.17 flash image hamster-base-osapp-epon.img


tftp: data 10000 Kbytes
# show flash image
System flash directory:
File Length (bytes) Name/status
----- --------------- -----------------------------------
1 6875913 cs5-base-osapp-REL1.0.1.img (*)
2 6266476 hamster-base-osapp-REL1.0.0.img
3 6317126 hamster-base-osapp-REL1.0.1.img
4 6226882 hamster-base-osapp-epon.img
[31208 blocks used, 27960 available, 59168 total, 1K-blocks]
*/# : running/updated image
# update flash image id 3
# reset system
PPCBoot 2.0.0 (Apr 16 2003 - 14:29:15)
Corecess Boot Ver 1.0 (Apr 16 2003 14:29:15)

5-46 Corecess S5 System User's Guide


Chapter 6 Configuring Ports and Links

This chapter describes how to configure the Gigabit Ethernet port, the Gigabit Ethernet PON port and ONU.

9 Configuring Gigabit Ethernet port 6-2

9 Configuring Gigabit Ethernet-PON port 6-11

9 Configuring Link of Gigabit Ethernet-PON port 6-25

9 Configuring ONU 6-58

9 Profile 6-78
Configuring Gigabit Ethernet port

Configuring Gigabit Ethernet port


The Corecess S5 System provides Gigabit Ethernet port for each module as follows:

Table 6-1 Type of the Gigabit Ethernet port

Module Gigabit Ethernet port


x 10/100/1000Base-T port (RJ-45 connector)
SCM-20G
x 1000Base-SX/LX port (Duplex LC connector)
LIM-D4GF x 1000Base-SX/LX port (Duplex LC connector)

This section describes the basic configuration of the Gigabit Ethernet port, then how to
configure the Gigabit Ethernet port and monitor the ports.

Basic Configuration of Gigabit Ethernet Port


By default, the Gigabit Ethernet port of the Corecess S5 System is configured as follows:

Table 6-2 Basic Configuration of the Gigabit Ethernet Port

Item Basic Configuration

Port Status All port are enable to operate

Port Name DEFAULT

Port Speed Auto

Data Transfer Mode Auto

Data Flow Control Auto

STP Protocol Disabled (Used in default VLAN)

RSTP Protocol Disabled

Trap Disabled

Link aggregation Off

VLAN All ports are included in VLAN

Whenever the port configuration is changed, the changed configuration is applied immediately
to the system without the system rebooting or the command execution. Yet, if you want to keep
using the configuration after the system rebooting, the changed configuration should be saved
using the write memory command in Privileged mode.

6-2 Corecess S5 System User's Guide


Configuring Gigabit Ethernet port

Configuring Gigabit Ethernet port


This section describes following port configuration:

y Disabling or enabling the Gigabit Ethernet port

y Setting the auto sensing function

y Setting the port speed and the transfer mode

y Configure flow control

y Setting the port name

y Setting the port trap

Enabling or Disabling the Gigabit Ethernet Port

All ports of the Corecess S5 System are enabled by default. To change administrative status
(disabling a port or reenabling a port), use the following command in Global configuration
mode:

Table 6-3 Enabling or Disabling the Gigabit Ethernet Port

Command Description

port gigabitethernet y <slot>/<port> Slot/port number of the Gigabit Ethernet port


<slot>/<port> y enable Enable the port
admin {enable | disable} y disable Disable the port

The following example shows how to disable the Gigabit Ethernet port 5/1.

(config)# port gigabitethernet 5/1 admin disable


(config)#

The following example shows how to reenable the Gigabit Ethernet port 5/1.

(config)# port gigabitethernet 5/1 admin enable


(config)#

Configuring Ports and Links 6-3


Configuring Gigabit Ethernet port

Setting the auto sensing function

The auto sensing function of the Gigabit Ethernet port is used to exchange flow control
parameter, fault information of remote ports and transfer mode information. By default, the
auto sensing function is enabled on the Gigabit Ethernet port of the Corecess S5 System.

Ports that are located in both ends of the Gigabit Ethernet link must have the same
configuration. If the configurations are different each other, the link can not be connected. The
following table shows connection state of link depending on state of the auto sensing function
on the Gigabit Ethernet port.

Table 6-4 Link State and Auto Sensing Function

Auto Sensing Link State


1 2
Local Port Remote Port Local Port Remote Port

Off Off Up Up

On On Up Up

Off On Up Down

On Off Down Up
1
Local port : Gigabit Ethernet port of the local system
2
Remote port : Gigabit Ethernet port that is connected to the local port

To enable the auto sensing function of the Gigabit Ethernet port, use the following command in
Global configuration mode.

Table 6-5 Configuring auto sensing function

Command Task

port gigabitethernet
<slot>/<port> y <slot>/<port> slot number/port number
link-status auto

The following example shows how to enable the auto sensing function on the Gigabit Ethernet
5/1:

(config)# port gigabitethernet 5/1 link-status auto


(config)#

6-4 Corecess S5 System User's Guide


Configuring Gigabit Ethernet port

Setting Port Speed and the Transfer Mode

By default, the Gigabit Ethernet port on the Corecess S5 System can automatically match
transmission speed of the connected port. This function is called the auto-negotiation. The
maximum speed of the 10/100/1000Base-T port can be set as 10/100/1000Mbps by users
instead of auto-negotiation.

If the port speed is set as 10/100Mbps, full-duplex or half-duplex mode is operated. If the port
speed is set as 1000Mbps, only full-duplex is operated.

Note: The 1000Base-SX/LX port is only operated in full-duplex mode.

To change port speed and the transfer mode of the 10/100/1000Base-T port, use the following
commands.

Table 6-6 Changing the Port and the transfer mode

Command Task

1. Set the port speed of the specified port.


y <slot>/<port> Slot/Port number
y <port-speed> Transfer speed of the specified port
port gigabitethernet
- 10 10Mbps
<slot>/<port> speed
- 100 100Mbps
<port-speed>
- 1000 1Gbps
- auto Auto-negotiation mode
- reset reset the auto-negotiation mode

2. Set the transfer mode of the specified port.


y <slot>/<port> Slot/Port number
port gigabitethernet
y <duplex-mode> Transfer mode of port
<slot>/<port> duplex
- auto Auto negotiation mode
<duplex-mode>
- full Full-duplex mode
- half Half-duplex mode

The following example shows how to change port speed and the transfer mode of the
10/100/1000Base-T port on the SCM module (5/1).

(config)# port gigabitethernet 5/1 speed 100


(config)# port gigabitethernet 5/1 duplex full

Configuring Ports and Links 6-5


Configuring Gigabit Ethernet port

Configuring Flow Control (IEEE 802.3x)

You can enable or disable flow control of a port, which manages traffic rates during congestion.
If a port experiences congestion and cannot receive any traffic, flow control notifies the other
port to stop transmitting until the condition clears.

By default, flow control is disabled on the ports of the Corecess S5 System. To change flow
control status, use the following command in Global configuration mode:

Table 6-7 Configuring Flow Control Function

Command Task
y <slot>/<port> Port/Slot number
port gigabitethernet y <status> Flow control status
<slot>/<port> - on Enables flow control
flowctl <status> - off Disable flow control
- auto Auto-negotiation

The following example enables flow control on the Gigabit Ethernet port 5/1:

(config)# port gigabitethernet 5/1 flowctl on


(config)#

Setting the Port Name

You can assign a name to each port. If you use connected device information as port names, you
can manage the devices easily.

To set a port name, use the following command in Global configuration mode:

Table 6-8 Setting the Port Name

Command Task

port gigabitethernet
y <slot>/<port> Slot/Port number
<slot>/<port>
y <port-name> Port name (Maximum: 32 character)
name <port-name>

The following example shows how to set the name of the Gigabit Ethernet port 5/1.

(config)# port gigabitethernet 5/1 name uplink-port


(config)#

6-6 Corecess S5 System User's Guide


Configuring Gigabit Ethernet port

Setting the Port Trap

When port status is changed (up, down), a SNMP link trap is occurred, then the SNMP agent
notifies SNMP host or NMS of the trap occurrence.
By default, the SNMP link trap of the ports on the Corecess S5 System is disabled.

To set trap for a port, use the following command in Global configuration mode:

Table 6-9 Setting the port trap

Command Task

port gigabitethernet y <slot>/<port> Slot/Port number


<slot>/<port> trap y enable Enables the SNMP link trap for the port.
{enable | disable} y disable Disables the SNMP link trap for the port.

The following example enables the SNMP link trap on the Fast Ethernet port 5/1:

(config)# port gigabitethernet 5/1 trap enable


(config)#

Configuring Ports and Links 6-7


Configuring Gigabit Ethernet port

Display the Gigabit Ethernet Port Information


You can see the port configuration, port status and received packet statistics using the show
port command in the Privileged mode.

The following example show information of all port on the Corecess S5 System using the show
port command.

# show port
Port Name Status Vlan FlwCtl Duplex Speed Type
----- --------------- ---------- ----- ------ ------ ------------- ----------
1/1 DEFAULT connected 1 off full 1000 1000BaseT
1/2 DEFAULT connected 1 off full 1000 1000BaseT
1/3 DEFAULT connected 1 off full 1000 1000BaseT
1/4 DEFAULT connected 1 off full 1000 1000BaseT
.
.
5/1 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
5/2 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
5/3 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
5/4 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
#

The table below describes the fields shown by the show port command:

Table 6-10 show port field descriptions

Field Description

Port Slot number/port number

Name Port name

Status Port admin status and network connection status

Vlan ID of the VLAN which the port belongs to

FlwCtl Status of the flow control

Duplex Duplex mode

Speed Port speed

Type Port type

6-8 Corecess S5 System User's Guide


Configuring Gigabit Ethernet port

The following example show information of the Gigabit Ethernet port 5/1 using the show
port command.

# show port gigabitethernet 5/1

Port Name Status Vlan FlwCtl Duplex Speed Type


---- ------- --------- ----- ------ ------ --------- -----------
1/1 DEFAULT connected 1 a-on a-full a-1000 1000BaseT

AdminStatus Media-type STP RSTP Edge Trap LinkAgg


----------- ---------- -------- --------- ------- ---------
enable none disable disable disable off

Port Admin Speed Limited Speed Active Speed


----- ------------ ------------- -----------------
5/1 Desired None 1000

If Index Logical ID
---------- ----------
4 257

access-type : transparent

Port 5/1 Statistics Counters


All Unicast Multicast Broadcast Discard Error
---------- ---------- ---------- --------- ---------- ----------
in 0 0 0 0 0 0
out 0 0 0 0 0 0

Port Error Counters


input runt(0)/shortCRC(0)/normalCRC(0)/normalAlign(0)/longCRC(0)
output defered(0)/collision(single/multi/consecutive/late 0/0/0/0)

Extension status
#

The table below describes the fields shown by the show port command with a port number:

Table 6-11 show port with port argument field descriptions

Field Description

AdminStatus Admin status of the port (enable, disable).

Media-type Media type(MDI/MDIX) of the port (none).

STP STP status of the port (enable, disable).

RSTP Edge RSTP status of the port (enable, disable).


(Continued)

Configuring Ports and Links 6-9


Configuring Gigabit Ethernet port

Field Description

Trap Whether to enable displaying trap messages of the port (enable, disable).

LinkAgg. LACP status of the port (on, off).

Admin Speed Maximum speed of the port.

Limited Speed Limited speed of the port.

Active Speed Current speed of the port.

If Index Interface number of the port.

Logical ID Logical ID of the port.

All Total number of the incoming/outgoing packets on the port.

Unicast Total number of the incoming/outgoing unicast packets on the port.


Port
Statistics Multicast Total number of the incoming/outgoing multicast packets on the port.
Counters
Broadcast Total number of the incoming/outgoing broadcast packets on the port.
(in/out)
Discard Number of the incoming/outgoing packets discarded on the port.

Error Number of the incoming/outgoing packets with errors on the port.

input runt Number of packet less then 64 byte without CRC error.

shortCRC Number of packet less than 64 byte with CRC error.

normalCRC Number of packet with CRC error

Number of incomplete packet that is not divided by eight with CRC


normalAlign
error.
Port Error longCRC Number of packet less than 1518 byte with CRC error
Counters
output
Number of packet that was not transmitted in the specified time.
defered

- single : Number of packet whose collision occurred once


- multi : Number of packet whose several collision occurred
collision - consecutive : Number of packet whose collision occurred continuously
- late : Number of packet whose collision is not checked in the specified
time

6-10 Corecess S5 System User's Guide


Configuring the Gigabit Ethernet PON Port

Configuring the Gigabit Ethernet PON Port


This section describes the configuration of the Gigabit Ethernet PON port and how to configure
and monitor the Gigabit Ethernet PON port.

Note: The LIM-EP4G-GR module has four GE-PON chips to perform the E-PON OLT function for each Gigabit
Ethernet PON port. Thus, the configuring the Gigabit PON port is the same as the configuring the GE-PON chip.

Basic Configuration of the Gigabit Ethernet PON Port


By default, the Gigabit Ethernet PON port of the Corecess S5 System is configured as follows:

Table 6-12 Basic Configuration of the Gigabit Ethernet PON Port

Item Basic Configuration

Port Status All port are enable to operate

Port Name DEFAULT

Port Speed 1000

Data Transfer Mode * Full-duplex mode

Bandwidth 1000Mbps

x Level-0 : 1msec
Polling interval of the bandwidth x Level-1 : 4msec
x Level-2 : 8msec

Maximum number of IGMP


0 (IGMP proxy function is disabled)
Group

*: Configuration is not changed

Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.

Configuring Ports and Links 6-11


Configuring the Gigabit Ethernet PON Port

Configuring Gigabit Ethernet PON Port


This section describes following port configuration:

y Enabling or Disabling the Gigabit Ethernet PON port

y Setting the maximum bandwidth

y Setting the polling interval of the bandwidth group

y Configuring the maximum number of IGMP groups

y Executing loopback test

y Clearing the MAC address

y Restoring the default configuration

y Clear the statistics information

y Upgrading Firmware

Enabling or Disabling the Gigabit Ethernet PON Port

The Gigabit Ethernet PON (GE-PON) port is enabled by default. To change the operating status
of the Gigabit Ethernet PON port, use the following command in Global configuration mode:

Table 6-13 Enabling or Disabling the Gigabit Ethernet PON Port

Command Description

y <slot>/<port> Slot/port number of the GE-PON port


y disable Disable GE-PON port.
port epon <slot>/<port>
y all E-PON side and Network side
disable {all | epon-
y epon-side E-PON side (between GE-PON port and ONU)
side | network-side}
y network-side Network side (between GE-PON port and SCM
module)

The following example shows how to disable the E-PON side of the Gigabit Ethernet PON port 2/1:

(config)# port epon 2/1 disable epon-side


(config)#

The following example shows how to enable the E-PON side and the Network side of the
Gigabit Ethernet PON port 2/1:
(config)# no port epon 2/1 disable all
(config)#

6-12 Corecess S5 System User's Guide


Configuring the Gigabit Ethernet PON Port

Setting the Maximum Bandwidth

By default, the maximum bandwidth is not set to the Gigabit Ethernet PON (GE-PON) port of
the Corecess S5 System, thus the Gigabit Ethernet PON port use all of physical bandwidth to
transmit data. To configure the maximum bandwidth of the Gigabit Ethernet PON port, use the
following command in Privileged mode.

Table 6-14 Setting the Maximum Bandwidth

Command Task

configure terminal 1. Enter Global configuration mode.

2. Set the maximum bandwidth of the specified Gigabit Ethernet PON


port.
port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
aggregated-bandwidth y downstream Set the downstream bandwidth.
{downstream | upstream} y upstream Set the upstream bandwidth.
<bandwidth> <size> y <bandwidth> The maximum bandwidth of the GE-PON port
(0 ~ 1000Mbps, default:0)
y <size> The maximum size of the burst traffic (1 ~ 256Kbyte)

end 3. Return to Privileged mode

show port epon 4. Verify the configuration result.


<slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
aggregated-bandwidth y downstream Display the downstream bandwidth information.
{downstream | upstream} y upstream Display the upstream bandwidth information.

The following example shows how to configure the maximum downstream/upstream


bandwidth of the Gigabit Ethernet PON port 2/1, and verify the result:

(config)# port epon 2/1 aggregated-bandwidth downstream 1000 100


(config)# port epon 2/1 aggregated-bandwidth upstream 100 100
# show port epon 2/1 aggregated-bandwidth downstream
bandwidth(Mbps) burst size(KByte)
--------------- ----------------
1000 100
# show port epon 2/1 aggregated-bandwidth upstream
bandwidth(Mbps) burst size(KByte)
--------------- ----------------
100 100
#

Note: To disable the maximum bandwidth of the Gigabit Ethernet PON port, use no port epon
<slot>/<port> aggregated-bandwidth {upstream|downstream} command in Global
configuration mode.

Configuring Ports and Links 6-13


Configuring the Gigabit Ethernet PON Port

Setting the Polling Interval of the Bandwidth Group

The Corecess S5 System assigns all logical links of the Gigabit Ethernet PON port to one of three
bandwidth groups (level-0, 1, 2) automatically, and the Corecess S5 System controls the
bandwidth for each group.

y level-0 : Link that the minimum bandwidth and the maximum bandwidth are set to the same value
(sensitive from processing delay).

y Level-1 : Link that the minimum bandwidth is bigger than 0.

y level-2 : Link that the minimum bandwidth is 0.

The bandwidth control applies only the upstream data and assigns the bandwidth to the
specific group depend on the configured polling interval. For example, if the polling interval is
2msec, the Corecess S5 System looks up the bandwidth every 2 msec to transmit the upstream.
If there is a appopriate bandwidth, the timeslot is assigned to the link to transmit the upstream.

By default, the polling intervals of the bandwidth group (level-0, 1, 2) are specified as each 1, 4
and 8msec. To change the polling interval of the bandwidth group, use the following command
in Privilege mode.

Table 6-15 Setting the Polling Interval of the Bandwidth Group

Command Task

configure terminal 1. Enter Global configuration mode.

2. Set the polling interval of the bandwidth group for the link of the
port epon <slot>/<port>
GE-PON port
dba polling-rate
y <slot>/<port> Slot/Port of the GE-PON port
<interval-0>
y <interval-0> Polling interval of level-0 group (0 ~ 4000msec)
<interval-1>
y <interval-1> Polling interval of level-1 group (0 ~ 4000msec)
<interval-2>
y <interval-2> Polling interval of level-2 group (0 ~ 4000msec)

end 3. Return to Privileged mode

show port epon


4. Verify the configuration result.
<slot>/<port>
y <slot>/<port> Slot/Port of the GE-PON port
dba polling-rate

The following example shows how to change the polling interval of the bandwidth group for
the link of the Gigabit Ethernet PON port 2/1 and verify the result.

(config)# port epon 2/1 dba polling-rate 2 5 10


(config)# end

6-14 Corecess S5 System User's Guide


Configuring the Gigabit Ethernet PON Port

# show port epon 2/1 dba polling-rate


level 0(msec) level 1 level 2
------------- ------- -------
2 5 10
#

Note: To clear the polling rate of the bandwidth group, use no port epon <slot>/<port> dba
polling-rate command in Global configuration mode.

Configuring the Maximum Number of IGMP Groups

By default, the maximum number of IGMP groups is ‘0’ not to operate the IGMP proxy function
on all Gigabit Ethernet PON ports.

To enable the IGMP proxy function on Gigabit Ethernet PON ports and specify the maximum
number of IGMP groups, use the following command in Privileged mode.

Table 6-16 IGMP Configuring the Maximum Number of IGMP Groups

Command Description

configure terminal 1. Enter Global configuration mode.

2. Set the maximum number of IGMP group.


port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
igmp-proxy group
y <number> The maximum number of IGMP Groups (0 ~ 4906). If
<number>
the value is set to 0, IGMP proxy function is disabled.

end 3. Return to Privileged mode.

show port epon 4. Verify the result.


<slot>/<port> igmp y <slot>/<port> Slot/Port number of the GE-PON port

The following example shows how to set the maximum number of IGMP group including the
Gigabit Ethernet PON port 2/1 and verify the result.

(config)# port epon 2/1 igmp-proxy group 2048


(config)# end
# show port epon 2/1 igmp
min bw(Mbps) max bw(Mbps) delay max burst(KByte) max IGMP group
------------ ------------ --------- ---------------- --------------
100 100 tolerant 2 2048
#

Configuring Ports and Links 6-15


Configuring the Gigabit Ethernet PON Port

Executing Loopback Test

Specify the number and size of loopback packets before loopback test in the Gigabit Ethernet
PON port.

To execute the loopback test in the specific Gigabit Ethernet PON port, use the following
command in Privileged mode.

Table 6-17 Configuring Loopback Parameters

Command Description

Configure terminal 1. Enter Global configuration mode.

port epon <slot>/<port> 2. Specify packet number and size


loopback param y <slot>/<port> Slot/Port number of the GE-PON port
frame <number> y <number> Number of loopback packets to transmit (1 ~ 1000)
pyld-size <size> y <size> Size of loopback packets to transmit (46 ~ 1500byte)

3. Execute the loopback test on the specified link.


port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
loopback {link-id <llid> | y <llid> Proper ID of the logical link
link-mac <mac>} y <link-mac> MAC address of ONU
location {mac | phy} y mac loopback the packet in the Data link layer.
y phy loopback the packet in the Physical layer.

end 4. Return to Privileged mode.

5. Verify the loopback result.


show port epon <slot>/
y <slot>/<port> Slot/Port number of the GE-PON port
<port> {link-id <llid> |
y <llid> Proper ID of the logical link
link-mac <mac>} loopback
y <link-mac> MAC address of ONU

The following example shows how to set parameters (number and size of packets) for the
loopback test and execute the loopback test on the link of the Gigabit Ethernet 2/1:

(config)# port epon 2/1 loopback param frame 10 pyld-size 100


(config)# port epon 2/1 loopback link-id 3700 location mac
(config)# end
# show port epon 2/1 link-id 3700 loopback
frame sent frame recv bad frame min delay(usec) max delay average delay
---------- ---------- --------- --------------- --------- -------------
10 10 0 4100 10000 5220
#

6-16 Corecess S5 System User's Guide


Configuring the Gigabit Ethernet PON Port

Note: If the loopback test is executed without the parameter setting, the following message is displayed.

(config)# port epon 2/1 loopback link-id 3700 location mac


% loopback parameter MUST be configured
(config)#

Clearing the MAC Address

To clear all MAC addresses (dynamic MAC address, static MAC address) learnt from the
Gigabit Ethernet PON port, use the following command in Privileged mode.

Table 6-18 Clearing the MAC Address

Command Description

clear port epon <slot>/<port>


y <slot>/<port> Slot/Port number of the GE-PON port
mac-address

The following example shows how to clear all MAC addresses learnt from the Gigabit Ethernet
PON port 2/1:

(config)# clear port epon 2/1 mac-address


(config)#

Resetting the Gigabit Ethernet PON Port

To reset the Gigabit Ethernet PON port, use the following command in Global configuration
mode.

Table 6-19 Resetting the Gigabit Ethernet PON Port

Command Description

port epon <slot>/<port>


y <slot>/<port> Slot/Port number of the GE-PON port to reset
reset

The following example shows how to reset the Gigabit Ethernet PON port 2/1:

(config)# port epon 2/1 reset


Reset OLT success
(config)#

Note: If the Gigabit Ethernet PON port is reset, the bandwidth and the VLAN mode information are maintained.
To restore the defult port configuration, use port epon <slot>/<port> restore command in
Global configuration mode.

Configuring Ports and Links 6-17


Configuring the Gigabit Ethernet PON Port

Restoring the Default Configuration

To clear the configuration information of the Gigabit Ethernet PON port and restore the default
setting, use the following command in Global configuration mode.

Table 6-20 Restoring the Default Configuration

Command Description

port epon <slot>/<port>


y <slot>/<port> Slot/Port number of the GE-PON port
restore

The following example shows how to restore the default setting of the Gigabit Ethernet PON port
2/1:

(config)# port epon 2/1 restore


restore OLT success
(config)#

Caution: After executing restore command, all setting values that set to specific OLT(port) are changed to
default values; thus, confirm the configurations before excute restore command.

Clearing the Statistics Information

To clear the statistics information of the Gigabit Ethernet PON port, use the following
command in Global configuration mode.

Table 6-21 Clearing the Statistics Information

Command Description

clear port epon


y <slot>/<port> Slot/Port number of the GE-PON port to clear
<slot>/<port> counter

The following example shows how to clear the statistics information of the Gigabit Ethernet PON
port 1/.2:

(config)# clear port epon 1/2 counter


(config)#

6-18 Corecess S5 System User's Guide


Configuring the Gigabit Ethernet PON Port

Upgrading Firmware

You can upgrade the chip firmware of the Gigabit Ethernet PON port on the Corecess S5
System. To upgrade the firmware, use the following command in Privileged mode.

Table 6-22 Upgrading Firm ware

Command Description

show port epon 1. Check the image version of the GE-PON port.
<slot>/<port> information y <slot>/<port> Slot/Port number of the GE-PON port

2. Download the firmware image file from TFTP or FTP server.


copy {tftp <host-ip> |
y <host-ip> IP address of TFTP or FTP server
ftp <host-ip> [id <login-
y <login-id> Login ID of FTP server
id> passwd <password>]}
y <password> Login password of FTP server
flash image <file-name>
y <file-name> Name of the firmware image file

show flash config 4. Check if the file is successfully downloaded.

configure terminal 3. Enter Global configuration mode.

port epon <slot>/<port> 4. Upgrade the firmware of the GE-PON port.


upgrade firmware y <slot>/<port> Slot/Port number of the GE-PON port
<file-name> y <file-name> Name of the firmware image file

end 5. Return to Privileged mode.

show port epon <slot>/ 6. Verify the upgrading status of the firmware.
<port> upgrade-status y <slot>/<port> Slot/Port number of the GE-PON port

configure terminal 7. Return to Global configuration mode.

port epon <slot>/<port> 8. Reset the GE-PON port


reset y <slot>/<port> Slot/Port number of the GE-PON port

end 9. Return to Privileged mode.

show port epon 10. Verify the image version of the GE-PON port.
<slot>/<port> information y <slot>/<port> Slot/Port number of the GE-PON port

The following example shows how to upgrade the firmware of the Gigabit Ethernet PON port 2/1:

# show port epon 2/1 information


Not provide Vendor specific info!
mac addr IEEE OUI product code product version Firmware version
----------------- -------- ------------ --------------- ----------------
00:90:a3:21:50:00 0090a3 3721 060 0103
# copy ftp 172.18.80.14 id guest passwd guest flash image App3721Asic_R
104_Amd16.tkf
.../App3721Asic_R104_Amd16.tkf: 493666 bytes 649.74 kB/s

Configuring Ports and Links 6-19


Configuring the Gigabit Ethernet PON Port

done
# show flash config
Configuratin flash directory:
File Length (bytes) Name/status
----- --------------- -----------------------------------
1 493666 App3721Asic_R104_Amd16.tkf
2 615 startup-config
3 0 startup-config.sav
# configure terminal
(config)# port epon 2/1 upgrade firmware App3721Asic_R104_Amd16.tkf
100 percent download !. writing image to flash
It will take more than 20 second. Please wait..

(config)# end
# show port epon 2/1 upgrade-status

OLT Firmware Upgrade Status : 2/1


STATUS : Success
IMGNAME : App3721Asic_R104_Amd16.tkf
start-time : 2h:39m:26s
end-time : 2h:40m:2s

# configure terminal
(config)# port epon 2/1 reset
(config)# end
# show port epon 2/1 information
Not provide Vendor specific info!
mac addr IEEE OUI product code product version Firmware version
----------------- -------- ------------ --------------- ----------------
00:90:a3:21:50:00 0090a3 3721 060 0104

Caution: Frimware upgrade can not be executed on over two ports at the same time. If firmware upgrade is
being executed on a particuar port, excute show port epon <slot>/<port> upgrade-status
command, then verify upgrade result (‘success’ or ‘fail’ message) and proceed firmware upgrade.

6-20 Corecess S5 System User's Guide


Configuring the Gigabit Ethernet PON Port

Monitoring the Gigabit Ethernet PON Port


This section describes how to monitor the Gigabit Ethernet PON port.

Displaying the Chip Information

To display the chip information of the Gigabit Ethernet PON port, use the following command
in Privileged mode.

Table 6-23 Displaying the Chip Information

Command Description

show port epon <slot>/<port>


y <slot>/<port> Slot/Port number of the GE-PON port
information

The following example shows how to display the chip information of the Gigabit Ethernet PON
port 1/2:

# show port epon 1/2 information


Not provide Vendor specific info!
mac addr IEEE OUI product code product version Firmware version
----------------- -------- ------------ --------------- ----------------
00:90:a3:21:50:00 0090a3 3721 060 0103

The table below describes the fields shown by the show port epon information command.

Table 6-24 show port epon information field description

Field Description

mac addr MAC Address of the GE-PON chip

IEEE OUI Vendor of the GE-PON chip

product code Code number of the GE-PON chip

product version Version of the GE-PON chip

Firmware version Firmware version of the GE-PON chip

Configuring Ports and Links 6-21


Configuring the Gigabit Ethernet PON Port

Displaying the Link Information

To display the link information of the specific Gigabit Ethernet PON port, use the following
commands in Privileged mode.

Table 6-25 Displaying the Link Information

Command Description

show port epon <slot>/<port> Display all registered links on the specified GE-PON port.
registered-link y <slot>/<port> Slot/Port of the GE-PON port

show port epon <slot>/<port> Display blocked links on the specified GE-PON port.
block-link y <slot>/<port> Slot/Port of the GE-PON port

The following example shows how to display all registered links on the Gigabit Ethernet PON port
2/1:

# show port epon 2/1 registered-link


slot port llid mac address
---- ---- ------ -----------------
2 1 3700 54:4b:37:01:1a:01
2 1 3701 54:4b:37:01:1a:02
2 1 3702 54:4b:37:01:1a:03
2 1 3703 54:4b:37:01:1a:04
2 1 3704 54:4b:37:01:1a:05
2 1 3705 54:4b:37:01:1a:06

total : 6
#

The following example shows how to display blocked links on the Gigabit Ethernet PON port 2/1:

# show port epon 2/1 block-link


mac address
-----------------
54:4b:37:01:1a:03
#

6-22 Corecess S5 System User's Guide


Configuring the Gigabit Ethernet PON Port

Displaying the Statistics Information

To display the statistics information of the Gigabit Ethernet PON port, use the following
command in Privileged mode.

Table 6-26 Displaying the Statistics Information

Command Description

y <slot>/<port> Slot/Port number of the GE-PON port


y epon Statistics information of E-PON side (between GE-PON
show port epon <slot>/<port> port and ONU)
counter {epon | network} y network Statistics information of network side (between GE-
{downstream | upstream} PON port and SCM module)
y downstream Statistics information of downstream packets
y upstream Statistics information of upstream packets

The following example shows how to display the downstream packet information of E-PON
side on the Gigabit Ethernet PON port 1/2:

# show port epon 2/1 counter epon downstream


octects packet unicast
-------------------- -------------------- --------------------
303,568 623 621

broadcast multicast crc-error discard


-------------------- -------------------- -------------------- --------------
0 0 0 0
#

The table below describes the fields shown by the show port epon counter command.

Table 6-27 show port epon counter field description

Field Description

octects Number of octets

packet Number of packets

unicast Number of unicast packets

broadcast Number of broadband packets

multicast Number of multicast packets

crc-error Number of packets with CRC error

discard Number of discarded packets

Configuring Ports and Links 6-23


Configuring the Gigabit Ethernet PON Port

Displaying Register Information of ONU

To display parameter settings used for ONU registration, use the following command in
Privileged mode.

Table 6-28 Displaying Register Information of ONU

Command Description

show port epon <slot>/<port>


y <slot>/<port> Slot/Port number of the GE-PON port
discovery

The following example shows how to display the parameter settings.

# show port epon 2/1 discovery


period(msec) window size(byte)
------------ ------------------
1000 16319
#

The table below describes the fields shown by the show port epon discovery command.

Table 6-29 show port epon discovery field description

Field Description

period ONU discovery interval (1000 msec)

window size Time interval to decide whether or not the SLA setting of ONU is allowed

6-24 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Configuring the Link of the Gigabit Ethernet PON Port


The Corecess S5 System searches for ONUs connected with splitter automatically and assigns
LLID (Logical Link Identification) values to each link (or logical link). The LLID is an identifier
to identify link. In case of the downstream frame, the LLID indicates which ONU should be
received the frame. The other hand, in case of the upstream frame, the LLID indicates which
ONU sent the frame.

The Corecess S5 System supports the maximum of three links per an ONU and the maximum of
96 (32x3) per the Gigabit Ethernet PON port.

This section describes the basic configuration of the Gigabit Ethernet PON link and how to
configure the Gigabit Ethernet PON links between the Corecess S5 System and ONUs.

Basic Configuration of the Gigabit Ethernet PON Link


The basic configuration of the Gigabit Ethernet PON link is as follows:

Table 6-30 Basic Configuration of the Gigabit Ethernet PON Link

Item Basic Configuration

Link Status All links are enabled.

Maximum/Minimum Downstream Bandwidth 1000Mbps

Maximum/Minimum Upstream Bandwidth 100Mbps

Configuration status of Processing delay Tolerant

Size of Burst traffic 100KByte

VLAN Mode Simple bridging

Number of MAC Address Entry 64

Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.

Configuring Ports and Links 6-25


Configuring the Link of the Gigabit Ethernet PON Port

Configuring Gigabit Ethernet PON Link


Thos section describes following link configuration:

y Configuring SLA parameters

y Setting encryption key exchange timer

y Adding MAC address

y Block link registration

y Rediscovering link

y Clearing link configuration

Note: If you retrieve the LLID and MAC addresses of the Gigabit Ethernet PON link between the Corecess S5
System and OUNs, use show port epon <slot>/<port> registered-link command in
Privileged mode.

Configuring SLA Parameters

To decide the service level provided to subscribers, the following SLA (Service Level
Agreement) parameters should be configured.

Table 6-31 Type of SLA Parameter

SLA Parameter Description

Minimum Upstream Minimum upstream bandwidth (0 ~ 1000Mbps, default: 100Mbps)


Bandwidth
Downstream Minimum downstream bandwidth (0 ~ 1000Mbps, default: 1000Mbps)

Maximum Upstream Maximum upstream bandwidth (0 ~ 1000Mbps, default: 100Mbps)


bandwidth
Downstream Maximum downstream bandwidth (0 ~ 1000Mbps, default: 1000Mbps)

Processing delay level (sensitive, tolerant)


Delay If data is sensitive for processing delay such as voice, the processing
delay level can be set to sensitive. Then, the data of the link is sent first.

Size of burst traffic (1 ~ 256Kbyte, default: 100Kbyte)


Burst size
Burst traffic is suddenly increased traffic such as Internet traffic.

6-26 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

To configure SLA parameters of the Gigabit Ethernet PON link, use the following command in
Global configuration mode.

Table 6-32 Configuring SLA Parameters

Command Task

configure terminal 1. Enter Global configuration mode.

2. Set SLA parameters of the specified link.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <llid> | y <llid> Proper ID of link
link-mac <link-mac>} y <link-mac> MAC address of link
{down-bw | up-bw} y down-bw Set downstream bandwidth
<min-bandwidth> y up-bw Set upstream bandwidth
<max-bandwidth> y <min-bandwidth> Minimum bandwidth of link (0 ~ 1000Mbps)
delay {sensitive | y <max-bandwidth> Maximum bandwidth of link (0 ~ 1000Mbps)
tolerant} y sensitive Set to be sensitive for processing delay
y tolerant Set not to be sensitive for processing delay

3. Enable SLA parameter of the specified link.


port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> |
y <llid> Proper ID of link
link-mac <link-mac>}
y <link-mac> MAC address of link
{down-bw | up-bw}
y down-bw Enable SLA setting of downstream link.
enable
y up-bw Enable SLA setting of upstream.

end 4. Return to Privileged mode.

5. Verify the configuration result.


show port epon <slot>/ y <slot>/<port> Slot/Port number of the GE-PON port
<port> {link-id <llid> y <llid> Proper ID of link
| link-mac <link-mac>} y <link-mac> MAC address of link
{up-bw | down-bw} y down-bw Display downstream bandwidth.
y up-bw Display upstream bandwidth.

Caution: If the processing delay is set to sensitive, the minimum bandwidth and the maximum bandwidth
should be specified with the same value.

The following example shows how to configure SLA parameters of the specified link on the
Gigabit Ethernet PON port 2/1 and verify the result.

(config)# port epon 2/1 link-id 3700 down-bw 1000 1000 delay sensitive
(config)# port epon 2/1 link-id 3700 down-bw enable
(config)# end
# show port epon 2/1 link-id 3700 down-bw
min bw(Mbps) max bw(Mbps) delay max burst(KByte) state
------------ ------------ --------- ---------------- -------
1000 1000 sensitive 100 enable
#

Configuring Ports and Links 6-27


Configuring the Link of the Gigabit Ethernet PON Port

Note: To clear the SLA parameter setting, use no port epon <slot>/<port> {link-
id|link-mac} {up-bw|down-bw} command.

Setting Encryption Key Exchange Timer

By default, the Corecess S5 System encrypts frames, which communicated through links, using
128bit AES (Advanced Encryption Standard) algorithm, and the encryption key exchange timer
is not set.

To set the encryption key exchange timer for 128bit AES, use the following command in Global
configuration mode.

Table 6-33 Setting Encryption Key Exchange Timer

Command Task

configure terminal 1. Enter Global configuration mode.


2. Set Encryption Key Exchange Timer of the specified link.
port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> |
y <llid> Proper ID of link
link-mac <link-mac>}
y <link-mac> MAC address of link
encrypt key-exchange-timer
y <second> Encryption Key Exchange Time (1 ~ 65535
<second>
second)
end 3. Return to Privileged mode.

show port epon <slot>/ 4. Verify the configuration result.


<port> {link-id <llid> | y <slot>/<port> Slot/Port number of the GE-PON port
link-mac <link-mac>} y <llid> Proper ID of link
key-exchange-timer y <link-mac> MAC address of link

The following example shows how to set the encryption key exchange timer to 10 seconds for
the specified link whose ID is 3700 on the Gigabit Ethernet PON port 2/1.

(config)# port epon 2/1 link-id 3700 encrypt key-exchange-timer 10


(config)# end
# show port epon 2/1 link-id 3700 key-exchange-timer
AES key exchange timer : 10
#

6-28 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Adding MAC Address

The following table describes how to add a static MAC address to a particular link.

Table 6-34 Adding MAC Address

Command Task

configure terminal 1. Enter Global configuration mode.


port epon <slot>/<port> 2. Add a MAC address to a particular link.
{link-id <llid> | y <slot>/<port> Slot/Port of the GE-PON port
link-mac <link-mac>} y <llid> Proper ID of link
mac-address static y <link-mac> MAC address of link
<mac-address> y <mac-address> MAC address added to the link
end 3. Return to Privileged mode.

show port epon <slot>/ 4. Verify the configuration result.


<port> {link-id <llid> | y <slot>/<port> Slot/Port number of the GE-PON port
link-mac <link-mac>} y <llid> Proper ID of link
mac-address static y <link-mac> MAC address of link

The following example shows how to add a static MAC address to the specified link whose ID
is 3700 on the Gigabit Ethernet PON port 2/1.

(config)# port epon 2/1 link-id 3700 mac-address static 00:90:fe:22:62:52


(config)# end
# show port epon 2/1 link-id 3700 mac-address static
mac address
-----------------
00:90:fe:22:62:52
#

Configuring Ports and Links 6-29


Configuring the Link of the Gigabit Ethernet PON Port

Blocking Link Registration

To block the transmission of the user traffic through a particular link of the Gigabit Ethernet
PON port, set the link not to be registered to the port.

To set a particular link not to be registered to the Gigabit Ethernet PON port, use the following
command in Global configuration mode.

Table 6-35 Controlling Link Registration

Command Task

configure terminal 1. Enter Global configuration mode.

2. Set the link not to be registered to the port.


port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> |
y <llid> Proper ID of link
link-mac <link-mac>} block
y <link-mac> MAC address of link

end 3. Return to Privileged mode.

show port epon <slot>/ 4. Verify the configuration result.


<port> block-link y <slot>/<port> Slot/Port number of the GE-PON port

The following example shows how to set the link not to be registered to the Gigabit Ethernet
PON port 2/1 and verify the result:

(config)# port epon 2/1 link-id 3702 block


(config)# end
# show port epon 2/1 block-link
mac address
-----------------
54:4b:37:01:1a:03
#

Note: To set a particular link to be registered to the port, execute no port epon <slot>/<port>
{link-id <llid> | link-mac <link-mac>} block command in Global configuration
mode.

6-30 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Rediscovering Links

To rediscover a particular link, use the following command in Global configuration mode.

Table 6-36 Rediscovering Links

Command Description

port epon <slot>/<port>


y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> |
y <llid> Proper ID of link
link-mac <link-mac>}
y <link-mac> MAC address of link
rediscovery

The following example shows how to rediscover a particular link on the Gigabit Ethernet PON
port 2/1:

(config)# port epon 2/1 link-id 3702 rediscovery


(config)#

Clearing Link Configuration

To clear configuration information (VLAN mode, SLA parameter setting and so on) configured
on a particular link, use the following command in Global configuration mode.

Table 6-37 Clearing Link Configuration

Command Description

clear port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> | link-mac y <llid> Proper ID of link
<link-mac>} provision y <link-mac> MAC address of link

The following example shows how to clear the configuration information of the link whose ID
is 3701 on the Gigabit Ethernet PON port 2/1:

(config)# clear port epon 2/1 link-id 3701 provision


(config)#

Configuring Ports and Links 6-31


Configuring the Link of the Gigabit Ethernet PON Port

Configuring Bridging Mode of Link


The Corecess S5 System supports the bridging function based on MAC, VLAN and Layer 3. You
can apply the flexible security policy to the various applications with the bridging function.

The Corecess S5 System provides dynamic or static MAC-based filtering and packet
classification function. The Corecess S5 System also supports several links (or logical links).
VLAN can be applied to several links which consist of a link or a broadcast domain (Shared
VLAN group). The Shared VLAN group works as a virtual bridge and is effective for multi-
service which provides reliable quality to each service. The downstream bridging is decided
depending on a VLAN or a combination of IPv4 TOS and DA fields.

The Corecess S5 System supports the maximum of three links per an ONU, which connected to
the Gigabit Ethernet PON port. Each link can be consisted of a bridging mode and be managed
independently. All ONU can classify packets by the filtering rule and send the classified packets
by the priority of queue.

The Gigabit Ethernet PON link of the Corecess S5 System can be consisted of nine types of the
bridging mode as follows:

y Simple Bridge

y Single VLAN

y Double-vlan

y Shared-vlan

y Transparent VLAN

y Translated-vlan

y Priority-vlan

y Priority-shared-vlan

y Cross-connect

This section describes how to configure various bridging modes on the Gigabit Ethernet PON
link.

6-32 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Configuring Simple Bridge

In the Simple bridge mode, the Corecess S5 System works as a bridge, and ports are dividesd
into two types as follows:

y Network-side port: connects the Corecess S5 System to an upstream device such as an edge router or a
switch.

y User-side port: corresponds to LLID (Logical Link ID).

In the Simple bridge mode, an upstream frame can have a VLAN tag, but the system ignores the
VLAN tag. And a downstream frame has the VLAN tag also is dropped. The Simple bridge is
appropriate for applications that use the normal Ethernet bridge.

Upstream
A frame arrived to user-side ports is only forwarded to a network-side ports by their
destination address. At this moment, if the frame has destination addresses learnt from other
user-side port, the frame is droped. And, if the frame has a destination address which is not in
the address table, the frame is flooded to all network-side ports.

Corecess 3804T ONU - A


Port 1

EPON 0 Queue 0 Port 2


Link 0 UNI
Link 1 Port 3
Queue 1
Corecess S5 OLT
Port 4
EPON 0
Link 0
Uplink 1 Link 1
Link 2
Link 3 Corecess 3804T ONU - B
Port 1

EPON 0 Queue 0 Port 2


Link 2 UNI
Link 3 Port 3
Queue 1
Port 4

Configuring Ports and Links 6-33


Configuring the Link of the Gigabit Ethernet PON Port

Downstream
A frame arrived to a network-side port is only forwarded to a user-side port. At this moment, if
the fame has a destination address which is not in the address table, the fame is flooded to all
network-side ports. When the fame is flooded to all user-side ports, the broadcast LLID is used.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0 Port 2


Link 0 UNI
Link 1 Queue 1 Port 3
Broadcast
Corecess S5 OLT
Flooding Port 4
EPON 0
Link 0
Uplink 1 Link 1
Link 2
Link 3 Corecess 3804T ONT - B
Broadcast Port 1

EPON 0 Queue 0 Port 2


Link 2 UNI
Link 3 Queue 1 Port 3
Broadcast
Flooding Port 4

By default, the Simple bridge mode is set on the Gigabit Ethernet PON link of the Corecess S5
System. To configure the Simple bridge mode on a particular Gigabit Ethernet PON link, use
the following command.

Table 6-38 Configure Simple bridge Mode

Command Description

Set a link to Simple bridge mode.


port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> |
y <llid> Proper ID of link
link-mac <link-mac>}
y <link-mac> MAC address of link
bridge-mode normal-brg
y <number> Maximum number of MAC address learnt form
<number>
link (0 ~ 64)

The following example shows how to configure the 3700 link of the Gigabit Ethernet PON port 2/1
to Simple Bridge mode and verify the result.

(config)# port epon 2/1 link-id 3700 bridge-mode normal-brg 64


(config)# end
# show port epon 2/1 link-id 3700 bridge-mode

6-34 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

mode mac entry


--------------------------- ---------
simple bridge 64
#

Configuring Transparent VLAN

In Transparent VLAN mode, the VLAN tag information of all forwarded frames is maintained.
Transparent VLAN mode is appropriate for applications that users use their own VLAN tag
value.

Upstream
Since downstream bridging is only decided by VID, it does not need to learn a destination
address of a upstream frame. All upstream frames arrived on links, which consist of transparent
VLAN, are forwarded.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0 Port 2


Link 0 UNI
Link 1 Port 3
Queue 1
Corecess S5 OLT
Port 4
EPON 0
Link 0
Uplink 1 Link 1
Link 2
Link 3 Corecess 3804T ONT - B
Port 1

EPON 0 Queue 0 Port 2


Link 2 UNI
Link 3 Port 3
Queue 1
Port 4

Configuring Ports and Links 6-35


Configuring the Link of the Gigabit Ethernet PON Port

Downstream
In Transparent VLAN, each link supports the maximum of 62 VLAN tags. When a downstream
frame that has tag value is arrived on the OLT’s uplink port, the OLT compares tag value of the
frame with tag value configured by a host, then OLT forwards the frame through the
Transparent VLAN link which has the same VID value. If a downstream frame does not have
tag value, OLT drops the downstream frame.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0 Port 2


Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
VID=2000
Port 4
EPON 0
VID Link
VID=2000
2000
Link 0
Uplink 1 2001 VID=2010
VID=2010 Corecess 3804T ONT - B
2010
Link 1 Port 1
2003
VID=2004
2004 VID=2004 EPON 0
Link 2 Port 2
2020 Link 2 Queue 0
UNI
Port 3

Port 4

To configure Transparent VLAN mode on the Gigabit Ethernet PON link, use the following
command in Global configuration mode.

Table 6-39 Configuring Transparent VLAN mode

Command Task

1. Configure a link to Transparent VLAN mode.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <llid> | link-mac y <llid> Proper ID of the link
<link-mac>} bridge-mode y <link-mac> MAC address of the link
transparent <number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)
2. Set tag value of the link.
port epon <slot>/<port>
y <slot>/<port> Slot/Port of the GE-PON port
{link-id <llid> | link-mac
y <llid> Proper ID of the link
<link-mac>} tag-map
y <link-mac> MAC address of the link
transparent <vlan-id>
y <vlan-id> tag value of the link (VLAN ID)

The following example shows how to configure the 3700 link of the Gigabit Ethernet PON port 2/1
to Transparent VLAN mode and verify the result.

6-36 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

(config)# port epon 2/1 link-id 3700 bridge-mode transparent 64


(config)# port epon 2/1 link-id 3700 tag-map transparent 2000
(config)# end
# show port epon 2/1 link-id 3700 bridge-mode
mode mac entry
--------------------------- ---------
transparent vlan 64
#

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

Configuring Single VLAN

Single VLAN mode removes a user defined VLAN tag before adding VLAN tag provided from
the network. Unlike Transparent VLAN mode, Single VLAN mode allows the network
administrator can control VLAN tags inserted to the core network.

Upstream
When a tagged upstream frame is arrived on the link configured Single VLAN, the frame is
forwarded after the tag is removed. If a tagged upstream frame has over one VLAN tag, the
outermost tag (the nearest tag of Layer 2 Source Address)is only removed. An upstream frame
that does not have a tag is simply forwarded.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4
VID=5
EPON 0
VID=2000 VID Link
2000 Link 0
Uplink 1 VID=2010 2010 Link 1
Corecess 3804T ONT - B
2004 Link 2
VID=2004 Port 1

EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3

Port 4

Configuring Ports and Links 6-37


Configuring the Link of the Gigabit Ethernet PON Port

Downstream
If a tagged downstream frame is matched with a link configured to Single VLAN, the frame is
received by the uplink port of the OLT, and the tag is removed before the frame is forwarded to
the link. An untagged downstream frame is discarded.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0 Port 2


Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4

EPON 0
ID=2000 VID Link
2000 Link 0
Uplink 1 ID=2010 2010 Link 1
Corecess 3804T ONT - B
2004 Link 2 Port 1
ID=2004

EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3

Port 4

To configure the Gigabit Ethernet PON link to Single VLAN mode, use the following command
in Global configuration mode.

Table 6-40 Configuring Single VLAN

Command Task

1. Configure the link to Single VLAN mode.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} bridge-mode single y <link-mac> MAC address of the link
<number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)

2. Set tag value of the link.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} tag-map single y <link-mac> MAC address of the link
<vlan-id> <priority> y <vlan-id> tag value of the link (VLAN ID)
y <priority> packet priority (0 ~ 7, 0 is the highest priority)

The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Single VLAN mode and verify the result.

6-38 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

(config)# port epon 2/1 link-id 3701 bridge-mode single 64


(config)# port epon 2/1 link-id 3701 tag-map single 2000 0
(config)# end
# show port epon 2/1 link-id 3701 bridge-mode
mode mac entry
--------------------------- ---------
single vlan 64
#

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

Configuring Double VLAN

Since Double VLAN mode maintains VLAN tag information that a user specifies, data of an
uplink port have over two VLAN tags. One is provided by the network, and another is specified
by a user. The outermost tag (the nearest tag of Ethertype field), assigned by the network, can
controls switching and traffic engineering. The other hand, the nearested tag, assigned by a
user, should be configured how to process it. In case of upstream, the tag is added by OLT. The
other hand, in case of downstream, the tag is discarded before transmited to subscribers.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4
VID=5
EPON 0
VID=2000, VID=5 VID Link
2000 Link 0
Uplink 1 VID=2010 2010 Link 1
Corecess 3804T ONT - B
2004 Link 2
VID=2004 Port 1

EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3

Port 4

Configuring Ports and Links 6-39


Configuring the Link of the Gigabit Ethernet PON Port

To configure a particular link to Double VLAN mode, use the following command in Global
configuration mode.

Table 6-41 Configuring Double VLAN

Command Task

1. Configure the link to Double VLAN mode.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} bridge-mode y <link-mac> MAC address of the link
double <number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)

2. Set tag value of the link.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} tag-map double y <link-mac> MAC address of the link
<vlan-id> <priority> y <vlan-id> tag value of the link (VLAN ID)
y <priority> packet priority (0 ~ 7, 0 is the highest priority)

The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Double VLAN mode and verify the result.

(config)# port epon 2/1 link-id 3701 bridge-mode double 64


(config)# port epon 2/1 link-id 3701 tag-map double 2000 0
(config)# end
# show port epon 2/1 link-id 3701 bridge-mode
mode mac entry
--------------------------- ---------
double vlan 64
#

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

6-40 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Configuring Shared VLAN

Shared VLAN mode works as a virtual bridge, which divides PON to several broadcast
domain. Each broadcast domain consists of at least one link.
Shared VLAN mode can divide PON based on service types. For example, One Shared VLAN
can be used exclusively for voice traffic, and another VLAN can be used exclusively for data
service.
If a particular link is configured as Shared VLAN mode, the link is added to the Shared VLAN,
and a VLAN tag is assigned. All links configured the Shared VLAN with the same VLAN ID are
said to be members of the same Shared VLAN multicast group. Each Shared VLAN has a
broadcast channel, and the broadcast channel can isolate broadcast traffic of the same group
member from broadcast traffic of other links. There is no bound on the number of links
configured as a Shared VLAN, but two links with the same destination UNI port can not be
included in the same Shared VLAN.
Filtering and classification on OLT and ONU are used to support an additional security
function.

Upstream
When an upstream frame is received on a link of Shared VLAN, the OLT adds a VLAN tag
before forwarding the frame to the core network. OLT learns the destination address of the
upstream frame as dynamic MAC address filtering rule for downstream bridging.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4
EPON 0
VID=1
Link 0
VID=2 Link 1
Uplink 1
VID=1 Link 2
Corecess 3804T ONT - B
Link 3
VID=2 Port 1

EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1

Port 4

Configuring Ports and Links 6-41


Configuring the Link of the Gigabit Ethernet PON Port

Downstream
A tagged downstream frame identifying a Shared VLAN group is received by the OLT’s uplink
port, and the tag is removed before forwarding the frame. A downstream frame which can not
identify the destination address is broadcasted to Shared VLAN. These frames are forwarded to
all links of the Shared VLAN group, but are not forwarded to other links. If there is a certain
destination address, the frames are forwarded to the link.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT Multicast0
Multicast1 Port 4
EPON 0
VID=1 Link 0
VID=2
Link 1
Link 2
Uplink 1 VID=1
VID=2
Link 3
Corecess 3804T ONT - B
Multicast 0
VID=1 Port 1
Multicast 1
VID=2
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Multicast0
Multicast1 Port 4

To configure a particular link as Shared VLAN mode, use the following command in Global
configuration mode.

Table 6-42 Configuring Shared VLAN

Command Task

1. Configure the link to Shared VLAN mode.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} bridge-mode share y <link-mac> MAC address of the link
<number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)

2. Set tag value of the link.


port epon <slot>/<port>
y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac
y <llid> Proper ID of the link
<mac>} tag-map share <vlan-
y <link-mac> MAC address of the link
id>
y <vlan-id> tag value of the link (VLAN ID)

6-42 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Shared VLAN mode and verify the result.

(config)# port epon 2/1 link-id 3701 bridge-mode share 64


(config)# port epon 2/1 link-id 3701 tag-map share 2000
(config)# end
# show port epon 2/1 link-id 3701 bridge-mode
mode mac entry
--------------------------- ---------
shared vlan 64
#

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

Configuring Ports and Links 6-43


Configuring the Link of the Gigabit Ethernet PON Port

Configuring Translated VLAN

Translated VLAN mode is used when the uniqueness of VLAN tags used by subscribers
connected to one EPON cannot be guaranteed, for example, in the case when VLAN tag values
are selected by the subscribers themselves. In Translated VLAN mode, an OLT changes a user
tag and unique LLID to 2-tuple and a network VLAN tag for each upstream frame. OLT also
changes a network VLAN to a user VLAN tag and a unique LLID for downstream frames.

Upstream
A tagged upstream frame is arrived on a user-side port, the OLT changes a non-unique tag to a
unique VLAN tag using the original VLAN tag and LLID field of the arrived frame. An
untagged upstream frame is discarded.

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0 Port 2


Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
EPON 0 VID=1
Port 4
Translations Link
2001 2000 Link
VID=2000 1 2 0
2003 2010 Link VID=1
Uplink 1 VID=2010
1 2 1
Corecess 3804T ONT - B
VID=2020 2004 2020 Link
Port 1
3 4 2
EPON 0 Port 2
VID=4 Link 2 Queue 0
UNI
LLID .. 8100 4 Port 3

Port 4

Downstream
When an untagged downstream frame is received to an uplink port of OLT, the OLT changes
VLAN tag value to a new non-unique value which a user use, then selects each user-side port
based on the VLAN tag value of the frame. An untagged downstream frame is discarded.

6-44 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0 Port 2


Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
EPON 0 VID=1
Port 4
Net User Link
VID VID
VID=2000 2000 1 Link
2001 2 0 VID=1
Uplink 1
VID=2010 2010 1 Link
Corecess 3804T ONT - B
2003 2 1
Port 1
VID=2004 2004 3 Link
2020 4 2 User VID=3 EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3

Port 4

To configure the Gigabit Ethernet PON link to Translated VLAN mode, use the following
command in Global configuration mode.

Table 6-43 Configuring Translated VLAN

Command Task

1. Configure the link to Translated VLAN mode.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} bridge-mode y <link-mac> MAC address of the link
translate <number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)
2. Set tag value of the link.
port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} tag-map translate y <link-mac> MAC address of the link
<vlan-id> <trans-vlan-id> y <vlan-id> tag value of the link (VLAN ID)
y <trans-vlan-id> tag value after changing (VLAN ID)

The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Translated VLAN mode and verify the result.

(config)# port epon 2/1 link-id 3701 bridge-mode translate 64


(config)# port epon 2/1 link-id 3701 tag-map translate 2000 1
(config)# end
# show port epon 2/1 link-id 3701 bridge-mode

Configuring Ports and Links 6-45


Configuring the Link of the Gigabit Ethernet PON Port

mode mac entry


--------------------------- ---------
translated vlan 64
#

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

Configuring Priority VLAN

Priority VLAN mode uses the VID carried by the downstream frame to select a ONU and the
802.1p priority (VLAN CoS) field or IPv4 ToS field to select a particular link of that ONU. This
mode allows mapping of user-side priority information, such as the IP-precedence or TOS field,
into each link. The service class on network-side is decided depending on the VLAN priority.

Note: Links which is in the same ONU use the same VID values.

In downstream, switching is executed in two steps. The first step is that the VID is used to select
a link group. The second step is that the priority field is used to select the specific link of the
selected link group. The priority can be a value or continuous range of priority value such as (3
~ 5).

Note: If IPv4 ToS is used, one link should be configured to transmit non-IP (non ToS) frames. The link should be
only used for this purpose. This link normally has the lowest priority link and is only used for data
communication.

In upstream, the link which the frame is arrived is used to select VLAN tag (VID or upstream
CoS value). Upstream user tag is removed before forwarding similar to Single VLAN. A range
of priority value can be used in downstream, but only one priority field is used to select the
VLAN.

6-46 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

To configure the Gigabit Ethernet PON link as Priority VLAN mode, use the following
command in Global configuration mode.

Table 6-44 Configuring Priority VLAN

Command Task

configure terminal 1. Enter Global configuration mode.

2. Configure a link as Priority VLAN.


port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of link
<mac>} bridge-mode priority y <link-mac> MAC address of link
<number> y <number> Maximum number of MAC address learnt form
link (0 ~ 64)

(Continued)

Configuring Ports and Links 6-47


Configuring the Link of the Gigabit Ethernet PON Port

Command Task

3. Set tag value of link.


y <slot>/<port> Slot/Port of the GE-PON port
y <llid> Proper ID of link
port epon <slot>/<port>
y <link-mac> MAC address of link
{link-id <id> | link-mac
y <vlan-id> tag value of link (VLAN ID)
<mac>} tag-map priority
y <us-value> Upstream CoS value (0 ~ 7)
<vlan-id> <us-value> mode
y cos Use CoS as priority field.
{cos | tos} range <range>
y tos Use ToS as priority field.
non-tos {enable | disable}
y <range> range of priority value
y enable transmit packet which does not have ToS field.
y disable Do not transmit which does not have ToS.

end 4. Enter Privileged node

show port epon 5. Verify the configuration result.


<slot>/<port> {link-id y <slot>/<port> Slot/Port of the GE-PON port
<llid> | link-mac y <llid> Proper ID of link
<link-mac>} pri-vlan-config y <link-mac> MAC address of link

Caution: If the three links which connected with a particular ONU are all configured as Priority VLAN, send-
non-tos field should be enabled in at least one link to transmit packets which do not have ToS field.

The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Priority VLAN mode and verify the result.

(config)# port epon 2/1 link-id 3700 bridge-mode priority 64


(config)# port epon 2/1 link-id 3700 bridge-mode priority 2 1 mode cos range 0-
1 non-tos enable
(config)# end
# show port epon 1/1 link-id 3700 pri-vlan-config
vid up-cos pri-mode min-pri max-pri tx-non-TOS mode
----- ------ -------- ------- ------- ---------------
2 1 cos 0 1 enable
#

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

6-48 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Configuring Priority Shared VLAN

Priority Shared VLAN mode is similar to Shared VLAN mode except that all bits of the VLAN
tag are used to specify a VLAN as Priority VLAN. The VID is used to select a group of ONUs in
Priority Shared VLAN. The 802.1p priority field (CoS) is used to select a group of ONUs, and
IPv4 ToS field can be used as VLAN CoS.

In Priority Shared VLAN mode, IPv4 ToS is used for downstream bridging, and VLAN address
space is maintained using priority value which is used to identify a domain. Downstream
bridging can be decided as specifying the range in the case of IPv4 ToS value.

Note: If a particular link is configured as Priority VLAN mode, Check the priority range(0~7) for each VLAN.
For example, if a link of Priority Shared VLAN is configured as follows,

Link ID VLAN Min Priority Max Priority


1 10 0 3
2 10 4 6

The traffic of VLAN 10 is not allowed because VLAN 10 and Priority 7 is not configured in any link. At this
occasion, the configuration should be changed to include all priority range as follows:.

Case 1:

Link ID VLAN Min Priority Max Priority


1 10 0 3
2 10 4 7
Case 2:

Link ID VLAN Min Priority Max Priority


1 10 0 3
2 10 4 6
3 10 7 7

Upstream
In upstream, links are associated with a particular VLAN depending on a combination of VID
and CoS value. When a frame is arrived on a link that is configured in Priority Shared VLAN,
the OLT inserts a VLAN tag that is the combination of the upstream CoS and VID value. The
OLT, as Shared VLAN mode, learns the L2 source address of upstream frames for dynamic
MAC filtering downstream.

Configuring Ports and Links 6-49


Configuring the Link of the Gigabit Ethernet PON Port

Corecess 3804T ONT - A


Port 1

EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4

VID=1, CoS=0 EPON 0


Link 0
VID=1, CoS=1 Link 1
Uplink 1
VID=1, CoS=0 Link 2
Corecess 3804T ONT - B
Link 3
VID=1, CoS=1 Port 1

EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1

Port 4

Downstream
In downstream, forwarding decision is more complicated. The VID which is transmitted by the
frame is used to decide a subset of ONU UNI ports. The priority field (IPv4 ToS or VLAN CoS)
is used to select a smaller subset of link from the subset of UNI ports. The Layer 2 destination
address is used to select a particular link within the VLAN to forward the frame. If the
destination address is not learnt, the frame is broadcasted on the VLAN.

Note: There should be no links that have the same ONU UNI port in the same Shared VLAN.

Note: When the Priority Shared VLAN is configured, all LLID groups that have the same VID should be
configured such that they do not have the matching or overlapping priority ranges. Downstream forwarding is
decided by VID (or CoS) and ToS value. If LLID groups have the same priority, it can cause unexpected result.
Furthermore, all priority value within the downstream (ToS or CoS) range should be defined.

Note: If IPv4 ToS is used as the priority field, one link should be configured for forwarding non-IP frame. At this
time, this is usually the lowest priority link, and dedicates to data communications. To allow a link to forward
non-IP frames, the Tx-Non-ToSFrame option should be set to 1.

6-50 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Corecess 3804T ONU - A


Port 1

EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Multicast0
Corecess S5 OLT
Multicast1 Port 4
EPON 0
VID=1, Pri=0 Link 0
VID=1, Pri=1
Link 1
Link 2
Uplink 1 VID=1, Pri=0
VID=1, Pri=0
Link 3
Corecess 3804T ONU - B
Multicast 0
VID=1, Pri=0 Port 1
Multicast 1
VID=1, Pri=1
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Multicast0
Multicast1 Port 4

To configure the Gigabit Ethernet PON link as Priority Shared VLAN mode, use the following
command in Global configuration mode.

Table 6-45 Configuring Priority Shared VLAN

Command Task

configure terminal 1. Enter Global configuration mode


2. Configure a link as Priority Shared VLAN.
port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <id> | link-mac y <llid> Proper ID of link
<mac>} bridge-mode pri- y <link-mac> MAC address of link
share <number> y <number> Maximum number of MAC address learnt form
link (0 ~ 64)
3. Set tag value of link.
y <slot>/<port> Slot/Port of the GE-PON port
y <llid> Proper ID of link
port epon <slot>/<port>
y <link-mac> MAC address of link
{link-id <id> | link-mac
y <vlan-id> tag value of link (VLAN ID)
<mac>} tag-map pri-share
y <us-value> Upstream CoS value (0 ~ 7)
<vlan-id> <us-value> mode
y cos Use CoS as priority field.
{cos | tos} range <range>
y tos Use ToS as priority field.
non-tos {enable | disable}
y <range> range of priority value
y enable transmit packet which does not have ToS field.
y disable Do not transmit which does not have ToS.
end 4. Enter Privileged node.
show port epon 5. Verify the configuration result.
<slot>/<port> {link-id y <slot>/<port> Slot/Port of the GE-PON port
<llid> | link-mac y <llid> Proper ID of link
<link-mac>} pri-vlan-config y <link-mac> MAC address of link

Configuring Ports and Links 6-51


Configuring the Link of the Gigabit Ethernet PON Port

Caution: If the three links which connected with a particular ONU are all configured as Priority VLAN, send-
non-tos field should be enabled in at least one link to transmit packets which do not have ToS field.

The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Priority Shared VLAN mode and verify the result.

(config)# port epon 2/1 link-id 3701 bridge-mode pri-share 64


(config)# port epon 2/1 link-id 3701 bridge-mode pri-share 2 1 mode cos range
0-1 non-tos enable
(config)# end
# show port epon 1/1 link-id 3701 pri-vlan-config
vid up-cos pri-mode min-pri max-pri tx-non-TOS mode
----- ------ -------- ------- ------- ---------------
2 1 cos 0 1 enable
#

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

6-52 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Connection Two Links (Cross-connect Mode)

In Cross-connect mode, two links are connected each other. Upstream traffic from one link is
switched to the downstream of the other link, and vice versa. None of the traffic from the cross-
connected links appears on the uplink side of the OLT. Only the two links involved in the cross-
connect can see the traffic.

Cross-connect mode is useful to create VPN pipe between two ONUs on the same PON.

To connect two Gigabit Ethernet PON links each other, use the following command in Global
configuration mode.

Table 6-46 Connecting two links

Command Task

configure terminal 1. Enter Global configuration mode.


2. Connect two links each other.
port epon <slot>/<port>
y <slot>/<port> Slot/Port of the GE-PON port
{link-id <llid> | link-mac
y <llid> Proper ID of link
<mac>} bridge-mode cross-
y <link-mac> MAC address of link
connect
y <connect-llid> Proper ID of two links
End 3. Enter Privileged mode.

show port epon <slot>/ 4. Verify the configuration result.


<port> {link-id <llid> | y <slot>/<port> Slot/Port of the GE-PON port
link-mac <link-mac>} y <llid> Proper ID of link
bridge-mode y <link-mac> MAC address of link

Configuring Ports and Links 6-53


Configuring the Link of the Gigabit Ethernet PON Port

The following example shows how to connect two Gigabit Ethernet PON links 2/1 each other and
verify the result.

(config)# port epon 2/1 link-id 3700 bridge-mode cross-connect


(config)# end
localhost# show port epon 2/1 link-id 3701 bridge-mode
mode mac entry
--------------------------- ---------
link cross-connet 0

Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).

6-54 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Monitoring Link Information


This section describes how to monitor link information of the Gigabit Ethernet PON port.

y Displaying bridging mode information

y Displaying VLAN tag information

y Displaying bandwidth information

y Displaying statistics information

Displaying Bridging Mode Information

To display bridging mode information of logical link, use the following command in Privileged
mode.

Table 6-47 Displaying Bridging Mode Information

Command Description

show port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port


{link-id <llid> | link-mac y <llid> Proper ID of link
<link-mac>} bridge-mode y <link-mac> MAC address of link

The following example shows how to display bridging mode information of 3700 link on the
Gigabit Ethernet PON port 2/1.

# show port epon 2/1 link-id 3700 bridge-mode


mode mac entry
--------------------------- ---------
simple bridging 64
#

Configuring Ports and Links 6-55


Configuring the Link of the Gigabit Ethernet PON Port

Displaying VLAN Tag Information

To display VLAN tag information of link, use the following command in Privileged mode.

Table 6-48 Displaying VLAN Tag Information

Command Description

show port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port


{link-id <llid> | link-mac y <llid> Proper ID of logical link
<link-mac>} tag-map y <link-mac> MAC address of logical link

The following example shows how to display VLAN tag information of 3700 link on the Gigabit
Ethernet PON port 2/1.

# show port epon 2/1 link-id 3700 tag-map


vlan id translated vlan 802.1p
------- --------------- ------
2000 0 0
2 0 1
#

The table below describes the fields shown by the show port epon link-id tag-map
command.

Table 6-49 show show port epon link-id tag-map field decryption

Field Description

vlan id VLAN ID that the link is included

translated vlan When link is configured as translated VLAN, tag value to be changed.

802.1p 802.1p priority value

6-56 Corecess S5 System User's Guide


Configuring the Link of the Gigabit Ethernet PON Port

Displaying Bandwidth Information

To display bandwidth information of a logical link, use the following command in Privileged
mode.

Table 6-50 Displaying Bandwidth Information

Command Description

y <slot>/<port> Slot/Port of the GE-PON port


show port epon <slot>/<port>
y <llid> Proper ID of link
{link-id <llid> | link-mac
y <link-mac> MAC address of link
<link-mac>} {up-bw | down-
y up-bw Display upstream bandwidth information.
bw}
y down-bw Display downstream bandwidth information.

The following example shows how to display downstream bandwidth information of 3700 link
on the Gigabit Ethernet 2/1.

# show port epon 2/1 link-id 3700 down-bw


min bw(Mbps) max bw(Mbps) delay max burst(KByte) state
------------ ------------ --------- ---------------- -------
1000 1000 tolerant 100 enable
#

The table below describes the fields shown by the show port epon link-id command.

Table 6-51 show show port epon link-id field description

Field Description

Min bw (Mbps) Minimum bandwidth of link (0 ~ 1000Mbps)

Max bw (Mbps) Maximum bandwidth of link (0 ~ 1000Mbps)


Configuration status of processing delay
delay - sensitive : Set to be sensitive for processing delay
- tolerant : Set not to be sensitive for processing delay
max burst(KByte) Maximum burst traffic size of link

state Operating status of link

Configuring Ports and Links 6-57


Configuring the Link of the Gigabit Ethernet PON Port

Displaying Statistics Information

To display statistics information of link, use the following command in Privileged mode.

Table 6-52 Displaying Statistics Information

Command Description
y <slot>/<port> Slot/Port number of the GE-PON port
show port epon <slot>/<port>
y <llid> Proper ID of logical link
{link-id <llid> | link-mac
y <link-mac> MAC address of logical link
<link-mac>} counter
y upstream Display upstream statistics information.
{upstream | downstream}
y downstream Display downstream statistics information.

The following example shows how to display downstream statistics information of 3700 link on
the Gigabit Ethernet PON port 2/1.

# show port epon 2/1 link-id 3700 counter downstream


octects packet unicast
-------------------- -------------------- --------------------
455,988 5,846 5,846

broadcast multicast crc-error discard


-------------------- -------------------- -------------------- --------------
0 0 0 0
#

The table below describes the fields shown by the show port epon link-id counter
command.

Table 6-53 show show port epon link-id counter field description

Field Description

octets Number of octets

packet Number of packets

unicast Number of unicast packets

broadcast Number of broadband packets

multicast Number of multicast packets

crc-error Number of packet which happen to CRC error

discard Number of discarded packet

6-58 Corecess S5 System User's Guide


Configuring ONU

Configuring ONU
This section describes configuration of an ONU (Optical Network Unit) which is connected to
the Gigabit Ethernet PON port and how to configure and monitor an ONU.

Basic Configuration of ONU


By default, the ONU is configured as follows:

Table 6-54 Basic Configuration of ONU

Item Basic Configuration

Operation Status All enable status

x Number of link : 3
x Number of queue : 7
Upstream Queue
x Number of used queue : 1 (Queue-0)
x Size of used queue : 30Kbyte (Queue-0)

x Number of queue : 7
Downstream Queue x Number of used queue : 1 (Queue-0)
x Size of used queue : 22Kbyte (Queue-0)

x Operation status : All port are enabled


x Transfer speed : 100Mbps
Ethernet Port Configuration
x Transfer mode : full duplex
x Flow control : Off
Maximum Number of MAC
64
Address

Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.

Configuring Ports and Links 6-59


Configuring ONU

Configuring ONU
This section describes ONU configuration.

y Setting enable status

y Configuring upstream queue

y Configuring downstream queue

y Specifying packet classification and forward queue

y Configuring Ethernet port

y Specifying number of maximum MAC address

y Clearing MAC address

y Restoring configuration

y Resetting ONU

y Upgrading firmware

Setting Enable Status

By default, the ONU which is connected to the Gigabit Ethernet PON port is configured to be
operated. To change the operation status, use the following command in Global configuration
mode.

Table 6-55 Setting Enable Status

Command Description

y <slot>/<port> Slot/Port number of the GE-PON port


port epon <slot>/<port> y <index> Index number of ONU
onu {index <index> | mac y <mac> MAC address of ONU
<mac>} disable {epon-side y disable Disable the specified side of ONU.
| user-side} y epon-side Connect E-PON OLT side.
y user-side Connect user network side.

The following example shows how to configure E-PON side of the number 1 ONU not to
operate on the Gigabit Ethernet PON port 2/1.

(config)# port epon 2/1 onu index 1 disable epon-side

6-60 Corecess S5 System User's Guide


Configuring ONU

(config)#

The following example shows how to configure E-PON side of the number 1 ONU to operate on
the Gigabit Ethernet PON port 2/1.

(config)# no port epon 2/1 onu index 1 disable epon-side


(config)#

Configuring Permission Mode

You can register ONUs that have particular MAC addresses on the permission mode. The MAC
addresses are set through CLI. The Permission mode cannot be applied to a particular slot or
port, but only the whole system. To change to the permission mode, no ONUs are registered to
the Corecess S5 System.

To configure the permission mode and register ONUs that have particular MAC addresses,
execute the following tasks:

Table 6-56 Configuring Permission Mode

Command Task

configure terminal 1. Enter Global configuration mode.

onu-permission-mode on 2. Change to the Permission mode.

3. Register MAC address.


port epon <port>/<slot>
y <slot>/<port> Slot/Port number of the GE-PON port
permit <mac>
y <mac> MAC address that is registered

show port epon <slot>/ 4. Verify the configuration.


<port> permit y <slot>/<port> Slot/Port number of the GE-PON port

Note: If there is registered ONU when onu-permission-mode on command, “% X/X has


registered ONU” message is displayed, and the Corecess S5 System cannot be changed to the
permission mode. Also, If port epon permit command is executed when the Corecess S5 System is not
in the permisiion mode, “%NOT ONU permission mode” message is displayed.

The following example shows how to regiter an ONU that has address of 00:90:a3:15:04:a1 and
verify the result.

# configure terminal
(config)# onu-permission-mode on
(config)# port epon 1/1 permit 00:90:a3:15:04:a1

Configuring Ports and Links 6-61


Configuring ONU

(config)# end
# show port epon 1/1 onu
index mac address product name attach allow profile
------ ----------------- --------------- ------ ----- --------------------
1 00:90:a3:15:04:a1 R1-OPT-S Yes Yes N/D
.
.
# show port epon 1/1 permit
id mac
--- -----------------
1 00:90:a3:15:04:a1

Note: To remove registered MAC address, use no port epon <port>/<slot> permit {<mac-
address> | <mac-address-id>} command.

Configuring Upstream Queue

To configure upstream queues, specify the maximum number of logic links first, then specify
the maximum number of queues and the size of queue for each logical link.
To configure the upstream queues of ONU, use the following command.

Table 6-57 Configuring Upstream Queue

Command Description

configure terminal 1. Enter Global configuration mode.


2. Specify the maximum number of link for upstream
port epon <slot>/<port> transmission.
onu {index <index> | mac y <slot>/<port> Slot/Port number of the GE-PON port
<mac>} up-queue max-lid y <index> Index number of ONU
<number> y <mac> MAC address of ONU
y <number> Maximum number of logical link (1 ~ 3)
3. Set the number of queue and the size of queue for each link.
y <slot>/<port> Slot/Port number of the GE-PON port
port epon <slot>/<port> y <index> Index number of ONU
onu {index <index> | y <mac> MAC address of ONU
mac <mac>} up-queue y <link-type> Type of link (link0, link1, link2)
<link-type> max <number> y <number> number of queue for the specified link (1~6)
<queue0 size> <queue1 size> y <queue0 size> Size of Queue-0 (0 ~ 60Kbyte)*
<queue2 size> <queue3 size> y <queue1 size> Size of Queue-1 (0 ~ 60Kbyte)*
<queue4 size> <queue5 size> y <queue2 size> Size of Queue-2 (0 ~ 60Kbyte)*
y <queue3 size> Size of Queue-3 (0 ~ 60Kbyte)*
y <queue4 size> Size of Queue-4 (0 ~ 60Kbyte)*
y <queue5 size> Size of Queue-5 (0 ~ 60Kbyte)*

6-62 Corecess S5 System User's Guide


Configuring ONU

Command Description

end 4. Return to Privileged mode.

5. Verify the configuration result.


show port epon <slot>/
y <slot>/<port> Slot/Port number of the GE-PON port
<port> onu {index <index> |
y <index> Index number of ONU
mac <mac>} queue
y <mac> MAC address of ONU

* If the size of queue is specified as 0, the queue is disabled.


* 960Kbyte of <queue size> parameter is total queue size that is possible to be set on the up-queue.

The following example shows how to configure three upstream queues to be used at the first
link (link0) of number 1 ONU on the Gigabit Ethernet PON port 2/1 and set the size of each
queue to 12Kbyte, 7Kbyte and 5Kbyte.

(config)# port epon 2/1 onu index 1 up-queue max 3


(config)# port epon 2/1 onu index 1 up-queue link0 max 3 12 7 5 0 0 0
(config)# end
# show port epon 2/1 onu index 1 queue
upstream queue0(KB) queue1 queue2 queue3 queue4 queue5
-------- ---------- ------ ------ ------ ------ ------
Link 0 12 7 5 0 0 0
Link 1 30 0 0 0 0 0
Link 2 30 0 0 0 0 0

downstream queue0(KB) queue1 queue2 queue3 queue4 queue5


---------- ---------- ------ ------ ------ ------ ------
UNI 22 0 0 0 0 0

Configuring Ports and Links 6-63


Configuring ONU

Configuring Downstream Queue

In the Corecess S5 System, it is already defined which link will be used to send data to an ONU.
Thus, unlike upstream queue, only the maximum number of queue and the size of queue can be
set for downstream queue. To configure the downstream queue, use the following commands.

Table 6-58 Configuring Downstream Queue

Command Task

configure terminal 1. Enter Global configuration mode.


2. Set the number of downstream queue and the size of queue for
each logical link.
port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | y <index> Index number of ONU
mac <mac>} down-queue y <mac> MAC address of ONU
max <number> <queue0 size> y <number> number of used queue (1~6)
<queue1 size> <queue2 size> y <queue0 size> Size of Queue-0 (0 ~ 60Kbyte)
<queue3 size> <queue4 size> y <queue1 size> Size of Queue-1 (0 ~ 60Kbyte)
<queue5 size> y <queue2 size> Size of Queue-2 (0 ~ 60Kbyte)
y <queue3 size> Size of Queue-3 (0 ~ 60Kbyte)
y <queue4 size> Size of Queue-4 (0 ~ 60Kbyte)
y <queue5 size> Size of Queue-5 (0 ~ 60Kbyte)
end 3. Return to Privileged mode.

4. Verify the configuration result.


show port epon <slot>/
y <slot>/<port> Slot/Port number of the GE-PON port
<port> onu {index <index> |
y <index> Index number of ONU
mac <mac>} queue
y <mac> MAC address of ONU

The following example shows how to configure three downstream queues to be used at the first
link (link0) of number 1 ONU on the Gigabit Ethernet PON port 2/1 and set the size of each
queue to 12Kbyte, 7Kbyte and 5Kbyte.
(config)# port epon 2/1 onu index 1 down-queue max 2 20 20 0 0 0 0
(config)# end
# show port epon 2/1 onu index 1 queue
upstream queue0(KB) queue1 queue2 queue3 queue4 queue5
-------- ---------- ------ ------ ------ ------ ------
Link 0 30 0 0 0 0 0
Link 1 30 0 0 0 0 0
Link 2 30 0 0 0 0 0

downstream queue0(KB) queue1 queue2 queue3 queue4 queue5


---------- ---------- ------ ------ ------ ------ ------
UNI 20 20 0 0 0 0
#

6-64 Corecess S5 System User's Guide


Configuring ONU

Specifying Packet Classification and Forward Queue

In the Corecess S5 System, packets from ONU are classified by a particular rule, and the link
(upstream) and the queue (both upstream and downstream) for forwarding the classified
packets are specified. Because of these reasons, the Corecess S5 System provides different
services for each packet.

To configure the classification rule and the queue, use the following commands.

Table 6-59 Specifying Packet Classification and Forward Queue

Command Task

configure terminal 1. Enter Global configuration mode.

2. Set the packet classification rule.


y <slot>/<port> Slot/Port number of the GE-PON port
y <index> Index number of ONU
y <mac> MAC address of ONU
y down-class Set the packet classification rule of downstream.
y up-class Set the packet classification rule of upstream.
y <field-typ> Type of field to compare
- dest-mac MAC address field of destination
- src-mac MAC address field of source
- link-index link index field
port epon <slot>/<port> - ether-type Ethertype field
onu {index <index> | - vid VLAN ID field
mac <mac>} {down-class | - ip-precdence IP-precedence field
up-class} rule <field-typ> - cos CoS (Class of Service) field
<value> <match-type> y <value> Value to compare
y <match-type> comparing condition
- equal Field value is the same as specified value.
- field-exist Specified field exist in packet.
- field-not-exist Specified field does not exist in
packet
- greator-or-equal Field value is bigger or equal than
specified value
- less-or-equal Field value is less than or equal than
specified value
- not-equal Field value is not equal to specified value

(Continued)

Configuring Ports and Links 6-65


Configuring ONU

Command Task

port epon <slot>/<port> 3. Set forwarding queue of packet which matched with the
onu {index <index> | mac classification rule
<mac>} up-class forward y <slot>/<port> Slot/Port number of the GE-PON port
<link> queue <queue-number> y <index> Index number of ONU
<priority> y <mac> MAC address of ONU
y up-class forward Specify forwarding queue of
upstream.
port epon <slot>/<port> y down-class forward Specify forwarding queue of
onu {index <index> | mac upstream.
<mac>} down-class forward y <link> Logical link to forward upstream packet (link-0,
queue <queue-number> link-1, link-2)
<priority> y <queue-number> Number of forward queue (0 ~ 5)2
y <priority> Priority of packet classification rule (4 ~ 6) 3

end 4. Return to Privileged mode.

5. Verify the configuration result.


y <slot>/<port> Slot/Port number of the GE-PON port
show port epon <slot>/
y <index> Index number of ONU
<port> onu {index <index> |
y <mac> MAC address of ONU
mac <mac>} {down-class |
y down-class Display packet classification rule of
up-class}
downstream.
y up-class Display packet classification rule of upstream.

The following example shows how to classify packets that have a link index field in the
downstream packets and forward the packets through the number 0 queue.

(config)# port epon 2/1 onu index 1 down-class rule link-index 0 field-exist
(config)# port epon 2/1 onu index 1 down-class forward queue 0 4
(config)# end
# show port epon 2/1 onu index 1 down-class
queue priority field lookup value operation
----- -------- -------------- -------------------- -------------------------
0 4 link-index 0x000000000000 match when field exist
#

6-66 Corecess S5 System User's Guide


Configuring ONU

The following example shows how to classify the downstream packets which is forwarded from
the Gigabit Ethernet PON port 2/1 to ONU. The downstream packets have a link index field,
and IP-precedence field value is not 2. The packets are forwarded through the number 1 queue.

(config)# port epon 2/1 onu index 1 down-class rule link-index 0 field-exist
(config)# port epon 2/1 onu index 1 down-class rule ip-precdence 2 not-equal
(config)# port epon 2/1 onu index 1 down-class forward queue 1 4
(config)# end
# show port epon 2/1 onu index 1 down-class
queue pri field lookup value match condition
----- -------- ------------ --------------------- ------------------------
1 4 link-index 0 field exist
ip-prec 2 not equal to
#

The following example shows how to classify upstream packets which is forwarded from ONU
to the Gigabit Ethernet PON port 2/1. The upstream packets have less 234 of VLAN ID and are
forwarded through first link (link-0).

(config)# port epon 2/1 onu index 1 up-class rule vid 234 less-than-or-equal
(config)# port epon 2/1 onu index 1 up-class forward link-0 queue 1 6
(config)# end
# show port epon 2/1 onu index 1 up-class
queue pri field lookup value operation
----- ---------- ---------- ----------------------- ------------------------
1 6 vid 234 less-or-equal
#

Configuring Ports and Links 6-67


Configuring ONU

Configuring Ethernet port

To configure the Ethernet port of ONU connected with the Corecess S5 System, use the
following commands.

Note: Description of this section is only applied when the Corecess S5 System is connected to the Corecess
3804T. If the Corecess S5 System is connected to the Corecess R1-SW24L2B, you can skip the command
description of this section.

Table 6-60 Configuring Ethernet port

Command Description

configure terminal 1. Enter Global configuration mode.

2. Change the following configuration.


3 Set the operation status of the ONU Ethernet port.
y <slot>/<port> Slot/Port number of the GE-PON port
port epon <slot>/<port> onu
y <mac> MAC address of ONU
mac <mac> port <number>
y <number> Number of Ethernet port (1 ~ 4)
admin {enable | disable}
y enable Enable Ethernet port.
y disable Disable Ethernet port.
3 Enable auto sensing function on the ONU Ethernet port.
port epon <slot>/<port> onu
y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac> port <number>
y <mac> MAC address of ONU
autonego
y <number> Number of Ethernet port (1 ~ 4)
3 Set transfer mode of the ONU Ethernet port.
y <slot>/<port> Slot/Port number of the GE-PON port
port epon <slot>/<port> onu
y <mac> MAC address of ONU
mac <mac> port <number>
y <number> Number of Ethernet port (1 ~ 4)
duplex {full | half}
y full Full duplex
y half Half duplex
3 Enable/Disable flow control of ONU Ethernet port.
port epon <slot>/<port> onu y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac> port <number> y <mac> MAC address of ONU
flwctl {on | off} y <number> Number of Ethernet port (1 ~ 4)
y on Enable flow control function.
y off Disable flow control function.
3 Specify the maximum number of MAC address of the ONU
Ethernet port.
port epon <slot>/<port> onu
y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac> port <number>
y <mac> MAC address of ONU
maclimit <number>
y <number> Number of Ethernet port (1 ~ 4)
y <number> the maximum number of MAC address
(Continued)

6-68 Corecess S5 System User's Guide


Configuring ONU

Command Description
3 Set bandwidth of the ONU Ethernet port.
y <slot>/<port> Slot/Port number of the GE-PON port
port epon <slot>/<port> onu y <mac> MAC address of ONU
mac <mac> port <number> y <number> Number of Ethernet port (1 ~ 4)
ratelimit {ingree | egress} y ingress Set the maximum receiving speed.
<rate> <burst-rate> y egress Set the maximum sending speed.
y <rate> maximum sending/receiving speed
y <burst-rate> Size of burst traffic
3 Set the transfer speed of the ONU Ethernet port.
y <slot>/<port> Slot/Port number of the GE-PON port
port epon <slot>/<port> onu
y <mac> MAC address of ONU
mac <mac> port <number>
y <number> Number of Ethernet port (1 ~ 4)
speed {10 | 100}
y 10 10Mbps
y 100 100Mbps

3 Set the priority of the ONU Ethernet port.


port epon <slot>/<port> onu y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac> port <number> y <mac> MAC address of ONU
userpri <priority> y <number> Number of Ethernet port (1 ~ 4)
y <priority> user priority (0 ~ 7)

end 3. Return to Privileged mode.

4. Verify the configuration result.


show port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
onu mac <mac> port
y <mac> MAC address of ONU

The following example shows how to configure number 1 Ethernet port of number 1 ONU
connected to the Gigabit Ethernet PON port 2/1 and verify the result.

(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 duplex full
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 speed 100
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 maclimit 64
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 userpri 1
(config)# end
# show port epon 2/1 onu mac 54:4b:37:01:1a:01 port
port onu port status flwctl dupx speed link-conf adm macn macl
----- ------------ ---- ------ ------ ---- ----- ------------ --- ---- ----
2/ 1 544b37011a01 1 conn off full 100 100-full-off en 0 64
2/ 1 544b37011a01 2 conn off half 10 auto en 0 0
2/ 1 544b37011a01 3 conn off half 10 auto en 0 0
2/ 1 544b37011a01 4 conn off half 10 auto en 0 0
#

Configuring Ports and Links 6-69


Configuring ONU

Specifying Number of Maximum MAC Address

By default, the maximum number of MAC address learnt from ONU is 64. To change the
maximum number of MAC address, use the following commands.

Table 6-61 Specifying Number of Maximum MAC Address

Command Description

configure terminal 1. Enter Global configuration mode.

2. Specify the maximum number of MAC address.


port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> |
y <index> Index number of ONU
mac <mac>} entry <number>
y <mac> MAC address of ONU

end 3. Return to Privileged mode.

show port epon <slot>/ 4. Verify the configuration result.


<port> onu {index <index> | y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac>} mac-address y <index> Index number of ONU
entry y <mac> MAC address of ONU

The following example shows how to the maximum number of MAC address learnt from the
number 1 ONU connected to the Gigabit Ethernet PON port 2/1 and verify the result.

(config)# port epon 2/1 onu index 1 mac-address entry 32


(config)# end
# show port epon 2/1 onu index 1 mac-address entry
entry
-----
32
#

6-70 Corecess S5 System User's Guide


Configuring ONU

Clearing MAC address

To clear all dynamic MAC address learnt from ONU and verify the result, use the following
command in Privileged mode.

Table 6-62 Clearing MAC address

Command Description

clear port epon Clear all dynamic MAC address learnt from ONU.
<slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | y <index> Index number of ONU
mac <mac>} dynamic y <mac> MAC address of ONU

The following example show how to clear all dynamic MAC address learnt the number 1 ONU
and verify the result.

# port epon 2/1 onu index 1 mac-address dynamic clear


#

Restoring Configuration

To resotre the ONU configuration, use the following command.

Table 6-63 Restoring Configuration

Command Description

port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port


onu {index <index> | y <index> Index number of ONU
mac <mac>} restore y <mac> MAC address of ONU

The following example shows how to restore the configuration of the number 1 ONU connected
to the Gigabit Ethernet PON port 2/1:

(config)# port epon 2/1 onu index 1 restore


restore ONU(54:4b:37:01:1a:01) success
(config)#

Configuring Ports and Links 6-71


Configuring ONU

Resetting ONU

To reset the ONU on the Gigabit Ethernet PON port, use the following command.

Table 6-64 Resetting ONU

Command Description

port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port


onu {index <index> | y <index> Index number of ONU
mac <mac>} reset y <mac> MAC address of ONU

The following example shows how to reset the number 1 ONU connected to the Gigabit Ethernet
PON port 2/1.

(config)# port epon 2/1 onu index 1 restore


reset ONU[54:4b:37:01:1a:01] success
(config)#

Clearing Statistics Information

To clear the statistics information of the ONU, use the following command in Privileged mode.

Table 6-65 Clearing Statistics Information

Command Description

clear port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac <mac>} y <index> Index number of ONU
counter y <mac> MAC address of ONU

The following example shows how to clear the statistics information of the number 1 ONU
connected to the Gigabit Ethernet PON port 2/1:

# clear port epon 2/1 onu index 1 counter


#

6-72 Corecess S5 System User's Guide


Configuring ONU

Upgrading Firmware

In the Corecess S5 System, the firmware of the ONU can be upgraded. To upgrade the firmware
of the ONU, download the latest version of the firmware from TFTP or FTP server to the flash
memory of the Corecess S5 System.

To upgrade the firmware of the ONU, use the following command in Privileged mode.

Table 6-66 Upgrading Firmware

Command Description

show port epon 1. Check the firmware version of the ONU.


<slot>/<port> onu y <slot>/<port> Slot/Port number of the GE-PON port
{index <index> | mac y <index> Index number of ONU (1 ~ 32)
<mac>} information y <mac> MAC address of ONU

copy {tftp <host-ip> | 2. Download firmware image file form TFTP or FTP server
ftp <host-ip> [id y <host-ip> IP address of TFTP or FTP server.
<login-id> passwd y <login-id> login ID
<password>]} flash y <password> login password of FTP server
config <file-name> y <file-name> Image file name

show flash config 3. Check if the file is downloaded successfully.

configure terminal 4. Enter Global configuration mode.

5. Upgrade the firmware of the specified ONU.


port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac y <index> Index number of ONU
<mac> | all} upgrade y <mac> MAC address of ONU
firmware <file-name> y all specify all ONU connected to the specified GE-PON port.
y <file-name> firmware image file name

end 6. Return to Privileged mode.

show port epon <slot>/ 7. Check the upgrade status of the specified ONU.
<port> onu {index y <slot>/<port> Slot/Port number of the GE-PON port
<index> | mac <mac>} y <index> Index number of ONU
upgrade status y <mac> MAC address of ONU

configure terminal 8. Enter Global configuration mode.

9. Reset the ONU which upgraded firmware.


port epon <slot>/<port>
y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac
y <index> Index number of ONU
<mac>} reset
y <mac> MAC address of ONU

Configuring Ports and Links 6-73


Configuring ONU

The following example shows how to upgrade the firmware of the number 1 ONU connected to
the Gigabit Ethernet PON port 2/1:

# show port epon 2/1 onu index 1 information


mac address product code product name fw version
----------------- ------------ --------------- ----------
00:90:a3:15:04:a1 3701 R1-OPT-S 0103

approximated distance : < 100 meter


# copy ftp 172.18.80.14 id guest passwd guest flash image App3701_R104_Amd8.tkf
...onfig/App3701_R104_Amd8.tkf: 60272 bytes 654.37 kB/s
done
# show flash config
Configuratin flash directory:
File Length (bytes) Name/status
----- --------------- -----------------------------------
1 60272 App3701_R104_Amd8.tkf
2 493666 App3721Asic_R104_Amd16.tkf
3 615 startup-config
4 0 startup-config.sav
# configure terminal
(config)# port epon 2/1 onu index 1 upgrade firmware App3701_R104_Amd8.tkf
100 percent download !. writing image to flash
It will take more than 20 second. Please wait..
(config)# end
# show port epon 2/1 onu index 1 upgrade-status
ONU Firmware Upgrade Status : 2/1 54:4b:37:01:1a:01
STATUS : Success
IMGNAME : App3701_R104_Amd8.tkf
start-time : 3h:5m:42s
end-time : 3h:6m:4s
# configure terminal
(config)# port epon 2/1 onu index 1 reset
reset ONU[54:4b:37:01:1a:01] success
(config)# end
# show port epon 2/1 onu index 1 information
mac address product code product name fw version
----------------- ------------ --------------- ----------
00:90:a3:15:04:a1 3701 R1-OPT-S 0104

approximated distance : < 100 meter


#

6-74 Corecess S5 System User's Guide


Configuring ONU

Monitoring ONU
This section describes how to monitor configuration information and statistics information of
the ONU connected to the Gigabit Ethernet PON port.

Displaying Index Number and MAC Address

To display index numbers and MAC addresses of all ONUs connected to the Gigabit Ethernet
PON port, use the following command in Privileged mode.

Table 6-67 Displaying Index Number and MAC Address

Command Description

show port epon


y <slot>/<port> Slot/Port number of the GE-PON port
<slot>/<port> onu

The following example shows how to display index numbers and MAC addresses of all ONUs
connected to the Gigabit Ethernet PON port 2/1:

# show port epon 2/1 onu


index mac address product name attach allow profile
------ ----------------- --------------- ------ ----- --------------------
1 00:90:a3:15:04:a1 N/A No Yes N/A
2 00:90:a3:15:08:bd N/A No Yes N/A
#

Note: When an ONU is registered, a fixed index number is assigned to ONU. To remove the index number, use
no port epon <slot>/<port> onu-index <index-number> command in Global configuration
mode. If a paticular ONU has already been registered, index number cannot be removed.

Displaying Configuration Information

To display configuration information of the ONU connected to the Gigabit Ethernet PON port,
use the following command in Privileged mode.

Table 6-68 Displaying Configuration Information

Command Description

show port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac y <index> Index number of ONU (1 ~ 32)
<mac>} information y <mac> MAC address of ONU

Configuring Ports and Links 6-75


Configuring ONU

The following example shows how to display configuration information of the number 1 ONU
connected to the Gigabit Ethernet PON port 2/1:

# show port epon 2/1 onu index 1 information


mac address OUI product code product version llid
----------------- ------ ------------ --------------- ------
54:4b:37:01:1a:01 54454b 3701 0100 3700

fw version max links # upstream queue # downstream queue


---------- --------- ---------------- ------------------
0103 03 07 07

approximated distance : < 100 meter

The table below describes the fields shown by the show port epon onu information
command.

Table 6-69 show port epon onu information field description

Field Description

mac address MAC address of ONU

OUI Vendor of ONU E-PON chip

product code Product code of ONU E-PON chip

product version Product version of ONU E-PON chip

llid Proper ID of link connected to ONU

fw version Firmware version of ONU

max links Maximum number of link for ONU

# upstream queue Number of upstream for ONU

# downstream queue Number of downstream for ONU

6-76 Corecess S5 System User's Guide


Configuring ONU

Displaying Statistic Information

To display statistics information of the ONU connected to the Gigabit Ethernet PON port, use
the following command in Privileged mode.

Table 6-70 Displaying Statistic Information

Command Description

y <slot>/<port> Slot/Port number of the GE-PON port


y <index> Index number of ONU
show port epon <slot>/<port>
y <mac> MAC address of ONU
onu {index <index> | mac
y epon E-PON OLT side
<mac>} counter {epon | user}
y user user network side
{downstream | upstream}
y downstream display statistic information of downstream.
y upstream Display statistics information of upstream.

The following example shows how to display statistic information of the number 1 ONU
connected to the Gigabit Ethernet PON port 2/1:

# show port epon 2/1 onu index 1 counter epon downstream


octects packet unicast
-------------------- -------------------- --------------------
466,674 5,983 5,983

broadcast multicast crc-error discard


-------------------- -------------------- -------------------- --------------
0 0 0 0
#

The table below describes the fields shown by the show port epon onu counter command.

Table 6-71 show port epon onu counter field description

Field Description

octets Number of octets

packet Number of packets

unicast Number of unicast packets

broadcast Number of broadband packets

multicast Number of multicast packets

crc-error Number of packet which happen to CRC error

discard Number of discarded packet

Configuring Ports and Links 6-77


Profile

Profile

General LLID profile Creation


Restriction Items:
y You can not create profile name over 15 length characters.

y You can not create profile name as ‘default’.

Genenal LLID porfile Creation is as follows;

Localhost # con t
Localhost (config) # epon-llid-profile test
Localhost (config-epon-llid-profile) # up-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # down-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # token 16
Localhost (config-epon-llid-profile) # end

LLID profile Application


- You can set two profiles to specific LLID

Localhost # conf t
Localhost (config) # port epon 1/1 link-id 3700 profile tests

Or

Localhost # conf t
Localhost (config) # port epon 1/1 link-mac 0090a3112233 profile test

LLID profile application to all links that is registered on specific port.

Localhost # conf t
Localhost (config) # port epon 1/1 link-all profile test

6-78 Corecess S5 System User's Guide


Profile

LLID profile deletion

Localhost # conf t
Localhost (config) # no port epon 1/1 link-id 3700 profile tests

Or

Localhost # conf t
Localhost (config) # no port epon 1/1 link-mac 0090a3112233 profile
test

LLID profile deletion to all links that is registered on specific port.

Localhost # conf t
Localhost (config) # no port epon 1/1 link-all profile test

Setting confirmation

Localhost # show port epon 1/1 registered-link


Llid (num) : LLID number (onu index number)
Llid mac address block profile
------------------ ----- -------------------------------
3700 (1) 00:90:a3:11:22:33 No Test N/D

Configuring Ports and Links 6-79


Profile

Default LLID profile

FunctionSummary

y Automatic application to all LLIDs that is registered to system

y Need 'Default' field and 'Link-index' field setting at profile creation.

y EPON must specify whether is going to apply profile to some Link because ONT/ONU that have multiple
LLID at specification ONT/ONU registration because support multiple LLID basically can be registered.
Therefore, you establish 'Link-index' item at profile creation. Multiple link is possible to 0 ~ 4.

Default LLID porfile Creation is as follows;

Localhost # con t
Localhost (config) # epon-llid-profile allLinkDef
Localhost (config-epon-llid-profile) # up-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # down-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # token 16
Localhost (config-epon-llid-profile) # Default enable
Localhost (config-epon-llid-profile) # Link-index 0

Default LLID profile application

when attached link, this is applied automatically., so special command does not need.

LLID profile deletion

Localhost # conf t
Localhost (config) # no port epon 1/1 link-id 3700 profile defaults

Or

Localhost # conf t
Localhost (config) # no port epon 1/1 link-mac 0090a3112233 profile
default

6-80 Corecess S5 System User's Guide


Profile

Setting confirmation.

Localhost # show port epon 1/1 profile-llid-info


* Configuration OK LLID Profile Info
Slot/port llid (index) default pf user define-1 user define-2
----------- --------------- --------------- ---------------
1/1 3700 (1)TestN/D N/D

Disabling defalut LLID function.

Disabling default LLID function is as follows;

Localhost # con t
Localhost (config) # epon-llid-profile allLinkDef
Localhost (config-epon-llid-profile) # default disable
Localhost (config-epon-llid-profile) # end
Localhost #

Configuring Ports and Links 6-81


Profile

General ONU profile

Restriction Items:
y You can not create profile name over 15 length character.

y You can not create profile name as ‘default’.

Genenal ONU porfile creation is as follows;

Localhost # con t
Localhost (config) # epon-onu-profile test
Localhost (config-epon-onu-profile) # port 1 admin disable
Localhost (config-epon-onu-profile) # end

ONU profileApplication

Localhost # conf t
Localhost (config) # port epon 1/1 onu index 1 profile test

Or

Localhost # conf t
Localhost (config) # port epon 1/1 onu mac 0090a3112233 profile test

ONU profile application to all ONU that is registered on specific port.

Localhost # conf t
Localhost (config) # port epon 1/1 onu all profile test

6-82 Corecess S5 System User's Guide


Profile

Disabling ONU profile

Localhost # conf t
Localhost (config) # no port epon 1/1 onu index 1 profile test

Or

Localhost # conf t
Localhost (config) # no port epon 1/1 onu mac 0090a3112233 profile
test

ONU profile deletion to all ONU that is registered on specific port.

Localhost # conf t
Localhost (config) # no port epon 1/1 onu all profile test

Setting confirmation

Localhost # show port epon 1/1 onu


Index mac address product name attach allow profile
----------------------------------------------------
1 00:90:a3:11:22:33 CC3804TN Yes Yes Test

Configuring Ports and Links 6-83


Profile

Default ONU profile

Function Summary

y Automatic application to all LLIDs that is registered to system .

y Need 'Default' field and 'Product' field setting at profile creation

ONU profile creation

Localhost # con t
Localhost (config) # epon-onu-profile onuDef
Localhost (config-epon-onu-profile) # port 1 admin disable
Localhost (config-epon-onu-profile) #Default enable
Localhost (config-epon-onu-profile) #Product CC3804TN

Default ONU profile application

This is established automatically at ONT/ONU registration.

Default ONU profile deletion

Localhost # conf t
Localhost (config) # no port epon 1/1 onu index 1 profile default

Or

Localhost # conf t
Localhost (config) # no port epon 1/1 onu mac 0090a3112233 profile
default

Default ONU profile deletion to all ONU that is registered on specific port.

Localhost # conf t
Localhost (config) # no port epon 1/1 onu all profile default

6-84 Corecess S5 System User's Guide


Profile

Setting confirmation

Show port eponSlot/portProfile-onu-info


Localhost # sh port epon 1/1 profile-onu-info
* R (Registerd)
* S (Sync Status)
Idx mac address R product name default onupf (S) user onupf (S)
---------------------------------------------------------------
1 00:90:a3:11:22:33 Y CC3804TNOnuDef(Y) N/D (-)

Disabling default onu function

Disabling default onu function is as follows;

Localhost # con t
Localhost (config) # epon-onu-profile onuDef
Localhost (config-epon-llid-profile) # default disable
Localhost (config-epon-llid-profile) # end
Localhost #

Configuring Ports and Links 6-85


Profile

6-86 Corecess S5 System User's Guide


Chapter 7 Configuring VLAN

This Chapter describes how to create/clear VLAN and add/clear port to VLAN. This chapter also describes
how to configure VLAN interface.

9 VLAN Configuration 7-2

9 Configuring VLAN Interface 7-11


VLAN Configuration

VLAN Configuration

Default Configuration
The table below shows the default VLAN configuration for the Corecess S5 System:

Table 7-1 Default VLAN configuration

Parameter Default

VLAN name DEFAULT

VLAN ID 1

Ports All ports belong to default VLAN.

STP state Off

IP address 0.0.0.0

Subnet mask 0.0.0.0

Tag Untagged

VLAN state active

After modifying the default VLAN configuration, modified configuration will be applied
immediately without rebooting system or using additional command. To maintain the modified
configuration after rebooting the system, save the configuration using write memory
command in Privileged mode.

7-2 Corecess S5 System User's Guide


VLAN Configuration

Basic VLAN Configuration


You can configure VLAN on the Corecess S5 System when it is starting or running. If you
change VLAN configuration on running, all MAC address that have been learned by the ports
in VLAN will be deleted.

You can configure VLAN on the Corecess S5 System using the following procedures:

1. Design network topology to configure with VLAN.

2. Create VLAN

3. Assign ports to the defined VLAN (or clear ports from VLAN).

4. Save the VLAN configuration and apply the configuration to the system.

Creating VLANs

In the factory default configuration, VLAN support is enabled and all the ports are only in the
Corecess S5 System physical broadcast domain, which is given the name DEFAULT. You can
partition the Corecess S5 System into multiple virtual broadcast domains by adding one or
more additional VLANs and moving ports from the default VLAN to the new VLANs. Because
the default VLAN permanently exists in the Corecess S5 System, adding new VLANs results in
multiple VLANs existing in the Corecess S5 System.

VLAN is distinguished ID from other VLANs. VLAN ID and name can be specified by user.
The range of VLAN ID can be properly selected from 2 to 4094. Defining VLAN does not mean
that broadcast domain is created. When defined VLANs are added in ports, broadcast domain
is created with defined VLANs. Default VLANs in the system can not be removed, and
ID/VLAN name can not be changed.

Configuring VLAN 7-3


VLAN Configuration

The following describes how to create VLAN.

Table 7-2 Creating VLAN

Command Task

configure terminal 1. Enter Global configuration mode.

2. Define VLAN.
vlan id <vlan-id>
y <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>
y <vlan-name> VLAN name

end 3. Return to Privileged mode.

show vlan 4. Verify VLAN configuration.

The following example creates a VLAN whose id is 2 and name is ‘test’.

# configure terminal
(config)# vlan id 2 name test
(config)# end
# show vlan
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
1 DEFAULT active 1/1-4
2/1-4
3/1-4
4/1-4
5/1-4
2 test active

VLAN Interface IGMPs STP Private Promisc Port(s)


---- ---------- -------- -------- -------- ------------------------
1 disable disable enable Disable None
2 disable disable enable Disable None
#

To delete a VLAN, use the no vlan command in Global configuration mode. The following
example deletes the VLAN whose id is 2:

(config)# no vlan id 2
(config)#

7-4 Corecess S5 System User's Guide


VLAN Configuration

Assigning Ports to a VLAN

You should add ports that belong to the same broadcast domain to a VLAN after defining a
VLAN. When ports are assigned to a VLAN, a broadcast domain with assigned ports is created.
If you add ports belonging to the default VLAN to other VLAN, the ports are deleted from the
default VLAN and are added to other VLAN.
To add ports to a VLAN, use the following commands.

Table 7-3 Assigning ports to a VLAN

Commands Task

configure terminal 1. Enter Global configuration mode.


2. Assign the specified ports to the VLAN.
vlan {id <vlan-id> |
y <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>}
y <vlan-name> VLAN name
port gigabitethernet
y <slot>/<port> slot number / port number to be added to the
<slot>/<port>
VLAN
end 3. Return to Privileged mode.

4. Verify the VLAN configuration.


show vlan [id <vlan-id>
y <vlan-id> ID of the VLAN to verify (2 ~ 4094)
| name <vlan-name>]
y <vlan-name> Name of the VLAN to verify

The following example shows how to add the Gigabit Ethernet port 5/4 to the VLAN that the
ID is 2:

# configure terminal
(config)# vlan id 2 port gigabitethernet 5/4
(config)# end
# show vlan id 2
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
2 test active 5/4

VLAN Interface IGMPs STP Private Promisc Port(s)


---- ---------- -------- -------- -------- ------------------------
2 disable disable enable Disable None
#

To remove ports from a VLAN, use no vlan command in Global configuration mode. The
following example shows how to remove the Gigabit Ethernet port 5/4 from the VLAN that
name is ‘test’.

Configuring VLAN 7-5


VLAN Configuration

(config)# no vlan name test port gigabitethernet 5/4


(config)#

Assigning IP Address to a VLAN

To assign the IP address of a VLAN, use the following command.

Table 7-4 Assigning IP address to a VLAN

Commands Task

configure terminal 1. Enter Global configuration mode.

interface vlan 2. Enter Interface configuration mode.


{id <vlan-id> | y <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>} y <vlan-name> VLAN name

3. Assign the IP address of the VLAN


ip address
y <network-num> IP address
<network-num>/<M>
y <M>: subnet mask

end 4. Return to Privileged mode.

5. Verify the VLAN configuration.


show vlan [id <vlan-id>
y <vlan-id> VLAN ID to display (2 ~ 4094)
| name <vlan-name>]
y <vlan-name> VLAN name to display

show interface vlan 6. Verify the interface configuration.


[id <vlan-id> | y <vlan-id> VLAN ID to retrieve (2 ~ 4094)
name <vlan-name>] y <vlan-name> VLAN name to retrieve

This example shows how to specify the IP address of the VLAN whose id is ‘1’:

(config)# interface vlan id 1


(config-if)# ip address 172.27.2.100/16
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 14463, bytes 871754, dropped 0, multicast packets 6281
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 474, bytes 414, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

7-6 Corecess S5 System User's Guide


VLAN Configuration

To remove the IP address of a VLAN, use the no ip address command in interface


configuration mode. The following example shows how to remove the IP address of the VLAN
whose id is ‘2’.

(config)# interface vlan id 2


(config-if)# no ip address 10.1.1.1/24

Assigning Secondary IP address to a VLAN

You can specify another IP address to a VLAN. This is called ‘secondary’ IP address. Secondary
IP address is useful that the number of hosts is more than the number of IP addresses.

To specify the secondary IP address to the VLAN, use the following command in Global
configuration mode:

Table 7-5 Assigning secondary IP address to a VLAN

Commands Task

configure terminal 1. Enter Global configuration mode.

interface vlan 2. Enter Interface configuration mode.


{id <vlan-id> | y <vlan-id> ID of the VLAN to configure (2 ~ 4094)
name <vlan-name>} y <vlan-name> Name of the VLAN to configure

ip address 3. Specify the secondary IP address of the VLAN.


<network-num>/<M> y <network-num> IP address
secondary y <M> subnet mask (‘1’의 개수)

end 3. Return to Privileged mode.

show interface 4. Verify the VLAN configuration.

This example shows how to specify the secondary IP address of the VLAN whose id is ‘1’:

# configure terminal
(config)# interface vlan id 1
(config-if)# ip address 172.25.1.100/16 secondary
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255

Configuring VLAN 7-7


VLAN Configuration

inet 172.25.1.100/16 broadcast 172.25.255.255 secondary


input packets 14926, bytes 899535, dropped 0, multicast packets 6491
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 474, bytes 414, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

To remove the secondary IP address of a VLAN, use the no ip address secondary


command in interface configuration mode. The following example shows how to remove the
secondary IP address of the VLAN whose id is ‘1’.

(config)# interface vlan id 1


(config-if)# no ip address 172.25.1.100/16 secondary
(config-if)# end

# show interface vlan id 1


Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 15547, bytes 936795, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 474, bytes 414, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

7-8 Corecess S5 System User's Guide


VLAN Configuration

Configuring 802.1Q Trunk


The VLAN can transmit and receive data with other devices when the VLAN has its proper ID
using 802.1Q trunk. To maintain VLAN information (tag), 802.1Q trunk ports should be defined
on each device that transmits data, then the devices forms tunnels to transmit traffic safely.

If 802.1Q trunk is applied, the devices can share their VLANs. Because a switch generally does
not know VALN information of other switch, the switch can not share VALN. Thus, nodes that
connected to several devices can not be configured to be included in the same VLAN. In this
occasion, if traffic that has VLAN information is transmitted by 802.1Q trunk, because the
switch that receives traffic recognizes VLAN information and can forward traffic to the
corresponding VLAN, VLANs can be shared between switches.
802.1Q truck is generally used for VPN (Virtual Private Network).

To configure trunk ports for 802.1Q tunneling, use the following commands.

Table 7-6 802.1 Configuring trunk port

Commands Task

configure terminal 1. Enter Global configuration mode.

dot1q port gigabitethernet 2. Specify 802.1Q trunk port.


<slot>/<port> tag <tag-id> y <slot>/<port> Slot/Port number of trunk port
[<tag-id> … ] y <tag-id> VLAN ID

end 3. Return to the Privileged mode.

show dot1q port 4. Verify the 802.1Q trunk port configuration.

If 802.1Q trunk port is configured on the Corecess S5 System as above, traffic is transmitted
through the tunnel between 802.1Q trunk port of the connected neighbor device and the
Corecess S5 System. Traffic is also received from 802.1Q trunk port that is defined on the
Corecess S5 System. The trunk port that received traffic does not remove 802.1Q tag of the
traffic header but forward all received 802.1Q traffic to the VLAN that has the trunk port
instead.

The VLAN that has the trunk port transmits the subscriber traffic to other neighbor device that
is included in the VLAN of the trunk port. When the traffic reaches to the final destination,
802.1Q tag is removed, traffic is removed from the tunnel.

Configuring VLAN 7-9


VLAN Configuration

The following example shows how to specify 802.1Q trunk port and verify the result.

# configure terminal
(config)# vlan id 2 port gigabitethernet 5/1,5/2
(config)# dot1q port gigabitethernet 5/1 tag 1-2
(config)# end
# show dot1q
Port allowed 802.1q VLAN TAGs
-------- -----------------------------------------------------------------
5/1 1-2
# show dot1q port gigabitethernet 5/1
Port PVID Acceptable frame types Ingress filter
---------- ---- ---------------------- --------------
5/1 2 all off
Port allowed 802.1q Vlans
-------- -----------------------------------------------------------------
5/1 1-2
#

7-10 Corecess S5 System User's Guide


Configuring VLAN Interface

Configuring VLAN Interface


Many features are enabled on a per-interface basis. The Corecess S5 System supports VLAN
interface type. This section describes the VLAN interface configuration tasks in interface
configuration mode.

Entering Interface Configuration Mode


You can enter Interface configuration mode using the interface command in Global
configuration mode. Follow each interface command with Interface configuration
commands your particular VLAN interface requires. When you enter the interface
command, you must specify the VLAN interface. After specifying the VLAN interface, all
command in Interface configuration is only applied to the specified VLAN interface.

The following example shows how to enter Interface configuration mode to configure VLAN
interface that ID is 1.

(config)# interface vlan id 1


(config-if)#

You have entered interface configuration mode when the prompt changes to (config-if)#.
You can configure the followings of the VLAN interface on Interface configuration mode:

y Configuring the OSPF on the VLAN interface


y Configuring the IS-IS on the VLAN interface

y Configuring the RIP on the VLAN interface


y Enabling split-horizon on the VLAN interface
y Enabling multicasting on the VLAN interface

y Configuring IP parameters of the VLAN interface


y Shutting down the VLAN interface

Note: To specify the IP address of the VLAN interface, refer to Assigning the IP address of a VLAN section
in this chapter.

Configuring VLAN 7-11


Configuring VLAN Interface

Configuring OSPF on the VLAN Interface


You can configure the following OSPF parameters of each VLAN interface:

Table 7-7 Configuring OSPF on the VLAN Interface

Parameter Description
OSPF supports three methods of authentication for each interface—none, simple
password, and MD5.
y None : Send/Receive OSPF routing packet without any authentication mode.
y Simple Password : The simple password method of authentication requires you
to configure an alphanumeric password on an interface. The simple password
setting takes effect immediately. All OSPF packets transmitted on the interface
Authentication contain this password. Any OSPF packet received on the interface is checked
Mode for this password. If the password is not present, then the packet is dropped.
y MD5 : The MD5 method of authentication requires you to configure a key ID
and an MD5 Key. The key ID is a number from 1 – 255 and identifies the MD5
key that is being used. The MD5 key can be up to sixteen alphanumeric
characters long.
Only one method of authentication can be active on an interface at a time. The
default authentication value is none, meaning no authentication is performed.
In Simple Password authentication method, the key can be up to eight characters
Authentication long. In MD5(Message Digest) authentication method, the key ID is a number from
Key 1 – 255 and identifies the MD5 key that is being used. The MD5 key can be up to
sixteen alphanumeric characters long.
The overhead required to send a packet across an interface. You can modify the cost
to differentiate between 100 Mbps and 1000 Mbps (1 Gbps) links. The default cost is
Cost calculated by dividing 100 million by the bandwidth. For 10 Mbps links, the cost is
10. The cost for both 100 Mbps and 1000 Mbps links is 1, because the speed of 1000
Mbps was not in use at the time the OSPF cost formula was devised.
The number of seconds that a neighbor router waits for a hello packet from the
dead-interval current router before declaring the router down. The value can be from 1 – 65535
seconds. The default is 40 seconds.
The length of time between the transmissions of hello packets. The value can be
hello-interval
from 1 – 65535 seconds. The default is 10 seconds.
The time between retransmissions of link-state advertisements (LSAs) to adjacent
retransmit-
routers for this interface. The value can be from 0 – 3600 seconds. The default is 5
interval
seconds.
The time it takes to transmit Link State Update packets on this interface. The value
transmit-delay
can be from 0 – 3600 seconds. The default is 1 second.
network The OSPF network type. The default network type is broadcast.
The priority allows you to modify the priority of an OSPF router. The priority is
used when selecting the designated router (DR) and backup designated routers
Priority
(BDRs). The value can be from 0 – 255. The default is 1. If you set the priority to 0,
the Corecess S5 System does not participate in DR and BDR election.

7-12 Corecess S5 System User's Guide


Configuring VLAN Interface

Setting Simple Password Authentication Method

In simple Password authentication method, a particular key is specified for each area. Routers
in the same area should use the same key. This method has a disadvantage that the key can be
disclosed because the key is not encrypted.

To set simple authentication key and password authentication method, use the following
commands.

Table 7-8 Setting Simple Password Authentication Method

Command Task

configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> VLAN interface ID (1 ~ 4094)

ip ospf authentication- 3. Specify password for authentication.


key <key> y <key> password (8 character, 16byte)

exit 4. Return Global configuration mode.

router ospf 5. Enter OSPF configuration mode.

area <area-id>
6. Set simple password authentication method in the specified area.
authentication

The following example shows how to set simple password authentication method.

(config)# interface vlan id 1


(config-if)# ip ospf authentication-key mypasswd
(config-if)# exit
(config)# router ospf
(config-router)# network 210.120.1.0/26 area 23
(config-router)# area 23 authentication
(config-router)#

To remove the key of the specified simple password authentication method, use no ip ospf
authentication-key command.

Configuring VLAN 7-13


Configuring VLAN Interface

Setting MD5 Authentication Method

MD5 (Message Digest) authentication assign a key and key identifier to each router. The router
makes authentication information(Message digest) using OSPF packets, key, and key identifier.
This authentication information will be appended to OSPF packets and sent.

In general, one key is used per interface to generate authentication information when sending
packets and to authenticate incoming packets. The same key identifier on the neighbor router
must have the same key value.

The following example shows that the new MD5 password is added over the existing MD5
password.

(config)# interface vlan id 1


(config-if)# ip ospf message-digest-key 100 md5 OLD

You can add a new key to the following:

(config)# interface vlan id 1


(config-if)# ip ospf message-digest-key 101 md5 NEW

The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It
sends multiple copies of the same packet, each authenticated by different keys. In this example,
the system sends out two copies of the same packet—the first one authenticated by key 100 and
the second one authenticated by key 101.

Rollover allows neighboring routers to continue communication while the network


administrator is updating them with the new key. Rollover stops once the local system finds
that all its neighbors know the new key. The system detects that a neighbor has the new key
when it receives packets from the neighbor authenticated by the new key. After all neighbors
have been updated with the new key, the old key should be removed.

To remove the old key, enter the following:

(config)# interface vlan id 1


(config-if)# no ip ospf message-digest-key 100

Then, new password is only used for VLAN interface.

7-14 Corecess S5 System User's Guide


Configuring VLAN Interface

Then, only key 101 is used for authentication on the interface eth1. We recommend that you not
keep more than one key per interface. Every time you add a new key, you should remove the
old key to prevent the local system from continuing to communicate with a hostile system that
knows the old key. Removing the old key also reduces overhead during rollover.

The following example sets a new key 100 with the password mypasswd on interface vlan1:

(config)# interface vlan id 1


(config-if)# ip ospf message-digest-key 100 md5 mypasswd
(config-if)# exit
(config)# router ospf
(config-router)# network 210.100.1.0/26 area 0.0.0.0
(config-router)# area 0.0.0.0 authentication message-digest

Configuring Cost of OSPF interface

Each interface can have only one cost in the Corecess S5 System. The cost of OSPF interface is
calculated by the following formula depending on interface bandwidth.

Cost = 100000000 /bandwidth (bps)

If interface cost using above formula is not preferable to be used to user network, use ip ospf
cost command to specify cost to each interface in Interface configuration mode.

Command Description

ip ospf cost <cost> y <cost> Interface cost (1 ~ 65535)

The following example sets the cost value of a VLAN interface to 10:

(config)# interface vlan id 1


(config-if)# ip ospf cost 10
(config-if)#

Configuring VLAN 7-15


Configuring VLAN Interface

Specifying Dead-Interval

Dead-interval indicates the number of seconds that a neighbor router waits for a hello packet
from the current router before declaring the router down. The value can be from 1 - 65535
seconds. The default is 40 seconds.

To specify dead-interval, use the following commands in Interface configuration mode:

Command Description

ip ospf dead-interval y <seconds> Unsigned integer that specifies the interval in seconds;
<seconds> the value must be the same for all nodes on the network (1 ~ 65535)

The following example sets the OSPF dead interval to 60 seconds:

(config)# interface vlan id 1


(config-if)# ip ospf dead-interval 60
(config-if)#

Specifying Hello-Interval

Hello-interval represents the length of time between the transmissions of hello packets. The
value can be from 1 - 65535 seconds. The default is 10 seconds. To specify the hello-interval, use
the following commands in Interface configuration mode:

명령 설명

y <seconds> Unsigned integer that specifies the interval in seconds.


ip ospf hello-interval
The value must be the same for all nodes on a specific network (1 ~
<seconds>
65535).

The following example sets the interval between hello packets to 15 seconds:

(config)# interface vlan id 1


(config-if)# ip ospf hello-interval 15
(config-if)#

7-16 Corecess S5 System User's Guide


Configuring VLAN Interface

Specifying Retransmit interval

Retransmit-interval is the time between retransmissions of link-state advertisements (LSAs) to


adjacent routers for the interface. The value can be from 3 - 65535 seconds. The default is 5
seconds. To specify the retransmit-interval, use the following commands in Interface
configuration mode:

Command Description

y <seconds> Time in seconds between retransmissions. It must be


ip ospf retransmit-
greater than the expected round-trip delay between any two routers
interval <seconds>
on the attached network (3 ~ 65535)

The following example sets the retransmit-interval value of the interface vlan1 to 8 seconds:

(config)# interface vlan id 1


(config-if)# ip ospf retransmit-interval 8
(config-if)#

Specifying Transmit Delay

Transmit delay is the time it takes to transmit Link State Update packets on the interface. The
value can be from 1 - 65535 seconds. The default is 1 second. To specify the transmit delay, use
the following commands in Interface configuration mode:

Command Description

ip ospf ospf transmit- y <seconds>: Time in seconds that it takes to transmit a link state
delay <seconds> update (1 ~ 65535).

The following example sets the retransmit-delay value of the interface vlan 1 to 3 seconds:

(config)# interface vlan id 1


(config)# ip ospf transmit-delay 3
(config)#

Configuring VLAN 7-17


Configuring VLAN Interface

Specifying Priority

Priority allows you to modify the priority of an OSPF router. The priority is used when
selecting the designated router (DR) and backup designated routers (BDRs). The value can be
from 0 - 255. The default is 1. If you set the priority to 0, the system does not participate in DR
and BDR election.

To set the router priority, use the following commands in Interface configuration mode:

Command Description

ip ospf priority <number> y <number>: Router priority (0 ~ 255)

The following example sets the router priority value to 4 of the interface vlan1:

(config)# interface vlan id 1


(config-if)# ip ospf priority 4
(config-if)#

7-18 Corecess S5 System User's Guide


Configuring VLAN Interface

Configuring IS-IS on the VLAN Interface


You can configure the following IS-IS parameters of each VLAN interface:

Table 7-9 IS-IS interface parameters

Parameter Description

Circuit-type Specifies adjacency levels on a specified interface.


CSNP interval Configures the IS-IS CSNP interval for a specified interface.
Hello interval Specifies the length of time between hello packets for a specified interface.

Hello Padding Enables or disables hello padding for IS-IS hello packets.

Hello Multiplier Specifies the hello multiplier for calculating the hold time.
LSP interval Configures the delay between successive IS-IS link state packet transmissions
Configures the number of seconds between retransmission of IS-IS LSPs for
Retransmit Interval
point-to-point links.
Mesh Group Creates a mesh group and designate that an interface is part of the group.
Metric Configure a cost for a specified interface.
Password Configures a password for a specified interface.
Priority Configures the priority of designated router (DR).

Note: Most interface configuration commands can be configured independently from other attached routers.
But the isis password command should configure the same password on all routers on a network.

This section describes how to configure IS-IS parameters on a VLAN interface.

Configuring VLAN 7-19


Configuring VLAN Interface

Configuring IS-IS Levels

You specify the IS-IS level on a per-interface basis, and the Corecess S5 System becomes
adjacent with other routers on the same level on that link only. The Corecess S5 System
supports the following IS-IS levels:

• Level-1
Establish a Level 1 adjacency if there is at least one area address in common between this
system and its neighboring systems. If Level 1 is set, this interface cannot support Level 2
adjacencies.

• Level-1-2
Establish a Level 1 and Level 2 adjacency if a neighboring system is also configured as a Level
-1-2 and there is at least one area address in common. If there is no area address in common, a
Level 2 adjacency is established.
• Level-2-only
Establish a Level 2 adjacency if the neighboring system is configured as a Level 2-only router.

To configure the type of IS-IS adjacency for an interface, enter the isis circuit-type
command in Interface configuration mode:

Command Description

y level-1: Configures the interface to support only intra-area traffic.


y level-1-2: Configures the interface to support both intra-area
isis circuit-type
traffic and inter-area traffic.
{level-1 | level-1-2 |
y level-2-only: Configures the interface to support only Level-2
level-2-only}
adjacencies. This option is used on routers that are between areas to
prevent transmission of unnecessary Level 1 hellos.

The following example shows how to configure the VLAN interface to support a Level-2
adjacency:

(config)# interface vlan id 1


(config-if)# isis circuit-type level-2-only
(config-if)#

Note: Normally, this command does not need to be configured. Only on routers that are between areas (Level
1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending
out unused Level 1 hellos. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same
packet.

7-20 Corecess S5 System User's Guide


Configuring VLAN Interface

Modify the IS-IS Metric

All IS-IS routes have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. The cost is an arbitrary, dimensionless integer that can be from 1 through 63. The
default metric value is 10.

To modify the default value, enter the isis metric command in Interface configuration
mode:

Command Description

y <metric-value> The default metric is used as a value for the IS-IS


isis metric
metric. Valid values are 0 – 63.
<metric-value>
y level-1 Configures the metric only for level-1 routing.
[level-1 | level-2]
y level-2 Configures the metric only for level-2 routing.

The following example shows how to configure the default metric for the VLAN interface:

(config)# interface vlan id 1


(config-if)# isis metric 15

Note: If no level is specified, the isis metric command configures the metric for level-1 routing only.

Configuring the CSNP Interval

On broadcast networks, designated routers send complete sequence number PDU (CSNP)
packets to maintain database synchronization. The CSNP interval timer is the number of
seconds between transmissions of CNSP packets from this interface.

The CSNP interval is configured independently for Level 1 and Level 2. This feature does not
apply to point-to-point interfaces. To modify the CSNP interval, enter the csnp-interval
command in Interface configuration mode.

Command Description

y <seconds> The interval of time between transmissions of CSNPs on


broadcast networks. This interval only applies to the designated router.
isis csnp-interval
This can be a number between 0 and 65535 seconds.
<seconds> [level-1|
y level-1 Configures the amount of time between transmissions of
level-2]
CSNPs for Level 1 independently.
y level-2 Configures the interval of time between transmission of

Configuring VLAN 7-21


Configuring VLAN Interface

CSNPs for Level 2 independently.

The following example shows how to configure the transmission interval for CSNP packets:

(config)# interface vlan id 1


(config-if)# isis csnp-interval 30

Configuring the Hello Interval

To modify how often the system sends hello packets out of an interface, enter the isis
hello-interval command in Interface configuration mode.

Command Description

y <seconds>: Number of seconds between transmissions of hello


packets. Valid values are between 1 and 65535 seconds.
isis hello-interval
y minimal:. Causes the system to compute the hello interval based on
{<seconds>|minimal}
the hello multiplier so that the resulting hold time is 1 second.
[level-1|level-2]
y level-1: Configures the hello interval for Level 1 independently
y level-2: Configures the hello interval for Level 2 independently

The following example shows how to configure the VLAN interface to advertise hello packets
every 5 seconds:

(config)# interface vlan id 1


(config-if)# isis hello-interval 5
(config-if)#

If the minimal keyword is specified, the hold time is 1 second and the system computes the
hello interval based on the hello multiplier as follow:

Hello interval = 1000 / (hello-multiplier) ms

7-22 Corecess S5 System User's Guide


Configuring VLAN Interface

Setting the Hello Multiplier

The hello multiplier determines the total holding time transmitted in the IS-IS hello packet.
Holding time is the time a neighbor waits for another hello packet before declaring the neighbor
is down.

The hello interval times multiplied by the hello multiplier equals the hold time. If the hello
interval is 10 seconds and the hello multiplier is 3, the hold time is 30 seconds.

Hold time = hello interval x hello multiplier

To modify the hello multiplier, enter the isis hello-multiplier command in Interface
configuration mode.

Command Description

y <multiplier>: The multiplier used to determine how long to


hold an IS-IS hello packet before declaring an adjacency down.
isis hello-multiplier Valid values are 3 – 1000.
<multiplier> y level-1: Configures the hello multiplier independently for Level
[level-1|level-2] 1 adjacencies.
y level-2: Configures the hello multiplier independently for Level
2 adjacencies.

The following example configures the hello interval and hello multiplier to 6 and 10. As the
result, an adjacency will go down only when many (10) hellos are missed and the total time to
detect link failure is 60 seconds.

(config)# interface vlan id 1


(config-if)# isis hello-interval 6
(config-if)# isis hello-multiplier 6
(config-if)# isis hello-interval multiplier
(config-if)#

Configuring VLAN 7-23


Configuring VLAN Interface

Configuring Hello Padding

Padding adds extra characters to the hello packets so that all packets sent out by Is-IS have the
maximum sized data payload.

To enable hello padding for IS-IS hello packets, enter the isis hello padding command in
Interface configuration mode as follows:

(config)# interface vlan id 1


(config-if)# isis hello padding
(config-if)#

Setting the LSP Interval

To configure the time delay between successive IS-IS link state packet transmissions, enter the
isis lsp-interval command in Interface configuration mode.

Command Description

isis lsp-interval y <milliseconds>: Time delay between successive link state packets.
<milliseconds> Valid values are 1 ~ 4294967295.

The default LSP interval is 33 milliseconds. The following example configures the LSP interval
to 100 milliseconds (10 packets per second) on the VLAN interface:

(config)# interface vlan id 1


(config-if)# isis lsp-interval 100
(config-if)#

7-24 Corecess S5 System User's Guide


Configuring VLAN Interface

Configuring the LSP Retransmit Interval

To configure the amount of time between retransmission of each IS-IS LSP on a point-to-point
link, enter the isis retransmit-interval command in Interface configuration mode.

Command Description

isis retransmit- y <seconds>: Time in seconds between retransmission of each LSP.


interval <seconds> Valid values are 1 ~ 65535.

The following example shows how to configure the LSP retransmit interval to 60 seconds:

(config)# interface vlan id 1


(config-if)# isis retransmit-interval 60
(config-if)#

Configuring Mesh Groups

A mesh group is a set of routers that are fully connected; that is, they have a fully meshed
topology. When LSP packets are being flooded throughout an area, each router within a mesh
group receives only a single copy of an LSP packet instead of receiving one copy from each
neighbor, thus minimizing the overhead associated with the flooding of LSP packets.

To create a mesh group and designate that an interface is part of the group, enter the isis
mesh-group command in Interface configuration mode.

Command Description

y <group-number>: A number identifying the mesh group of which


isis mesh-group
this interface is a member. Valid values are1 ~ 4294967295.
{<group-number> |
y blocked: Specifies that no LSP flooding will take place on this
blocked}
interface.

In the following example show how to configure the VLAN interfaces to be a member of the
mesh group 3:

(config)# interface vlan id 1


(config-if)# isis mesh-group 3

Configuring VLAN 7-25


Configuring VLAN Interface

Configuring the Authentication Password

You can prevent unauthorized routers from forming adjacencies with the Corecess S5 System,
and thus protects the network from intruders.

To configure the authentication password for an interface, enter the isis password
command in Interface configuration mode.

Command Description
y <string>: Authentication password you assign for an interface.
isis password y level-1: Configures the authentication password for Level 1
<string> [level-1 | independently.
level-2] y level-2: Configures the authentication password for Level 2
independently.

The following example configures a password for the VLAN interface:

(config)# interface vlan id 1


(config-if)# isis password corecess

Configure the Priority of DR

The priority is used to determine which router on a LAN will be the designated router (DR) or
Designated Intermediate System (DIS). The priorities are advertised in the hellos. The router
with the highest priority will become the DIS. In the case of equal priorities, the highest MAC
address breaks the tie.

To configure the priority of DR, enter the isis priority command in Interface configuration
mode.

Command Description

isis priority y <priority> The priority of a router and is a number from 0 to 127.
<priority> y level-1 Sets the priority for Level 1 independently.
[level-1 | level-2] y level-2 Sets the priority for Level 2 independently.

The following example shows how to set the priority level to 80:

(config)# interface vlan id 1


(config-if)# isis priority 80

7-26 Corecess S5 System User's Guide


Configuring VLAN Interface

Configuring RIP on the VLAN Interface


You can configure the following RIP parameters of each interface:

Table 7-10 RIP interface parameters

Parameters Description

RIP supports two methods of authentication for each interface— simple password
and MD5. Only one method of authentication can be active on an interface at a time.
• The simple password method of authentication requires you to configure an
alphanumeric password on an interface. The simple password setting takes effect
immediately. All OSPF packets transmitted on the interface contain this password.
authentication
Any OSPF packet received on the interface is checked for this password. If the
mode
password is not present, then the packet is dropped. The password can be up to
eight characters long.
• The MD5 method of authentication requires you to configure a key ID and an MD5
Key. The key ID is a number from 1 – 255 and identifies the MD5 key that is being
used. The MD5 key can be up to sixteen alphanumeric characters long.

In Simple Password authentication method, the key can be up to eight characters


Authentication long. In MD5(Message Digest) authentication method, the key ID is a number from 1
Key – 255 and identifies the MD5 key that is being used. The MD5 key can be up to
sixteen alphanumeric characters long.

RIP version RIP version can be specified to each interface.

Split Horizon function is that the same route information can not be transmitted to
Split Horizon
the interface if route information is received form a particular interface.

This section describes how to configure RIP parameter in VLAN interface.

Configuring RIP Authentication

RIP version 2 provides authentication function to check receiving routing information is secure.
RIP does not add a new field to packets for authentication, but uses the first entry of message as
authentication key. RIP specifies key chain as the key to be used for authentication. Key chain is
a group of keys. If key chain is specified for each interface, the key of key chain is used when
authentication proceeds.

There are two authentication mode-Simple password and MD5. By default, simple password
mode is used. In Simple password mode, the key is transmitted without any encryption. Thus,
if authentication is used for security, the mode is inappropriate. In MD5 authentication mode,
the key is encrypted to “message digest” using MD5 algorithm, then the message digest is
transmitted instead of the key.

Configuring VLAN 7-27


Configuring VLAN Interface

Setting MD5 Authentication Mode


To set MD5 authentication mode for RIP authentication, use the following command.

Table 7-11 Setting MD5 Authentication Mode

Command Task

configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> VLAN interface ID (1 ~ 4094)

ip rip authentication 3. Specify the type of key for authentication


key-chain
y <name-of-chain> Name of key group (key chain).
<name-of-chain>

ip rip authentication
4. Specify MD5 authentication mode.
mode md5

To authenticate RIP packets with MD5 authentication mode, specify the type of key to use for
authentication using ip rip authentication key-chain command. Then, specify which
authentication mode will used between simple password and MD5. By default, simple
password authentication mode is specified.

The following example shows how to set MD5 authentication mode.

# configure terminal
(config)# key chain corecess
(config-keychain)# key 1
(config-keychain-key)# key-string 234
(config-keychain-key)# exit
(config-keychain)# exit
(config)# interface vlan id 1
(config-if)# ip rip authentication key-chain corecess
(config-if)# ip rip authentication mode md5

If you cancel the specified authentication mode and back to the default, use no ip rip
authentication mode command. And, if you cancel the key chain that is used for
authentication, use no ip rip authentication key-chain command.

7-28 Corecess S5 System User's Guide


Configuring VLAN Interface

Setting Simple Password Authentication Mode


To set simple password authentication mode for RIP authentication, use the following
command.

Table 7-12 Setting Simple Password Authentication Mode

Command Task

configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> VLAN interface ID (1 ~ 4094)

ip rip authentication 3. Specify the type of key


string <auth-string> y <auth-string> Authentication string (less than 16 character)

ip rip authentication
4. Specify simple password authentication mode.
mode text

The following example shows how to set simple password authentication method.

(config)# interface vlan id 1


(config-if)# ip rip authentication string corecess
(config-if)# ip rip authentication mode text

To remove the key of the specified simple password authentication method, use no ip rip
authentication-key command.

Configuring VLAN 7-29


Configuring VLAN Interface

Specifying RIP Version

To specify a Routing Information Protocol (RIP) version on an interface basis, use the following
commands in Interface configuration mode:

Table 7-13 Specifying RIP Version

Command Task
configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> VLAN interface ID (1 ~ 4094)

3. Specify RIP version to receive.


ip rip receive y <version> RIP version (1, 2)
version <version> -1 : Accepts only RIP Version 1 packets on the interface.
-2 : Accept only RIP Version 2 packets on the interface.
- 1 2 : Accepts both RIP Version 1 and 2 packets on the interface.

4. Specify RIP version to send.


ip rip send version y <version> RIP version (1, 2)
-1 : Sends only RIP Version 1 packets out the interface.
<version>
-2 : Sends only RIP Version 2 packets out the interface.
- 1 2 : Sends both RIP Version 1 and 2 packets out the interface.

The following example configures the interface to receive both RIP Version 1 and Version 2
packets:

# configure terminal
(config)# interface vlan id 1
(config-if)# ip rip receive version 1 2

The following example configures the interface to send both RIP Version 1 and Version 2
packets out the interface:

# configure terminal
(config)# interface vlan id 2
(config-if)# ip rip send version 2

7-30 Corecess S5 System User's Guide


Configuring VLAN Interface

Enabling Split-Horizon

RIP can use the “split-horizon” to prevent routing loops. The split horizon is the function that
the router does not advertise a route on the same interface as the one on which the router
learned the route.

To enable the split horizon on an interface, use the following commands.

Table 7-14 Enabling Split-Horizon

Command Task

configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> VLAN interface ID (1 ~ 4094)

ip split-horizon 3. Enable split horizon on the specified interface.

The following example shows how to enable split horizon function.

# configure terminal
(config)# interface vlan id 1
(config)# ip split-horizon
(config)#

To disable the split horizon mechanism, use the no ip split-horizon command in Interface
configuration mode.

Configuring VLAN 7-31


Configuring VLAN Interface

Enabling Multicasting on the VLAN Interface


To enable the interface to forward the multicast packets, use the following commands in Global
configuration mode:

Table 7-15 Enabling Multicasting on the VLAN Interface

Command Task

configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> ID of the VLAN to configure (1 ~ 4094)

multicast 3. Enable multicast forwarding.

The multicast packet forward on the interface is enabled by default. To disable the multicast
packet forward, use the no multicast command.

The following is an example of disabling the multicast packet forward of the interface vlan1:

# show interface vlan id 1


Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18061, bytes 1087635, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# configure terminal
(config)# interface vlan id 1
(config-if)# no multicast
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18082, bytes 1088895, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

7-32 Corecess S5 System User's Guide


Configuring VLAN Interface

Shutting Down the VLAN Interface


You can disable an interface. Doing so disables all functions on the specified interface and
marks the interface as unavailable on all monitoring command displays. This information is
communicated to other network servers through all dynamic routing protocols. The interface
will not be mentioned in any routing updates.

To shut down an interface, use the following commands

Table 7-16 Shutting Down the VLAN Interface

Command Task

configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> VLAN interface ID (1 ~ 4094)

shutdown 3. Shut down the specified interface.

To reenable the interface, use the no shutdown command.

This example shows how to shut down the interface vlan1 and re-enable the interface:

(config)# interface vlan id 1


(config-if)# shutdown
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <BROADCAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18174, bytes 1094415, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# configure terminal
(config)# interface vlan id 1
(config-if)# no shutdown
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING>

Configuring VLAN 7-33


Configuring VLAN Interface

HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18181, bytes 1094835, dropped 0, multicast packets 6759
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

Configuring IP Parameters
Table below lists the IP global parameters for the VLAN interface on the Corecess S5 System:

Table 7-17 Type and Function of IP Parameter

Parameters Description

MTU The maximum length an Ethernet packet can be without being


(Maximum Transmission Unit) fragmented

A standard IP mechanism that routers use to learn the Media Access


ARP Control (MAC) address of a device on the network. The router sends
(Address Resolution Protocol) the IP address of a device in the ARP request and receives the
device’s MAC address in an ARP reply.

To configure the parameters above for the VLAN interface, use the following commands in
interface configuration mode:

Table 7-18 Configuring IP Parameters

Command Task

configure terminal 1. Enter Global configuration mode.

interface vlan id 2. Enter Interface configuration mode.


<vlan-id> y <vlan-id> ID of the VLAN to configure. (1 ~ 4094)

arp 3. Enables the ARP on the VLAN interface.

arp <ip-address>
4. Adds a static ARP (Address Resolution Protocol) entry.
<hw-address>

5. Changes the size of the MTU (Maximum Transmission Unit) on the


mtu <mtu-size> VLAN interface.
y <mtu-size> Size of the MTU (1 ~ 65535bytes, default : 1500)

7-34 Corecess S5 System User's Guide


Chapter 8 Configuring SNMP and RMON

This chapter describes how to configure SNMP and RMON on the Corecess S5 System.

9 Configuring SNMP 8-2

9 Configuring RMON 8-17

9 SNMP and RMON Configuration Commands 8-34


Configuring SNMP

Configuring SNMP

SNMP(Simple Network Management Protocol) Overview


The Simple Network Management Protocol (SNMP) is an application layer protocol that
facilitates the exchange of management information between network devices. It is part of the
Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables
network administrators to manage network performance, find and solve network problems,
and plan for network growth.

SNMP Basic Components

SNMP consists of the following three key components:

y Managed Device

y SNMP Agent and Management Information Base (MIB)

y SNMP Manager

SNMP
Manager

Managed Managed Managed


Device Device Device

SNMP Agent SNMP Agent SNMP Agent


MIB MIB MIB

Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a
managed network. Managed devices collect and store management information and make this
information available to NMSs using SNMP. Managed devices, sometimes called network
elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or
printers.

8-2 Corecess S5 System User's Guide


Configuring SNMP

SNMP Agent and MIB


The SNMP agent is a network management module running in the managed device. The SNMP
agent responds to SNMP manager requests as follows:

y Get a MIB variable: The SNMP agent initiates this function in response to a request from
the NMS. The agent retrieves the value of the requested MIB variable and responds to
the NMS with that value.

y Set a MIB variable: The SNMP agent initiates this function in response to a message from
the NMS. The SNMP agent changes the value of the MIB variable to the value requested
by the NMS.

The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event
has occurred on the agent. Examples of traps conditions include, but are not limited to, when a
port or module goes up or down, when spanning-tree topology changes occur, and when
authentication failures occur.

The MIB is the information base, the SNMP agent must keep available for the managers. This
information base contains objects whose values provide information on the status of the
checked system or objects whose values can be modified by a manager to control the system.
Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB
and enterprise-specific MIB.

SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP
agent and sometimes sends warning messages depending on the each SNMP agent relations. In
other words, the actual data is collected from SNMP agent and this data will be processed by
management module and saved. To request information or configuration changes, respond to
requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages
(Get, GetNext, Set, and trap). For more information on these messages, refer to the following
section.

Configuring SNMP and RMON 8-3


Configuring SNMP

SNMP Messages

The SNMP manger and SNMP agent use the following SNMP messages to request information
or configuration changes, respond to requests, and send unsolicited alerts.

y Get-Request / Get-Response Message


y GetNext-Request / GetNext-Request Message
y Set-Request Message
y Trap Message

Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it
requests information about a single MIB entry on an SNMP agent. For example, the amount of
free drive space.

GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse
the entire tree of management objects. When processing a Get-next request for a particular
object, the agent returns the identity and value of the object which logically follows the object
from the request. The Get-next request is useful for dynamic tables, such as an internal IP route
table.

Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated
MIB value to the agent.

Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects
that a certain type of event has occurred locally on the managed device. For example, a trap
message might be sent on a system restart event.

8-4 Corecess S5 System User's Guide


Configuring SNMP

SNMP Community

SNMP community authenticates access to MIB objects and function as embedded passwords. In
order for the NMS to access the system, the community definitions on the NMS must match at
least one of the two community definitions on the system.
A community can have one of the following attributes:

Table 8-1 Types of community

Types Access Authority

Gives read access to authorized management stations to all objects in the MIB except the
Read-only
community strings, but does not allow write access

Gives read and write access to authorized management stations to all objects in the MIB,
Read-write
but does not allow access to the community strings

Trap

Trap is a defined status of event or system. For example, event generated when port
configuration is changed or a host having not-allowed IP address accesses can be defined as a
trap. You can configure the level of trap according to the kind of events.
If a trap occurs on the system, the SNMP agent send SNMP trap message to the registered trap
host.

Configuring SNMP and RMON 8-5


Configuring SNMP

Configuring SNMP
The default SNMP configuration of the Corecess S5 System is as follows:

Table 8-2 Default SNMP configuration

SNMP Configuration Element Default Setting

Agent contact information (MIB-II System Contact variable) None configured


Agent location information (MIB-II System Location variable) None configured
Community strings None configured

Trap None enabled

Trap Host None configured

RMON Enabled

Setting the System Contact and Location Information

In the system group of MIB-II (Public MIB) supported by the Corecess S5 System has System
Contact variable and System Location variable displaying the system contact information and
system location information.

The values of these variables can be browsed or modified via ViewlinX, NMS of the Corecess or
NMS of other companies.

To specify these values, use the following commands:

Table 8-3 Setting the system contact and location information

Command Task

configure terminal 1. Enter Global configuration mode.

snmp-server contact 2. Set the system contact information.


<string> y <string>: String described for system contact information.

snmp-server location 3. Set the system location information.


<string> y <string>: String described for system location information.

end 4. Return to Privileged mode.

show snmp-server 5. Verify the system contact and location information.

8-6 Corecess S5 System User's Guide


Configuring SNMP

The following is an example of setting the system contact information and system location
information:

# configure terminal
(config)# snmp-server contact Dial System Administrator at phone #2734
(config)# snmp-server location 1st_floor lab
(config)# end
# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

sysContact Dial System Administrator at phone #2734


sysLocation 1st_floor_lab
.
.
#

Configuring Community

You use the SNMP community to define the relationship between the SNMP manager and the
agent. The community acts like a password to permit access to the agent on the system. One
thing to be aware of is that in case of adding new community using the Corecess S5 System CLI
command, this community must be added in NMS in order to connect to the system using this
community. To define SNMP community, use the following commands in Privileged mode:

Table 8-4 Configuring SNMP community

Command Task

configure terminal 1. Enter Global configuration mode.


2. Define the SNMP community for each access type.
y <string> The SNMP community name for this system
snmp-server community
<string> <auth> y <auth> Access authentication of the community
- ro This authority can only read a value.
- rw This authority can read and writer a value.

end 3. Return to Privileged mode.

show snmp-server 4. Verify new community string.

Configuring SNMP and RMON 8-7


Configuring SNMP

The following example defines new community string:

# configure terminal
(config)# snmp-server community corecess rw
(config)# end
# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

sysContact Dial System Administrator at phone #2734


sysLocation 1st_floor_lab

Community-Access Community-String
---------------- ----------------
read-only public
read-write private
read-write corecess

.
.
#

8-8 Corecess S5 System User's Guide


Configuring SNMP

Configuring Trap

Traps are system alerts that the Corecess S5 System generates when certain events occur.

The Corecess S5 System supports the following trap types:

Table 8-5 Types of trap supported by Corecess S5 System

Trap Types Description

Sends a trap message when power supply is installed or uninstalled, temperature


chassis
limitations are exceeded, or fan errors occur.

module Sends a trap message when a module goes up or down.

port Sends a trap message when a port goes up or down.

bridge Sends a trap message when there is spanning tree topology changes.

Sends a trap message when Ethernet hub repeater state is changed. This trap doesn’t
repeater
happen in the Corecess S5 system.

ip_permit Sends a trap message when there are access attempts with unauthorized IP address.

sysconfig Sends a trap message when the system backup configuration is changed.

Sends a trap message when there is Entity Management Information Base (MIB) change.
entity
This trap doesn’t happen in the Corecess S5 system.

cpuload Sends a trap message when CPU load limitations are exceeded.

auth Sends a trap message when there are access attempts with unauthorized community.

sysauth Sends a trap message when user login or log-out to the system through Telnet or CLI.

bgp Sends a trap message when Border Gateway Protocol (BGP) state is changed.

Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is
dhcp
changed.

When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or
if problem occurs in the part defined by the trap, such error status (trap message) are
transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are
disabled. To send traps to the trap hosts, the trap types should be enabled.

Configuring SNMP and RMON 8-9


Configuring SNMP

To enable a trap type, use the following commands in Privileged mode:

Table 8-6 Enabling a trap type

Command Task

configure terminal 1. Enter Global configuration mode.


2.. Enable the specified trap type
y <trap-type> Trap type to be enabled
snmp-server enable
(all, auth, bgp, bridge, chassis, cpuload, dhcp,
traps <trap>
entity, ip_permit, module, port, repeater, sysauth,
sysconfig). If you choose all, all traps become enabled.

end 3. Return to Privileged mode.

show snmp-server 4. Check the state of the trap.

The following example enables the port and auth traps:

# configure terminal
(config)# snmp-server enable traps port
(config)# snmp-server enable traps auth
(config)# end
# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

.
.

Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled

8-10 Corecess S5 System User's Guide


Configuring SNMP

bgp disabled
dhcp disabled
atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#

Configuring Trap Host

Trap host is the host to receive traps from an SNMP agent. Trap is message sent by an SNMP
agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such
as a specifically defined condition or a threshold that was reached. By default, no trap host is
configured. To receive the trap generated on your managed device using NMS, you must add
the NMS as a trap host. You can specify up to twenty trap hosts on the Corecess S5 System.

To add or modify trap hosts, use the following commands in Privileged mode:

Table 8-7 Configuring a trap host

Command Task

configure terminal 1. Enter Global configuration mode.

2. Configure trap hosts.


y <host-addr> The IP address of an SNMP host that been configured
snmp-server host to receive traps.
<ip-address> y <community> The community name to use when sending traps to the
<community> port specified SNMP host.
{<udp-port> | y port The UDP port number to use when sending traps to the
default} specified SNMP host
- <udp-port> UDP port number to use (1~ 65535)
y default Default UDP port number (162).

end 3. Return to Privileged mode.

show snmp-server 4. Verify the trap host entries

When a trap host is added, the community of the host should be specified. The type of trap
message, which the host receives, is decided by the specified community.

The following example shows how to add a trap host:

# configure terminal
(config)# snmp-server host 172.168.2.23 corecess port default

Configuring SNMP and RMON 8-11


Configuring SNMP

(config)# end
# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present
.
.

Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
udp:172.168.2.23:162 corecess

.
.
#

Restrict Host Access

The Corecess S5 System can restrict hosts that attempt to access to the Corecess S5 System with
SNMP using access list. Only hosts that are satisfied with the access list condition can be access
the system with SNMP.

To restrict host by using access lists, use the following commands in Global configuration mode:

Table 8-8 Restrict Host Access

Command Description

snmp-server group access Apply the defined access list.


<list-number> y <list-number> number of access list (1 ~ 99, 100 ~ 199)

The following example shows how to define the access list to restrict host access and apply the
access list.

(config)# access-list 12 permit 192.89.55.0 0.0.0.255


(config)# snmp-server group access 12
(config)#

8-12 Corecess S5 System User's Guide


Configuring SNMP

Displaying SNMP Information


The section describes how to display SNMP configuration information, SNMP community
strings, SNMP trap hosts, and SNMP statistics.

Displaying SNMP Configuration Information

To display SNMP configuration information, use the show snmp-server command in


Privileged mode.

The following example is a sample output of the show snmp-server command:

# show snmp-server

RMON: Disabled
Extended RMON: Extended RMON module is not present

sysContact support@corecess.com
sysLocation Unknown

Community-Access Community-String
---------------- ----------------
read-only public
read-write private

Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
udp:172.27.2.36:162

Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port disabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth disabled
sysauth disabled
bgp disabled

Configuring SNMP and RMON 8-13


Configuring SNMP

dhcp disabled
atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#

The table below describes the fields shown by the show snmp-server command:

Table 8-9 show snmp-server field descriptions

Field Description
RMON Status of whether RMON is enabled or disabled.
Extended RMON Status of whether extended RMON is enabled or disabled.
sysContact SNMP system operator information
sysLocation SNMP system location information string
SNMP access authority
Community-Access - read-only
community - read-write
SNMP community strings associated with each SNMP
Community-String
community
IP address of trap receiver hosts and UDP port number for
Trap-Rec-Address
sending trap messages.
TrapReceiver
SNMP community string used for trap messages to the trap
Trap-Rec-Community
receiver.
Traps Trap types

Trap Configuration status of trap message


Enabled - enabled : Trap message is allowed to send.
- disabled : Trap message is not allowed to send.

Displaying SNMP Community Strings

To display SNMP community strings, use the show snmp-server community-list


command in Privileged mode.

The following example shows how to display SNMP community strings:

# show snmp-server community-list


community:pubilc access: ro
community:private access: rw
community:corecess access: ro
#

8-14 Corecess S5 System User's Guide


Configuring SNMP

The table below describes the fields shown by the show snmp-server community-list
command output:

Table 8-10 show snmp-server community-list field descriptions

Field Description

community SNMP community strings

Access authority of the community strings


access - ro : Read-Only
- rw : Read-Write

Displaying SNMP Statistics

To display SNMP statistics, use the show snmp-server statistics command in


Privileged mode.

The following is sample output from the show snmp-server statistics command:

# show snmp-server statistics


10090 SNMP packets input
0 Bad SNMP version errors
96 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
28051 Number of requested variables
12 Number of altered variables
9854 Get-request PDUs
83 Get-next PDUs
12 Set-request PDUs
9994 SNMP packet output
0 Too big errors (Maximum packet size 1500)
3 No such name errors
0 Bad values errors
0 General errors
9994 Response PDUs
0 Trap PDUs
#

Configuring SNMP and RMON 8-15


Configuring SNMP

The table below describes the fields shown by the show snmp-server statistics
command output:

Table 8-11 show snmp-server statistics field descriptions

Field Description

SNMP packets input Total number of SNMP packets received.

Bad SNMP version errors Number of packets with an invalid SNMP version.

Unknown community name Number of SNMP packets with an unknown community name

Illegal operation for Number of packets requesting an operation not allowed for that
community name supplied community

Encoding errors Number of SNMP packets that were improperly encoded

Number of requested
Number of variables requested by SNMP managers
variables

Number of altered variables Number of variables changed by SNMP managers

Get-request PDUs Number of get requests received

Get-next PDUs Number of get-next requests received

Set-request PDUs Number of set requests received

SNMP packet output Total number of SNMP packets sent by the router

Number of SNMP packets which were larger than the maximum


Too big errors
packet size.

Number of SNMP requests that specified an MIB object which does


No such name errors
not exist.

Number of SNMP set requests that specified an invalid value for an


Bad values errors
MIB object.

General errors Number of SNMP set requests that failed due to some other error.

Response PDUs Number of responses sent in reply to requests.

Trap PDUs Number of SNMP traps sent.

8-16 Corecess S5 System User's Guide


Configuring SNMP

Displaying SNMP Trap Hosts

To display the list of the trap receiver hosts, use the show snmp-server traphost
command in Privileged mode.

The following example shows how to display the list of the trap receiver hosts:

# show snmp-server traphost


host: udp:172.27.2.36:162 comm: public
host: udp:172.28.3.178:24 comm: corecess
#

The table below describes the fields shown by the show snmp-server traphost command
output:

Table 8-12 show snmp-server traphost field descriptions

Field Description
host Protocol : IP address of a trap receiver host: port number.

comm SNMP community of the trap receiver host

Configuring SNMP and RMON 8-17


Configuring RMON

Configuring RMON

RMON (Remote MONitoring) Overview


The RMON (Remote MONitoring) is an extend function of SNMP (Simple Network
Management Protocol) that designs to manage the devices from a remote place. The RMON
collects information that happens in a LAN segment such as the number of collision, packet size
distribution and amount of data in a distributed LAN environment, then the RMON delivers
information to managing device. The information can be used as resource to find out network
efficiency, collision, etc.

The RMON provides alarm function and event function that monitor the distributed LAN
environment and report changed status to users. Network problems can be easily solved by
network status report of RMON before network problem becomes worse.

RMON MIB groups consist of nine groups (1. Statistics 2. History 3. Alarm 4. Host 5. Host Top
N 6. Matrix 7. Filter 8. Packet Capture 9. Event), and the Corecess S5 System supports four
groups as follows:

1) Statistics (Statistics, RMON group 1)


Collects the number of packets/bytes, the number of broadcast/multicast packets, the
number of collisions, the number of errors occurred (fragment, CRC, jabber, short-length,
long-length) on an interface.

2) History (History, RMON group 2)


Collects a history group of statistics on Ethernet for a specified polling interval.

3) Alarm (Alarm, RMON group 3)


Monitors a specific management information base (MIB) object for a specified interval,
triggers an alarm at a specified value (rising threshold), and resets the alarm at another
value (falling threshold). Alarms can be used with events; the alarm triggers an event, which
can generate a log entry or an SNMP trap.

4) Event (Event, RMON group 9)


Determines the action to take when an event is triggered by an alarm. The action can be to
generate a log entry or an SNMP trap.

8-18 Corecess S5 System User's Guide


Configuring RMON

Configuring RMON
The configuration procedure of RMON is as follows:

y Enabling RMON

y Configuring Statistics Groups

y Configuring History Groups

y Configuring Alarm Groups

y Configuring Event Groups

Enabling RMON

To enable RMON, use the following commands.

Table 8-13 Enabling RMON

Command Task

configure terminal 1. Enter Global configuration mode.

snmp-server enable rmon 2. Enable the RMON on the Corecess S5 System.

end 3. Return to Privileged mode.

show snmp-server 4. Verify that RMON is enabled.

This example shows how to enable the RMON on the Corecess S5 System and how to verify
that RMON is enabled:

# configure terminal
(config)# snmp-server enable rmon
(config)# end
# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

sysContact TEL:+82-2-3016-6900
sysLocation Daechi-dong Seoul Korea
.
.

Configuring SNMP and RMON 8-19


Configuring RMON

Configuring Statistics Groups

The RMON Statistics group monitors traffic of the specified interface and records basic statistic
information in the form of a table. The user can specify the interface to collect and save data in
the RMON Statistics group, and the user also gives authority to a user to use the statistic
information.

By default, the RMON Statistics group is defined that all port interfaces of the Corecess S5
System save statistics information. To configure the RMON Statistic group, use the following
commands.

Table 8-14 Configuring RMON statistics group

Command Task

y <index> RMON statistics group number (1 ~ 65535)


rmon etherstats
y <ifIndex> Interface number to collect statistics information. (Instance
<index> {<ifIndex> |
number defined in RFC 1213, 1 ~ 2147483647)
gigabitethernet
y <slot>/<port> Slot/Port number to collect statistics information
<slot>/<port>} owner
y <etherstats-owner> The object that uses the collected statistics
<etherstats-owner>
information (IP address, host name or user name)

The following is an example of configuring statistics groups:

(config)# rmon etherstats 10 gigabitethernet 5/1 owner aaa


(config)# rmon etherstats 11 gigabitethernet 5/2 owner aaa

The following example shows how to display the RMON Statistics group.

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
3 valid ifIndex.6 (Gi 1/3)
4 valid ifIndex.5 (Gi 1/4)
5 valid ifIndex.4 (Gi 5/1)
6 valid ifIndex.3 (Gi 5/2)
7 valid ifIndex.2 (Gi 5/3)

8-20 Corecess S5 System User's Guide


Configuring RMON

8 valid ifIndex.1 (Gi 5/4)


10 valid ifIndex.4 (Gi 5/1)
11 valid ifIndex.3 (Gi 5/2)

[history]
index status dataSource
----- -------------- -----------------------------
.
.
#

To show the detail configuration information, specify the number of the statistics information
using show rmon statistics command.

# show rmon statistics 1


Entry 10 is valid, and owned by aaa
Monitors ifEntry.ifIndex.4 which has
Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 CRCAlign error and 0 Collisions(tx),
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
# of dropped packet events (due to lack of resoures): 0
# of packets received of length (in octets):
64: 0 65-127: 0 128-255: 0
256-511: 0 512-1023: 0 1024-1518: 0

To delete the configured RMON statistics group, use no rmon historycontrol command
in Global configuration mode:

(config)# no rmon etherstats 10


(config)#

Configuring SNMP and RMON 8-21


Configuring RMON

Configuring History Groups

The RMON History group contains a control and data collection function. The RMON History
group provides the control function and the history function to collect traffic data periodically.
The control function retrieves statistics data periodically from network and sets control
parameters such as retrieve interval. The history function records statistics data periodically
such as number of packet and period start time.

The RMON History group has statistics information of the specified interface in history table
and adds new entry in the history table when new data is collected. Users can perceive overall
information of the interface with information of the RMON History group, and if an error
occurs, information of the RMON history group helps users to detect problems easily and solve
problems.

The RMON History group collects and stores statistics information, which is the same as the
RMON Statistics group, from a particular interface for a certain amount of time. It means that
the statistics group has immediate statistics information, but in the other hand, the History
group stores the sequent statistic information continuously.

By default, the History group is defined that all port interfaces store history information. To
configure the RMON History group, use the following commands in Global configuration
mode.

Table 8-15 Configuring RMON history group

Command Task

y <index> Number to identify RMON history (1 ~ 65535)


y <ifIndex> Interface number to collect statistics information.
rmon historycontrol (Instance number defined in RFC 1213, 1 ~ 2147483647)
<index> {<ifIndex> | y <slot>/<port> Slot/Port number to collect statistics information
gigabitethernet
y <history-owner> The object that uses the collected statistics
<slot>/<port>} owner
information (IP address, host name or user name)
<history-owner>
<bucket-number> y <bucket-number> Number of data to collect in history group.
<history-interval> (Bucket size. 1 ~ 65535)
y <history-interval> interval to collect information (1~3600
second)

The following example shows how to configure the RMON History group.

# configure terminal
(config)# rmon historycontrol 10 gigabitethernet 5/1 owner aaa 50 30

8-22 Corecess S5 System User's Guide


Configuring RMON

(config)#

The following example shows how to display the RMON History group.

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- ------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
3 valid ifIndex.6 (Gi 1/3)
4 valid ifIndex.5 (Gi 1/4)
5 valid ifIndex.4 (Gi 5/1)
6 valid ifIndex.3 (Gi 5/2)
7 valid ifIndex.2 (Gi 5/3)
8 valid ifIndex.1 (Gi 5/4)

[history]
index status dataSource
----- ------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
3 valid ifIndex.6 (Gi 1/3)
4 valid ifIndex.5 (Gi 1/4)
5 valid ifIndex.4 (Gi 5/1)
6 valid ifIndex.3 (Gi 5/2)
7 valid ifIndex.2 (Gi 5/3)
8 valid ifIndex.1 (Gi 5/4)
10 valid ifIndex.4 (Gi 5/1)
.
.
#

To display the detail information on a history group, enter the show rmon history
command with the history number:

# show rmon history 10


Entry 10 is valid, and owned by aaa
Monitors ifEntry.ifIndex.4 every 30 seconds
Requested # of time intervals, is buckets, is 50
Granted # of time intervals, is buckets, is 50

Configuring SNMP and RMON 8-23


Configuring RMON

Sample # 6878 began measuring at 1days 18h:5m:52s:44th(15155244)


Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions.
# of dropped packet events is 0
Network utilization is estimated at 0
.
.
.

Sample # 269704428 began measuring at 0days 7h:23m:44s:51th(2662451)


Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions.
# of dropped packet events is 0
Network utilization is estimated at 0

To delete a history group, enter the no rmon historycontrol command in Global


configuration mode:

(config)# no rmon historycontrol 10


(config)#

8-24 Corecess S5 System User's Guide


Configuring RMON

Configuring Alarm Groups


The RMON Alarm group allows you to set an alarm threshold and a sampling interval to
enable the RMON agent to generate alarms on any network segment it monitors. Alarm
thresholds can be based on ‘absolute’ or ‘delta’ values so that you can be notified of rapid spikes
or drops in a monitored value.

The alarm group periodically takes statistical samples from variables and compares them to
previously configured thresholds. The Alarm Table stores configuration entries that define a
variable, a polling period, and threshold parameters.

Each alarm is linked to an event in the event group. An event defines an action that will be
triggered when the alarm threshold is exceeded. The event generated when a RMON alarm
occurs should specify one of the RMON event entry and be configured. To configure the RMON
event, use rmon event command.

The alarm group retrieves variables periodically and compares variables to threshold. The
variable type, retrieval interval and threshold are consisted of an entry, and the entry is stored
in the alarm table.

Configuring SNMP and RMON 8-25


Configuring RMON

To configure the RMON Alarm group, use the following message in Global configuration
group.

Table 8-16 Configuring Alarm Groups

Command Task

y <index> Number to identify alarm group (1~ 65535)


y <interval> MIB object monitoring interval (1-2147483647 seconds)
y <type> Value to monitor. Select one of the following values:
- multicastPkts: The number of incoming multicast packets
- cRCAlignErrors: The number of incoming packets with CRC errors
- collisions : The number of times a collision occurs while the packet is
received
- octets: The total number of incoming octets
- pkts: The total number of incoming packets
- broadcastPkts: The number of incoming broadcast packets
- pkts256to511 : The number of incoming packets 256 to 511 bytes in
length
- pkts512to1023: The number of incoming packets 512 to 1023 bytes in
length
rmon alarm <index> - pkts1024to1518 : The number of incoming packets 1024 to 1518 bytes
in length
<interval> {<type>
- pkts64: The number of incoming packets 64 bytes in length
<StatisticsIndex> - pkts65to127: The number of incoming packets 65 to 127 bytes in length
|<variable>} - pkts128to255 : The number of incoming packets 128 to 255 bytes in
{delta | absolute} length
{rising | falling | y <StatisticsIndex> The number of statistics group to get the
both} threshold selected value from <type>option (0 ~ 65535)
<rising-threshold> y <variable> OID number of the MIB object to monitor
<falling-threshold> y <StatisticsIndex> The number of statistics group to get the
selected value from <type>option (0 ~ 65535)
event-index <rising-
y absolute Option for testing each MIB variable directly
event-number>
y delta Option for testing the change between MIB variables
<falling-event-number>
y rising Option for triggering alarm when the monitored value
owner <alarm-owner>
exceeds the rising threshold
y falling Option for triggering alarm when the monitored value
exceeds the falling threshold
y both Option for triggering alarm when the monitored value exceeds
the rising or falling threshold
y <rising-threshold> Value at which the alarm is triggered (0 ~
2147483647)
y <falling-threshold> Value at which the alarm is reset (0 ~
2147483647)
y <rising-event-number> Event number to trigger when the rising
threshold exceeds its limit (0 ~ 65535)
y <falling-event-number> Event number to trigger when the
falling threshold exceeds its limit (0 ~ 65535)
y <alarm-owner> Option for specifying an owner for the alarm

8-26 Corecess S5 System User's Guide


Configuring RMON

The following example shows how to configure RMON alarm group and check the result:

# configure terminal
(config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index 1
1 owner aaa
(config)#

Before configure RMON alarm group, you should verify that the statistics group
(<StatisticsIndex>) is defined.

(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 100 event-
index 1 1 owner kimka
Can't fetch the MIB values
(config)#

If you specify undefined statistics group, the ‘Can't fetch the MIB values’
message will be displayed:

To display the information on an alarm group, enter the show rmon command with the alarm
number:

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.

[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.

[alarm]
index status sample

Configuring SNMP and RMON 8-27


Configuring RMON

----- -------------- -----------------------------


1 valid etherStatsPkts.1

[event]
index status type
----- -------------- ---------------
#

To display the detail information on an alarm group, enter the show rmon alarm command
with the alarm number:

# show rmon alarm 1


Alarm 1 is valid, owned by aaa
Monitors etherStatsEntry.etherStatsPkts.1 every 10 seconds
Taking absolute samples, last value was 0
Rising threshold is 1000, assigned to evnet 1
Falling threshold is 100, assigned to event 1
On startup enable rising or falling alarm

To delete a RMON alarm group, enter the no rmon alarm command in Global configuration
mode:

(config)# no rmon alarm 1


(config)#

8-28 Corecess S5 System User's Guide


Configuring RMON

Configuring Event Groups


The RMON Event group defines an action that is able to do when an alarm occurs. The action is
usually generating SNMP trap or storing the log entry to the log table to record the alarm. If
you configure SNMP trap generated, you should specify community to transmit the generated
trap to the managed system.

To configure the RMON Event group, use the following command in Global configuration
mode.

Table 8-17 Configuring RMON event group

Command Task

y <index> Number to identify events (1 ~ 65535)


y description <string> Add a description of the event.
- <string> A description of the event.
rmon event <index>
y trap <community> Option for generating SNMP trap with the
description <string>
<community> community string when the event occurs
{trap <community> |
- <community> Community String
log } owner <owner>
y log Option for storing log for alarm when the alarm occurs
y owner <owner> Option for specifying an owner for the event
- <owner> IP address, host name or user name

This example shows how to configure an event group on the Corecess S5 System and how to
verify that they are configured:

Parameter Value

Event index 10
Event description Event to create log entry and SNMP notification
Event type log, trap
Community public
Owner help_desk

# configure terminal
(config)# rmon event 10 description “Event to create log entry and SNMP
notification” log trap public owner help_desk

Configuring SNMP and RMON 8-29


Configuring RMON

To display the information on an event group, enter the show rmon command:

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.

[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.

[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1

[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#

To display the detail information on an event group, enter the show rmon events command
with the event number:

# show rmon events 10


Event 10 is valid, owned by help_desk
Description is Event to create log entry and SNMP notification
Event firing causes log and trap to community public
last fired 0days 0h:1m:14s:25th(7425)
#

To delete an event group, enter the no rmon event command in Global configuration mode:

(config)# no rmon event 10


(config)#

8-30 Corecess S5 System User's Guide


Configuring RMON

Collecting Bandwidth Information of Traffic

In the Corecess S5 System, bandwidth information of traffic can be collected by RMON through
a particular port with a certain cycle (five seconds, one minute and ten minutes). To collect
bandwidth information communicated through the specified port, use the following
commands.

Table 8-18 Collecting Bandwidth Information of Traffic

Command Task

configure terminal 1. Enter Global configuration mode.


2. Collect bandwidth information communicated through the
rmon port gigabitethernet specified port.
<slot>/<port> utilization y <slot>/<port> Slot/Port number to collect bandwidth
information of traffic
End 3. Return to Privileged mode.

show rmon port <port-type>


4. Verity the bandwidth information of traffic.
<slot>/<port> utilization

The following example shows how to collect the bandwidth information of traffic and verify it.

# configure terminal
(config)# rmon port gigabitethernet 5/1 utilization
(config)# end
# show rmon port gigabitethernet 5/1 utilization
Rx-avg: bits/s bytes/s pkts/s utilization
Tx-avg: bits/s bytes/s pkts/s
------------ ------------ ------------ -------------
Port 5/1
5 sec: 0 0 0 0
0 0 0
1 min: 0 0 0 0
0 0 0
10 min: 0 0 0 0
0 0 0
#

Configuring SNMP and RMON 8-31


Configuring RMON

Displaying RMON Information


To display the current RMON configuration, enter the show rmon command in Privileged
mode. You can execute the show rmon command with the following options:
y alarm Displays the RMON alarm table.
y events Displays the RMON event table.
y history Displays the RMON history table.
y statistics Displays the RMON statistics table.

If you do not specify any option, the contents of the RMON alarm table, event table, history table, and
statistics table are displayed. The following is a sample output of the show rmon command:

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.

[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.

[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
10 valid logandtrap

8-32 Corecess S5 System User's Guide


Configuring RMON

The table below describes the fields in the show rmon command output:

Table 8-19 show rmon field descriptions

Field Description

RMON Running status of the RMON

Index Proper number of statistics group

statistics Status Status of statistics group

dataSource Object to collect data

Index Proper number of the statistics group

history Status Status of the statistics group

dataSource Object to collect data

Index Proper number of alarm group

alarm Status Status of alarm entry

Sample Object to refer data

Index Proper number of event group

event Status Status of event group

Type Type of event group

The following example shows how to display the bandwidth information of traffic.

# show rmon port gigabitethernet 5/1 utilization


Rx-avg: bits/s bytes/s pkts/s utilization
Tx-avg: bits/s bytes/s pkts/s
------------ ------------ ------------ -------------
Port 5/1
5 sec: 0 0 0 0
0 0 0
1 min: 0 0 0 0
0 0 0
10 min: 0 0 0 0
0 0 0
#
To verify the average bandwidth of traffic for five seconds, one minute and ten minutes, execute
show rmon port command.

Configuring SNMP and RMON 8-33


SNMP and RMON Configuration Commands

SNMP and RMON Configuration Commands


The table below shows the list of SNMP and RMON configuration commands and their
functions.

Table 8-20 SNMP & RMON Configuration Commands

Command Description

show snmp-server Display SNMP configuration information of the system.

show snmp-server
Display SNMP community list defined the system.
community-list

show snmp-server statistics Display statistics information of SNMP operation.

show snmp-server traphost Display list of trap host received trap.

show rmon Display entry information of RMON table.

snmp-server community Configures the SNMP community strings.

snmp-server contact Specifies the system operator information.

snmp-server enable rmon Enables the RMON.

snmp-server enable traps Enables a SNMP trap.

Limits hosts which can access to the system through SNMP based
snmp-server group access
on the access list.

snmp-server host Specifies hosts to receive SNMP notifications.

snmp-server location Specifies the system location information..

rmon alarm Configure an RMON alarm group.

rmon etherstats Configures an RMON statistics group.

rmon event Configures an RMON event group.

rmon historycontrol Configures an RMON history group.

rmon port Collects the average bandwidth information of traffic.

8-34 Corecess S5 System User's Guide


Chapter 9 Configuring QoS

This chapter describes how to configure QoS (Quality of Service) on the Corecess S5 System.

9 QoS Overview 9-2

9 Configuring QoS Service Policy Map 9-17

9 Configuring Non-Class-map QoS Features 9-30

9 QoS Configuration Commands 9-43


QoS Overview

QoS Overview
This section describes QoS (Quality of Service) and QoS features supported by the Corecess S5
System.

QoS (Quality of Service)


QoS can classify traffic into several levels and provide graded quality of service. QoS function
can give high priority to traffic that should transmit important information or be processed in
real-time, so high priority traffic is transmitted first, then low priority traffic is transmitted. It
makes the limited network resource such as bandwidth use efficiently.

QoS consists of the Classifier and the Traffic manager. The Classifier classifies traffic, and the
Traffic Manager processes the classified traffic as follows:

 
Packet Buffer Queue Packet
Classifier Marker Policer
In Manager Scheduler Out

Traffic Manager

The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic
manager marks the QoS level to the packet header or processes a packet that is in permitted
bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or
prefers which packet transmits first.

The following section describes parameters to classify packets and how to classify packet.

9-2 Corecess S5 System User's Guide


QoS Overview

Classifier

Classification Standard

The classifier uses the following values to decide the packet level.

y Layer 1 : Number of Input/output port


The input/output ports in Layer 1 packet is a port that a packet is received and transmitted.
It is also called as ingress/egress port.

y Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number
from zero to seven is stuffed in the three bit field.

y Layer 3 : Source/Destination IP Address, Protocol ID, TOS/DSCP Field


Protocol ID in the header of Layer 3 packet is a field that marks which packet of protocol is.
The field is set by values that have been defined (TCP: 6, UDP: 17, ICMP:1, IGMP:2).

The following values are set in the eight bit of TOS field - also called DSCP field - in the
header of Layer 3 packet.

IP Type of Service (RFC 1349) IP DiffServ Code Point (RFC 2474)

bits bits 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
DSCP C
IP-Prec TOS MRZ U
Class Selector
D T R C

- MRZ : Must Be Zero -D : Minimum Delay


-T : Maximum Throughput -R : Maximum Reliability
-C : Minimize Cost - CU : Currently Unused

y Layer 4 : Source/Destination Port Number, TCP Flag


The port number in TCP/UDP header of Layer 4 packet notifies what the packet of
application is.

The classifier can classify the following types of category with the classification standard.

Configuring QoS 9-3


QoS Overview

y Subscriber (packet sender) Classification: Who send the packet?


- Packet Classification using Input Port Number, Source MAC Address and Source IP
Address

y Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address
and TCP/UDP Port Number

y Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address

y Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet? And, what
kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address and
TCP/UDP Port Number

y Class based Classification: QoS level is marked in the packet?


- Packet Classification using the value of the 802.1p field and IP TOS/DSCP/IP-Prec field

Classification Table

The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a
packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate)
classifier that recognizes the packet decided QoS level.

MF classifier uses the following table to decide QoS level and to recognize a QoS profile.

level Classification standard Service Contents

Source Destination
Input Output Source Destination VLAN Source Destination Protocol TCP QoS
Rule# 802.1P TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID IP IP ID Flag Profile
Port # Port #
1
2
3
4
5
6
7
.
.
.

9-4 Corecess S5 System User's Guide


QoS Overview

A QoS profile has information what actions (marking, policing and assigning queue) should be
done to the packet decided QoS level through classification standard. The traffic manager
actually applies the actions to the packet.
BO

For example, the classification table is defined as follows.


20.1.1.0/24
There is a packet that source IP address is 1.1.1.0/24, and
HQ
destination IP address id 20.1.1.0/24. When the classifier
HTTP Packet
receives the packet, the classifier recognizes that the packet
1.1.1.0/24
matches rule number four, and applies the packet to be
processed by the QoS profile.

Source Destination
Input Output Source Destination VLAN Protocol TCP QoS
Rule# 802.1P Source IP Destination IP TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID ID Flag Profile
Port # Port #
1
2
3
4 * * * * 0x0800 * 1.1.1.0/24 20.1.1.0/24 6 * * 80 *
5
6

The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of
802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following
field values are defined. One of the profiles is applied to the packet by the field values.

TOS/DSCP/IP-Prec
802.1p Table
Table
802.1p Field Value QoS Profile ToS Field Value QoS Profile
0 0
1 1
2 2
3 3
4 4
5 5
6 …
7 255

The following section describes the traffic manager.

Configuring QoS 9-5


QoS Overview

Packet Marker
Packet marker marks 802.1P field or ToS field with QoS level. QoS level of a packet can use the
value decided by the classifier or be changed by QoS profiles. It is called “remarking” that the
first decided level is changed and marked by QoS profiles.

Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic
flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged
bandwidth.

Policer consists of metering and action block. Metering measures traffic flow rate and compares
the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action
block. Action block decide how to process traffic depending on the result.

There are three methods to process the result as follows:

y Pass: transmits packets without the result.

y Drop: Discard packets which exceed bandwidth.

y Mark: Remark packets which exceed bandwidth.

Policer Variables

To use Policer function, you should understand the following variables.

y CIR (Committed Information Rate)


Engaged Bandwidth. It is also called Average rate or Guaranteed rate.

y PIR (Peak Information Rate)


Maximum bandwidth

y CBS (Committed Burst Size)


Packet size that can be received for one time. It is also called Average burst size.

y PBS (Peak Burst Size)


Maximum packet size that can be received for one time

y EBS (Excessive Burst Size)


Gap between received packet size and CBS

9-6 Corecess S5 System User's Guide


QoS Overview

The following graph shows the variables.

Information Burst Size (Bytes)


Rate(bps)

EBS

CIR PIR PBS CBS

time

Token Bucket

There are several implementation of policer function, and the typical implementation is the
token bucket. The token bucket contains tokens, each of which can represent a unit of bytes.
Token is filled up in the token bucket for a certain rate. When packets are arrived, the same
amount of tokens is removed from the token bucket.

Packet

The same amount of tokens is


removed from the bucket.

Token Bucket
Bucket Size

Token Rate

Token

The variables of policer can be substituted for the element of token bucket as follows:

y CIR : Token Rate

y CBS : Bucket Size

Configuring QoS 9-7


QoS Overview

If tokens are full in the token bucket, no token is provided. When packets are received, the same
amount of token are removed. If the number of tokens is less than size of a packet, the packet is
specified as non-conforming packet. And, if the number of tokens is more than size of a packet
or is the same as the size of packet, the packet is specified as conforming packet. The packet
specified as non-conforming packet is processed by QoS profile of the packet.

There are two method of token bucket - single token bucket, dual token bucket. Single token
method uses only one bucket, and dual token method uses two bucket.
In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR
rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the
second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally
becomes the non-conforming packet. If a packet that is specified as conforming in the first bucket
becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming
packet.

Dual token bucket method can control the packet with detailed classification above.
The following graph shows the dual token bucket method.

Bucket Size Bucket Size


= PBS = CBS

Token Rate Token Rate


= PIR = CIR P

9-8 Corecess S5 System User's Guide


QoS Overview

Queue Scheduler
The output port is generally slower than the input port because the output port transmits
packets that are received from the several input ports. In the output port, at least one queue is
assigned, and packets that have to be processed by the output port are saved. When saved
packets in a queue are more than bandwidth that can transmit packets - it means congestion,
what packets are transmitted first should be defined in the output port. This is called queue
scheduling.

There are various queues scheduling method, and the following methods are generally used.

y Strict Priority Queuing

y WRR (Weight Round Robin)

y WFQ (Weight Fair Queuing)

y DWRR (Deficit Weight Round Robin)

SPQ (Strict Priority Queuing)

In this method, each queue has assigned priorities (high, medium, low), and packets in the high
priority queue are transmitted first. After packets in the high priority are transmitted
completely, packets in the next priority queue are transmitted.

[Q1] Priority: High


200B 300B 400B 100B 300B

[Q2] Priority: Medium Output Port

400B 500B 500B 400B 300B 600B 400B 500B 500B 200B 300B 400B 100B 300B

[Q3] Priority: Low SPQ Scheduler


400B 300B 600B

This method is easy to implement, but if there are plenty of packets that flows into the high
priority queue, packets in the low priority queue can not be transmitted at all. This is called
starvation.

Configuring QoS 9-9


QoS Overview

WRR (Weight Round Robin)

WRR method processed every queue in sequence to remove starvation that happens in SPQ
(Strict Priority Queuing). The packet size that process packets each time can be set for each
queue instead. A value, called weight, is used to set the packet size. The weight represents the
ratio of packets that is serviced through the queues.

[Q1] Weight: 2
200B 300B 400B 100B 300B

[Q2] Weight: 1 Output Port

400B 500B 500B

[Q3] Weight: 1 WRR Scheduler


400B 300B 600B

If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It
means that two packets are transmitted through the first queue (Q1), and a packet is
transmitted through the second queue (Q2), then a packet is transmitted through the third
queue (Q3).

WRR method can specify priority to each queue and prohibit starvation as above. The
disadvantage of WRR is not useful in IP network that packet size is variable because weight is
ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is
1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even
though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but
the 1500byte data packet can be sent through the low weight queue.

9-10 Corecess S5 System User's Guide


QoS Overview

WFQ (Weight Fair Queuing)

WFQ method divides whole packet in queue into bit unit to solve the problem of WRR and
transmits the bits at weight ratio of queues, then reassembles the bits.

[Q1] Weight: 2 1 bit


Last bit of Last bit of Last bit of
200B 300B 400B 100B 300B 400B Pkt 500B Pkt 600B Pkt

Packet Segmentation
Last bit of Last bit of Last bit of
400B Pkt 300B Pkt 500B Pkt
[Q2] Weight: 1
Packet
400B 500B 500B
Reassembler
Bit-by-Bit WRR
[Q3] Weight: 1 Scheduler Last bit of Last bit of Last bit of
300B Pkt 400B Pkt 300B Pkt
Bit-by-Bit Service Ratio Last bit of
400B 300B 600B
= Q1:Q2:Q3 = 2:1:1 200B Pkt Last bit of
100B Pkt

400B 400B 500B 300B 200B 600B 300B 500B 400B 100B 300B

Output Port

This method can transmit packets without the packet size at the ratio that is specified in the
queue, but it is complicated to implement.

DWRR (Deficit Weight Round Robin)

DWRR method enhances disadvantage of WRR and WFQ. DWRR defines weight, quantum and
deficit counter to each queue. Quantum is the maximum packet size that is processed by weight
ratio. Deficit counter is set to ‘0’ by default. Deficit counter is merged with quantum when data
of a queue is serviced. The packet of queue can be serviced up to deficit counter. After the
packet is serviced, deficit counter is decreased to the packet size.

For example, there is a queue that quantum value is 1000bytes. If 500byte packet, 300byte
packet, and 300byte packet are in a queue, only 500byte packet and 300byte packet can be
processed because the queue can process up to 1000bytes. Then, deficit counter becomes 200.
After other queues process their packet, the queue become in the order. The deficit counter
value becomes 1200, and the queue can process up to 1200byte.

Deficit counter memorizes the size of packet that was not transmitted as the ratio of weight, and
transmits the packet next time.
Let’s look at the operation principal of DWRR. There are three queues in an output port as
below. In each queue, 2:1:1 of weight is assigned. The quantum values of each queue are set as
1000byte, 500byte and 500byte. The deficit counter values are set as ‘0’ (Picture 1).

Configuring QoS 9-11


QoS Overview

[Q1] Weight: 2 [Q1] Weight: 2


1000B - 300B - 100B - 400B
Quantum=1000, DeficiCounter=0B Quantum=1000, DeficiCounter=200B

200B 300B 400B 100B 300B 200B 300B

[Q2] Weight: 1 [Q2] Weight: 1


Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B

400B 500B 500B 400B 500B 500B 400B 100B 300B

[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR


Quantum=500, DeficitCounter=0B Scheduler Quantum=500, DeficitCounter=0B Scheduler
400B 300B 600B 400B 300B 600B

[Picture 1] [Picture 2]

The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes
1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the
transmission, the deficit counter value becomes 200 (Picture 2).

The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the
value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter
value becomes 0. The next time the number 3 of queue should be processed, but the first packet
in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case,
deficit counter is not changed, and no packet is transmitted.
The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to
the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and
the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be
transmitted, then deficit counter becomes 700 (Picture 3).

[Q1] Weight: 2
1200B - 300B - 200B [Q1] Weight: 2
Quantum=1000, DeficiCounter=700B Quantum=1000, DeficiCounter=0B

[Q2] Weight: 1 [Q2] Weight: 1


Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B

400B 500B 200B 300B 400B 300B 600B

[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR


Quantum=500, DeficitCounter=500B Scheduler Quantum=500, DeficitCounter=100B Scheduler
400B 300B 600B 400B
1000B - 600B - 300B

[Picture 3] [Picture 4]

There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of
queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2
of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets

9-12 Corecess S5 System User's Guide


QoS Overview

previous time, the deficit count becomes 1000byte, and 600byte and 300byte packet are
transmitted. After the transmission, the deficit counter becomes 100 (Picture 4). The rest of
packets are processed as above.

Shaping

Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue.

The traffic that is more than target traffic rate is stored into the buffer. If there is enough
bandwidth to transmit, the stored traffic is transmitted.

Bandwidth(bps) Bandwidth(bps)
Offered Traffic Buffered

Target Traffic Rate


Rate Shaped Traffic
time time

This method is more flexible than policing, but is not useful in real-time traffic such as voice
traffic because transfer delay occurs.

WC (Work Conserving) Scheduler and NWC (Non Work Conserving)


Scheduler

WC scheduler can use whole bandwidth of output port until congestion occurs. SPQ, WRR,
DWRR and WFQ are WC method. On the other hand, even if there is no congestion, NWC
scheduler does not service more than bandwidth that is assigned queue. Shaping is this method.

Configuring QoS 9-13


QoS Overview

Buffer Manager
Queues of an output port have fixed size. If a queue is full of packets, and other packets flow
into the queue, the packets are discarded as a particular rule. Buffer manager is the function
that discards received packets selectively to solve the congestion of the queue.
This section introduces that buffer manager methods.

Tail Drop

In Tail drop method, if there is no space to store Drop Probability

packets, packets that arrived after full of the queue


are discarded. The ratio that packets are discarded 1

is ‘1’ when the amount of packet in the queue


becomes the size of the queue (Max Size) as the
right graph.

Retransmission requests are sent to senders 0 Queue Size


Max Size
continuously because packets are discarded after
the queue is full. The host that received retransmission requests considers that the link is not
stable and makes transmission speed slow. If this situation occurs repetitively, the speed of
whole network is slower. This problem is called TCP global synchronization.

9-14 Corecess S5 System User's Guide


QoS Overview

QoS of the Corecess S5 System


This section describes QoS features supported by the Corecess S5 System. The following figure
shows QoS structure on the Corecess S5 System:

Output
Q0 port #1 TC #1
Q1 TC #1
.
.
TC #1

Q6
Classifier
Input port #1 Q7
match

match
. .
. match .
. . .
.
. .
.
Input port #n . .
.
Output
Q0 port #n
Q1
.
. TC #216
Q6 TC #217
Q7 TC #218

The Corecess S5 System classifies the packets from ingress (incoming) port according to the
criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and
transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.

Packet Classification

The Corecess S5 System uses the values in the following fields of the layer 1 ~ layer 4 IP packet
header as a criterion to classify packets:

y Layer 1: Input/output port number

y Layer 2: Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID

y Layer 3: Source/destination IP address, protocol ID, TOS/IP Precedence/DSCP filed

y Layer 4: Input/output port number, TCP flag

Configuring QoS 9-15


QoS Overview

Marking & Remarking

The Corecess S5 System supports marking based on the following bits in the CoS (Class of
Service) filed for the packet:

y DSCP

y CoS

y VLAN priority

The Corecess S5 System can recognize packets from a particular VLAN or port and configure
packets to set the specified values to the CoS field of packets.

Policing

The Corecess 5242 supports Policing. Policing is the process by which the system limits the
bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic flow
by using a policy map or limit the full bandwidth of a port.

Transmit Queue

The Corecess S5 System provides eight transmit queues for each egress port. These transmit
queues are scheduled by the Strict Priority Queuing (SPQ) mechanism. The priority of queues
decides which queue transmits packets. The following values can be used as the priority, and
the user can specify which value uses as the priority.

y User defined priority

y ToS Field Value

y VLAN Priority

y Class Priority

When the transmit queue is full, frames at the end of the queue are dropped (tail drop)

Shaping

The Corecess S5 System supports shaping function.

9-16 Corecess S5 System User's Guide


Configuring QoS Service Policy Map

Configuring QoS Service Policy Map


The Corecess S5 System can configure QoS using class map (Classifier) and policy map (QoS
action). This section describes how to configure QoS on the Corecess S5 System.

Configuring QoS Service Policy


The following diagram shows steps for configuring QoS service policy:

The first task for configuring QoS service policy is defining class maps.
X Defining Class Map Class map defines a standard to classfy a particular traffic and execute
the role of QoS classifier.

The second step for configuring QoS service policy is defining policy
Y Defining Policy Map maps. Policy map defines QoS action that is applied to classified traffi
c and execute the role of traffoc manager.

The last step of configuring the QoS Service policy is defining service
Z Applying
policies. A service policy consists of a policy-map and ingress/egress
Service Policy
ports which the policy map will be applied to.

The sections which describe how to configure each step follow.

Configuring QoS 9-17


Configuring QoS Service Policy Map

Configuring a Class Map


A class-map is a mechanism that you use to name and to isolate a specific traffic flow (or class)
from all other traffic. The class-map defines the criteria used to match against a specific traffic
flow to further classify it. If you have more than one type of traffic that you want to classify, you
can create another class-map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use of a policy-map.

You can classify packets and assign them to specific queues based on the following criteria:

Table 9-1 Criteria for packet classification

Criterion Description Value


cos The CoS (Class of Service) value 0~7
dscp The DSCP (DiffServe Code Point) value 0 ~ 63
tos The ToS (Type of Service) value 0~7
ip-prec The IP precedence value 0~7
ip-sa The source IP address

ip-da The destination IP address

mac-sa The source MAC address

mac-da The destination MAC address

tcp-dpn The destination TCP port number 0 ~ 65535


tcp-flag The TCP flag value

tcp-spn The source TCP port number 0 ~ 65535


udp-spn The source UDP port number 0 ~ 65535
udp-dpn The destination UDP port number 0 ~ 65535
ether-type The Ethernet Type filed value 0 ~ 65535
input-port The input port number

output-port The output port number

protocol The L4 Protocol field value 0 ~ 255


vlan-sid The VLAN ID that the input port belongs to. 1 ~ 4094
vlan-did The VLAN ID that the output port belongs to. 1 ~ 4094

CoS field cannot be included with DSCP or IP precedence in the same class-map. To make the
CoS field available, enable IEEE 802.1p using 802.1p classification enable command.
If IEEE 802.1p is enabled, DSCP and IP precedence criteria in class-maps are not available.

9-18 Corecess S5 System User's Guide


Configuring QoS Service Policy Map

To use the DSCP or IP precedence instead of CoS, disable the IEEE 802.1p using 802.1p
classification disable command. By default, IEEE 802.1p is disabled.

After creating class-maps, system checks the inbound or outbound packets by the criteria in
class-maps. QoS actions defined in the policy-map for the class will be applied to the classified
packets into classes.

To create a class map and specify the way in which the Corecess S5 System should classify
traffic, enter the following commands in Global configuration mode:

Table 9-2 Creating a class map

Command Task

qos 1. Enter QoS configuration mode.

2. (Optional) Enables IEEE 802.1p. If IEEE 802.1p is


enabled, CoS field is available for the criterion of
8021p classification enable the class-map. If IEEE 802.1p is disabled (default
setting), IP precedence and DSCP fields become
available instead of CoS field.

class-map 3. Create a class map and enters class-map


<class-map-name> configuration mode.

match cos <value>


match dscp <value>
match ether-type <value>
match input-port <port-type>
<slot>/<port>
match ip-da <destination-ip> <mask>
match ip-prec <value>
match ip-sa <source-ip> <wildcard>
match mac-da <destination-mac>
match mac-sa <source-mac>
4. Define the classification criteria for the class map.
match output-port <port-type>
<slot>/<port>
match protocol <protocol-I
match tcp-dpn <tcp-port-num>
match tcp-flag <flag-num>
match tcp-spn <tcp-port-num>
match udp-dpn <udp-port-num>
match ucp-spn <udp-port-num>
match vlan-sid <vlan-id>
match vlan-did <vlan-id>

end 5. Return to the Privileged mode.

show classmap <class-map-name> 6. Verify the class map configuration.

Configuring QoS 9-19


Configuring QoS Service Policy Map

The following example shows how to create a class map and define a classification criterion by
using the source IP address:

(config)# qos
(config-qos)# class-map class1
(config-cmap)# match ip-sa 172.27.2.16 0.0.255.255
(config-cmap)# end
# show classmap
ClassMap
--------------------------------------------------
Name : class1
Match Content : ip-sa 172.27.2.16/0.0.255.255

Total Entries = 1

The following example shows how to create a class map and define the criteria by using the
destination IP address and the destination TCP port number:

(config)# qos
(config-qos)# class-map class2
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255
(config-cmap)# match tcp-dpn 25
(config-cmap)# end
# show classmap class2
ClassMap
--------------------------------------------------
Name : class2
Match Content : ip-da 10.10.10.1/0.0.0.255
: tcp-dpn 25

Total Entries = 2
#

To delete a class-map, use the no class-map <class-map-name> command in the QoS


configuration mode. To remove a criterion from a class-map, use no match command in the
class-map configuration mode.

9-20 Corecess S5 System User's Guide


Configuring QoS Service Policy Map

Configuring a Policy Map


A policy-map specifies which traffic class to act on. A policy map can include several classes
that have different classification and QoS actions that are applied to the classes. And, several
policy maps can be applied to an interface. Each policy map should be applied to different types
of traffic.

The Corecess S5 System supports the following QoS actions.

Table 9-3 QoS action supported by the Corecess S5 System

QoS Action Description Command


Action for changing values of QoS field (CoS, IP precedence,
Remarking mark
DSCP)
Action for deciding whether the traffic is discarded or
Packet Filtering filter
forwarded.
Policing Action for configuring the rate-limiting feature. rate-limit
Action for configuring the priority(high or low) of the traffic.
Priority The priority is used for selecting the traffic to be discarded priority
when the system congestion.
Action for configuring the minimum transmission
bandwidth for the traffic class. bandwidth
minimum transmission
bandwidth Action for configuring the ration of the minimum
weight
transmission bandwidth for the traffic class.

To apply multiple QoS actions to a traffic class, multiple QoS actions can be included in a
policy-map.

Configuring QoS 9-21


Configuring QoS Service Policy Map

Creating a Policy-map

To create a policy-map and configure QoS actions for a traffic class, perform this task:

Table 9-4 Creating a policy map

Command Task

qos 1. Enter QoS configuration mode.

2. Create a policy map and enter the policy-map


configuration mode.
policy-map <policy-map-name>
y <policy-map-name>: Name of a policy map to
define.

3. Specify the class to which the policy map applies and


class <class-name>
enter the policy-map-class configuration mode.

bandwidth <value>
filter {deny|permit|to-proc}
4. Configures QoS actions for the class. Refer to the
mark {cos|dscp|ip-prec} <value>
following sections for configuring QoS actions in the
priority <value>
policy-map class configuration mode.
rate-limit rate <value>
weight <value>

end 5. Return to the Privileged mode.

show policymap 6. Verify the policy map configuration.

The following example shows how to create a policy map and specify a class map to which the
policy map applies:

(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# priority 7
(config-pmap-c)# end
# show policymap policy1
PolicyMap
--------------------------------------------------

Name : policy1
Linked ClassMap : class1
Policy : priority 7
Total Entries = 1
#

9-22 Corecess S5 System User's Guide


Configuring QoS Service Policy Map

Configuring Policy-Map Class Remarking (CoS, IP Precedence, or


DSCP)

The QoS fields such as the Layer 2 CoS (802.1p field) or Layer 3 IP precedence, ToS, or DSCP
fields are used for classifying the traffic class. Depending on the network state or QoS policy,
user can set these fields to the specified values which can change the priority of traffic.

To set the QoS fields of packets, which belong to the policy-map class to the specified values,
perform this task in the Policy map class configuration mode.

Table 9-5 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map

Command Task

qos 1. Enter QoS configuration mode.

policy-map 2. Create a policy map and enter policy-map configuration mode.


<policy-map-name> y <policy-map-name>: The name of a policy-map.

3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.

4. Specify the value and type of the field to change.


mark {cos | dscp | y cos <value>: Specify the value of the CoS field (0 ~ 7).
ip-prec} <value> y dscp <value>: Specify the value of the DSCP field. (0 ~ 64).
y ip-prec <value>: Specify the value of the IP precedence field(0 ~ 7).

This example configure remarking feature to set the CoS field to “7” of the traffic class class3 in
the policy map polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# mark cos 7
(config-pmap-c)#

Configuring QoS 9-23


Configuring QoS Service Policy Map

Configuring Packet Filtering

In a policy-map, you can add criteria for filtering a traffic class or forwarding it to the internal
system processor.

To add a criterion for deciding whether filtering packets or forwarding, perform this task.

Table 9-6 Configuring packet filtering of a traffic class in a policy map

Command Task

qos 1. Enter QoS configuration mode.

2. Create a policy map and enter policy-map configuration


policy-map <policy-map-name> mode.
y <policy-map-name>: The name of a policy-map.

3. Specify the class to which the policy map applies and enter
policy-map-class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy
map applies.

4. Select the filtering method of the traffic class.


filter y deny: Discard the traffic.
{deny|permit|to-proc} y permit: Forward the traffic.
y to-proc: Send the traffic to the CPU.

This example configures to discard the traffic class class2 in the policy map polmap6:.

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# filter deny
(config-pmap-c)#

Configuring Minimum Transmission Bandwidth

The Corecess S5 System can specify the minimum transmission bandwidth which should be
guaranteed for a specific traffic class when congestion occurs. You can set this minimum
transmission bandwidth to either speed or ratio. Beyond the guaranteed bandwidth, the traffic
will be dropped in the event of congestion.

9-24 Corecess S5 System User's Guide


Configuring QoS Service Policy Map

To configure the minimum transmission bandwidth for a traffic class in a policy-map, perform
this task.

Table 9-7 Configuring a transmission queue for a traffic class

Command Task

qos 1. Enter the QoS configuration mode.

policy-map 2. Create a policy map and enter policy-map configuration mode.


<policy-map-name> y <policy-map-name>: The name of a policy-map.

3. Specify the class to which the policy map applies and enter policy-
map-class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.

4. Specifies minimum bandwidth guarantee, in Kbps, for the traffic class.


bandwidth <bandwidth>
y <bandwidth>: The minimum bandwidth (0 ~ 100000Kbps).

5. Specify the bandwidth ratio of the transmission queue for the traffic
class.
weight <percentage>
y <percentage>: Percentage of available bandwidth to be assigned
to the class (0 ~ 100)

This example configures the bandwidth of the transmission queue for the traffic class class1 in
the policy map class polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class1
(config-pmap-c)# bandwidth 10000
(config-pmap-c)#

This example designates 25% for the bandwidth ratio of the transmission queue for the traffic
class class1 in the policy map class polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class1
(config-pmap-c)# weight 25
(config-pmap-c)#

Configuring QoS 9-25


Configuring QoS Service Policy Map

Configuring Policy-Map Class Priority

The priority command in the policy-map configuration mode can assign the user-defined
priority to a traffic class. This user-defined priority is used for selecting one of eight
transmission queues in an output port for buffering packets. It is also used as the value for CoS
field. By default, a transmission queue is select by this user-defined priority. However, you can
use the CoS, DSCP, or VLAN ID when selecting a transmission queue. To do this, use the
queue-precedence command in the QoS configuration mode.

The following is a procedure for specifying the user-defined priority for a traffic class:

Table 9-8 Specifying a priority of a traffic class in a policy map

Command Task

qos 1. Enter QoS configuration mode.

policy-map 2. Create a policy map and enter policy-map configuration mode.


<policy-map-name> y <policy-map-name>: The name of a policy-map.

3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.

4. Gives priority to a class of traffic belonging to a policy-map.


priority <priority> y <priority>: Priority (0 ~ 7). ‘0’ is the highest priority queue and ‘7’ is
the lowest priority queue.

This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map
polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class4
(config-pmap-c)# priority 7
(config-pmap-c)#

9-26 Corecess S5 System User's Guide


Configuring QoS Service Policy Map

Configuring Policy-Map Class Policing (Rate-Limiting)

In a policy map, you can configure the rate limiting feature which discards the packets that
exceed the bandwidth limits.

Rate limiting is the process by limiting the bandwidth consumed by a flow of traffic. After a
packet is classified, the rate limiting process can begin. The rate limiting involves creating a
policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are
dropped.

To configure the rate limiting feature in a policy map, perform this task in the Global
configuration mode:

Table 9-9 Configuring rate-limit of a traffic class in a policy map

Command Task

qos 1. Enter QoS configuration mode.

policy-map 2. Enter policy-map configuration mode.


<policy-map-name> y <policy-map-name>: The name of a policy-map.

3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.

4. Specifies the limited rate to be applied to traffic of the class in the


specific policy-map
rate-limit rate
y <target-rate>: Average rate to be applied to the traffic which
<target-rate>
meets the condition of the class(0 ~ 1000000Kbps). The value must be
in increments of 64 kbps.

Note: Policing can be applied to a specific port as well as a specific traffic class. Entering the rate-limit
command in the QoS configuration mode specifies the target bandwidth to be applied to both incoming and
outgoing traffic through a port. How to configure policing for a port will be described later in this chapter.

This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting in
the policy map polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# rate-limit rate 640
(config-pmap-c)#

Configuring QoS 9-27


Configuring QoS Service Policy Map

Configuring Service Policy


Service policy specifies which policy map is applied in the defined policy maps. If QoS action is
related to bandwidth such as bandwidth, rate-limit and weight, an output port that QoS
action is applied should be specified in service policy. If QoS action is filter, mark or
priority, you don’t need to specify an output port.

Defining class map and policy map is a process to make rules for QoS. On the other hand,
defining service policy is a process to select which rule is applied and which port uses the rule.

To configure service policy, use the following commands.

Table 9-10 Applying QoS service policy

Command Task
qos 1. Enter the QoS configuration mode.

2. Define service policy.


service-policy <service-name>
y <service-name> Name of the service map.
policy-map <policy-map-name> y <policy-map-name> Name of the policy map.
[input-port gigabitethernet
y input-port Attach the policy map to input traffic.
<slot>/<port>] [output-port
y output-port Attach the policy map to output traffic.
gigabitethernet <slot>/<port>]
y <slot>/<port> Slot number and port number

end 3. Return to the Privileged mode.

show service-policy
4. Verify the service policy configuration.
[<service-policy-name>]

This example applies the policy map named ‘polmap6’ to the Gigabit Ethernet port 5/1 and
verifies the configuration:

(config)# qos
(config-qos)# service-policy service1 policy-map polmap6 input-port gigabitethernet 5/1
(config-qos)# end
# show service-policy
ServicePolicy
--------------------------------------------------
Name : service1
Linked PolicyMap : polmap6
Port(In ) : 5/1
Port(Out) : 5/1

Total Entries = 1
#

9-28 Corecess S5 System User's Guide


Configuring Non-Class-map QoS Features

Configuring Non-Class-map QoS Features


The previous sections describe QoS features for the traffics classified by class maps(classifiers).
The Corecess S5 System has QoS features which can be applied without classifiers. This section
describes how to configure these non-class-map QoS features.

Specifying Priority for VLAN or Port


User priority can be set to a packet of a particular class. User priority can be also set to a packet
that a particular port transmitted.

To specify user priority of a packet that is transmitted from a particular port, use the following
commands.

Table 9-11 Specifying User Priority

Command Task

qos 1. Enter QoS configuration mode.

8021p user-priority 2. Assigns the priority to the specific VLAN interface or port.
<priority> vlan <vlan- y <priority> The priority (0 ~ 7)
id>[port gigabitethernet y <vlan-id> VLAN ID (1~4094)
<slot>/<port>] y<slot>/<port> Slot number and port number of the port

3. Apply the setting to the system. (Priority of the packet is changed


8021p enable
after execution of 8021p enable command.)

end 4. Return to Privileged mode.

show user-priority 5. Verify the configuration.

Note: If you do not specify the port, assigned priority are applied to all ports in the specified VLAN.

The following example shows how to assign a priority of “6” to the Gigabit Ethernet port 5/1
which belongs to the default VLAN:

(config)# qos
(config-qos)# 8021p user-priority 6 vlan 1 port gigabitethernet 5/1
(config-qos)# 8021p enable
8021p is enabled
(config-qos)# end
# show user-priority

Configuring QoS 9-29


Configuring Non-Class-map QoS Features

Default User Priority


--------------------------------------------------
Entry[ 1]
Vlan : 1
Priority : 6
Port : 5/1
#

9-30 Corecess S5 System User's Guide


Configuring Non-Class-map QoS Features

Applying Policing to a Port


Policing allows you to control the maximum bandwidth of traffic transmitted or received on a
port. The packets that exceed the bandwidth limits are discarded.

To configure policing to traffic from the specified port, use the following commands.

Table 9-12 Applying Policing to a Port

Command Task

qos 1. Enter QoS configuration mode.

2. Configure the maximum bandwidth of a specific port.


rate-limit [input-port y input-port Applies rate limiting on an input port.
gigabitethernet <slot>/<port>] y output-port Applies rate limiting on a output port.
output-port gigabitethernet y <slot>/<port> Slot number and port number of the
<slot>/ <port> port
rate <target-rate>
y <rate> : The maximum bandwidth (0 ~ 1000000Kbps, in
64Kbps step).

end 3. Return to Privileged mode.

show rate-limit 4. Verify the configuration of Policing.

The following example shows how to apply policing to the packet:

(config)# qos
(config-qos)# rate-limit input-port gigabitethernet 5/1 output-port
gigabitethernet 5/1 rate 24000
(config-qos)# end
# show rate-limit

RateLimit
--------------------------------------------------
Rate : 24000
Port(In ) : 5/1
Port(Out) : 5/1

Total Entries = 1
#

Configuring QoS 9-31


Configuring Non-Class-map QoS Features

Specifying Priority for CoS Field


You can specify the precedence of the values which can be filled with the CoS field of the packet
when the packet is transmitted through the port. The available values for the CoS field are as
follows:

y tos : The value of ToS Field (IP-precedence or DSCP)


y user : User Defined Priority (default value)
y vlan : Source VLAN Priority

To fill the value to CoS filed when the packet is transmitted, use the following commands.

Table 9-13 Specifying Priority for CoS Field

Command Task

qos 1. Enter QoS configuration mode.

2. Input the values (tos, user, vlan) in the order of high priority.
y <value1>: Specify the highest priority value to be used in CoS field.
8021p-precedence
<value1> <value2> y <value2>: Specify the second-highest priority value. This value is
<value3> used when the <vlaue1> can not be used.
y <value3>: Specify the third-highest priority value. This value is
used when the <vlaue1> and <vlaue2> can not be used.

end 3. Return to Privileged mode.

show 8021p-precedence 4. Verify the configuration.

The following example shows how to configure the precedence of the values for the CoS field to
the order of priority Î ToS Î CoS:

(config)# qos
(config-qos)# 8021p-precedence vlan tos user
(config-qos)# end
# show 8021p-precedence
8021p precedence odering
vlan tos user
#

9-32 Corecess S5 System User's Guide


Configuring Non-Class-map QoS Features

Specifying Priority for a Transmission Queue


The transmission queue for a packet is selected from eight transmission queues in a port
according to priority of the packet. The following values can be used as priority.

y class : Priority of Class


y tos : The value of ToS Field (IP-precedence or DSCP)

y user : User Defined Priority (default value)


y vlan : Source VLAN Priority

The following is a procedure for specifying a value used as the packet priority for choosing a
packet transmission queue:

Table 9-14 Specifying priority for transmission queue

Command Task

qos 1. Enter QoS configuration mode.

2. Input the values (tos, user, vlan, or class) in the order of high priority.
y <value1> Specify the highest priority value.
y <value2>: Specify the second-highest priority value. This value is
queue-precedence
used when the <vlaue1> can not be used.
<value1> <value2>
<value3> <value4> y <value3>: Specify the third-highest priority value. This value is
used when the <vlaue1> and <vlaue2> can not be used.
y <value4>: Specify the lowest priority value. This value is used
when the <vlaue1>, <vlaue2>, and <vlaue3> can not be used.

end 3. Return to Privileged mode.

show queue-precedence 4. Verify the configuration.

The following example shows how to configure the precedence of the values used for
transmission queue priority to the order of VLAN priority Î User’s priority Î Class Î ToS:

(config)# qos
(config-qos)# queue-precedence vlan user class tos
(config-qos)# end
# show queue-precedence
queue precedence odering
vlan user class tos
#

Configuring QoS 9-33


Configuring Non-Class-map QoS Features

Configuring Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into
the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted.

To configure shaping in the Corecess S5 System, use following commands.

Table 9-15 Configuring Shaping

Command Task

qos 1. Enter QoS configuration mode.

shaping output-port 2. Configure shaping for traffic that transmits through the specified output
gigabitethernet port.
<slot>/<port> y<slot>/<port> Slot number and port number
rate <target-rate> y <targe-rate> Target bandwidth (1~1000000Kbps, in 64Kbps step)

end 3. Return to Privileged mode.

show shaping 4. Verify shaping configuration.

The following example shows how to configure shaping for the traffic that is transmitted
through the Gigabit Ethernet port 5/1.

(config-qos)# shaping output-port gigabitethernet 5/1 rate 128000


(config-qos)# end
# show shaping
Shaping
--------------------------------------------------

Shaping : 128000
Port(In ) :
Port(Out) : 5/1

Total Entries = 1
#

9-34 Corecess S5 System User's Guide


Configuring Non-Class-map QoS Features

Controlling Broadcast Storm


In the Corecess S5 System, you can set the maximum value of broadcast traffic to each port or
VLAN not to occur broadcast storm. At this time, all broadcast packets that exceed the
maximum value are discarded.

To control broadcast storm, use the following commands.

Table 9-16 Controlling Broadcast Storm

Command Task

qos 1. Enter QoS configuration mode.

broadcast-storm-control 2. Set the control function of broadcast storm on VLAN.


[port gigabitethernet y <slot>/<port> Slot number and port number
<slot>/<port> | y <vlan-id> VLAN ID (1~4094)
vlan id <vlan-id>] y <packet-number> The maximum number of packet that can
pps <packet-number> transmit per a second (16~1048560)

end 3. Return to Privileged mode.

write momory 4. Save the changed configuration.

The following example shows how to discard excess packets when broadcast packet is received
more than 256 per a second.

(config)# qos
(config-qos)# broadcast-storm-control vlan id 1 pps 256
(config-qos)#

Configuring QoS 9-35


Configuring Non-Class-map QoS Features

Configuring Packet Filtering


This section describes types of packet filtering, filtering purpose and how to configure packet
filtering.

Packet Filtering

The packet filtering is used in the following cases.

y DHCP Packet Filtering


When a host which is connected to the Corecess S5 System operates a DHCP server, unusual
IP addresses can be assigned to other hosts. The Corecess S5 System can filter packets of the
DHCP server received from the host to prevent assigning unusual IP address.

y File and Resource Sharing Protocol Filtering


To prevent hosts that are connected on the same VLAN from sharing files and resources, the
Corecess S5 System can filter the following protocols:

- Apple FileSharing Protocol


- Rendezvous Protocol
- NetBIOS Protocol
- UPnP (Universal Plug & Play) Protocol

y Default Traffic Filtering


The Corecess S5 System can filter default traffic that is not classified by class map.

y Broadcast Packet Filtering


To prevent hosts that are connected with the Corecess S5 System from transmitting
unnecessary broadcast packets to other networks, the Corecess S5 System can filter broadcast
packet transmitted form a particular port.

9-36 Corecess S5 System User's Guide


Configuring Non-Class-map QoS Features

DHCP Packet Filtering

If a host who is connecting to a Corecess S5 System runs a private DHCP server, other
subscribes connected with the Corecess S5 System may receive an invalid IP address from that
private DHCP server. To prevent this, you can filter DHCP Offer packets received from a host.

Internet or LAN

Corecess S5 System
Filter DHCP Offer packets received
from the DHCP server of ONU

ONU ONU ONU

Host DHCP Server Host

To discard the all DHCP packets, enter the following commands:

Table 9-17 Filtering DHCP Offer Packet

Command Task

qos 1. Enter QoS configuration mode.

2. Filter DHCP server packet received to the specified port. If a port


dhcp-offer filter discard is not specified, all port of the system are filtered.
[port gigabitethernet y accpet Allow receiving DHCP server packet.
<slot>/<port>] y discard Discard receiving DHCP server packet.
y <slot>/<port> Slot number and port number

end 3. Return to the Privileged mode.

4. Display the ports configured to filter the DHCP packets received


show dhcp-offer-filter
from hosts..

Configuring QoS 9-37


Configuring Non-Class-map QoS Features

The following example configures to discard all the DHCP OFFER packets received from the all
the ports:

(config)# qos
(config-qos)# dhcp-offer filter discard
(config-qos)# end
# show dhcp-offer-filter
Dhcp Offer Filter Ports
--------------------------------------------------
Accept :
Discard : All Ports
#

File and Resource Sharing Protocol Filtering

To prevent hosts that are connected on the same VLAN from sharing files and resources, the
Corecess S5 System can filter protocols as follows:

Ethernet Switch Internet or LAN

Corecess S5 System

ONU
ONU

호스트 호스트

Host Host

9-38 Corecess S5 System User's Guide


Configuring Non-Class-map QoS Features

To filter the packet of file and resource sharing protocol, use the following commands.

Table 9-18 Filtering File and Resource Sharing Protocol

Command Task

qos 1. Enter QoS configuration mode.

2. Set to deny receiving particular protocol packets.

apple-filesharing-protocol 2-1. Refuse Apple FileSharing packets. This command is applied


filter discard to all ports.

netbios filter discard


2-2. Refuse NetBIOS packet received to the specified port.
[port gigabitethernet
y <slot>/<port> Slot number and port number
<slot>/<port>]

2-3. Refuse Rendezvous packets. This command is applied to all


rendezvous filter discard
ports.

upnp filter discard 2-4. Refuse UPnP packets. This command is applied to all ports.

end 3. Return to Privileged mode.

show running-config 4. Verify the filtering configuration.

The following example shows how to filter the file and resource sharing protocols received to
all ports.

(config)# qos
(config-qos)# apple-filesharing-protocol filter discard
(config-qos)# netbios filter discard
(config-qos)# rendezvous filter discard
(config-qos)# upnp filter discard
(config-qos)# end
# show running-config
.
.
!
qos
default traffic deny
shaping output-port gigabitethernet 5/1 rate 128000
netbios filter discard
rendezvous filter discard
apple-filesharing-protocol filter discard
upnp filter discard
!
.
.

Configuring QoS 9-39


Configuring Non-Class-map QoS Features

Default Traffic Filtering

Default traffic is traffic that is not classified with defined class map in the Corecess S5 System. If
default traffic is filtered, traffic that is not specified by network operators is discarded, so it can
prevent traffic that is not permitted from receiving.

To filter default traffic, use the following commands.

Table 9-19 Filtering Default Traffic

Command Task

qos 1. Enter QoS configuration mode.

default traffic deny 2. Set default traffic to be refused.

end 3. Return to Privileged mode.

show default-traffic-policy 4. Verify the filtering configuration..

The following example shows how to refuse default traffic that is not classified with class map.

(config)# qos
(config-qos)# default traffic deny
(config-qos)# end
# show default-traffic-policy
Default QoS Traffic Policy
--------------------------------------------------
Deny
#

9-40 Corecess S5 System User's Guide


Configuring Non-Class-map QoS Features

Broadcast Packet Filtering

The Corecess S5 System can filter broadcast packets that are transmitted from a paricular port. It
prevents unnecessary broadband packets from transmitting.

To filter broadband packets, use the following commands.

Table 9-20 Filtering Broadcast Packet

Command Task

qos 1. Enter QoS configuration mode.

egress-filter broadcast 2. Discard broadcast packets from a particular port on the specified
vid <vlan-id> port VLAN.
gigabitethernet y <vlan-id> VLAN ID (1 ~ 4094)
<slot>/<port> y <slot>/<port> Slot number and port number
end 3. Return to Privileged mode.

The following example shows how to filter broadcast packet on the Gigabit Ethernet port 5/1.

(config)# qos
(config-qos)# egress-filter broadcast vid 1 port gigabitethernet 5/1
(config-qos)#

Configuring QoS 9-41


QoS Configuration Commands

QoS Configuration Commands


The following table lists the commands for configuring QoS on the Corecess S5 System:

Table 9-21 QoS Configuration Commands

Command Description Mode

8021p classification Enable/Disable match cos command of class map.

Enable/Disable the result of 8021p user-priority


8021p enable/disable
command to be applied to the system.

Assign the user defined priority for the specified VLAN


8021p user-priority
or port.

8021p-precedence Specify CoS Filed value of packets.

apple-filesharing-
Refuse Apple FileSharing packet.
protocol filter discard

broadcast-storm-control Set control function of broadcast storm.

class-map Define class map to classify packet.

Set packets that are not classified with class map to be


default traffic deny
discarded. QoS
Configuration
dhcp-offer filter Filter DHCP server packet received to the specified port.
Mode
Discard broadcast packets that are transmitted from a
egress-filter broadcast
particular port on the specified VLAN.

Refuse NetBIOS packets that are received to the specified


netbios filter discard
port.

policy-map Define/Change service policy for traffic class.

Specify which value is used as the priority that select


queue-precedence
transmission queue of output port.

rate-limit Configure rate limiting function.

rendezvous filter
Set to refuse Rendezvous packet.
discard
Define service policy that specifies policy map and a
service-policy
port.

shaping Set shaping function for traffic that is transmitted QoS


through the specified output port. Configuration
Mode
upnp filter discard Refuse UPnP packet.

(Continued)

9-42 Corecess S5 System User's Guide


QoS Configuration Commands

Command Description Mode

Add the entry that compares CoS value of the packet to class
match cos
map.

Add the entry that compares DSCP value of the packet to


match dscp
class map.

Add the entry that compares destination IP address of the


match ip-da
packet to class map.

Add the entry that compares IP precedence value of the


match ip-prec
packet to class map.

Add the entry that compares source IP address of the packet


match ip-sa
to class map.
Class-map
Add the entry that compares destination MAC address of Configuration
match mac-da
the packet to class map. Mode
Add the entry that compares source MAC address of the
match mac-sa
packet to class map.

Add the entry that compares TCP port number for receiving
match tcp-dpn
packets to class map.
Add the entry that compares TCP port number for
match tcp-spn
transmitting packets to class map.

Add the entry that compares UDP port number for receiving
match udp-dpn
packets to class map.

Add the entry that compares UDP port number for


match udp-spn
transmitting packets to class map.

bandwidth Specifies the minimum bandwidth of a traffic class.

filter Set filtering rule of the specified class traffic.

Change the values of CoS field, IP precedence and DSCP


mark Policy-map
field for the specified class traffic.
class
Specify the priority of queue that is used when the specified Configuration
priority
class traffic is in network congestion. mode

rate-limit Set rate limiting function to the specified class traffic.

Set the ratio of bandwidth that is assigned to the specified


weight
class traffic.

Configuring QoS 9-43


QoS Configuration Commands

9-44 Corecess S5 System User's Guide


Chapter 10 Configuring DHCP

This chapter describes how to configure DHCP server or DHCP relay agent.

9 Configuring DHCP Server 10-2

9 Configuring DHCP Relay Agent 10-18

9 Displaying DHCP Configuration 10-26

9 DHCP Commands 10-37

9 Configuring DHCP Server(Only S518) 10-41

9 Configuring DHCP Relay Agent(Only S518) 10-57

9 Configuring DHCP Proxy Server(Only S518) 10-61

9 Displaying DHCP Configuration information(Only S518) 10-63


DHCP (Dynamic Host Configuration Protocol) Overview

DHCP (Dynamic Host Configuration Protocol) Overview

DHCP Server

DHCP has client-server architecture. A DHCP server is generally located in central place, and is
operated by network operators. DHCP server can receive reliable and appropriate information
for the current network status because of network operators.

Most of network consists of several subnets called VLAN. Each VLAN should basically have a
DHCP server because packets are only broadcasted in internal VLAN. If a VLAN has not a
DHCP server, it should be configured that the VLAN supports the DHCP relay agent feature.

A DHCP client broadcasts DHCPDISCOVER message to search a DHCP server. If there is a


DHCP server in the network, the DHCP server assigns an IP address as response to the DHCP
client. The DHCP client, which is assigned the IP address, requests lease time for using the IP
address to the DHCP server.

Communication between DHCP Server and Client

DHCP clients and DHCP servers request and transmit information using DHCP messages. The
following figure shows the basic steps that occur when a DHCP client requests an IP address
from a DHCP server.

1. DHCPDISCOVER

2. DHCPOFFER

3. DHCPREQUEST

4. DHCPACK

DHCP Client 5. DHCPRELEASE DHCP Server

10-2 Corecess S5 System User's Guide


DHCP (Dynamic Host Configuration Protocol) Overview

1. DHCPDISCOVER
A DHCP Client broadcasts the DHCPDISCPVER message to local network for searching a
DHCP server.

2. DHCPOFFER
If there is a DHCP server in the local network, the DHCP server, which receives the
DHCPDISCOVER message, transmits the DHCPOFFER message with DHCP configuration
parameters (IP address, MAC address, domain name and assigned time of IP address).

3. DHCPREQUEST
When the DHCP client, which transmitted DHCPDISCOVER message, receives the
DHCPOFFER message, the DHCP client transmits the DHCPREQUEST message to requests
that the client uses the received parameters.

4. DHCPACK
When the DHCP server receives the DHCOREQUEST message, the DHCP server transmits
the DHCPACK message to approve that the client can use the assigned IP address.

5. DHCPRELEASE
When lease time of IP address that the DHCP client uses is over, or the DHCP client is shut
down, the DHCPRELEASE message is transmitted.

Configuring DHCP 10-3


Configuring DHCP Server

Configuring DHCP Server

Procedure of DHCP Server Configuration


The following is the procedure for configuring DHCP server on the Corecess S5 System.

y Enabling DHCP server

y Configuring the global DHCP server parameters (default gateway, DNS and IP address lease time). These
values are used in all DHCP subnets.

y Verifying the subnet name of the interface to configure

y (Optional) Changing parameter values of the DHCP server on each subnet if necessary

y Specifying the DHCP IP address pool on each subnet

y Adding a static host

y Setting the maximum/minimum number of IP address that is assigned to the DHCP client on the subnet

Parameter Values for Configuration DHCP Server


Before configuration a DHCP server with the Corecess S5 System, the following parameters
should be surveyed.

Table 10-1 Parameters for Configuration DHCP Server

Field Description

IP Address of DHCP server IP Address of a VLAN that is configured to the DHCP server.

IP address range that is assigned to clients. The maximum of five IP


Range of IP address
address can be assigned to one subnet (VLAN).

Subnet mask Subnet mask that is assigned to clients

Default router (Default Gateway) IP address of default gateway.

IP address of DNS (Domain Name Server). The maximum of three


DNS
DNS can be assigned to one subnet (VLAN).

Lease time of IP address that is assigned to clients. Clients return the


Lease time of IP address IP address after lease time, then new IP addresses are assigned to the
clients.

After you decide the above parameter values, you can configure the DHCP server as following
section.

10-4 Corecess S5 System User's Guide


Configuring DHCP Server

Enabling DHCP Server


To configure a DHCP server, you should enable the DHCP server in the Corecess S5 System as
follows:

Table 10-2 Enabling DHCP server

Commands Task

configure terminal 1. Enter Global configuration mode.

dhcpserver enable 2. Enable the DHCP server.

The following example shows how to enable the DHCP server.

# configure terminal
(config)# dhcpserver enable
DHCP Server Enabled.
(config)#

To disable the DHCP server, enter the no dhcpserver command in the Global configuration
mode.

(config)# dhcpserver disalbe


DHCP Server Disabled.
(config)#

Configuring the Global DHCP Server Parameters


The following table shows the global DHCP server parameters and default values.

Table 10-3 Global DHCP server parameters

Parameter Description Default

The default lease time of the IP address to be assigned to the


Default Lease Time 43200
DHCP clients (second).

The maximum lease time of the IP address to be assigned to the


Max Lease Time 86400
DHCP clients (second).

Default Gateway IP address of the default gateway for DHCP clients. 0.0.0.0

Default DNS IP address of the DNS to be assigned to the DHCP clients.

*Log Server IP address of the log server for DHCP clients.

Configuring DHCP 10-5


Configuring DHCP Server

Path name of a file to which the DHCP client's core image should
*Merit Dump
be dumped in the event the client crashes.
(Continued)
Parameter Description Default

*Root Path Path name that contains the client's root disk.

Whether to allow the DHCP server to assign IP addresses to


Allow BOOTP requests Yes
BOOTP clients.

Whether to allow the DHCP server to assign IP addresses to the


Allow Unknown Clients Yes
unknown hosts.

Security Whether to enable DHCP server security or not. Off

*: This indicates that the parameter is option.

By default, these DHCP server parameters are applied to all DHCP subnets. If necessary, these
parameter values can be changed for each DHCP subnet. To configure the global DHCP server
parameters which are used for all DHCP subnets, use the following commands.

Table 10-4 Configuring the global DHCP server parameters

Command Task

configure terminal 1. Enter Global configuration mode.

dhcpserver defaultleasetime 2. Specify the default lease time of the IP address.


<time> y <time>: The maximum lease time (1 ~ 4294967295 seconds)

3. Specify the IP address of the default gateway to be assigned to


dhcpserver defaultgateway the DHCP clients.
<ip-address> y <ip-address>: IP address of the default gateway for DHCP
clients.

4. Specify the IP address of the DNS to be assigned to the DHCP


dhcpserver defaultdns
clients.
<ip-address>
y <ip-address>: IP address of the DNS for DHCP clients.

dhcpserver bootp 5. Allow for the DHCP server to respond to the BOOTP queries.

6. Specify the IP address of log server to be assigned to the DHCP


dhcpserver log-server clients.
<ip-address> y <ip-address>: IP address of the log server for DHCP
clients.

dhcpserver maxleasetime 7. Specify the maximum lease time of the IP address.


<max-lease-time> y <time>: The maximum lease time (1 ~ 4294967295 seconds)
8. Specify the path name of a file to which the DHCP client's core
dhcpserver merit-dump
image should be dumped in the event the client crashes.
<file-name>
y <file-name>: Path name of a file

dhcpserver root-path 9. Specify the path name that contains the client's root disk.
<path-name> y <path-name>: Path name that contains the client's root disk.

10-6 Corecess S5 System User's Guide


Configuring DHCP Server

dhcpserver security 10. Enable security feature on the DHCP server.

You don’t need to configure all DHCP server parameters. Regardless of the order in the above
table, you can set parameters needed.

Allowing the DHCP server respond to a BOOTP Request


To allow the DHCP server respond to a BOOTP request, use the command in Global
configuration mode:

(config)# dhcpserver bootp


Success to enable BOOTP support.
(config)#

To NOT allow the DHCP server respond to the BOOTP request, use the no dhcpserver
bootp command in Global configuration mode.

Configuring the Default DNS


To configure the default DNS that is assigned to the DHCP client, use the dhcpserver
defaultdns command.

(config)# dhcpserver defaultdns 172.168.20.11


New default DNS #1 is 172.168.20.11
(config)#

The maximum of three default DNSs can be assigned. To remove the specified DNS, use the no
dhcpserver defaultdns command.

Configuring the Default Gateway


To specify the default gateway list for all the DHCP subnets, use the dhcpserver
defaultgateway command in Global configuration mode:

(config)# dhcpserver defaultgateway 172.168.20.1


New default gateway is 172.168.20.1
(config)#

To remove the default gateway list, use the no dhcpserver defaultgateway command.

Configuring DHCP 10-7


Configuring DHCP Server

Configuring the Default Lease Time


To configure the duration of the lease for an IP address that is assigned from the DHCP server
to a DHCP client, use the dhcpserver defaultleasetime command in Global
configuration mode:

(config)# dhcpserver defaultleasetime 86400


Now default lease time is set to be 86400 seconds
(config)#

The default lease time is set to 43200 seconds. To restore the default lease time, use the no
dhcpserver defaultleasetime command in Global configuration mode

Configuring the Maximum Lease Time


To configure the maximum lease time for an IP address, use the dhcpserver maxleasetime
command:

(config)# dhcpserver maxleasetime 172800


Now max lease time is set to be 172800 second
(config)# end
# show dhcpserver

Global DHCP Server Configurations :


Status : Enabled
Default Lease Time : 43200 seconds
Max Lease Time : 172800 seconds
Allow BOOTP requests : Yes
Allow Unknown Clients : Yes
Security : Off
#

The default max lease time is set to 86400 seconds. To restore the default max lease time, use the
no dhcpserver maxleasetime command.

10-8 Corecess S5 System User's Guide


Configuring DHCP Server

Configuring the Log Server


To specify the IP address of log server to be assigned to the DHCP clients, use the dhcpserver
log-server command:

(config)# dhcpserver log-server 168.1.1.1


New default LOG-SERVER #1 is 168.1.1.1
(config)# end
# show dhcpserver

Global DHCP Server Configurations :


Status : Enabled
Default Lease Time : 86400 seconds
Max Lease Time : 86400 seconds
Log Server #1 : 168.1.1.1
Allow BOOTP requests : Yes
Allow Unknown Clients : Yes
Security : Off
#

You can specify up to three log servers. The first entered log server is the most preferred server.
To remove a log server, use the no dhcpserver logserver command.

Specifying Merit Dump File


To specify the path name of a file to which the DHCP client's core image should be dumped in
the event the client crashes, use the dhcpserver merit-dump command:
(config)# dhcpserver merit-dump /tftp/merit-dump
New merit-dump is /tftp/merit-dump
(config)# end
# show dhcpserver

Global DHCP Server Configurations :


Status : Enabled
Default Lease Time : 43200 seconds
Max Lease Time : 86400 seconds
Merit Dump #4 : /tftp/merit-dump
Allow BOOTP requests : Yes
Allow Unknown Clients : Yes
Security : Off
#

To remove the path name of a merit dump file, use the no dhcpserver merit-dump
command.

Configuring DHCP 10-9


Configuring DHCP Server

Specifying the Path Nam for Root Disk


To specify the path name that contains the client's root disk, use the dhcpserver root-path
command:

(config)# dhcpserver root-path /usr/rootfs


New root-path is /usr/rootfs
(config)# end
# show dhcpserver

Global DHCP Server Configurations :


Status : Enabled
Default Lease Time : 43200 seconds
Max Lease Time : 86400 seconds
Merit Dump #4 : /tftp/merit-dump
Root Path #4 : /usr/rootfs
Allow BOOTP requests : Yes
Allow Unknown Clients : Yes
Security : Off

To remove the path name that contains the client's root disk, use the no dhcpserver root-
path command.

Enabling DHCP Server Security


To enable DHCP server security feature, use the dhcprelay security command:

(config)# dhcpserver security


DHCP Server security is on.
(config)#

If you enable the DHCP server security feature, the Corecess S5 System stores the IP address
assigned to a DHCP client (host A) and the client’s MAC address. If any other host access to the
system with the host A’ IP address, the Corecess S5 System regards the packets as spoofing
packet and discard the packet. To disable DHCP server security feature, use the no
dhcprelay security command.

10-10 Corecess S5 System User's Guide


Configuring DHCP Server

Verifying the DHCP Subnet for the Interface


The Corecess S5 System configures DHCP server for each VLAN. If you create a VLAN
interface, the DHCP subnet for the VLAN interface will be added automatically. To verify the
DHCP subnet for the interface, use the following commands:

Table 10-5 Verifying the DHCP subnet for the Interface

Command Task

enable 1. Enter Privileged mode.

show dhcpserver subnet all 2. Display the configuration information of all DHCP subnet.

This example is a sample output of all DHCP subnet:

# show dhcpserver subnet all


DHCP Server Subnets :

| | | default | Max |
Name| IP Address| Netmask| Lease time| Lease time| Interface
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
SUB1| 172.168.20.0| 255.255.255.0| 43200| 86400| none
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan2| 172.20.2.0| 255.255.255.0| 43200| 86400| vlan2
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan1| 172.10.1.0| 255.255.255.0| 43200| 86400| vlan1
--------------- ---------------- ---------------- ----------- ----------- ---------

Configuring DHCP 10-11


Configuring DHCP Server

Configuring DHCP Server Parameters for Each Subnet


To configure the DHCP server parameters on each subnet, use the following commands in
Global configuration mode:

Table 10-6 Configuring DHCP server parameters for each subnet

Command Task

configure terminal 1. Enter Global configuration mode.

2. Specify the default lease time of the IP address that is assigned to


dhcpserver subnet
the DHCP clients in a subnet.
<subnet-name>
y <subnet-name> Subnet name to configure.
defaultleasetime <time>
y <time> Maximum lease time for the subnet (in seconds).

3. Specify the IP address of the default gateway to be assigned to the


dhcpserver subnet
DHCP clients in a subnet.
<subnet-name>
y <subnet-name> Subnet name to configure.
defaultgateway <ip-address>
y <ip-address> IP address of the default gateway for the subnet.

4. Specify the IP address of the DNS to be assigned to the DHCP


dhcpserver subnet
clients in a subnet.
<subnet-name> defaultdns
y <subnet-name>: Subnet name to configure
<ip-address>
y <ip-address>: IP address of the DNS for the subnet.

5. Specify the IP address of log server to be assigned to the DHCP


dhcpserver subnet
clients in a subnet..
<subnet-name> log-server
y <subnet-name>: Subnet name to configure.
<ip-address>
y <ip-address>: IP address of the log server for the subnet.

6. Specify the maximum lease time of the IP address that is


dhcpserver subnet
assigned to the DHCP clients in a subnet.
<subnet-name>
y <subnet-name>: Subnet name to configure.
maxleasetime
y <time>: The maximum lease time for the subnet (1 ~
<max-lease-time>
4294967295 seconds)

7. Specify the path name of a file to which the DHCP client's


dhcpserver subnet
core image should be dumped in the event the client crashes.
<subnet-name> merit-dump
y <subnet-name>: Subnet name to configure.
<file-name>
y <file-name>: Path nam of a file

dhcpserver subnet 8. Specify the path name that contains the client's root disk.
<subnet-name> root-path y <subnet-name>: Subnet name to configure.
<path-name> y <path-name>: Path name that contains the client's root disk.

You don’t need to configure all DHCP server parameters on each subnet. Regardless of the
order in the above table, you can set parameters needed. If you don’t specify parameters on
each subnet, the system uses the values of global DHCP parameters for the values.

10-12 Corecess S5 System User's Guide


Configuring DHCP Server

This example shows how to configure the DHCP server parameters for the DHCP subnets:

(config)# dhcpserver subnet sub_vlan1 defaultgateway 172.27.1.254


New default gateway of subnet sub_vlan1 is 172.27.1.254
(config)# dhcpserver subnet sub_vlan2 defaultgateway 10.10.1.254
New default gateway of subnet sub_vlan2 is 10.1.1.254
#

Specifying IP Address Pool for DHCP Clients


To configure the IP address pool for DHCP clients of each subnet, use the following command
in Global configuration mode:

Table 10-7 Specifying IP address pool for DHCP clients

Commands Task

Specify the range of the IP addresses to be assigned to the DHCP


dhcpserver subnet
clients in the specified subnet.
<subnet-name> iprange
y <subnet-name>: Subnet name to configure.
<start-ip-address>
y <start-ip-address>: the start IP address of the IP pool.
<end-ip-address>
y <end-ip-address>: the last IP address of the IP pool.

This example shows how to specify the IP address pools for DHCP clients of the interfaces
sub_vlan1 and sub_vlan2:

(config)# dhcpserver subnet sub_vlan1 iprange 172.27.1.2 172.27.1.253


Now adding new IP range....
new address range 172.72.1.2 ~ 172.27.1.253 is added in subnet sub_vlan1
(config)# dhcpserver subnet sub_vlan2 iprange 10.1.1.2 10.1.1.253
Now adding new IP range....
new address range 10.1.1.2 ~ 10.1.1.253 is added in subnet sub_vlan2
(config)# end
# show dhcpserver subnet sub_vlan1 iprange

DHCP IP Range for subnet sub_vlan1

ID | Start Address | End Address


-----+----------------+-----------------
1 | 172.27.1.2 | 172.27.1.253
--------------------------------------

# show dhcpserver subnet sub_vlan2 iprange

DHCP IP Range for subnet sub_vlan1

ID | Start Address | End Address

Configuring DHCP 10-13


Configuring DHCP Server

-----+----------------+-----------------
1 | 10.1.1.2 | 10.1.1.253
--------------------------------------
#

To delete the IP address pool for DHCP clients of each subnet, use the no dhcpserver
subnet iprange <range-id> command. <range-id> is the ID of the IP range to delete.
You can see the ID of the IP range by using the show dhcpserver subnet command. To
delete all IP address ranges in the subnet, use the no dhcpserver subnet iprange all
command.

This example shows how to delete the IP address pools for DHCP clients of the interfaces
sub_vlan1 and check the result:

# show dhcpserver subnet sub_vlan1 iprange

DHCP IP Range for subnet sub_vlan1

ID | Start Address | End Address


-----+----------------+-----------------
1 | 172.19.1.2 | 172.19.1.253
-----+----------------+-----------------
2 | 172.19.3.1 | 172.19.3.100
--------------------------------------
# configure terminal
(config)# no dhcpserver subnet sub_vlan1 iprange 1
Address range 172.19.1.2 ~ 172.19.1.253 is deleted in subnet sub_vlan1
(config)# end
# show dhcpserver subnet sub_vlan1 iprange

DHCP IP Range for subnet sub_vlan1

ID | Start Address | End Address


-----+----------------+-----------------
2 | 172.19.3.1 | 172.19.3.100
--------------------------------------
#

10-14 Corecess S5 System User's Guide


Configuring DHCP Server

Defining Subnet for DHCP Relay Configuration


The DHCP subnets for DHCP relay don’t need to be attached to interfaces. All that you have to
do for DHCP subnets for DHCP relay is to define DHCP subnets using dhcpserver subnet
command:

The following is an example of defining a DHCP subnet subnet_r for DHCP relay and check the
result:

(config)# dhcpserver subnet subnet_r 211.10.1.0/24


(config)# dhcpserver subnet subnet_r iprange 211.10.1.1 211.10.1.253
Now adding new IP range....
new address range 211.10.1.1 ~ 211.10.1.253 is added in subnet subnet_r
(config)#

To check the result, use the show dhcpserver subnet all command in Privileged mode.
In case of the DHCP subnet defined by the user, ‘none’ is displayed in the Interface field.
# show dhcpserver subnet all

DHCP Server Subnets :


| | | default | Max |
Name | IP Address | Netmask |Lease time |Lease time| Interface
-------------+--------------+---------------+-----------+----------+---------
subnet_r | 1.1.1.0 | 255.255.255.0 | 43200 | 86400 | none
-------------+--------------+---------------+-----------+----------+---------
sub_vlan1 | 72.19.0.0 | 255.255.0.0 | 43200 | 86400 | vlan1
----------------------------------------------------------------------------
#

Configuring DHCP 10-15


Configuring DHCP Server

Configuring Static Host


To configure the static hosts who the fixed IP addresses are assigned to, use the following
command in Global configuration mode:

Table 10-8 Configuring Static Host

Command Task

configure terminal 1. Enter Global configuration mode.

2. Add a static host


dhcpserver host <host-name> y <host-name> Host name
<mac-address> <ip-address> y <mac-address> MAC address of the host
y <ip-address> IP address for the host

end 3. Return to Privileged mode.


show dhcpserver host 4. Verify the static host configuration.

This example shows how to add a static host ‘kka’ and verify the configuration:

(config)# dhcpserver host kka 00:11:22:33:44:55 200.1.1.1


host kka added
(config)# end
# show dhcpserver host

Static Host Information


-------------------------------------------
Name: kka
HW Addr : 00:11:22:33:44:55
IP Addr : 200.1.1.1
leasetime : 43200
-------------------------------------------
#

To remove a static host, use the no dhcpserver host command. To remove all static hosts,
no dhcpserver host all command.

10-16 Corecess S5 System User's Guide


Configuring DHCP Server

Configuring the Maximum and Minimum Number of IP


Address for a Subnet
You can configure the maximum and minimum number of IP addresses to be assigned to
DHCP clients of each subnet. A log messages generates when the number of IP addresses
exceeds the high threshold (the maximum number) or when the number of IP addresses
becomes less than or equal to the low threshold (the minimum number).

The default maximum number of IP addresses is 5000 and the default minimum number of IP
addresses is 1.

To configure the maximum and minimum number of IP addresses for a subnet, perform this
task in privileged mode:

Table 10-9 Configuring the maximum and minimum number of IP addresses for a subnet

Command Task

configure terminal 1. Enter Global configuration mode.

dhcpserver subnet 2. Set the maximum number of IP addresses to be assigned to DHCP clients
<subnet-name> of the specific subnet.
highthreshold y <subnet-name>: Subnet name to configure.
<max-value> y<max-value>: The maximum number of IP addresses (2 ~ 5000)

dhcpserver subnet 3. Set the minimum number of IP addresses to be assigned to DHCP clients
<subnet-name> of the specific subnet.
lowthreshold y <subnet-name>: Subnet name to configure.
<min-value> y <min-value>: The minimum number of IP addresses (1 ~ 4999)

The following example shows how to configure the maximum and minimum number of IP
addresses for the sub1 subnet:

(config)# dhcpserver subnet sub1 highthreshold 200


highthreshold of subnet sub1 is 200
(config)# dhcpserver subnet sub1 lowthreshold 5
lowthreshold of subnet sub1 is 5
(config)#

Configuring DHCP 10-17


Configuring DHCP Relay Agent

Configuring DHCP Relay Agent

DHCP Relay Agent Overview


If the DHCP server and the DHCP client are in the different network, the procedure that assigns
DHCP address should be changed. The message that the DHCP client sends to the DHCP server
is only broadcasted in the local network, so it is not possible to communicate with the DHCP
server of other network. In this case, you should configure the DHCP relay agent in the local
network to communicate between the DHCP server and the DHCP client.

The following network example explains the DHCP relay agent.

DHCP Relay
Client A DHCP Server Agent Clinet B

If the client a broadcasts the DHCPDISCOVER message to assign an IP address, the DHCP server,
which is in the same network, receives the message and assigns the IP address to the client A.

If the client B broadcasts the DHCPDISCOVER message to assign an IP address, the DHCP
server, which is in other network, can not receive the message. Therefore, the DHCP server can
not assign the IP address to the client B. In this case, you should configure the VLAN that the
client B is included to the DHCP relay agent. If the DHCP relay agent receives the
DHCPDISCOVER message, the DHCP relay agent transmits the message to the specified DHCP
server. The DHCP server, which receives the DHCPDISCOVER message, transmits the IP
address that is for the client B to the DHCP relay agent. The DHCP relay agent transmits the
assigned IP address to the client B.

10-18 Corecess S5 System User's Guide


Configuring DHCP Relay Agent

Communication with the DHCP Server, the Relay Agent and the Client

When a DHCP client communicates with a DHCP server through a DHPC relay agent, IP
address is assigned to the DHCP client as follows:

unicast

DHCP Relay
Client 1. DHCPDISCOVER Agent 2. DHCPDISCOVER DHCP Server

4. DHCPOFFER 3. DHCPOFFER

5. DHCPDISCOVER 6. DHCPDISCOVER

8. DHCPACK 7. DHCPACK

9. DHCPRELEASE

1. The client sends a DHCPDISCOVER broadcast message to find out DHCP server.

2. The DHCP relay agent received DHCPDISCOVER message forwards DHCPDISCOVER


message to DHCP server.

3. DHCP server received DHCPDISCOVER message from DHCP relay agent offers
configuration parameters (such as an IP address, a MAC address, a domain name, and a
lease for the IP address) to the DHCP relay agent in a DHCPOFFER unicast message.

4. DHCP relay agent sends configuration parameters (such as an IP address, a MAC address, a
domain name, and a lease for the IP address) offered from the DHCP server to the client in a
DHCPOFFER unicast message.

5. After the client receives a DHCPOFFER, it responds with a DHCPREQUEST message,


indicating its intent to accept the parameters in the DHCPOFFER.

6. The DHCP relay agent received DHCPDISCOVER message from the client forwards
DHCPREQUEST message to DHCP server.

7. After the DHCP server receives the DHCPREQUEST from DHCP relay agent, it
acknowledges the request with a DHCPACK message, thus completing the initialization
process.

Configuring DHCP 10-19


Configuring DHCP Relay Agent

8. After the DHCP relay agent receives the DHCPACK from DHCP server, it sends the
DHCPACK to the client.

9. A DHCP client may choose to relinquish its lease on a network address by sending a
DHCPRELEASE message to the DHCP server. The client identifies the lease to be released
by the use of the client identifier field and network address in the DHCPRELEASE message.

10-20 Corecess S5 System User's Guide


Configuring DHCP Relay Agent

Configuring DHCP Relay


The following is the procedure for configuring DHCP relay on the Corecess S5 System.

y Enabling DHCP relay

y Specifying a DHCP server used for DHCP relay agent

y Enabling DHCP relay security

y Assigning the weight to the secondary IP address

Enabling DHCP Relay

To enable DHCP relay on the Corecess S5 System, use the following command:

Table 10-10 Enabling DHCP relay

Commands Task

configure terminal 1. Enter Global configuration mode.

dhcprelay enable 2. Enable the DHCP relay.

The following example shows how to enable DHCP relay on the Corecess S5 System:

# configure terminal
(config)# dhcprelay enable
DHCP Relay Enabled.
#

If you enter the dhcprelay enable when the DHCP server is enabled, the following message
will be displayed:

(config)# dhcprelay
Already running in DHCP server
Fail to enable DHCP Relay agent.

Before enabling the DHCP relay, disable the DHCP server using dhcpserver disable
command:

(config)# dhcpserver disable


DHCP Server Disabled.

Configuring DHCP 10-21


Configuring DHCP Relay Agent

(config)#

To disable the DHCP relay, enter the dhcprelay disable command in the Global
configuration mode.

(config)# dhcprelay disable


DHCP Relay Disabled.
(config)#

Adding DHCP Servers for DHCP Relay

To add the DHCP servers which will assign the IP address to the DHCP relay, use the following
command in Privileged mode:

Table 10-11 Adding DHCP server for the DHCP relay

Command Task

configure terminal 1. Enter Global configuration mode.

dhcprelay serverlist 2. Add the DHCP servers.


{<ip-address> | y <ip-address>: IP address of the DHCP server.
<server-name>} y <server-name>: Host name of the DHCP server.

This example shows how to add a DHCP server for DHCP relay:

(config)# dhcprelay serverlist 172.16.1.1


Server List 172.16.1.1 is added
(config)#

To delete a DHCP server which will assign the IP address to the DHCP relay, use the no
dhcprelay serverlist command in Global configuration mode. To delete all DHCP
servers, use the no dhcprelay serverlist all command.

10-22 Corecess S5 System User's Guide


Configuring DHCP Relay Agent

Enable DHCP Relay Security

If you enable the DHCP relay security feature, the Corecess S5 System stores the IP address
assigned to a DHCP client (host A) and its MAC address. If any other host access to the system
with the host A’ IP address, the Corecess S5 System regards the packets as spoofing packet and
discard the packet.

By default, the DHCP relay security feature is disabled. To enable the DHCP relay security
feature, perform this task:

Table 10-12 Enabling DHCP relay security

Command Task

configure terminal 1. Enter Global configuration mode.

dhcprelay security 2. Enable the DHCP relay security feature.

The following example enables the DHCP relay security feature:

(config)# dhcprelay security


DHCP Relay security is on.
(config)#

To disable the DHCP relay security feature, use the no dhcprelay security command in
Global configuration mode.

Configuring DHCP 10-23


Configuring DHCP Relay Agent

Assigning the Weight to the Secondary IP

When an interface of the system enabled DHCP relay agent has the primary IP address and the
secondary IP address, the Corecess S5 System decides which range of IP address (Primary IP,
Secondary IP 1, Secondary IP 2 and so on…) should be assigned to the interface by using the
weight assigned to the secondary IP address.

For example, when the following IP addresses are set to the vlan1 interface:

y Primary IP address : 10.10.10.10/24


y Secondary IP 1 address : 1.1.1.1/24
y Secondary IP 2 address : 2.2.2.2/24
y Secondary IP 3 address : 3.3.3.3/24

If you set the weight as follows:

y Secondary IP 1 address : 20%


y Secondary IP 2 address : 30%

If the DHCP relay receives a DHCP request ten times, the DHCP relay assigns IP address of the
primary IP range five times, IP address of the secondary IP 1 range two times, and IP address of
the secondary IP 2 range three times via the DHCP server.

By default, the weight assigned to the primary IP is 100 and the weight assigned to the
secondary IP is 0. This allows the Corecess S5 System to assign a DHCP client an IP address of
the primary IP range via the DHCP server.

To configure the weight to be assigned the secondary IP address, perform this task:

Table 10-13 Assigning the weight to the secondary IP address

Command Description

dhcprelay weight Assign the weight to the secondary IP address.


<secondary-ip> y <secondary-ip>: Secondary IP address to assign the weight.
<ip-weight> y <ip-weight>: Weight assigned to the secondary IP address (1 ~ 100)
<interface-weight> y <interface-weight>: Weight assigned to the interface (1 ~ 100)

10-24 Corecess S5 System User's Guide


Configuring DHCP Relay Agent

The following example shows how to assign the weight, 40%, to the secondary IP address,
172.2.2.2 and check the result:

(config)# dhcprelay weight 172.2.2.2 40 100


(config)# end
# show dhcprelay weight

DHCP Relay Weight:


vlan2
+-----------------+-----------+
| IP Address | Weight |
+-----------------+-----------+
| 172.1.1.1 | 100/100 |
+-----------------+-----------+
vlan1
+-----------------+-----------+
| IP Address | Weight |
+-----------------+-----------+
| 172.19.3.97 | 60/100 |
| 172.2.2.2 | 40/100 |
+-----------------+-----------+
#

Configuring DHCP 10-25


Displaying DHCP Configuration

Displaying DHCP Configuration


This section describes how to display DHCP server and DHCP relay configuration.

Displaying DHCP Server Configuration

Displaying the Global DHCP Server Configuration

To display the global DHCP server configuration, use the show dhcpserver command:

# show dhcpserver

Global DHCP Server Configurations :


Status : Enabled
Default Lease Time : 43200 seconds
Max Lease Time : 86400 seconds
Log Server #1 : 168.1.1.1
Allow BOOTP requests : Yes
Allow Unknown Clients : Yes
Security : Off
#

The table below describes the fields in the show dhcpserver command output:

Table 10-14 show dhcpserver Field Description

Field Description

Status The status of the DHCP server.

The default lease time of the IP address to be assigned to the DHCP


Default Lease Time
clients (second)

The maximum lease time of the IP address to be assigned to the DHCP


Max Lease Time
clients (second)

Default Gateway IP address of the default gateway for DHCP clients.

*Default DNS #1, #2, #3 IP address of the DNS to be assigned to the DHCP clients

*Log Server IP address of the log server for DHCP clients.

Path name of a file to which the DHCP client's core image should be
*Merit Dump
dumped in the event the client crashes.

*Root Path Path name that contains the client's root disk

10-26 Corecess S5 System User's Guide


Displaying DHCP Configuration

(Continued)
Field Description

Allow BOOTP requests Whether to allow for the DHCP server to respond to the BOOTP queries.

Allow Unknown Clients Whether to allow for the DHCP server to respond to the BOOTP queries.

Security Whether to enable DHCP server security feature.

*: this indicates that the fields are displayed when users set the field value.

If the DHCP server is disabled on the Corecess S5 System, the following message will be
displayed:

# show dhcpserver
DHCP Server is not running.
#

Displaying DHCP Subnet Configuration

To display the configuration of a DHCP subnet on the Corecess S5 System, use the show
dhcpserver subnet command.

The following example displays the configuration of all DHCP subnets by using the show
dhcpserver subnet all command:

# show dhcpserver subnet all


DHCP Server Subnets :

| | | default | Max |
Name| IP Address| Netmask| Lease time| Lease time| Interface
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
SUB1| 172.168.20.0| 255.255.255.0| 43200| 86400| none
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan2| 172.20.2.0| 255.255.255.0| 43200| 86400| vlan2
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan1| 172.10.1.0| 255.255.255.0| 43200| 86400| vlan1
--------------- ---------------- ---------------- ----------- ----------- ---------

Configuring DHCP 10-27


Displaying DHCP Configuration

The following example displays the information of the specified DHCP subnets by using the
show dhcpserver subnet command:

# show dhcpserver subnet SUB1

DHCP Server Subnet : SUB1

Subnet IP : 172.168.20.0
Interface Name : none
Netmask : 255.255.255.0
default lease time : 43200 seconds
max lease time : 86400 seconds
HighThreshold : 5000
LowThreshold : 1
CurrentLeaseCount : 0
Default Gateway : 172.168.20.1
Log Server #1 : 120.1.1.1
#

The following example displays the IP address ranges of the specified subnet by using the show
dhcpserver subnet iprange command:

# show dhcpserver subnet sub_vlan1 iprange

DHCP IP Range for subnet sub_vlan1

ID | Start Address | End Address


----+---------------+-----------------
1 | 172.27.1.2 | 172.27.1.253
--------------------------------------
# show dhcpserver subnet sub_vlan2 iprange

DHCP IP Range for subnet sub_vlan1

ID | Start Address | End Address


----+---------------+-----------------
1| 10.1.1.2 | 10.1.1.253
--------------------------------------
#

10-28 Corecess S5 System User's Guide


Displaying DHCP Configuration

The table below describes the fields in the show dhcpserver subnet all command output:

Table 10-15 show dhcpserver subnet all field descriptions

Field Description

Name Subnet name

IP Address Network number of the subnet

Netmask Net mask of the subnet

Default Lease time The default lease time for in the subnet

Max Lease time The maximum lease time for the hosts in the subnet

Interface Interface name which the subnet applies to.

The table below describes the fields in the show dhcpserver subnet command output:

Table 10-16 show dhcpserver subnet field descriptions

Field Description

DHCP Server Subnet Subnet name

Subnet IP Network number of the subnet

Interface Name Interface name which the subnet applies to.

Netmask Net mask of the subnet

default lease time The default lease time for in the subnet

maximum lease time The maximum lease time for the hosts in the subnet

Default Gateway IP address of the default gateway for the subnet

DNS IP #1 IP address of the DNS to be assigned to the subnet

IP Range The IP address ranges of the subnet

The table below describes the fields in the show dhcpserver subnet <subnet-name>
iprange command output:

Table 10-17 show dhcpserver subnet <subnet-name> iprange field description

Field Description

ID The ID of the IP range

Start Address The starting address of the range

End Address The last address of the range

Configuring DHCP 10-29


Displaying DHCP Configuration

Displaying the IP Addresses Assigned to the DHCP Clients

To display the information of the IP addresses assigned to the DHCP clients, use the show
dhcpserver lease [summary] command.

The following example shows how to display the IP addresses assigned to the DHCP clients:

# show dhcpserver leases

DHCP Lease Information(current time : 2002/12/24 10:39:34)

IP Address | MAC Address | Start | End | Status | Remain


-------------+-----------------+ ---------------+ ---------------+ --------+-------
100.100.100.4|00:00:21:fb:66:a4| 12/24 10:32:48| 12/24 1:26:50| Active | 53 min
-------------+-----------------+ ---------------+ ---------------+ --------+-------
100.100.100.1|00:10:a4:a3:c2:9e| 12/24 10:26:50| 12/24 11:26:50| Active | 47 min
-------------+-----------------+ ---------------+ ---------------+ --------+-------
200.200.201.3|00:50:da:ea:4a:cd| 12/24 10:26:50| 12/24 1:30:28| Active | 50 min
-------------+-----------------+ ---------------+ ---------------+ --------+-------
200.200.201.1|00:50:da:ea:4a:cd| 12/24 10:15:18| 12/24 1:15:18| Active | 35 min
-------------+-----------------+ ---------------+ ---------------+ --------+--------

Total 4 Entries Assigned


#

The following example displays the summary information of the IP addresses assigned to the
DHCP clients:

# show dhcpserver leases summary

DHCP Lease Information(current time : 2002/12/24 17:01:10)

Interface| Total Lease| Assigned Lease| Free Lease


-------------+-----------------+ -----------------+ ----------------
vlan1| 200| 2| 198
-------------+-----------------+ -----------------+ ----------------
vlan2| 200| 2| 198
-------------+-----------------+ -----------------+ ----------------

Total 4 Entries Assigned


#

10-30 Corecess S5 System User's Guide


Displaying DHCP Configuration

The table below describes the fields in the show dhcpserver lease command output:

Table 10-18 show dhcpserver lease field descriptions

Field Description

IP Address IP address assigned to a DHCP client

MAC Address MAC address of a DHCP client

Start The IP address assignment time

End The lease expiration time of the IP address

Status Status of a DHCP client

Remain Remaining time of the lease for an IP address that is assigned (in minutes)

The table below describes the fields in the show dhcpserver lease summary command
output:

Table 10-19 show dhcpserver lease field descriptions

Field Description

Interface The interface name

Total Lease The number of IP addresses in the IP pool of the interface

Assigned Lease The number of IP addresses that have been assigned to DHCP clients

The number of remaining IP addresses that have not been assigned to DHCP
Free Lease
clients yet

Configuring DHCP 10-31


Displaying DHCP Configuration

Displaying the List of the Static Hosts

To display the list of the static hosts who can get the fixed IP addresses, use the show
dhcpserver host command.

The following example shows how to display the static DHCP hosts:

# show dhcpserver host


Static Host Information
-------------------------------------------
Name : George
HW Addr : 10:10:10:1f:2e:00
IP Addr : 172.12.1.99
leasetime : 43200
#

The table below describes the fields in the show dhcpserver host command output:

Table 10-20 show dhcpserver host field descriptions

Field Description

Name The DHCP client name

HW Addr The MAC address of the DHCP client

IP Addr The IP address for the DHCP client

leasetime Duration of the lease for an IP address that is assigned to the host

Default DNS #1 The IP address of DNS server to be assigned to the host

Log Server The IP address of log server to be assigned to the host

10-32 Corecess S5 System User's Guide


Displaying DHCP Configuration

Displaying DHCP Relay Configuration

Displaying DHCP Relay Configuration

To display the DHCP relay configuration information, use the show dhcprelay command.

The following example shows how to display the DHCP relay configuration information on the
Corecess S5 System:

# show dhcprelay

Global DHCP Relay Agent Configurations :


Status : Enabled
Security : On
Relay Interface :
vlan2, 10.1.1.1
vlan1, 172.27.2.100
#

The table below describes the fields in the show dhcprelay command output:

Table 10-21 show dhcprealy field descriptions

Field Description

Status The DHCP relay agent state on the system (Enabled or Disabled).

Security The DHCP relay security state on the system (On or Off)

Relay Interface The name of the VLAN interfaces that the DHCP relay is enabled

If the DHCP relay agent is disabled on the system, the ‘DHCP relay agent is not
running.’ message is displayed as follows:

# show dhcprelay
DHCP relay agent is not running
#

Configuring DHCP 10-33


Displaying DHCP Configuration

Displaying the List of the DHCP Servers

To display the list of the DHCP servers which assign the IP addresses to the clients of the DHCP
relay agent, use the show dhcprelay serverlist command.

The following example displays the DHCP servers used for the DHCP relay agent:

# show dhcprelay serverlist

DHCP Relay Server List


NUM | IP Address | Port
--------------------------------
1 | 172.16.1.1 | 67
--------------------------------
#
The table below describes the fields in the show dhcprelay serverlist command output:

Table 10-22 show dhcprealy serverlist field descriptions

Field Description

NUM Index number of the DHCP relay agent

IP Address IP addresses of the DHCP server

Port Port number used for the DHCP server

Displaying the Weight of the Secondary IP

To displays the weight to be assigned to secondary IP address of the system interface, use the
show dhcprelay weight command.

The following is a sample output of displaying weights of the secondary IP addresses:


# show dhcprelay weight

DHCP Relay Weight:


vlan1
+-----------------+-----------+
| IP Address | Weight |
+-----------------+-----------+
| 10.10.10.10 | 5/10 |
| 3.3.3.3 | 0/10 |
| 2.2.2.2 | 3/10 |
| 1.1.1.1 | 2/10 |
+-----------------+-----------+
#

10-34 Corecess S5 System User's Guide


Displaying DHCP Configuration

Displaying DHCP Version and Statistics

Displaying the DHCP Version


To display the version of the DHCP module supported by the system, use the show dhcp
version command. The following example displays the version of the DHCP module:

# show dhcp version


Corecess DHCP – Bug Fixed 031227 #1 - common
#

Displaying the DHCP Statistics


To display the DHCP statistics, use the show dhcp statistics. This example shows how to
display the DHCP statistics:

# show dhcp statistics


DHCP statistics :
-----------------------------------------------------------------
rxDhcpDiscovers : 803 txDhcpDiscovers : 0
rxDhcpRequests : 2464 txDhcpRequests : 0
rxDhcpOffers : 0 txDhcpOffers : 803
rxDhcpAcks : 0 txDhcpAcks : 2450
rxDhcpNaks : 0 txDhcpNaks : 10
rxDhcpDeclines : 0 txDhcpDeclines : 0
rxDhcpReleases : 5 txDhcpReleases : 0
rxDhcpInforms : 1259 txDhcpInforms : 0
rxDhcpBadPackets : 0
-----------------------------------------------------------------
rxTotalPackets : 4531 txTotalPackets : 3263
-----------------------------------------------------------------

-----------------------------------------------------------------
rxBootpRequest : 4530 txBootpRequest : 0
rxBootpReply : 0 txBootpReply : 0
-----------------------------------------------------------------

Configuring DHCP 10-35


Displaying DHCP Configuration

The table below describes the fields shown by the show dhcp statistics command:

Table 10-23 show dhcp statistics field descriptions

Field Description

rxDhcpDiscovers Number of received DHCPDISCOVER messages.

rxDhcpRequests Number of received DHCPREQUEST messages.

rxDhcpOffers Number of received DHCPOFFER messages.

rxDhcpAcks Number of received DHCPACK messages.

rxDhcpNaks Number of received DHCPNAK messages.

rxDhcpDeclines Number of received DHCPDECLINE messages.

rxDhcpReleases Number of received DHCPRELEASE messages.

rxDhcpInforms Number of received DHCPINFORM messages.

rxDhcpBadPackets Number of received DHCP packets with error.

txDhcpDiscovers Number of sent DHCPDISCOVER messages.

txDhcpRequests Number of sent DHCPREQUEST messages.

txDhcpOffers Number of sent DHCPOFFER messages.

txDhcpAcks Number of sent DHCPACK messages.

txDhcpNaks Number of sent DHCPNAK messages.

txDhcpDeclines Number of sent DHCPDECLINE messages.

txDhcpReleases Number of sent DHCPRELEASE messages.

txDhcpInforms Number of sent DHCPINFORM messages.

rxTotalPackets Number of sent DHCP packets with error.

txTotalPackets Total number of received DHCP packets.

rxBootpRequest Number of received BOOTP request messages

rxBootpReply Number of received BOOTP reply messages

txBootpRequest Number of sent BOOTP request messages

txBootpReply Number of sent BOOTP reply messages

10-36 Corecess S5 System User's Guide


DHCP Configuration Commands

DHCP Configuration Commands


The following table lists the commands for configuring DHCP on the Corecess S5 System:

Table 10-24 DHCP configuration commands

Command Function

dhcprelay Enables the DHCP relay agent on the Corecess S5 System.

dhcprelay security Enables the DHCP relay security feature.

Adds the DHCP servers which will assign the IP address to the DHCP
dhcprelay serverlist
relay.

dhcpserver bootp Allows for the DHCP server to respond to the BOOTP queries.

Specifies the global default Domain Name System (DNS) server which
dhcpserver defaultdns
applies to all the DHCP subnets.

dhcpserver
Specifies the global default gateway list for all the DHCP subnets.
defaultgateway

dhcpserver Specifies the duration of the lease for an IP address that is assigned from
defaultleasetime a DHCP server to a DHCP client.

dhcpserver Enables the DHCP server on the Corecess S5 System.

dhcpserver host Specifies the IP address for a manual binding to a DHCP client.

Specifies a log server to which logging information DHCP clients are


dhcpserver log-server
sent.

dhcpserver
Specifies the upper limit of the default lease time.
maxleasetime

Specifies the path name of the merit dump file to which the client's core
dhcpserver merit-dump
image should be placed in the event the client crashes.

dhcpserver root-path Specifies the path name that contains the client's root disk.

dhcpserver security Enables the DHCP server security feature.

Adds a DHCP subnet. The clients in the DHCP subnet can be assigned
dhcpserver subnet
the IP addresses from the DHCP server.

dhcpserver subnet
Specifies the default Domain Name System (DNS) server for a subnet.
defaultdns

dhcpserver subnet
Specifies the default gateway list for a subnet.
defaultgateway

Specifies the duration of the lease for an IP address that is assigned to the
dhcpserver subnet
DHCP clients in a subnet. This value will apply to the specified DHCP
defaultleasetime
subnet.

Configuring DHCP 10-37


DHCP Configuration Commands

(Continued)
Command Function

dhcpserver subnet
Specifies the high-threshold of the number of the leased IP addresses.
highthreshold

dhcpserver subnet Sets the range of addresses (or address pool) for DHCP clients in the
iprange specified subnet.

dhcpserver subnet Specifies a log server to which logging information DHCP clients are sent
log-server for a subnet.

dhcpserver subnet
Specifies the low-threshold of the number of the leased IP addresses.
lowthreshold

dhcpserver subnet
Specifies the upper limit of the default lease time for a subnet.
maxleasetime

dhcpserver subnet Specifies the path name of the merit dump file to which the client's core
merit-dump image should be placed in the event the client crashes for a subnet.

dhcpserver subnet
Specifies the path name that contains the client's root disk for a subnet.
root-path

dhcpserver unicast Allows for the DHCP server to send unicast reply.

dhcpserver
Allows for the DHCP server to assign IP addresses to the unknown hosts.
unknownclients

show dhcp statistics Shows the statistics of the DHCP

show dhcp version Shows the version of the DHCP module.

show dhcprelay Shows the status of the DHCP relay agent

show dhcprelay Shows the list of the DHCP servers which assign the IP addresses to the
serverlist clients of the DHCP relay agent.

show dhcpserver Shows the global DHCP server configuration.

show dhcpserver host Shows the list of the static hosts who can get the fixed IP addresses.

Shows the current usage of the IP addresses available for the DHCP
show dhcpserver lease
clients.

show dhcpserver
Shows the DHCP subnet configuration.
subnet

10-38 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

Configuring DHCP Server(Only S518)

Sequence to configure DHCP Server


The sequence to configure the most basic DHCP Server in Corecess S518 is as shown below:

y Activate DHCP Server in the interface to be used;

y Create IP Pool to be connected with DHCP Server;

y Designate the IP address range to be allocated in IP Pool;

y Designate the Host to use static IP;

y Configure DHCP Server Parameter to be allocated when allocating the IP of corresponding Pool in IP Pool; and

y Connect interface and IP Pool.

Values to be identified
Corecess S518 configures DHCP Server by VLAN unit. To configure DHCP Server, below-listed
values should be identified in advance:

y Interface to configure DHCP Server;

y Range of IP to be allocated;

y Various network information including the gateway address to be used by the Host to which IP was
allocated; and

y IP lease time.

Configuring DHCP 10-39


Configuring DHCP Server(Only S518)

Activating DHCP Server


DHCP Server is activated by executing below-shown commands:

Command Work
Configure terminal Enter into Configuration mode.
Interface vlan id [ID] Enter into Interface mode.
Ip dhcp server Activate DHCP Server.
End Return to Privileged mode.
Show ip dhcp Check the activation of DHCP
interface Server.

Below-shown is the example to activate DHCP Server:

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp server
localhost(config-if)# end
localhost# show ip dhcp interface

Interface DHCP Status


------------------------------------
vlan32 DHCP Disabled
vlan50 DHCP Server
vlan1000 DHCP Disabled
------------------------------------
localhost#

To inactivate DHCP Server so as not to act anymore, run no ip dhcp server command in
Interface Mode.

Localhost(config-if)# no ip dhcp server


localhost(config-if)#

10-40 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

Configuring GLOBAL DHCP Parameters

Below-shown are the kinds and default values of parameters supplied by DHCP in Corecess:

Default
Parameter Description
Value
Default lease time IP lease time allocated to Client 43200
Default gateway Default gateway address of client
Dns server DNS Server address
Log server LOG Server address
Wins server WIN Server address
Path of Merit dump file where Core image of client is
Merit dump
saved
Root
Path where Root disk of client exists
path

These DHCP Parameters may set distinguishing into Global mode applied to all the subnet and
IP Pool mode applied to only one subnet.
If the setting is done to both Global mode and IP Pool mode, the value set in IP Pool mode is
firstly applied in corresponding subnet.
The method to designate the parameter as the prior Global mode as shown below:

Command Work
Configure terminal Enter into Global Configuration mode.
Ip dhcp leasetime <time> Designate Default lease allocation time.
Ip dhcp default-gateway <ip-address> Designate default gateway.
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-path <string> Designate the path of Root disk.

Setting default lease time


The default lease time of IP to be allocated to client may be set as shown below:

Localhost(config)# ip dhcp leasetime 86400

Configuring DHCP 10-41


Configuring DHCP Server(Only S518)

Set lease time to 86400


Localhost(config)#

To return the default lease time to default setting value, 43200, execute no ip dhcp leasetime
command.

Setting default gateway


The IP of default gateway may be set as shown below:

Localhost(config)# ip dhcp default-gateway 50.1.1.1


set default gateway to 50.1.1.1.
Localhost(config)#

To delete default gateway setting, execute no ip dhcp default-gateway command.

Setting DNS Server IP


The IP of DNS Server may be set as shown below:

Localhost(config)# ip dhcp dns-server 60.1.1.1


dns server setting is finished.
Localhost(config)#

It is also possible to set multiple IPs at a time. (maximum 3)

Localhost(config)# ip dhcp dns-server 60.1.1.1 60.1.1.2 60.1.1.3


dns server setting is finished.
Localhost(config)#

To delete set DNS Server address, execute no ip dhcp dns-server command.

Setting Log Server IP


The IP of Log Server may be set as shown below:

Localhost(config)# ip dhcp log-server 70.1.1.1


log server setting is finished.
localhost(config)#

It is also possible to set multiple IPs at a time. (maximum 3)

10-42 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

Localhost(config)# ip dhcp log-server 70.1.1.1 70.1.1.2 70.1.1.3


log server setting is finished.
localhost(config)#

To delete set Log Server address, execute no ip dhcp log-server command.

Setting WINS Server IP


The IP of WINS Server may be set as shown below:

Localhost(config)# ip dhcp wins-server 80.1.1.1


WINS server setting is finished.
localhost(config)#

It is also possible to set multiple IPs at a time. (maximum 3)

Localhost(config)# ip dhcp wins-server 80.1.1.1 80.1.1.2 80.1.1.3


WINS server setting is finished.
localhost(config)#

To delete set WINS Server address, execute no ip dhcp WINS server command.

Setting Merit-dump-file path


The path of merit-dump-file may be set as shown below:

localhost(config)# ip dhcp merit-dump-file /tmp/boot.img


set merit-dump-file-path to /tmp/boot.img
localhost(config)#

To delete the set path information of merit-dump-file, execute no ip dhcp merit-dump-file


command.

Setting root-path
The path of root disk may be set as shown below:

localhost(config)# ip dhcp root-pathname /tmp/


set root path to /tmp/
localhost(config)#

Configuring DHCP 10-43


Configuring DHCP Server(Only S518)

To delete set root-path, execute no ip dhcp root-path command.

Creating IP Pool
In IP Pool, IPs allocated to clients in DHCP Server and related parameters may be set. To do so,
IP Pool should be created in advance.
To create IP Pool, execute below-shown command.

Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create IP Pool named <string>.
End Return to Privileged mode.
Show service-manager ip pool config Check created IP Pool.

Below-shown is the example to create IP Pool.

localhost# configure terminal


localhost(config)# ip pool test
localhost(config-ippool)# end
localhost# show service-manager
interface ip protocol-manager session
localhost# show service-manager ip pool config

Service Manager Static Host


---------------------------------------------------
---------------------------------------------------
Used Static Host Address Count : 0
Free Static Host Address Count : 0
---------------------------------------------------

Service Manager Ip Pool test


---------------------------------------------------
---------------------------------------------------
Used IP Address Count : 0
Free IP Address Count : 0
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%
---------------------------------------------------

10-44 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

To delete IP Pool, execute no ip pool test command in Config mode.

Setting IP subnet and address range


The range of IP address and subnet to be allocated to clients is set.
Subnet and IP address range may be set with use of below-shown commands:

Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Network <ip-address/mask> Set subnet.
Ip range dhcp <start-ip> <end-ip> or
IP range to be allocated is set.
Ip range dhcp <ip-address/mask>
end Return to Privileged mode.
Show service-manager ip pool config Check pool setting.

The next is the example to set the IP range to be allocated to subnet in IP Pool.

localhost# configure terminal


localhost(config)# ip pool test
localhost(config-ippool)# network 50.1.1.0/24
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254
localhost(config-ippool)# end
localhost# show service-manager
interface ip protocol-manager session
localhost# show service-manager ip pool config

Service Manager Static Host


---------------------------------------------------
---------------------------------------------------
Used Static Host Address Count : 0
Free Static Host Address Count : 0
---------------------------------------------------

Service Manager Ip Pool test


---------------------------------------------------
Range : 50.1.1.2 ~ 50.1.1.254
---------------------------------------------------
Used IP Address Count : 0
Free IP Address Count : 253
Declined IP Address Count : 0

Configuring DHCP 10-45


Configuring DHCP Server(Only S518)

IP Pool Usage Level : 0.00%


---------------------------------------------------

localhost#

To delete subnet and IP address range set in IP Pool, execute below-shown commands:

When deleting subnet:


localhost(config-ippool)# no network
When deleting IP address range:
localhost(config-ippool)# no ip range dhcp <ip address range>
- At this time, set <ip address range> as the value inputted at first creation.
Ex)
When creating:
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254

When deleting:
localhost(config-ippool)# ip range dhcp 50.1.1.3 50.1.1.254 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.250 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254 (O)

When creating:
localhost(config-ippool)# ip range dhcp 50.1.1.0/24

When deleting:
localhost(config-ippool)# no ip range dhcp 50.1.1.0/26 (X)
localhost(config-ippool)# no ip range dhcp 50.1.1.0/24 (O)

To exclude specific IP range from the allocation range, use below-shown commands:

Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Ip range excluded-address <start-ip> <end-ip> Set the IP Range to be excluded from allocation range.
End Return to Privileged mode.
Show service-manager ip pool config Check pool setting.

Below-shown is the example to set the IP Range to be excluded from the allocation range in IP

10-46 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

Pool.

localhost# configure terminal


localhost(config)# ip pool test
localhost(config-ippool)# ip range excluded-address 50.1.1.5 50.1.1.200
localhost(config-ippool)# end
localhost# show service-manager ip pool config

Service Manager Static Host


---------------------------------------------------
---------------------------------------------------
Used Static Host Address Count : 0
Free Static Host Address Count : 0
---------------------------------------------------

Service Manager Ip Pool test


---------------------------------------------------
Range : 50.1.1.0/24
Exclusive Range : 50.1.1.5 ~ 50.1.1.200
---------------------------------------------------
Used IP Address Count : 0
Free IP Address Count : 58
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%
---------------------------------------------------

localhost#

Configuring DHCP 10-47


Configuring DHCP Server(Only S518)

Setting IP Pool Parameters


To set the parameters to be allocated to clients in IP Pool, execute below-shown commands:

Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Ip dhcp leasetime <time> Designate Basic lease allocation time.
Ip dhcp default-gateway <ip-address> Designate basic gateway.
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-pathname <string> Designate the path of Root disk.

Setting basic lease time


The basic lease time of IP to be allocated to client may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp leasetime 86400
Set lease time to 86400
Localhost(config)#
To return the basic lease time to basic setting value, 43200, execute no ip dhcp leasetime
command.

Setting default gateway


The IP of default gateway may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp default-gateway 50.1.1.1
set default gateway to 50.1.1.1.
Localhost(config)#

To delete default gateway setting, execute no ip dhcp default-gateway command.

Setting DNS Server IP


The IP of DNS Server may be set as shown below:

10-48 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp dns-server 60.1.1.1
dns server setting is finished.
Localhost(config)#

It is also possible to set multiple IPs at a time. (maximum 3)

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp dns-server 60.1.1.1 60.1.1.2 60.1.1.3
dns server setting is finished.
Localhost(config)#

To delete set DNS Server address, execute no ip dhcp dns-server command.

Setting Log Server IP


The IP of Log Server may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp log-server 70.1.1.1
log server setting is finished.
localhost(config)#

It is also possible to set multiple IPs at a time. (maximum 3)


Localhost(config)# ip pool test
Localhost(config-ippool)# ip dhcp log-server 70.1.1.1 70.1.1.2 70.1.1.3
log server setting is finished.
localhost(config)#

To delete set Log Server address, execute no ip dhcp log-server command.

Setting WINS Server IP


The IP of WINS Server may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp wins-server 80.1.1.1
WINS server setting is finished.
localhost(config)#

It is also possible to set multiple IPs at a time. (maximum 3)

Localhost(config)# ip pool test

Configuring DHCP 10-49


Configuring DHCP Server(Only S518)

Localhost(config-ippool)# ip dhcp wins-server 80.1.1.1 80.1.1.2 80.1.1.3

WINS server setting is finished.

localhost(config)#

To delete set WINS Server address, execute no ip dhcp WINS server command.

Setting Merit-dump-file path


The path of merit-dump-file may be set as shown below:

Localhost(config)# ip pool test


localhost(config-ippool)# ip dhcp merit-dump-file /tmp/boot.img
set merit-dump-file-path to /tmp/boot.img
localhost(config)#

To delete the set path information of merit-dump-file, execute no ip dhcp merit-dump-file


command.

Setting root-path
The path of root disk may be set as shown below:

Localhost(config)# ip pool test


localhost(config-ippool)# ip dhcp root-pathname /tmp/
set root path to /tmp/
localhost(config)#

To delete set root-path, execute no ip dhcp root-path command.

10-50 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

Configuring Pool Chaining


To allocate IPs to the clients belonging to each subnet when multiple subnets exist in an
interface, create IP Pools corresponding to the number of subnets and connect them with
interface.
IP Pools may separately be registered in the interface and this Pool Chaining method may be
used when intending to firstly allocate the IP of a specific subnet or to designate the IP
allocation order to subnets.
In this Pool Chaining method, the order of IP Pools is designated by connecting the created
pools to a single direction list shape.
Below-shown figure is the example:

Five pools are connected to a single direction list by Pool Chaining method and Pool #1 at the
front is connected with interface.
When IP request is received from a client, IP is firstly allocated to Pool #1 at the left and then in
the order of Pool #2, Pool #3...
Below-shown is the commands to configure Pool Chaining.

Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.

Next-pool <string> Designate the next Pool to be connected by Pool Chaining.

End Return to Privileged mode.


Show service-manager ip pool config Check pool setting.

Above-shown Pool Chaining may be configured with use of below-shown commands.

localhost# configure terminal


localhost(config)# ip pool pool5
localhost(config-ippool)# exit

Configuring DHCP 10-51


Configuring DHCP Server(Only S518)

localhost(config)# ip pool pool4


localhost(config-ippool)# next-pool pool5
localhost(config-ippool)# exit
localhost(config)# ip pool pool3
localhost(config-ippool)# next-pool pool4
localhost(config-ippool)# exit
localhost(config)# ip pool pool2
localhost(config-ippool)# next-pool pool3
localhost(config-ippool)# exit
localhost(config)# ip pool pool1
localhost(config-ippool)# next-pool pool2
localhost(config-ippool)# exit
localhost(config)# interface vlan id 50
localhost(config-if)# dhcp address-pool local pool1
localhost(config-if)#

IP allocation by DHCP option


It is possible to set so that the client having the option value same as designated option value
may receive IP allocation.
When using this function, it is possible that IP is allocated only to the client using specific OS or
equipment or separate IP is allocated.
This function becomes available with the option and option value to firstly be applied is set and
the option strategy set in interface mode and IP Pool are connected together.
Commands are as shown below:

Command Work
Configure terminal Enter into Global Configuration mode.
Dhcp option <name> id
<option number> value Create and Enter into <string> pool.
<string value>
Dhcp option <option name> Assign the IP address from the address pool defined in <pool name>
address-pool local <pool based on the value in DHCPDISCOVER packets referring to its
name> registered <option name>.
End Return to Privileged mode.
Show service-manager ip pool
Check pool setting.
config

Below-shown is the example setting that DHCP Option 60 allocates IP only to the Packet that is
‘MSFT 5.0’.
localhost(config)#
localhost(config)# dhcp option test id 1 value "MSFT 5.0"

10-52 Corecess S5 System User's Guide


Configuring DHCP Server(Only S518)

localhost(config)# interface vlan id 32


localhost(config-if)# dhcp option test address-pool local test
localhost(config-if)#

Configuring DHCP 10-53


Configuring DHCP Relay Agent(Only S518)

Configuring DHCP Relay Agent(Only S518)


The process to configure DHCP Relay in Corecess S5 as shown below:

- Activating DHCP Relay


- Designating DHCP Server to be used by DHCP Relay Agent
- Allocating the weight of Secondary IP Address
- Activating option82 function

Activating DHCP Relay


The thing to be done first to configure DHCP Relay Agent is to activate DHCP Relay by below-
shown method:

Command Work

Configure terminal Enter into Configuration mode.


Interface vlan id [ID] Enter into Interface mode.
Ip dhcp relay Activate DHCP Relay.
End Return to Privileged mode.
Ip dhcp interface Check the activation of DHCP Server.

Below-shown is the example to activate DHCP Relay:

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp relay
localhost(config-if)# end
localhost# show ip dhcp interface

Interface DHCP Status


------------------------------------
vlan31 DHCP Disabled
vlan5 DHCP Disabled
vlan32 DHCP Server
vlan50 DHCP Relay
vlan1000 DHCP Disabled
------------------------------------

10-54 Corecess S5 System User's Guide


Configuring DHCP Relay Agent(Only S518)

In case of DHCP Relay also, like DHCP Server, activation by interface unit is possible. The
interface to be activated is the one that belongs to the network where the client to receive IP
through DHCP exists.

Designating DHCP Server


External DHCP Server to send/receive Packets to/from DHCP Relay may be designated.
External DHCP Server is designated with use of below-shown commands.

Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp helper-address <ip-address> Set External DHCP Server Address.
End Return to Privileged mode.

Below-shown is the example to designate DHCP Server to send/receive Packets to/from DHCP
Relay.

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# end
localhost#

As shown below, designation of multiple DHCP Servers is also possible.

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# ip dhcp helper-address 30.1.1.1
server set to 30.1.1.1
localhost(config-if)# ip dhcp helper-address 40.1.1.1
server set to 40.1.1.1
localhost(config-if)# end
localhost#

Configuring DHCP 10-55


Configuring DHCP Relay Agent(Only S518)

DHCP Relay unicasts Packets to DHCP Server designated by above-shown commands every
time when the DHCP packet broadcasted by client is received.

Designating DHCP Secondary weight


When two or more subnets exist in the interface where clients exist, DHCP Server creates IP
Pool to each subnet and allocates IP by the strategy of DHCP Server in each IP Pool upon every
request for IP allocation from corresponding interface.

However, sometimes DHCP Server cannot allocate IP to multiple subnets of an interface. The
purpose of DHCP Secondary weight function is to support IP allocation connected with such
DHCP Server.

To allocate corresponding IP to each subnet, weight should be given to the interface IPs
(secondary IPs) corresponding to each subnet excluding the first subnet.
To give weight to secondary IPs, execute below-shown commands:

Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp secondary weight
<ip-address> <weight> <total> Set weight to secondary IPs.
End Return to Privileged mode.

In the commands to give weight to secondary IPs, <total> means the whole ratio of IPs for
allocation and <weight> means the ratio of IP allocated to the subnet corresponding to
secondary IP.
Below-shown is the example of such command.

Ip dhcp secondary weight 210.147.10.254 20 100


When this command is executed, DHCP Relay corrects the giaddr field of DHCP Packet and
sends it to DHCP Server so that 20 IPs are allocated to the subnet having 210.147.10.254 as the
gateway IP in the 100 IP request through corresponding interface.

10-56 Corecess S5 System User's Guide


Configuring DHCP Proxy Server(Only S518)

Configuring DHCP Proxy Server(Only S518)


The method to configure DHCP Proxy Server is as shown below:

Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp proxy-server Activate DHCP Proxy Server in interface.
End Return to Privileged mode.

Below-shown is the example to configure DHCP Proxy Server.

localhost#
localhost# configure terminal
localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp proxy-server
Sep 28 15:51:30 localhost DHCP-7-INFO: DHCP Proxy Server serviced on interface
v
lan50.
localhost(config-if)# end
localhost# show ip dhcp interface

Interface DHCP Status


------------------------------------
vlan31 DHCP Disabled
vlan5 DHCP Disabled
vlan32 DHCP Disabled
vlan50 DHCP Proxy Server
vlan1000 DHCP Disabled
------------------------------------
localhost#

Configuring DHCP 10-57


Configuring DHCP Proxy Server(Only S518)

Designating DHCP Server


The DHCP Server to send/receive Packets to/from DHCP Proxy Server may be designated.
DHCP Server is designated with use of below-shown commands:

Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp proxy helper-address <ip-address> Set External DHCP Server Address.
End Return to Privileged mode.

Below-shown is the example to designate DHCP Server:

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp proxy helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# end
localhost#

As shown below, designation of multiple DHCP Servers is also possible.

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp proxy helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# ip dhcp proxy helper-address 30.1.1.1
server set to 30.1.1.1
localhost(config-if)# ip dhcp proxy helper-address 40.1.1.1
server set to 40.1.1.1
localhost(config-if)# end
localhost#

10-58 Corecess S5 System User's Guide


Displaying DHCP Configuration information(Only S518)

Displaying DHCP Configuration information(Only S518)


In this section, the commands to output the various kinds of configuration information of
DHCP are described.

Displaying DHCP Activation information


When using show ip dhcp interface command, whether DHCP Service (Server, Proxy Server,
and Relay) is activated in each interface may be identified.
Below-shown is the example used the command.

localhost# show ip dhcp interface

Interface DHCP Status


------------------------------------
vlan31 DHCP Disabled
vlan5 DHCP Disabled
vlan32 DHCP Disabled
vlan50 DHCP Proxy Server
vlan1000 DHCP Disabled
------------------------------------
localhost#

Configuring DHCP 10-59


Displaying DHCP Configuration information(Only S518)

Displaying IP Pool Configuration information


When using show service-manager ip pool [IP Pool name] config command, the configuration
information of corresponding IP Pool may be identified.
Also, when using show service-manager ip pool config command, the setting information of
all IP Pools created until now may be identified.
Below-shown is the example used the command.

localhost# show service-manager ip pool test config

Service Manager Static Host


---------------------------------------------------
---------------------------------------------------
Used Static Host Address Count : 0
Free Static Host Address Count : 0
---------------------------------------------------

Service Manager Ip Pool test


---------------------------------------------------
Range : 50.1.1.50 ~ 50.1.1.60
---------------------------------------------------
Used IP Address Count : 0
Free IP Address Count : 11
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%
---------------------------------------------------

localhost#

localhost# show service-manager ip pool config

Service Manager Static Host


---------------------------------------------------
---------------------------------------------------
Used Static Host Address Count : 0
Free Static Host Address Count : 0
---------------------------------------------------

10-60 Corecess S5 System User's Guide


Displaying DHCP Configuration information(Only S518)

Service Manager Ip Pool test


---------------------------------------------------
Range : 50.1.1.50 ~ 50.1.1.60
---------------------------------------------------
Used IP Address Count : 0
Free IP Address Count : 11
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%
---------------------------------------------------

Service Manager Ip Pool test2


---------------------------------------------------
Range : 60.1.1.10 ~ 60.1.1.20
---------------------------------------------------
Used IP Address Count : 0
Free IP Address Count : 11
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%
---------------------------------------------------

localhost#

Configuring DHCP 10-61


Displaying DHCP Configuration information(Only S518)

Displaying allocated lease information


Displaying whole lease information
When using show ip dhcp leases command, all the lease information allocated by DHCP Server
or Proxy Server may be identified.
Below-shown is the example used the command.

localhost# show ip dhcp leases

DHCP Lease Information


(current time : 2007/06/28 17:32:50)

Interface name : vlan250


IP Address MAC Address Status Remain
50.1.1.50 00:e0:00:59:53:e1 active 00h:59m
50.1.1.51 00:e0:00:53:53:e2 active 00h:59m
Total 2 Entries Assigned

Interface name : vlan200


IP Address MAC Address Status Remain
60.1.1.50 00:e0:10:ac:53:e1 active 00h:59m
Total 1 Entries Assigned

Total lease count with all interfaces : 3


localhost#

10-62 Corecess S5 System User's Guide


Displaying DHCP Configuration information(Only S518)

Displaying the lease information of each interface


When using show ip dhcp leases interface vlan id [vlanid] command, the lease information
belonging to corresponding interface may be identified.
Below-shown is the example used the command.

localhost# show ip dhcp leases interface vlan id 250

DHCP Lease Information


(current time : 2007/06/28 17:34:27 interface : vlan250)

Interface name : vlan250


IP Address MAC Address Status Remain
50.1.1.50 00:e0:00:59:53:e1 active 00h:57m
50.1.1.51 00:e0:00:53:53:e2 active 00h:57m
Total 2 Entries Assigned

localhost#

Displaying lease information in detail


When using show ip dhcp leases detail command, detailed information of each lease may be
identified.
Below-shown is the example used the command.

localhost# show ip dhcp leases detail

DHCP Lease Information


(current time : 2007/06/28 17:35:13)

Interface name : vlan250


IP Address : 50.1.1.50
MAC Address : 00:e0:00:59:53:e1
Status : active
Client Id : 00:e0:00:59:53:e1
Start time : 06/28 17:32:17
Renewing time : 06/28 17:32:17
End time : 06/28 18:32:17
Remain time : 00h:57m:04s

Total 1 Entries Assigned

Configuring DHCP 10-63


Displaying DHCP Configuration information(Only S518)

Interface name : vlan200


Total 0 Entries Assigned

Total lease count with all interfaces : 1


localhost#

Displaying summarized information of whole lease


When using show ip dhcp leases summary command, the summarized information of whole
lease may be identified.
Below-shown is the example used the command.

localhost# show ip dhcp leases summary

DHCP Lease Information Summary


(current time : 2007/06/28 17:40:18 )
Interface Allocated Lease
------------------------------------------
vlan250 2
vlan200 1
------------------------------------------
Total 3
localhost#

10-64 Corecess S5 System User's Guide


Displaying DHCP Configuration information(Only S518)

Displaying DHCP Packet statistics information


To identify the flow of DHCP Packet, the function to identify the statistics information of DHCP
Packet is provided. This function may valuably be used to identify the cause of trouble when a
trouble is occurred in DHCP Service.

Displaying whole statistics information


When using show ip dhcp packet statistics command, the packet statistics information on all
the interfaces may be identified.
Below-shown is the example used the command.

localhost# show ip dhcp packet statistics


DHCP Statistics
---------------------------------------------------------
rxDhcpDiscovers : 3 txDhcpDiscovers : 0
rxDhcpRequests : 5 txDhcpRequests : 0
rxDhcpOffers : 0 txDhcpOffers : 3
rxDhcpAcks : 0 txDhcpAcks : 4
rxDhcpNaks : 0 txDhcpNaks : 1
rxDhcpDeclines : 0 txDhcpDeclines : 0
rxDhcpReleases : 1 txDhcpReleases : 0
rxDhcpInforms : 1 txDhcpInforms : 0
rxDhcpBadPackets : 1 txErrorPackets : 0
---------------------------------------------------------
rxTotalPackets : 11 txTotalPackets : 8
---------------------------------------------------------
---------------------------------------------------------
rxBootpRequest : 0 txBootpRequest : 0
rxBootpReply : 0 txBootpReply : 0
---------------------------------------------------------
localhost#

Configuring DHCP 10-65


Displaying DHCP Configuration information(Only S518)

Displaying statistics information on each interface


When using show ip dhcp packet statistics interface vlan id [vlanid] command, the statistics
information on corresponding interface may be identified.
Below-shown is the example used the command.

localhost# show ip dhcp packet statistics interface vlan id 250


DHCP Statistics : vlan250
---------------------------------------------------------
rxDhcpDiscovers : 3 txDhcpDiscovers : 0
rxDhcpRequests : 5 txDhcpRequests : 0
rxDhcpOffers : 0 txDhcpOffers : 3
rxDhcpAcks : 0 txDhcpAcks : 4
rxDhcpNaks : 0 txDhcpNaks : 1
rxDhcpDeclines : 0 txDhcpDeclines : 0
rxDhcpReleases : 1 txDhcpReleases : 0
rxDhcpInforms : 1 txDhcpInforms : 0
rxDhcpBadPackets : 1 txErrorPackets : 0
---------------------------------------------------------
rxTotalPackets : 11 txTotalPackets : 8
---------------------------------------------------------
---------------------------------------------------------
rxBootpRequest : 0 txBootpRequest : 0
rxBootpReply : 0 txBootpReply : 0
---------------------------------------------------------
localhost#

10-66 Corecess S5 System User's Guide


Chapter 11 Configuring Netsnoop

In this chapter, the method to use the Netsnoop functions of Corecess S5 System is described.

9 Understanding NetSnoop 11-2

9 Configuring DHCP snoop 11-4

9 Configuring ARP snoop 11-18

9 Displaying NetSnoop Confituration Information 11-25

9 DHCP Configuration Command 11-36


Understanding NetSnoop

Understanding NetSnoop
In this chapter, the specific features of NetSnoop and the method to use are described.

Understanding NetSnoop
NetSnoop is the function to manage user's profile and to protect users and equipment from
various wrong network attack with use of DHCP and ARP.
It consists of two modules: DHCP Snoop and ARP Snoop.
In general, this function is available when using L3 Gateway or L2 Switch.

DHCP Snoop

Differently from DHCP Server or Relay, it manage DHCP state machine to snoop DHCP Packet
and supports with security function for basic DHCP Packet. Also, when it interworks with ARP
Snoop, it may prevent illegal use of IP by the method to pass only the ARP Packet towhich IP
was assigned through DHCP.

DHCP Snoop Base Rule

This is the filtering rule of whole S5 equipment. Two modes – Permit and Deny – are provided;
in case of Permit mode, control such as communication blocking is not perfomed. In contrast, in
case of Deny mode, the subscribers who were assigned with IPs through DHCP may only
communicate.

DHCP Snoop Port Type

Each Port of S5 equipment exists in three types in DHCP Snoop:


Server Port
Transparent Port
Client Port
Server Port means the Port connected with DHCP Server. DHCP Snoop transfers all the Packets,
which was transferred to server by client, to Server Port. When the server exists in upper

11-2 Corecess S5 System User's Guide


Understanding NetSnoop

network, Uplink is designated as the Server Port. When the equipment does not drive DHCP
Server, Server Port is not separately designated.
Client Port means the Port connected with Subscriber Client. The DHCP Packet sent by client is
received by this Port and the Packets sent from Server are blocked. Also, if Base Rule is in Deny
status, the clients received IPs through DHCP may only communicate.
Transparent Port acts as a common port. In this port, all the hosts may communicate regardless
of Base Rule.

Configuring Netsnoop 11-3


Understanding NetSnoop

Configuring DHCP Snoop

Order of configuration of DHCP Snoop

The process to configure DHCP Snoop in Corecess S5 System is as shown below:

y Activate DHCP Snoop;

y Set System Base Rule;

y Set the strategies of Ports;

y (Optional) Set security strategy by the situation of network; and

y (Optional) Set the functions of DHCP Option82.

Activating DHCP Snoop

The thing to be done for the first time to configurate DHCP Snoop is to activate DHCP Snoop in
the Corecess S5 Sysem by the method shown below:

Command Work
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop 2. Activate DHCP snoop.

Below-shown is the example to activate DHCP Snoop in Corecess S5 Sysem.


# configure terminal
localhost(config)# ip dhcp snoop
localhost(config)#
To inactivate DHCP Server so as not to act anymore, run no ip dhcp snoop command in Global
Configuration Mode.
localhost(config)# no ip dhcp snoop
localhost(config)#

11-4 Corecess S5 System User's Guide


Understanding NetSnoop

Setting DHCP Snoop System Base Rule

This is the basic value to permit communication to the users with assignment of IPs through
licensed DHCP and converts the System Base Rule set as Permit mode to Deny mode.

Command Work
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop base- 2. System Base Rule of DHCP snoop is
rule deny converted into Deny mode.

The next is the example to set Base Rule of Corecess S5 System as Deny mode.
localhost(config)# ip dhcp snoop base-rule deny
localhost(config)# end
localhost# show ip dhcp snoop
ip dhcp snoop : $Revision: 1.22 $
ip dhcp snoop is enable
system's base rule : deny
base-rule timeout : none
enforced deny rule : applied
information policy : replace
secure-unicast : off
suppression : off
client-aging time(sec): 300
option82 insertion mode : disable
uptime : 26s

Internal router port information


dhcp snooping port 0/0 is enable ref(3) type(L:A)
link up, vlan 1, clients limit 0 (serviced 0)
base port rule: permit, port snooping type: server
port traffic rule: none
port timer-id: 15186480
opt82 circuit-id (none)

localhost#

Configuring Netsnoop 11-5


Understanding NetSnoop

Setting DHCP Snoop Port Strategy

Below-shown commands are used to decide the strategy of each port.

Command Work
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop port <port info> 2. Set corresponding port as Server Port. The port
server connected with DHCP Server is set as this one.
3. Set corresponding port as Transparent Port
Ip dhcp snoop port <port info>
transparent (basic value). In case of ports that do not need to or
should not manage hosts are set as theses ports.
4. Set corresponding port as Client Port. The ports
Ip dhcp snoop port <port info> that intend to permit the communication to the
client subscribers with assignment of IPs through
licensed DHCP are set as these ports.
Ip dhcp snoop port <port info> 5. Number of clients of corresponding port is
client-limit <num> limited to <num>.
Ip dhcp snoop port <port info> 6. The Circuit-ID of corresponding port is set as
circuit-id <str> <str>.
Ip dhcp snoop port <port info> 7. The Base-Rule of corresponding port is set as
base-rule <permit|deny> Deny mode.
8. A host is set as static type so that a specific host
Ip dhcp snoop port <port info>
static <MAC> <IP> may always communicate in the corresponding
port.
9. Corresponding port should not use Netsnoop
No ip dhcp snoop port <port info>
function.

In case of #1~#4, setting is different depending upon the situation that which kinds of hosts exist
in each port. Each port has one strategy – Severe, Transparent, or Client – and the port with no
setting is set as Transparent.
In case of#5~#7, setting is performed only when there is the DHCP Server that manages
subscribers through web authentication and allocate temporary IPs.
In case of #8~#11, setting is performed in needed cases only. If no setting is performed,
corresponding function is used.

11-6 Corecess S5 System User's Guide


Understanding NetSnoop

Setting the Port to be connected with DHCP Server


Execute ip dhcp snoop port <port info> server command to the port to be connected with DHCP
Server so that DHCP Snoop may forward DHCP Packets to server.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 server
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#

Setting the port to be connected with DHCP Clients


Execute ip dhcp snoop port <port info> client command in the port to be connected with DHCP
Clients so that DHCP Snoop may forward DHCP Packets to clients and the users with
assignment of IPs from licensed DHCP Server may communicate.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 client
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#

Setting the port to be connected with Temporary DHCP Server


Execute ip dhcp snoop port <port info> server command to the port to be connected with DHCP
Server so that DHCP Snoop may forward DHCP Packets to server.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 captive server
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent

Configuring Netsnoop 11-7


Understanding NetSnoop

localhost(config)#

When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#

Limiting the number of Clients by Port unit


To limit the number of Clients that may be connected with specific Ports, perform setting with
ip dhcp snoop port <port info> client-limit <num> command so that <num> clients may only
communicate.
However, this setting is possible in the ports that are set as clients.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/3 clients-limit 200
localhost(config)#
To cancel the limit number of clients in a specific port, execute no ip dhcp snoop port <port info>
client-limit command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/3 clients-limit
localhost(config)#

Setting Circuir-ID for a specific port


Circuit-ID is one of the sub-options of DHCP Option #82. To add and transfer Circuit-ID set in
all the DHCP Packets coming from corresponding port by setting Circuit-ID in a specific Port
when using DHCP Option82, execute ip dhcp snoop port <port info> circuit-id <str> command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 circuit-id aaa
slotport 3/1 circuit_id(aaa)
localhost(config)#
To delete set Circuit-ID, execute no ip dhcp snoop port <port info> circuit-id command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/1 circuit-id
localhost(config)#

11-8 Corecess S5 System User's Guide


Understanding NetSnoop

Setting Base-Rule in a specific port


To set own Base-Rule in a specific port regardless of the whole Base-Rule, execute ip dhcp snoop
port <port info> base-rule <permit|deny> command.
However, this function is available in client port only and is effective when the setting is done in
contrast to the whole Base-Rule.
Below-shown is the example to execute the command.

localhost# configure terminal


localhost(config)# ip dhcp snoop port fastethernet 3/3 base-rule deny
localhost(config)#

localhost# configure terminal


localhost(config)# ip dhcp snoop port fastethernet 3/3 base-rule permit
localhost(config)#
To release the setting, set Port Base-Rule same as whole Base-Rule.

Registering Static Host


To set a specific host to communicate always in the connected port, execute ip dhcp snoop port
<port info> static <MAC> <IP> command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)#ip dhcp snoop port fastethernet 3/3 static a:a:a:a:a:a
10.1.1.1
localhost(config)#
To delete static host, execute no ip dhcp snoop port <port info> static <IP> command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/3 static 10.1.1.1
localhost(config)#

Configuring Netsnoop 11-9


Understanding NetSnoop

Turning DHCP snoop function off in a specific port


Not to use DHCP snoop function in a specific port, execute no ip dhcp snoop port <port info>
command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/3
localhost(config)#
To use DHCP snoop function again, execute ip dhcp snoop port <port info> command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/3
localhost(config)#

11-10 Corecess S5 System User's Guide


Understanding NetSnoop

Setting DHCP Snoop Packet Control

Table 11-1 Kinds of Global DHCP snoop Packet Control Parameters

Default
Parameter Desctiption
value
When inputted Packet is not same with saved information,
Information policy Replace
whether to update is decided.
Inspection Appropriateness of inputted Packet is inspected. None
Broadcast is converted into Unicast with use of saved
Secure-unicast None
informationl.
Suppression Burst packet attack is blocked with use of DHCP Packet. None

The method to set the values of such DHCP snoop parameters are as follows:
Command Work

configure terminal 1. Enter into Global Configuration Mode.


2. When inputted Packet is not same with saved information,
whether to update is decided.
Ip dhcp snoop information policy
y <drop> : Inputted Packet is dropped.
<drop|replace>
y <replace> : Existing information is replaced with the
information of inputted Packet.
3. Appropriateness of inputted Packet is inspected and the
Packet that does not meet the condition is dropped.
y <mac-match> : It is inspected whether the mac address
of ethernet header and the mac address recorded in chaddr
Ip dhcp snoop inspection <mac- of dhcp header is same.
match|client-id| state_transition> y <cliend-id> : It is inspected whether the mac address of
ethernet header and the mac address recorded in client-id of
dhcp header is same.
y <state transition> : It is inspected whether inputted
Packet is appropriate DHCP Packet in terms of state.
4. The Packet, which is transferred to broadcast if
Ip dhcp snoop secure-unicast corresponding client information exists when the Packet to be
transferred to client is inputted, is transferred to unicast.
5. When two or more Discover Packets are inputted from a
same DHCP Client within the set time, the Packets other
Ip dhcp snoop suppression
than the firstly inputted Discover Packet are dropped.
<seconds>
y <seconds> : The section to process only one Packet is
set as time.
In the above-shown table, the processes from #2 through #6 are the descriptions on the method
to configure all the DHCP snoop parameters. It is not need to set all the parameters shown in
the table. You may set the values of needed parameters only regardless of the order.

Configuring Netsnoop 11-11


Understanding NetSnoop

Setting Snoop information policy as drop


Below-shown is the example to set so as to drop the Packet with use of ip dhcp snoop
information policy command when the Packet inputted in DHCP snoop differs from the
saved information.
localhost(config)# ip dhcp snoop information policy drop
localhost(config)#

To set so as to update saved information to the client information of newly inputted Packet,
execute ip dhcp snoop information policy replace command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop information policy replace
localhost(config)#

Setting inspection function


Below-shown is the example to set inspection function in DHCP snoop with execution of ip
dhcp snoop inspection command.
localhost(config)# ip dhcp snoop inspection mac-match
localhost(config)#
Not only mac-match but also client-id and state-transition may also be set. Each setting may be

duplicated. If you do not want to use inspection function, execute no ip dhcp snoop inspection

command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop inspection
localhost(config)#

11-12 Corecess S5 System User's Guide


Understanding NetSnoop

Setting secure unicast function


Below-shown is the example to set secure-unicast function in DHCP snoop with execution of ip
dhcp snoop secure-unicast command.
localhost(config)# ip dhcp snoop secure-unicast
localhost(config)#

To delete the setsecure-unicast function, execute no ip dhcp snoop secure-unicast command.


Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop secure-unicast
localhost(config)#
Setting suppression function
Below-shown is the example to set suppression function in DHCP snoop with execution of ip
dhcp snoop suppression command.
localhost(config)# ip dhcp snoop suppression 1
localhost(config)#
The time is inputted in second unit next to suppression. As shown above, if the time is set as 1 second,
other Packets having same mac in the chaddr field of dhcp header excluding the Packet firstly inputted
within the 1 second are blkocked. To delete suppression function, execute no ip dhcp snoop
suppression command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop suppression
localhost(config)#

Configuring Netsnoop 11-13


Understanding NetSnoop

Setting DHCP relay information (Option82)

What is DHCP relay information (Option82)?


When the Server allocates IP through DHCP Relay, the Server does not know the information
on the network position of client because it does not belong to the same network of client. To
recover such problem, the position information of client may be attached when transferring
DHCP Packet from relay to server. At this time, the part in which network position information
is inputted is #82 of DHCP Option field and this is called ‘DHCP relay information (hereinafter
referred to as ‘Option82’)’.
Option82 may have many suboptions. As the suboption currently set as the standard, circuit-
id(suboption1) remote-id(suboption2) is available and various suboptions may be defined and
used for each vendor. Also, the suboption field set as standard may also be somewhat different.
In Corecess S5, DHCP Snoop adds DHCP Option82 to Packet.

Setting Option82
Below-shown is the command to add DHCP Option82 in DHCP Snoop.
Command Work

configure terminal 1. Enter into Global Configuration Mode.

2. The function is activated so that dhcp packet에 option82


Ip dhcp snoop opt82 epon
may be added so as to be transferred to Server.

Below-shown is the example to execute the command.

localhost# configure terminal


localhost(config)# ip dhcp snoop opt82 epon
localhost(config)#

If you intend not to use Option82 function anymore, execute no ip dhcp snoop opt82 command.
Below-shown is the example to execute the command.

localhost# configure terminal


localhost(config)# no ip dhcp snoop opt82
localhost(config)#

11-14 Corecess S5 System User's Guide


Configuring ARP Snoop

Configuring ARP Snoop


In this section, the method to configure ARP Snoop is described.

ARP Snoop

In case of existing LAN switch, the arp request used in linking ip address and mac address in
IPv4 is basically broadcasted. In this case, malicious user may easily obtain the ip/mac
information of other hosts of nodes on the LAN by sniffing the Packet with substitution of own
network device for promicuous mode. Based on such information, the arp information of router
may be poisoned and the traffic of other hosts may be monitored. Also, by producing wrong
arp reply/request, proper users become ip conflict status and cannot receive network service.
To solve such problem, ARPsnoop blocks inputting of improper arp packet by inspecting all the
arp request/reply inputted into the switch and manages the ip/mac in the table to reduce the
quantity of broadcasted arp request .
When interworking with DHCPsnoop, arp request/reply is permitted only to the subscribers
using the ip-pool allocated through proper dhcp action and it can be prevented that malicious
user receives service by producing improper arp request or setting static IP.

Activating ARP Snoop

To enable ARP snoop, below-shown command is executed in Global Configuration mode.

Command Desctiption

ip arp snoop y ARP snoop enable

localhost(config)# ip arp snoop


To inactivate ARP snoop so to stop the action, execute no ip arp snoop command in Global
Configuration mode.
localhost(config)# no ip arp snoop

Configuring Netsnoop 11-15


Configuring ARP Snoop

Maintenance of ARP Snoop table entry

When the user communicates with use of proper IP, the entry is created and maintained in the
table managed by ARP snoop. Also, the users using static IPs set by group access list have static
entries. If you want to maintain the table of static IP users by maintaining the entries until the
users’ terminals are turned off, you may set ARP snoop active-probing and then ARP snoop
periodically transfers ARP request message to maintain the entries.

Command Desctiption

ip arp snoop active-probing y ARP snoop table entries are maintained.

localhost(config)# ip arp snoop active-probing


To inactivate active-probing so to stop the action, execute below-shown command.

localhost(config)# no ip arp snoop active-probing


If you execute arp-move command, it may be prevented that, in case of properly registered
entries, ARP snoop table entry is changed by received ARP message.

Command Desctiption

ip arp snoop arp-move restricted y ARP snoop table entries are maintained.

Localhost(config)# ip arp snoop arp-move restricted


To inactivate, execute below-shown command.
localhost(config)# no ip arp snoop arp-move restricted

11-16 Corecess S5 System User's Guide


Configuring ARP Snoop

ARP Snoop access function

When performing arp secured with use of dhcp binding information, Deny and Permit may be
performed with referring to access-list only with no secure checking of IP existing in
corresponding acces-list to manage the lower layer equipment using static IP.

Command Desctiption

ip arp snoop group access <list-


y <list-number> 1 ~ 99 IP standard access list
number>

To activate group access function, group-access list should be configured in advance.


localhost(config)#ip arp snoop groop access 1

The command to inactivate the activated group-access list is as follows:


localhost(config)#no ip arp snoop groop access

GARP sending cycle setting

As improper ARP Snoop table may be configured when arp poisoning is detected by the
equipment where ARP Snoop is set, ARP Snoop table may be reconfigured by sending the
GARP of proper ip/mac to the port where poisoning is detected.

Command Desctiption

ip arp snoop guard arp-poisoning y < sec > : Cycle to send GARP
<sec> <packets> y < packets > : Number of GARP Packets

Below-shown is the command to send 5 GARPs in a second. < sec > may be set in the range of 1
~ 10 and < packets >may be set in the range of 5 ~ 60.
localhost(config)#ip arp snoop groop guard arp-poisoning 1 5

The command to inactivate the activated GARP function is as follows:


localhost(config)#no ip arp snoop groop guard arp-poisoning

Configuring Netsnoop 11-17


Configuring ARP Snoop

ARP Snoop inspection setting

ARP Snoop provides with ARP Snoop inspection function to drop Packet when modified ARP
Packet is sent for poisoning attack. Inspection function is available as two types: mac-match and
unsolicited-reply. Mac-match function is the one to drop improper ARP Packet judged when
source mac address of Ethernet header part and source mac address part of ARP packet are not
same. Unsolicited-reply function is the one to judge and drop ARP poisoning attack when multi
ARP reply packets are received in a short time.

Command Desctiption

ip arp snoop inspection <mac- y < mac-match > : Source mac address inspection
match/unsolicited-reply> y < unsolicited-reply > Reply packet inspection

Both mac-match and unsolicited-reply may be used at the same time and only one mode may
also be used.
localhost(config)#ip arp snoop inspection mac-match
localhost(config)#ip arp snoop inspection unsolicited-reply

To inactivate the activated ARP Snoop inspection function, execute below-shown command. It
is not impossible to inactivate one of Mac-match mode or unsolicited-reply mode; if inactivation
is performed when two modes are set, both two are inactivated.
localhost(config)#no ip arp snoop inspection

ARP Snoop packet inspection

This is the function to drop the ARP packet to which proper IP is not allocated through DHCP
server, by referring the dhcp binding information in arp source address and target address.
Three modes are available and default mode is All: Target, Source, and All.

Command Desctiption
y < all > : Both source and target are inspected.
ip arp snoop reply < all, soruce, target >
y < source/target > : Either target or source is inspected.

localhost(config)#ip arp snoop reply source


As default mode is All, to change to default mode, execute all command.
localhost(config)#ip arp snoop reply all

11-18 Corecess S5 System User's Guide


Configuring ARP Snoop

ARP Snoop cache reply function

ARP Snoop unicasts reply message to the port received request for the ARP request message
already registered in ARP Snoop table to reduce the quantity of ARP packets.

Command Desctiption

ip arp snoop reply-cache y ARP Snoop reply cache function is activated.

localhost(config)#ip arp snoop reply-cache

To inactivate the activated ARP Snoop reply cache function, execute below-shown command.
localhost(config)#no ip arp snoop reply-cache

ARP request message forwarding setting

ARP Snoop may set whether to broadcast or unicast ARP request message.
Four request modes are available: broadcast, protected-broadcast, restricted-broadcast, and
secure-broadcast. Default mode is broadcast. In the broadcast mode, if there is no target
information, ARP request message is transferred to all the server port, transparent port, and
client port in the port types set in DHCP snoop.

Command Desctiption
ip arp snoop request <broadcast,
protected-broadcast, restrict-broadcast, y ARP Snoop request message setting
secure-broadcast>

When the mode is set as Restrict-broadcast, if the IP information was not properly allocated by
DHCP to source IP, ARP request packet is dropped. At this time, DHCP snoop base-rule should
be set as Deny. ARP request message is transferred to the port to which target belongs to when
there is the information on target; if there is no information on target and the request message is
sent from client port, it is broadcasted to server port and transparent port; if request message is
sent from server port, it is broadcasted to all ports.

localhost(config)#ip arp snoop request restrict-broadcast

Configuring Netsnoop 11-19


Configuring ARP Snoop

The basic action is same in the secure-broadcast mode and restrict-broadcast mode but, if there
is the information on target, the ARP request packet is unicasted to the physical address of
target IP.

localhost(config)#ip arp snoop request secure-broadcast

In protected-broadcast mode, ARP request packet is broadcasted to server port/router port only.
Therefore, action is possible only when local proxy arp is set in the router and ip dhcp snoop
base-rule deny is set. This setting is performed so that lower layer switch sends all the arp
requests to router to be processed when local-proxy-arp is drived in the router to perform user
isolation.

localhost(config)#ip arp snoop request protected-broadcast

The command to set ARP request as default mode again is as follows:


localhost(config)#ip arp snoop request broadcast

Prevention of MAC-move production to arp-entry registered as static


IP

If arp sticky command is activated, MAC move is not produced in the users or equipments
using static IPs.

Command Desctiption

ip arp snoop sticky y Setting of MAC move prevention to static IPs.

Below-shown is the example command to activate ARP sticky.


Localhost(config)#ip arp snoop sticky
The command to inactivate the activated ARP sticky is as follows:
localhost(config)#no ip arp snoop sticky

11-20 Corecess S5 System User's Guide


Chapter 12 Configuring Security

This chapter describes how to configure security features on the Corecess S5 System.

9 Managing Password and Session 12-2

9 Configuring Access Lists 12-6

9 Security Configuration Commands 12-11


Managing Password and Session

Managing Password and Session


This section describes how to set the password and time out value of Telnet session.

Configuring Password
Console is a terminal to connect the system directly through a console port, and virtual terminal
is a terminal to connect the system through Telnet. In the Corecess S5 System, users who access
the system through console or virtual ter