Beruflich Dokumente
Kultur Dokumente
V800R005C06
Configuration Guide
Issue 02
Date 2008-04-25
Part Number 00367766
Website: http://www.huawei.com
Email: support@huawei.com
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Contents
6 Device Management..................................................................................................................6-1
6.1 Overview.........................................................................................................................................................6-2
6.2 Setting the Description of a Shelf...................................................................................................................6-3
6.3 Resetting the Control Boards..........................................................................................................................6-3
6.4 Adding a Service Board Offline......................................................................................................................6-5
6.5 Confirming a Service Board............................................................................................................................6-6
6.6 Deleting a Service Board.................................................................................................................................6-6
6.7 Resetting a Service Board...............................................................................................................................6-7
6.8 Prohibiting a Service Board............................................................................................................................6-8
8 VLAN Configuration.................................................................................................................8-1
8.1 Overview.........................................................................................................................................................8-3
8.2 Configuration Example of a VLAN................................................................................................................8-5
8.3 Configuration Example of a MUX VLAN......................................................................................................8-7
8.4 Creating a VLAN..........................................................................................................................................8-10
8.5 Configuring the VLAN Attribute..................................................................................................................8-12
8.6 Setting the Inner and Outer Ethernet Protocols Type of a VLAN Stacking.................................................8-13
8.7 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN..................................................8-14
8.8 Adding an Upstream Port to a VLAN...........................................................................................................8-14
8.9 Adding a Service Port to a VLANAdding Service Port(s) to a VLAN.........................................................8-15
8.10 Adding Service Ports in Batches.................................................................................................................8-17
8.11 Configuring the Description of a Service Port............................................................................................8-18
15 MSTP Configuration.............................................................................................................15-1
15.1 Overview.....................................................................................................................................................15-3
15.2 Enabling the MSTP Function......................................................................................................................15-3
15.3 Setting the Working Mode of MSTP..........................................................................................................15-5
15.4 Setting the MST Region Parameters...........................................................................................................15-6
15.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region............15-7
15.4.2 Configuring the MST Region Name..................................................................................................15-8
15.4.3 Mapping the Specified VLAN to the Specified MSTP Instance........................................................15-9
15.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic............................................15-10
15.4.5 Setting the MSTP Revision Level....................................................................................................15-12
15.4.6 Restoring the Default Settings for All Parameters of the MST Region...........................................15-13
15.5 Activating the Configuration of the MST Region.....................................................................................15-13
15.6 Specifying the Device as a Root Bridge or a Backup Root Bridge...........................................................15-14
15.7 Setting the Priority of the Device in the Specified Spanning Tree Instance.............................................15-16
15.8 Setting the Maximum Number of Hops of the MST Region....................................................................15-17
15.9 Setting the Diameter of the Switching Fabric...........................................................................................15-18
15.10 Setting the Calculation Standard for the Path Cost.................................................................................15-19
15.11 Setting the Time Parameters of the Specified Network Bridge..............................................................15-20
15.11.1 Setting the Forward Delay of the Specified Network Bridge........................................................15-21
15.11.2 Setting the Hello Time of the Specified Network Bridge..............................................................15-22
15.11.3 Setting the Max Age of the Specified Network Bridge..................................................................15-23
15.11.4 Setting the Timeout Time Factor of the Specified Network Bridge..............................................15-25
15.12 Setting the Parameters of the Specified Port...........................................................................................15-26
15.12.1 Setting the Maximum Transmission Rate of the Specified Port....................................................15-26
15.12.2 Setting the Specified Port as an Edge Port.....................................................................................15-28
15.12.3 Setting the Path Cost of a Specified Port.......................................................................................15-29
15.12.4 Setting the Priority of the Specified Port.......................................................................................15-30
15.12.5 Setting the Point-to-Point Link Connection of the Specified Port.................................................15-31
15.13 Setting the mCheck Variable...................................................................................................................15-32
15.14 Configuring the Device Protection Function..........................................................................................15-33
15.14.1 Enabling the BPDU Protection Function of the Device.................................................................15-33
15.14.2 Enabling the Loop Protection Function of the Device...................................................................15-34
15.14.3 Enabling the Root Protection Function of the Device....................................................................15-36
15.15 Clear the MSTP Protocol Statistics.........................................................................................................15-37
16 NTP Configuration................................................................................................................16-1
16.1 Overview.....................................................................................................................................................16-3
16.2 Configuration Example of NTP Broadcast Mode.......................................................................................16-3
16.3 Configuration Example of NTP Multicast Mode........................................................................................16-7
16.4 Configuration Example of NTP Server/Client Mode................................................................................16-10
16.5 Configuration Example of NTP Peer Mode..............................................................................................16-13
16.6 Configuring the NTP ID Authentication...................................................................................................16-17
16.7 Configuring the NTP Master Clock..........................................................................................................16-19
20 ACL Configuration................................................................................................................20-1
20.1 Overview.....................................................................................................................................................20-3
20.2 Configuring the Basic ACL.........................................................................................................................20-5
20.3 Configuring the Advanced ACL.................................................................................................................20-7
20.4 Configuring the L2 ACL.............................................................................................................................20-8
20.5 Configuration Example of the User-Defined ACL...................................................................................20-11
20.6 Creating an ACL.......................................................................................................................................20-12
20.7 Configuring a Time Range........................................................................................................................20-14
20.8 Setting the Step..........................................................................................................................................20-15
20.9 Creating a Basic ACL Rule.......................................................................................................................20-15
20.10 Creating an Advanced ACL Rule............................................................................................................20-16
20.11 Creating an L2 ACL Rule.......................................................................................................................20-17
21 QoS Configuration.................................................................................................................21-1
21.1 Overview.....................................................................................................................................................21-3
21.2 Configuration Example of Queue Scheduling............................................................................................21-3
21.3 Configuration Example of Traffic Management Based on service streams................................................21-6
21.4 Configuration Example of Traffic Management Based on ACL rules.......................................................21-9
21.5 Configuring the Traffic Management Based on service streams..............................................................21-11
21.5.1 Configure the IP Traffic Profile.......................................................................................................21-12
21.5.2 Configure the ATM Traffic Profile..................................................................................................21-14
21.6 Configuring the Traffic Management Based on Port + CoS.....................................................................21-17
21.7 Configuring Queue Scheduling ................................................................................................................21-18
21.7.1 Configuring the Queue Scheduling Mode........................................................................................21-19
21.7.2 Mapping the 802.1p Priority to Queues...........................................................................................21-21
21.7.3 Configuring the Queue Buffer of a Service Board...........................................................................21-22
21.8 Configuring Traffic Management Based on ACL rules............................................................................21-24
21.8.1 Enabling Traffic Limit.....................................................................................................................21-24
21.8.2 Adding a Priority Tag to Packets.....................................................................................................21-25
21.8.3 Enabling the Traffic Statistics..........................................................................................................21-26
21.8.4 Enabling the Traffic Mirroring.........................................................................................................21-27
21.8.5 Enabling the Traffic Redirection......................................................................................................21-28
21.9 Enabling the Line Rate Limit on an Upstream Port..................................................................................21-29
32 ONT Management.................................................................................................................32-1
32.1 Overview.....................................................................................................................................................32-3
32.2 Configuration Example of the GPON ONT................................................................................................32-3
32.3 Configuring an GPON ONT Capability Set Profile....................................................................................32-7
32.4 Configuring the Attributes of a GPON ONT Port.....................................................................................32-11
32.5 Binding an ONT T-CONT with GEM Ports.............................................................................................32-12
32.6 Configuring the Mapping Between ONT Services and GEM Ports.........................................................32-13
32.7 Configuring a VLAN for a GPON ONT Port...........................................................................................32-14
32.8 Managing the IP Address of a GPON ONT..............................................................................................32-15
Figures
Figure 1-1 Example network for configuring the MA5600T through the local serial port..................................1-3
Figure 1-2 Flowchart for configuring the MA5600T through the local serial port..............................................1-4
Figure 1-3 Setting parameters of the terminal......................................................................................................1-5
Figure 1-4 Setting the terminal emulation type....................................................................................................1-6
Figure 1-5 Setting ASCII Code............................................................................................................................1-7
Figure 1-6 Example network for configuring the MA5600T through the remote serial port..............................1-8
Figure 1-7 Flowchart for configuring the MA5600T through the remote serial port..........................................1-9
Figure 1-8 Setting the parameters of the HyperTerminal...................................................................................1-11
Figure 1-9 Example network for configuring the outband management in a LAN by Telnet...........................1-13
Figure 1-10 Example network for configuring the outband management in a WAN by Telnet........................1-14
Figure 1-11 Flowchart for configuring the outband management in a WAN by Telnet....................................1-15
Figure 1-12 Running the telnet application........................................................................................................1-16
Figure 1-13 Example network for maintenance through the GE port in a LAN................................................1-17
Figure 1-14 Example network for maintenance through the GE port in a WAN...............................................1-17
Figure 1-15 Flowchart for configuring the MA5600T through the inband management channel.....................1-18
Figure 1-16 Running the telnet application........................................................................................................1-19
Figure 1-17 Setting up the SSH configuration environment in the LAN outband mode...................................1-20
Figure 1-18 Setting up the SSH configuration environment in the WAN outband mode..................................1-21
Figure 1-19 Setting up the SSH configuration environment in the LAN inband mode.....................................1-22
Figure 1-20 Setting up the SSH configuration environment in the WAN inband mode....................................1-23
Figure 1-21 Flowchart for configuring in the SSH mode..................................................................................1-24
Figure 1-22 Interface of the key generator.........................................................................................................1-26
Figure 1-23 Generating the client key................................................................................................................1-27
Figure 1-24 Interface of converting the client public key into the RSA public key..........................................1-28
Figure 1-25 Interface of the SSH client software...............................................................................................1-29
Figure 1-26 Interface for connecting to the system............................................................................................1-30
Figure 1-27 Interface for logging in to the SSH client.......................................................................................1-30
Figure 2-1 Switching between the command modes............................................................................................2-4
Figure 3-1 Example network for configuring the outband NMS.........................................................................3-5
Figure 3-2 Flowchart for configuring the outband NMS.....................................................................................3-6
Figure 3-3 Example network for configuring the inband NMS...........................................................................3-7
Figure 3-4 Flowchart for configuring the inband NMS.......................................................................................3-9
Figure 4-1 Example network for configuring a log host......................................................................................4-2
Figure 31-1 Example network for configuring the triple play service - multiple PVCs for multiple services
.............................................................................................................................................................................31-5
Figure 31-2 Flowchart for configuring the triple play service-multiple PVCs for multiple services................31-7
Figure 31-3 Example network for configuring the triple play service - single PVC for multiple services (based on
the user-side VLAN).........................................................................................................................................31-10
Figure 31-4 Flowchart for configuring the triple play service - single PVC for multiple services (based on the user-
side VLAN).......................................................................................................................................................31-12
Figure 31-5 Example network for configuring the triple play service - single PVC for multiple services (based on
802.1p)...............................................................................................................................................................31-15
Figure 31-6 Flowchart for configuring the triple play service - single PVC for multiple services (based on 802.1p)
...........................................................................................................................................................................31-17
Figure 31-7 Example network for configuring the triple play service - single PVC for multiple services (based on
service encapsulation type) ..............................................................................................................................31-20
Figure 31-8 Flowchart for configuring the triple play service - single PVC for multiple services (based on service
encapsulation type) ...........................................................................................................................................31-22
Figure 31-9 Example network for configuring the triple play service.............................................................31-25
Figure 31-10 Flowchart for configuring the triple play service.......................................................................31-28
Figure 32-1 ONT management architecture.......................................................................................................32-3
Figure 32-2 Example network for configuring an ONT.....................................................................................32-4
Figure 32-3 Flowchart for configuring an ONT.................................................................................................32-5
Figure 33-1 Example network for configuring Ethernet OAM..........................................................................33-4
Figure 33-2 Flowchart for configuring Ethernet OAM......................................................................................33-5
Figure 34-1 Connection between the H801ESC and the shelf...........................................................................34-4
Figure 34-2 Connection between the POWER4845 and the shelf.....................................................................34-6
Figure 34-3 Flowchart for configuring the H801ESC........................................................................................34-8
Figure 34-4 Flowchart for configuring a FAN.................................................................................................34-10
Tables
Table 3-14 Related operations for enabling the timely handshake function between the MA5600T and the N2000
.............................................................................................................................................................................3-21
Table 3-15 Related operation for setting the handshake interval.......................................................................3-22
Table 3-16 Related operation for configuring the IP address of the outband NMS interface............................3-23
Table 3-17 Related operation for configuring an NMS route.............................................................................3-24
Table 3-18 Related operation for configuring the IP address of the inband NMS interface..............................3-25
Table 4-1 Data plan for configuring a log host....................................................................................................4-3
Table 4-2 Related operations for configuring a log host......................................................................................4-5
Table 4-3 Related operations for deleting a log host............................................................................................4-6
Table 4-4 Related operations for deactivating a log host.....................................................................................4-6
Table 5-1 User authorities....................................................................................................................................5-2
Table 5-2 Parameters of a user profile..................................................................................................................5-3
Table 5-3 Related operations for adding a user profile........................................................................................5-5
Table 5-4 User attributes......................................................................................................................................5-5
Table 5-5 Related operations for adding a user....................................................................................................5-7
Table 5-6 Related operations for modifying the profile bound with a user..........................................................5-8
Table 5-7 Related operations for modifying the user login mode........................................................................5-9
Table 5-8 Related operations for modifying a user level...................................................................................5-10
Table 5-9 Related operations for changing a user password..............................................................................5-11
Table 5-10 Related operations for modifying the permitted number of reenters...............................................5-12
Table 5-11 Related operations for modifying the appended information...........................................................5-13
Table 5-12 Related operation for disconnection an online user.........................................................................5-14
Table 5-13 Related operations for deleting a user..............................................................................................5-15
Table 6-1 Service board status..............................................................................................................................6-2
Table 6-2 Related operation for setting the description of a shelf........................................................................6-3
Table 6-3 Related operations for resetting the control boards..............................................................................6-4
Table 6-4 Related operation for adding a service board offline...........................................................................6-6
Table 6-5 Related operation for confirming a service board................................................................................6-6
Table 6-6 Related operation for deleting a service board.....................................................................................6-7
Table 6-7 Related operation for prohibiting a service board................................................................................6-8
Table 7-1 Data plan for configuring the remote user authentication ...................................................................7-7
Table 7-2 Related operation for creating a RADIUS server template................................................................7-12
Table 7-3 Related operation for setting the IP address and port number of a RADIUS server..........................7-14
Table 7-4 Related operation for setting the response timeout interval of a RADIUS server.............................7-15
Table 7-5 Related operation for setting the maximum number of transmissions for the RADIUS request packets
.............................................................................................................................................................................7-17
Table 7-6 Related operations for configuring an 802.1x template ....................................................................7-20
Table 7-7 Related operations for enabling the 802.1x authentication on a port. ...............................................7-22
Table 7-8 Related operations for configuring the control mode of a port..........................................................7-23
Table 7-9 Related operations for enabling the 802.1x authentication globally .................................................7-24
Table 7-10 Related operations for enabling the DHCP-triggered 802.1x authentication...................................7-25
Table 7-11 Related operations for configuring an authentication scheme.........................................................7-27
Table 7-12 Related operations for configuring an accounting scheme..............................................................7-28
Table 12-21 Related operation for setting the interval for sending Hello packets...........................................12-24
Table 12-22 Related operation for setting the dead time between adjacent routers.........................................12-24
Table 12-23 Related operation for setting the Hello packet poll interval.........................................................12-25
Table 12-24 Related operation for setting the LSA transmit delay..................................................................12-26
Table 12-25 Related operation for setting LSA retransmit interval between adjacent routers........................12-27
Table 12-26 Related operation for setting the SPF calculation interval for OSPF...........................................12-27
Table 13-1 Data plan for configuring IS-IS........................................................................................................13-3
Table 13-2 Related operation for enabling the IS-IS process.............................................................................13-7
Table 13-3 Related operation for configuring an NET.......................................................................................13-9
Table 13-4 Related operation for configuring the router level.........................................................................13-10
Table 13-5 Related operations for enabling the IS-IS function on an interface...............................................13-11
Table 13-6 Related operations for configuring the IS-IS priority....................................................................13-13
Table 13-7 Relationship between the interface cost and the bandwidth..........................................................13-14
Table 13-8 Related operations for configuring the IS-IS interface cost...........................................................13-15
Table 13-9 Related operations for configuring the IS-IS route aggregation....................................................13-16
Table 13-10 Related operations for configuring the IS-IS to generate default routes......................................13-17
Table 13-11 Related operations for filtering the received or advertised routing information..........................13-18
Table 13-12 Related operations for configuring the suppression function.......................................................13-19
Table 13-13 Related operations for configuring the IS-IS to import external routes.......................................13-20
Table 13-14 Related operations for configuring the IS-IS route leaking.........................................................13-21
Table 13-15 Related operation for configuring the network type of an IS-IS interface...................................13-22
Table 13-16 Related operations for configuring the IS-IS interface level........................................................13-23
Table 13-17 Related operations for configuring the DIS priority of an IS-IS interface...................................13-24
Table 13-18 Related operations for configuring the IS-IS for not checking the IP addresses of the received Hello
packets...............................................................................................................................................................13-25
Table 13-19 Related operations for configuring the IS-IS packet timer..........................................................13-27
Table 13-20 Related operations for configuring the LSP parameters..............................................................13-29
Table 13-21 Related operation for configuring the LSP fast flooding.............................................................13-30
Table 13-22 Related operations for configuring the SPF parameters...............................................................13-31
Table 13-23 Related operations for configuring host name mapping..............................................................13-32
Table 13-24 Related operations for configuring the IS-IS authentication........................................................13-34
Table 13-25 Related operation for configuring the LSDB overload flag bit....................................................13-35
Table 13-26 Related operation for enabling the output of the adjacency state................................................13-36
Table 14-1 Data plan for configuring the BGP..................................................................................................14-3
Table 14-2 Related operation for configuring the BGP basic description..........................................................14-7
Table 14-3 Related operations for advertising the BGP local routes.................................................................14-8
Table 14-4 Related operation for configuring the local interface used for a BGP connection........................14-10
Table 14-5 Related operation for configuring the maximum number of hops in an EBGP connection..........14-11
Table 14-6 Related operation for configuring the Next_Hop attribute............................................................14-14
Table 14-7 Related operation for configuring the AS_Path attribute...............................................................14-15
Table 14-8 Related operations for configuring the BGP to import routes.......................................................14-16
Table 14-9 Related operation for filtering the routes imported by BGP..........................................................14-17
Table 14-10 Related operations for configuring the BGP route aggregation...................................................14-18
Table 14-11 Related operations for configuring the MA5600T to advertise the default routes to its peer......14-19
Table 14-12 Related operations for configuring the BGP access list...............................................................14-20
Table 14-13 Parameters for configuring a routing policy................................................................................ 14-21
Table 14-14 Related operations for configuring a routing policy.................................................................... 14-21
Table 14-15 Related operations for configuring the policy for advertising the BGP routing information......14-24
Table 14-16 Related operations for configuring the policy for receiving the BGP routing information.........14-26
Table 14-17 Related operations for configuring the BGP timer...................................................................... 14-28
Table 14-18 Related operations for configuring the interval for sending the update messages.......................14-29
Table 14-19 Related operations for configuring the BGP soft reset................................................................ 14-30
Table 14-20 Related operation for enabling the quick reset function of the EBGP connection...................... 14-31
Table 14-21 Related operation for configuring the MD5 authentication.........................................................14-32
Table 14-22 Related operation for configuring the maximum number of equal-cost routes........................... 14-33
Table 14-23 Related operations for configuring the split horizon function among the EBGP neighbors........14-34
Table 15-1 Related operations for enabling the MSTP function........................................................................15-4
Table 15-2 Related operation for setting the working mode of MSTP..............................................................15-6
Table 15-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm configured on the MST
region...................................................................................................................................................................15-8
Table 15-4 Related operations for configuring the MST region name...............................................................15-9
Table 15-5 Related operations for mapping the specified VLAN to the specified MSTP instance.................15-10
Table 15-6 Related operations for mapping all VLANs to the MSTP instances............................................. 15-11
Table 15-7 Related operations for setting the MSTP revision level of the device...........................................15-13
Table 15-8 Related operation for activating the configuration of the MST region..........................................15-14
Table 15-9 Related operation for specifying the device as a root bridge or a backup root bridge...................15-15
Table 15-10 Related operations for setting the priority of the device in the specified spanning tree instance
...........................................................................................................................................................................15-17
Table 15-11 Related operation for setting the maximum number of hops of the MST region........................ 15-18
Table 15-12 Related operation for setting the diameter of the switching fabric..............................................15-19
Table 15-13 Related operation for setting the calculation standard for the path cost...................................... 15-20
Table 15-14 Related operations for setting the Forward Delay of the specified network bridge.....................15-22
Table 15-15 Related operations for setting the Hello Time of the specified network bridge.......................... 15-23
Table 15-16 Related operations for setting the Max Age of the specified network bridge..............................15-25
Table 15-17 Related operation for setting the timeout time factor of the specified network bridge................15-26
Table 15-18 Related operation for setting the maximum transmission rate of the specified port....................15-27
Table 15-19 Related operation for setting the specified port as an edge port.................................................. 15-29
Table 15-20 Related operation for setting the path cost of a specified port.....................................................15-30
Table 15-21 Related operation for setting the priority of the specified port....................................................15-31
Table 15-22 Related operation for setting the point-to-point link connection of the specified port................15-32
Table 15-23 Related operation for enabling the BPDU protection function of the device.............................. 15-34
Table 15-24 Related operations for enabling the loop protection function of the device................................ 15-35
Table 15-25 Related operations for enabling the root protection function of the device.................................15-37
Table 16-1 Data plan for configuring the NTP broadcast mode........................................................................16-4
Table 16-2 Data plan for configuring the NTP multicast mode.........................................................................16-7
Table 16-3 Data plan for configuring NTP server/client mode........................................................................16-11
Table 16-4 Data plan for configuring the NTP peer mode...............................................................................16-14
Table 16-5 Related operations for configuring the NTP ID authentication.....................................................16-18
Table 16-6 Related operation for configuring the NTP master clock..............................................................16-20
Table 16-7 Related operations for configuring the NTP broadcast server mode.............................................16-21
Table 16-8 Related operations for configuring the NTP broadcast client mode..............................................16-22
Table 16-9 Related operations for configuring the NTP multicast mode.........................................................16-23
Table 16-10 Related operations for configuring the NTP server/client mode..................................................16-24
Table 16-11 Related operation for configuring the NTP peer mode................................................................16-25
Table 16-12 Related operations for configuring the authority of access to an NTP service of a local device
...........................................................................................................................................................................16-27
Table 16-13 Related operations for configuring an interface for transmitting or receiving NTP packets.......16-28
Table 17-1 Clock synchronization description...................................................................................................17-2
Table 17-2 Data plan for configuring the system clock.....................................................................................17-4
Table 17-3 Related operations for configuring the system clock.......................................................................17-6
Table 17-4 Related operations for setting the priority of a clock source............................................................17-7
Table 18-1 Related operation for adding a static MAC address.........................................................................18-3
Table 18-2 Related operation for configuring the MAC address filtering.........................................................18-7
Table 19-1 Related operation for configuring the synwait timer.......................................................................19-3
Table 19-2 Related operation for configuring the finwait timer.........................................................................19-4
Table 19-3 Related operation for configuring the socket buffer........................................................................19-4
Table 19-4 Related operations for enabling the IP packets debugging..............................................................19-5
Table 19-5 Related operations for enabling the IP packets debugging..............................................................19-6
Table 20-1 ACL types........................................................................................................................................20-3
Table 20-2 Data plan for configuring the basic ACL.........................................................................................20-6
Table 20-3 Data plan for configuring the advanced ACL..................................................................................20-7
Table 20-4 Data plan for configuring the L2 ACL.............................................................................................20-9
Table 20-5 Data plan for configuring the user-defined ACL...........................................................................20-11
Table 20-6 ACL number range.........................................................................................................................20-13
Table 20-7 Related operations for creating an ACL.........................................................................................20-13
Table 20-8 Related operation for setting the step.............................................................................................20-15
Table 20-9 Related operation for creating a basic ACL rule............................................................................20-16
Table 20-10 Related operation for creating an advanced ACL rule.................................................................20-17
Table 20-11 Related operation for creating an L2 ACL rule............................................................................20-18
Table 20-12 Description of letters and their offset values................................................................................20-19
Table 20-13 Related operation for creating a used defined ACL rule..............................................................20-20
Table 20-14 Related operation for activating the ACL of a port......................................................................20-21
Table 21-1 Data plan for configuring queue scheduling....................................................................................21-4
Table 21-2 Data plan for configuring the traffic management based on service streams..................................21-7
Table 21-3 Data plan for configuring the traffic management based on ACL rules........................................21-10
Table 21-4 Traffic parameters defined in the IP traffic profile........................................................................21-12
Table 21-5 Related operations for configuring the traffic entry ......................................................................21-14
Table 21-6 Relations between the service type, traffic description, and traffic parameters. ...........................21-14
Table 21-7 Application scenario of the ATM services ....................................................................................21-15
Table 21-8 Related operation for configuring the traffic entry .......................................................................21-17
Table 21-9 Mapping between the queue weight and the actual queue.............................................................21-19
Table 21-10 Related operations for configuring the queue scheduling mode..................................................21-20
Table 21-11 Mapping between the 802.1p priority and queue.........................................................................21-21
Table 21-12 Related operations for mapping the 802.1p priority to the queue of a service board..................21-22
Table 21-13 Default buffer size........................................................................................................................21-22
Table 21-14 Related operations for configuring the queue buffer of a service board .....................................21-23
Table 21-15 Related operation for enabling traffic limit of packets matching an ACL on a specified port
...........................................................................................................................................................................21-25
Table 21-16 Related operation for adding a priority tag to packets matching an ACL on a specified port
...........................................................................................................................................................................21-26
Table 21-17 Related operations for enabling the traffic statistics for packets matching an ACL on a port
...........................................................................................................................................................................21-27
Table 21-18 Related operation for enabling the traffic mirroring of packets matching an ACL rule on a specified
port....................................................................................................................................................................21-28
Table 21-19 Related operation for redirecting traffic matching an ACL on a port..........................................21-29
Table 21-20 Related operation for enabling the line rate limit on an upstream port........................................21-30
Table 22-1 Related operation for setting the Ethernet encapsulation type.........................................................22-6
Table 22-2 Related operations for enabling the DHCP option82.......................................................................22-7
Table 22-3 Related operation for binding the IP address...................................................................................22-9
Table 22-4 Related operations for enabling the anti MAC spoofing function.................................................22-11
Table 22-5 Related operations for enabling the anti MAC spoofing function.................................................22-12
Table 23-1 Related operations for enabling the anti DoS attack........................................................................23-4
Table 23-2 Related operation for enabling the anti IP attack function...............................................................23-4
Table 23-3 Related operation for enabling the anti ICMP attack function.........................................................23-5
Table 23-4 Related operation for enabling the function of source route filtering..............................................23-6
Table 23-5 Related operation for configuring the MAC address filtering.........................................................23-7
Table 23-6 Related operations for configuring the firewall black list function.................................................23-9
Table 23-7 Related operation for configuring the firewall function.................................................................23-11
Table 23-8 Related operations for configuring an accessible address segment...............................................23-11
Table 23-9 Related operations for configuring the inaccessible address segment...........................................23-12
Table 24-1 Data plan for configuring the fiber access service-single port for single service............................24-3
Table 24-2 Data plan for configuring the fiber access service-single port for multi-service.............................24-6
Table 25-1 Configurations of the GPON service in different application scenarios..........................................25-4
Table 25-2 Data plan for configuring the GPON service...................................................................................25-6
Table 25-3 Related operations for adding a DBA profile...................................................................................25-9
Table 25-4 Related operation for binding a DBA profile.................................................................................25-11
Table 25-5 Related operations for adding an alarm profile..............................................................................25-12
Table 25-6 Related operations for adding a GEM port....................................................................................25-14
Table 25-7 Related operations for adding a GPON ONT................................................................................25-17
Table 25-8 Related operation for activating a GPON ONT.............................................................................25-18
Table 25-9 Related operations for enabling the ONT auto-find function of a GPON port..............................25-19
Table 25-10 Related operations for setting the aging time of the ONT auto-find function.............................25-20
Table 30-30 Related operations for configuring the multicast VLAN member...............................................30-64
Table 30-31 Related operation for enabling the logging function....................................................................30-65
Table 30-32 Related operations for setting the IP address range of the multicast VLAN to generate the program
group dynamically.............................................................................................................................................30-66
Table 30-33 Related operation for enabling the program matching mode of the multicast VLAN.................30-67
Table 30-34 Related operations for configuring the virtual upstream port......................................................30-68
Table 30-35 Related operation for enabling the PIM-SSM function...............................................................30-70
Table 30-36 Related operations for setting the DR priority of a PIM router...................................................30-72
Table 30-37 Related operations for setting the interval for a PIM router to send Hello messages..................30-75
Table 30-38 Related operations for setting the holdtime for receiving the Hello messages............................30-77
Table 30-39 Related operation for setting the longest delay for triggering the transmission of the Hello message
...........................................................................................................................................................................30-78
Table 30-40 Related operations for setting the specifications of the Join/Prune messages.............................30-80
Table 30-41 Related operations for setting the interval for sending the Join/Prune messages........................30-82
Table 30-42 Related operations for setting the delay for a PIM router to perform pruning.............................30-84
Table 30-43 Related operations for setting the delay for a PIM router to override pruning............................30-87
Table 30-44 Related operations for setting the holdtime for a PIM router to maintain the join status of a downstream
interface.............................................................................................................................................................30-89
Table 30-45 Related operation for setting the range of the PIM-SSM multicast addresses.............................30-90
Table 30-46 Related operation for enabling the bandwidth management function..........................................30-92
Table 30-47 Related operation for modifying an authority profile..................................................................30-93
Table 30-48 Related operations for adding a BTV user...................................................................................30-95
Table 30-49 Related operations for modifying the attributes of a user............................................................30-97
Table 30-50 Related operation for blocking a BTV user.................................................................................30-98
Table 30-51 Related operation for binding a user with an authority profile....................................................30-99
Table 30-52 Related operation for enabling the switch of monitoring BTV users........................................30-100
Table 30-53 Related operation for configuring the preview profile...............................................................30-101
Table 30-54 Related operation for enabling the preview function.................................................................30-102
Table 30-55 Related operations for setting the preview auto reset time........................................................30-103
Table 30-56 Related operation for resetting the preview record....................................................................30-104
Table 30-57 Related operations for enabling the logging function on the multicast VLAN.........................30-106
Table 30-58 Related operation for setting the logging interval......................................................................30-107
Table 30-59 Related operations for configuring the log reporting.................................................................30-107
Table 30-60 Related operations for setting the automatic CDR reporting.....................................................30-110
Table 31-1 Modes to provide the triple play service..........................................................................................31-3
Table 31-2 Data plan for configuring the triple play service..............................................................................31-5
Table 31-3 Data plan for configuring the triple play service - single PVC for multiple services (based on the user-
side VLAN).......................................................................................................................................................31-10
Table 31-4 Data plan for configuring the triple play service - single PVC for multiple services (based on 802.1p)
...........................................................................................................................................................................31-15
Table 31-5 Data plan for configuring the triple play service - single PVC for multiple services (based on service
encapsulation type) ...........................................................................................................................................31-20
Table 31-6 Data plan for configuring the triple play service............................................................................31-25
Table 32-1 Data plan for configuring an ONT...................................................................................................32-4
Purpose
This document describes the configuration of various services supported by the MA5600T. The
description covers the following topics:
l Purpose
l Networking
l Data plan
l Prerequisite(s)
l Note
l Configuration flowchart
l Operation procedure
l Result
This document helps users to know the configuration of various services on the MA5600T.
Related Versions
The following table lists the product versions related to this document.
MA5600T V800R005
Intended Audience
The intended audience of this document is:
Organization
This document describes the configuration on the MA5600T. Each chapter gives an overview
to the configuration first, then describes the configuration flow and the configuration example
(some chapters not) and finally describes the basic operations in detail.
For the readers that know the product well, it is recommended to read the configuration example
(s) directly; For the readers that do not know the product well, it is recommended to read the
basic operations first.
This document consists of the following chapters and is organized as follows.
Chapter… Describes…
2 Getting Started With CLI The basic CLI operations on the MA5600T
6 Device Management How to manage the shelf and boards of the MA5600T
10 ARP & ARP Proxy How to configure ARP and ARP proxy
Configuration
11 RIP Routing Protocol How to configure the RIP routing protocols supported by the
Configuration MA5600T
12 OSPF Routing Protocol How to configure the OSPF routing protocols supported by
Configuration the MA5600T
13 IS-IS Routing Protocol How to configure the IS-IS routing protocols supported by
Configuration the MA5600T
14 BGP Routing Protocol How to configure the BGP routing protocols supported by
Configuration the MA5600T
Chapter… Describes…
18 MAC Address How to configure MAC addresses and the MAC address pool
Management
20 ACL Configuration ACL and the method of configuring ACL on the MA5600T
21 QoS Configuration QoS and the method of configuring QoS on the MA5600T
SHDSL Service The SHDSL technology and the method of configuring the
Configuration SHDSL service on the MA5600T
VDSL2 Service The VDSL2 technology and the method of configuring the
Configuration VDSL2 service on the MA5600T
25 GPON Service The GPON technology and the method of configuring the
Configuration GPON service on the MA5600T
26 Protection Configuration The service protection on the upstream port of the MA5600T
for Upstream Link
29 QinQ VLAN Private How to configure the private line service on the MA5600T
Line Service Configuration
31 Triple Play Service How to configure the triple play service on the MA5600T
Configuration
CPE Management How to log on and configure the CPE terminal through the
MA5600T
Chapter… Describes…
Differences Between the ETSI Service Shelf and the 19-inch Service Shelf
The MA5600T supports both the ETSI service shelf and the 19-inch service shelf. The following
table lists the differences between the two shelves.
Shelf Type Slots Slots for the Slots for Slots for
Control Board Service Boards Upstream
Interface Boards
This document uses the ETSI service shelf as an example because the two shelves support the
same software functions, although their hardware are different.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Symbol Description
General Conventions
Convention Description
Command Conventions
Convention Description
GUI Conventions
Convention Description
Boldface Buttons, menus, parameters, tabs, window, and dialog titles are
in Boldface. For example, click OK.
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt
+A means the three keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means the
two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Double-click Press the primary mouse button twice continuously and quickly
without moving the pointer.
Drag Press and hold the primary mouse button and move the pointer
to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
This topic describes the different maintenance modes of theMA5600T through the maintenance
terminal.
1.1 Overview
This topic describes the different maintenance modes of the MA5600T through the maintenance
terminal and describes the features of the maintenance modes.
1.2 Configuring the Terminal Through the Local Serial Port
This topic describes how to log in to the MA5600T and configure the MA5600T by using the
HyperTerminal of the Windows operating system.
1.3 Configuring the Terminal Through the Remote Serial Port
This topic describes how to log in to the MA5600T and configure the MA5600T through the
remote serial port.
1.4 Configuring the Terminal Through the Outband Management Channel
This topic describes how to connect the maintenance terminal to the MA5600T over a local area
network (LAN) or a wide area network (WAN), and configure the MA5600T through the
outband management channel.
1.5 Configuring the Terminal Through the Inband Management Channel
This topic describes how to configure the MA5600T through the inband management channel.
1.6 Configuring the Terminal Through SSH
This topic describes how to connect the maintenance terminal to the MA5600T through SSH.
Then, you can log in to the MA5600T through SSH for maintenance. This helps to protect the
MA5600T from network attacks.
1.1 Overview
This topic describes the different maintenance modes of the MA5600T through the maintenance
terminal and describes the features of the maintenance modes.
You can maintain the SmartAX MA5600T Multi-service Access Module Optical Access
Equipment (the MA5600T for short) through a maintenance terminal in the command line
interface (CLI) mode. The configuration of a maintenance terminal involves the following:
SSH mode Uses the service channel of Secure Shell (SSH) ensures
the MA5600T, or the network security through the
maintenance network port authentication, encryption, and
of the SCU board to identification functions. When a
manage the system. user telnets to the MA5600T from
an insecure network, SSH protects
the MA5600T from malicious
attacks such as IP address spoofing
and clear text password
interception.
Networking
Figure 1-1 shows an example network for configuring the MA5600T through the local serial
port.
Figure 1-1 Example network for configuring the MA5600T through the local serial port
Configuration Flowchart
Figure 1-2 shows the flowchart for configuring the MA5600T through the local serial port.
Figure 1-2 Flowchart for configuring the MA5600T through the local serial port
Start
End
Procedure
Step 1 Connect the serial port cable.
Use a RS-232 serial port cable to connect the serial port of the PC to the CON port of the SCU
board, as shown in Figure 1-1.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and set up a serial port connection. Enter the connection name, and
click OK.
2. Configure the serial port.
Select the standard character terminal or the PC terminal serial port that is connected to the
MA5600T. (Assume that the serial port is serial COM2.) Click OK.
In step 2, click OK. Then, set the serial port parameters in the dialog box as shown in Figure
1-3. The parameters are set as follows:
l Stop bits: 1
l Flow control: None
NOTE
l When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with the
baud rate of the serial port in the MA5600T. By default, the baud rate of the serial port is 9600 bit/s.
l There may be illegible characters in the input information after you log in to the system. This is because
the baud rate between the HyperTerminal and the MA5600T is inconsistent. In such cases, use a
different baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/
s, 38400 bit/s, 57600 bit/s, and 115200 bit/s.
Click OK.
Step 4 Define the terminal emulation type.
Choose File > Properties on the HyperTerminal interface. Click the Settings tab. Select
VT100 or Auto Detection as the type of terminal emulation, as shown in Figure 1-4.
NOTE
When you paste text to the HyperTerminal, character delay controls the character transmit speed, and the
line delay controls the interval of sending every line. If a delay is very short, it leads to loss of characters.
When the pasted text is displayed abnormally, modify the setting.
----End
Result
In the HyperTerminal interface, press Enter. The system displays a message requesting you to
enter the user name. Enter the user name and password for user registration (by default, the super
user name is root and the password is admin), and wait until the command line prompt
(MA5600T) appears.
If the login fails, click the Hang-up icon first, and then click the Dial icon. If you still cannot
log in, return to step 1 to check the parameter settings and the physical connections, and then
try again.
Prerequisite
Connect a PSTN modem on the MA5600T side and PC side before using a serial port for remote
maintenance. In this way, you can set up a remote connection between the PC and the
MA5600T through modem dialup.
The PSTN modem on the MA5600T side is referred to as the called PSTN modem. The PSTN
modem on the PC side is referred to as the calling PSTN modem. The PSTN modems must meet
the following requirements:
l Both the calling and called PSTN modems must be the standard modems, and must support
the AT command set.
Networking
Figure 1-6 shows an example network for configuring the MA5600T through the remote serial
port.
Figure 1-6 Example network for configuring the MA5600T through the remote serial port
CON
Serial port ETH
Telephone line cable ESC
Modem
Modem PC
Configuration Flowchart
Figure 1-7 shows the flowchart for configuring the MA5600T through the remote serial port.
Figure 1-7 Flowchart for configuring the MA5600T through the remote serial port
Start
End
Procedure
Step 1 Set the called modem parameters.
Only three signal lines, namely SD, RD, and SG, are used for connecting the MA5600T and the
modem. Therefore, before connecting the modem to the MA5600T, shield the handshake signals
and the flow control signals of the modem.
1. Connect the serial port of the modem to the serial port of the maintenance terminal by using
the dedicated cable for the modem, and then power on the system. You need not install a
driver during this operation.
2. Assume that the modem is connected to COM2 port. Start the HyperTerminal, and select
Direct to COM2 in the Connect using column in the dialog box that appears. Set the serial
port parameters as follows: 9600 bit/s for baud rate, 8 for data bits, 1 for stop bits, None
for parity, and None for data traffic control.
NOTE
After the connection, the terminal may not display anything. This is because the display function of
the modem was disabled at the previous configuration operation. To enable the terminal to display
the input information and the output information, run the AT&F command to restore the default
settings and press Enter.
3. Check the modem.
In the HyperTerminal, enter the AT&F command to restore the default settings of the
modem. Check whether the screen displays "OK". If it displays "OK", the modem is normal.
If it does not display "OK", the modem is faulty and it must be replaced with a new modem.
4. In the HyperTerminal, run the following commands:
NOTE
After the last command is executed, running the AT command disables the echo function of the
terminal and prevents the display of the execution results.
l Due to the limitation of the bit rate of the modem, you can run the baudrate command to modify
the baud rate of the serial port of the MA5600T to 9600 bit/s or 19200 bit/s.
l To prevent an extremely high bit rate on the line between the two modems, you can set AT
$MB=9600 (or another value) before running the ATEQ1&W command.
After the power-on, the calling modem can function in the normal state without any
configuration. However, if you connect the maintenance terminal to the modem by using a
standard cable, shield the handshake signals and the flow control signals of the modem before
the connection. For more information on the shield operation, refer to the settings of the called
modem parameters.
Plug the telephone line into the LINE port of the called modem. Connect the serial port of
the called modem to the maintenance port CON of SCU board on the MA5600T by using
the dedicated serial port cable for the MA5600T, and then power on the modem.
2. Connect the calling modem.
For an external modem, plug the telephone line into the LINE port of the calling modem,
connect the serial port of the calling modem to the serial port of the maintenance terminal
by using the dedicated cable for the modem, and then power on the modem.
For a built-in modem, you only need to plug the telephone line into the LINE port of the
calling modem.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and enter the name. Click OK.
2. Configure the serial port.
Select the standard character terminal or the PC terminal serial port that is connected to the
MA5600T. (Assume that the serial port is serial COM2.) Click OK.
In the preceding substep 2, click OK. Then, set the serial port parameters in the dialog box as
shown in Figure 1-8. The parameters are set as follows:
l When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with the
baud rate of the serial port. By default, the baud rate of the serial port is 9600 bit/s.
l There may be illegible characters in the input information after you log in to the system. This is because
the baud rate between the HyperTerminal and the system is inconsistent. In such cases, use another
baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400
bit/s, 57600 bit/s, and 115200 bit/s.
In the case of an external modem, select a serial port instead of a modem from the Connect
using drop-down list in the HyperTerminal to set up the connection to the modem.
For details of the dialup commands, refer to the AT command set. ATDT0 W
020XXXXXXXX indicates that you should dial "0" for connection by using the external
line. Wait for the dialing tone from the switch, and then dial the telephone number
020XXXXXXXX.
2. In the case of a built-in modem, perform the following operations:
Run the HyperTerminal. Set the called number. Select the modem from the Connect
using drop-down list. Click Configure in the properties setting interface to set the modem
properties. Select Bring up terminal window after dialing in the Options tab of the
properties setting interface. Click OK to confirm the setting. Click Dial to continue the
dialing. You need not use any ATDT commands for dialing.
----End
Result
After the dialup, the "OH" and "RI" LEDs on the modem that connects to the PC turn on. The
modem generates a sound, which indicates that the connection is in-progress. After the
connection is set up, the two modem CD LEDs (for carrier detection) turn on, and the
HyperTerminal interface displays "CONNECT9600 (or 19200)". This indicates that the inter-
modem connection is set up successfully.
If "NO CARRIER" is displayed, the connection fails. Check the hardware connections and the
telephone line. Press Enter until the login interface appears.
After configuring the MA5600T, run the hang-up command of the HyperTerminal to break the
connection.
WARNING
l When the modem connection setup is in progress, pressing any key on the keyboard interrupts
the ongoing call.
l After a remote maintenance operation, you need to disconnect the line, instead of directly
shutting down the HyperTerminal. Otherwise, modems of certain models may remain online
all the time, resulting in failure during the next dialup connection.
Networking-LAN
Figure 1-9 shows an example network for configuring the outband management in a LAN by
Telnet.
Figure 1-9 Example network for configuring the outband management in a LAN by Telnet
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Use a straight through cable to connect the MA5600T to the LAN. Make sure that the IP address
of the maintenance network port of the control board and the IP address of the PC used for
maintaining the MA5600T are located in the same subnet.
NOTE
You can also use a crossover cable to connect the network port of the maintenance terminal to the
maintenance network port of the control board to maintain the MA5600T.
Data Plan-LAN
Table 1-2 provides the data plan for configuring the outband management in a LAN by Telnet.
Table 1-2 Data plan for configuring the outband management in a LAN by Telnet
Item Data
Networking-WAN
Figure 1-10 shows an example network for configuring the outband management in a WAN by
Telnet.
Figure 1-10 Example network for configuring the outband management in a WAN by Telnet
PC
LAN CON
ETH
ESC
Router
PC PC
SCU MA5600T
Data Plan-WAN
Table 1-3 provides the data plan for configuring the outband management in a WAN by Telnet.
Table 1-3 Data plan for configuring the outband management in a WAN by Telnet
Item Data
Configuration Flowchart
Figure 1-11 shows the flowchart for configuring the outband management in a WAN by Telnet.
Figure 1-11 Flowchart for configuring the outband management in a WAN by Telnet
Start
No
WAN environment or not?
Yes
End
Procedure
Step 1 Set up the configuration environment.
Figure 1-9 and Figure 1-10 show the example networks for configuring the MA5600T through
the outband management channel. You can set up the environment according to the requirements.
Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the
maintenance network port of the MA5600T in the Open field. Click OK to run the telnet
application (Windows XP OS is considered as an example), as shown in Figure 1-12.
>>User name:root
>>User password:
----End
Result
After logging in to the system, you can perform the configuration successfully.
Networking-LAN
Figure 1-13 shows an example network for maintenance through the GE port in a LAN.
Figure 1-13 Example network for maintenance through the GE port in a LAN
GE 0/19/0
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Data Plan-LAN
Table 1-4 provides the data plan for the network.
Networking-WAN
Figure 1-14 shows an example network for maintenance through the GE port in a WAN.
Figure 1-14 Example network for maintenance through the GE port in a WAN
Router
PC
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan-WAN
Table 1-5 provides the data plan for the network.
VLAN ID 30
Upstream port 0
Configuration Flowchart
Figure 1-15 shows the flowchart for configuring the MA5600T through the inband management
channel.
Figure 1-15 Flowchart for configuring the MA5600T through the inband management channel
Start
No
WAN environment or
not?
Yes
End
Procedure
Step 1 Set up the configuration environment.
Figure 1-13 and Figure 1-14 show the example network for configuring the MA5600T through
the inband management channel. You can set up the environment based on the requirements.
Step 2 Create an NMS VLAN and add the upstream port to it.
1. Run the vlan command to create an NMS VLAN.
huawei(config)#vlan 30 standard
huawei(config)#port vlan 30 0/9 0
2. Run the native-vlan command to configure the native VLAN of the upstream port.
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 30
Run the ip address command to set the IP address and subnet mask of the MA5600T VLAN
L3 interface.
huawei(config-if-scu-0/9)#quit
huawei(config)#interface vlanif 30
huawei(config-if-vlanif30)#ip address 10.10.20.1 255.255.255.0
If the configuration environment is set up as shown in Figure 1-13, you need not configure a
route.
If the configuration environment is set up as shown in Figure 1-14, you need to add the route
of next hop.
huawei(config-if-vlanif30)#quit
huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the
maintenance network port of the SCU board in the Open field. Click OK to run the telnet
application as shown in Figure 1-16.
By default, the super user uses root and admin as the user name and password. When you log
in, the system prompts the following.
>>User name:root
>>User password:
----End
Result
After logging in to the system, you can configure the terminal for maintenance.
Networking-LAN
Figure 1-17 shows the connection for setting up the SSH configuration environment in the LAN
outband mode.
Figure 1-17 Setting up the SSH configuration environment in the LAN outband mode
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Data Plan-LAN
Table 1-6 provides the data plan for the network.
Item Data
Networking-WAN
Figure 1-18 shows the connection for setting up the SSH configuration environment in the WAN
outband mode.
Figure 1-18 Setting up the SSH configuration environment in the WAN outband mode
PC
LAN CON
ETH
ESC
Router
PC PC
SCU MA5600T
Data Plan-WAN
Table 1-7 provides the data plan for the network.
Item Data
Item Data
Networking-LAN
Figure 1-19 shows the connection for setting up the SSH configuration environment in the LAN
inband mode.
Figure 1-19 Setting up the SSH configuration environment in the LAN inband mode
GE 0/19/0
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Data Plan-LAN
Table 1-8 provides the data plan for the network.
Item Data
Networking-WAN
Figure 1-20 shows the connection for setting up the SSH configuration environment in the WAN
inband mode.
Figure 1-20 Setting up the SSH configuration environment in the WAN inband mode
Router
PC
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan-WAN
Table 1-9 provides the data plan for the network.
Configuration Flowchart
Figure 1-21 shows the flowchart for configuring the SSH environment. For details of the
configuration, see "7.7 Configuring SSH."
Start
WAN environment or No
not?
Yes
End
Procedure
Step 1 Set up the configuration environment.
You can set up the configuration environment as shown in Figure 1-17, Figure 1-18, Figure
1-19, and Figure 1-20.
Step 2 Set the IP address of the maintenance network port/VLAN L3 interface.
l To set the IP address of the maintenance network port, do as follows:
huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.20.2 255.255.255.0
Step 5 Create the local key pair for the SSH server.
CAUTION
After logging in to the SSH successfully, configure and create the local RSA key pair. Make
sure that you complete the "rsa local-key-pair create" operation and create the local key pair
before further SSH configurations.
Select SSH-2 RSA as the key type under Parameters. Click Generate. Move the cursor
over the blank area to generate the client key, as shown in Figure 1-23.
After generating the client key, save the public key and private key.
3. Generate the RSA public key.
To convert the client public key into the RSA public key, run the client software for
converting keys, namely the sshkey.exe, as shown in Figure 1-24.
Figure 1-24 Interface of converting the client public key into the RSA public key
To generate the public key for the SSH user, copy the RSA public key to the server in the config-
rsa-key-code command line mode.
huawei(config)#rsa peer-public-key key
Enter "RSA public key" view, return system view with "peer-public-key end".
huawei(config-rsa-public-key)#public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
huawei(config-rsa-key-code)#30818602 81805A01 625279EF 5E4CD503 916C9DB5 0233CF58
huawei(config-rsa-key-code)#C901D4CA 207C77D3 4EF25B04 9897BD24 997BF61B DFB9A73C
huawei(config-rsa-key-code)#F82B6F06 55ACCDB9 F7DC1474 9E6518EE B1A543FF 9147150B
huawei(config-rsa-key-code)#111BD11C 683A023B A4295550 DA13F6BE 3190A2A8 3BFCB158
huawei(config-rsa-key-code)#4FBAA365 F6E796A0 B02CB6F9 8491A373 9B4A0876 4B3189B4
huawei(config-rsa-key-code)#BBA2C7BA E1974104 AD165E98 18CF0201 25
huawei(config-rsa-key-code)#public-key-code end
huawei(config-rsa-public-key)#peer-public-key end
In the global config mode, to authorize the public key to the SSH user huawei, do as follows:
huawei(config)#ssh user huawei assign rsa-key key
Run the SSH client software PUTTY.EXE. Click Auth in the directory tree and assign a
file for the RSA private key, as shown in Figure 1-25. Click Browse. Select the file for the
private key and click OK.
Because the user authentication mode is RSA, the system prompts a message, as shown in
Figure 1-27.
Enter the correct username to log in to the system according to the prompt.
----End
Result
After logging in to the system, you can perform the configuration successfully.
2.1 Overview
This topic describes the CLI operation mode and the method of applying it for maintaining the
MA5600T.
2.2 CLI Characteristics
This topic describes the CLI characteristics of the MA5600T.
2.3 Basic Operations Through CLI
This topic describes how to perform the basic operations on the MA5600T through the CLI.
2.1 Overview
This topic describes the CLI operation mode and the method of applying it for maintaining the
MA5600T.
Service Description
You can maintain the MA5600T through the CLI or the NMS.
l The NMS provides a graphical user interface (GUI) and the CLI provides the command
line interface to facilitate operations.
l The networking for maintaining the MA5600T through the CLI is simple. You can run the
HyperTerminal or the telnet program of the Windows operating system to log in to the
MA5600T to maintain it through the CLI.
Service Specification
This topic describes certain basic CLI operations that can help you to perform the basic
configurations for the MA5600T through the CLI.
Classification
The MA5600T provides various modes to realize hierarchical protection and to prevent
unauthorized access.
The MA5600T provides the following command modes:
l User mode
l Privilege mode
l Global config mode
l Interface config Mode
l RIP mode
l OSPF mode
l BTV mode
Features
l Downward compatibility
– All commands in the user mode can be run in the privilege mode.
– All commands in the user mode and privilege mode can be run in the global config
mode.
l Hierarchical protection
Based on different command modes, the system can prevent unauthorized access. For users
at different levels, the command modes involved are different, and the commands that can
be executed for these users are also different even though they can enter the same mode.
Mode Switching
Figure 2-1 shows how to switch between the command modes.
NOTE
Function
To facilitate the operation, you can type in an incomplete keyword, and then press the space bar.
The CLI interface automatically displays the matching keywords.
For example, for the command enable, type en or ena (in the common user mode).
Note
After pressing the space bar, if the system does not return the commands, it indicates the
following:
l You have entered a wrong command. In this case, check the command and enter the correct
command.
For example, when you enter dip (for display) in the privilege mode, entering a space
character does not display the commands.
l Two or more commands match the entered keyword.
For example, when you enter dis in the privilege mode, the system cannot find a matched
keyword for it. This is because there are two commands that start with dis: disable and
display.
Function
The CLI provides basic command edit functions. It allows multi-line editing, with up to 255
bytes for each command.
Specification
Table 2-2 lists the edit functions.
Common key If the edit buffer is not full, pressing such a key moves the cursor
to the right from its current position.
<Backspace> Pressing this key deletes the character before the cursor and
moves the cursor backwards. The cursor stops when it reaches
the beginning of the line.
Left arrow key <←> or Moves the cursor one character to the left.
<Ctrl+A>
Right arrow key <→> or Moves the cursor one character to the right.
<Ctrl+D>
Up/Down arrow key <↑ Displays history commands. For certain terminals, which do not
><↓> support up/down arrow keys, you can use <Ctrl+P> to select the
previous history command.
<Ctrl+U> Deletes the characters before the current cursor and moves the
cursor to the beginning of the line.
<Ctrl+K> Deletes the characters after the current cursor and moves the
cursor to the end of the line.
NOTE
Common keys refer to letter keys, number keys, and mark keys.
Function
In the interactive mode, if you type an incomplete command and press Enter, the system prompts
the following keywords that can be input and the parameter type of the keyword. When you
input "?", the system prompts the help information of the command.
Examples
To run the load program command in the interactive mode, do as follows:
huawei#load program
{ xmodem<K>|tftp<K>|ftp<K> }:tftp
huawei#load program
{ emu<K>|ont<K>|xmodem<K>|tftp<K>|ftp<K>|sftp<K> }:tftp
When the interactive mode is disabled, if you type an incomplete command and press Enter,
the system prompts an error.
To run the load program command when the interactive mode is disabled, do as follows:
huawei#undo smart
huawei#load program tftp
^
% Incomplete command, the error locates at '^'
To display the help information provided by the command after you input the keyword
switch, and then "?", do as follows:
huawei#switch ?
---------------------------------------------
Command of user Mode:
---------------------------------------------
language-mode Set language parameter
Function
In the interactive mode, the CLI characters such as <K> and <I> are used to express the parameter
types of a keyword.
Specification
Table 2-3 lists the meaning of the CLI characters supported by the MA5600T.
Character Meaning
<K> Keyword
<I> IP address
<H> Hexadecimal number. That is, the "Ox" can be input. The default
setting is decimal number.
<D><yy-mm-dd> Date
<T><hh:mm:ss> Time
NOTE
The hexadecimal number can be input in the CLI. If you, however, do not type "0x" when entering a
hexadecimal number, the system considers the number that is entered as a decimal.
Function
When you query the information, the CLI may fail to display the information on one screen. In
such a case, use the pause function to view the information displayed on multiple screens.
Specification
Table 2-4 lists the options for viewing the information displayed on multiple screens.
Table 2-4 Options for viewing the information displayed on multiple screens
Key Function
Press Q or Ctrl+C Ends the display and the execution of the commands.
when the display is
frozen.
Press Space when the Continues to display the information on the next screen.
display is frozen
Press Enter when the Continues to display the information on the next line.
display is frozen
Background Information
By default, up to 10 history commands can be saved for every user in the CLI, and up to 10
history commands can be queried.
The display history-command command displays only the commands run by the current user.
After re-login, the history commands are cleared.
Procedure
Step 1 Run the history-command max-size command to set the number of history commands that can
be saved in the command buffer.
----End
Example
To set the number of history commands that can be saved in the command buffer to 20, do as
follows:
huawei(config)#history-command max-size 20
huawei(config)#display history-command
--------------------------------------------------
No. Command
--------------------------------------------------
10 interface ?
9 history-command max-size
8 mac-pool ?
7 display current-configuration
6 ?
5 quit
4 quit
3 radius-server ?
2 ?
1 ?
--------------------------------------------------
Function
The system checks the syntax of each command you type, and executes the command if it passes
the check. If the command fails to pass the check, the system prompts an error message.
Specification
Table 2-5 shows the common CLI error prompts.
Parameter error The parameter is incorrect and the cursor indicates the error
location.
Background Information
The CLI provides the following two methods for obtaining online help:
l Full help
– When you type ? following the prompt, you can obtain the help information about the
current available commands.
– When you type ? following a complete keyword, you can obtain the brief help
information about all commands matching that keyword and the parameters of these
commands.
l Partial help
When you type ? following an incomplete keyword, you can obtain the help information
about the commands matching that incomplete keyword.
Examples
To obtain the help information about all available commands in the global config mode, do as
follows:
huawei(config)#?
---------------------------------------------
Command of config Mode:
---------------------------------------------
aaa AAA(Authentication,Authorization,Accounting) view
acl Specify ACL configuration information
adsl <Group> adsl command group
arp <Group> ARP command group
auto-backup Auto backup
bandwidth Modify bandwidth or convergence
bind <Group> bind command group
---- More ( Press 'Q' to break ) ----
To obtain the help information about the commands that match with the incomplete keyword
display, do as follows:
huawei(config)#display ?
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
acl ACL status and configuration information
adsl <Group> adsl command group
alarm Display alarm related information
arp <Group> arp command group
auto Display AUTO users
auto-backup Auto backup
---- More ( Press 'Q' to break ) ----
To obtain the help information about the commands that match with the incomplete d, do as
follows:
huawei(config)#d?
---------------------------------------------
Command of config Mode:
---------------------------------------------
DBA-profile <Group>DBA-profile configuration command group
debugging Enable system debugging functions
default Configure default MAC pool
defaultvlan Configure default VLAN type
device-template Device template command
dhcp <Group> dhcp command group
dhcp-option82 DHCP option82
dhcp-server Add DHCP server IP addresses
dns Specify domain name system
dot1x 802.1x
dot1x-template 802.1x template
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
debugging <Group> debugging command group
Related Operation
Table 2-6 lists the related operation for obtaining the online help information.
Table 2-6 Related operation for obtaining the online help information
Background Information
l When the interactive command execution mode is enabled, and if you type a complete
command and press Enter, the system displays the interactive prompts for the command
execution. This helps to prevent maloperations.
For example, if you type the reboot system command, and then press Enter, the system
prompts the following:
Please check whether data has saved, the unsaved data will lose if reboot system, are you
sure to reboot system? (y/n)[n]:
l If the interactive command execution mode is disabled, and you type a command and press
Enter, the system executes the command directly.
l By default, the interactive command execution mode is enabled.
Procedure
Step 1 Run the interactive command to enable the interactive command execution mode.
Step 2 Run the display interactive command to query the status of the interactive command execution
mode.
----End
Example
To enable the interactive command execution mode, do as follows:
huawei>interactive
Interactive function is enabled
huawei>display interactive
Command confirmed function is enabled
Related Operation
Table 2-7 lists the related operation for enabling or disabling the interactive command execution
mode.
Table 2-7 Related operation for enabling or disabling the interactive command execution mode
Background Information
By default, the CLI trap reporting is enabled.
Procedure
Step 1 Run the info-center enable command to enable the CLI trap reporting.
Step 2 Run the display info-center command and the CLI trap reporting is enabled.
----End
Example
To enable the CLI trap reporting, do as follows:
huawei(config)#info-center enable
huawei(config)#display info-center
Information Center:enabled
Log host:
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 1024, current buffer size 512,
current messages 36, channel number : 4, channel name : logbuffer
dropped messages 0, overwrote messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 0, channel number:3, channel name:trapbuffer
dropped messages 0, overwrote messages 0
Information timestamp setting:
log - date, trap - date, debug - boot
Related Operation
Table 2-8 lists the related operation for enabling or disabling the CLI trap reporting.
Table 2-8 Related operation for enabling or disabling the CLI trap reporting
Background Information
This operation has the following functions:
Procedure
Run the search keyword command to search for the keyword.
----End
Example
To search for the keyword including the string "alarm" in the user mode, do as follows:
huawei(config)#search keyword alarm templet common-exec
{ <cr>|mode<E><key,detailed> }:
Command:
search keyword alarm templet common-exec
---------------------------------------------
Command Templet: common-exec
---------------------------------------------
alarm
alarmsn
alarmid
alarmlevel
alarmtype
alarmclass
alarmtime
alarmparameter
Background Information
The MA5600T supports the general language and the local language. Currently, English and
Chinese are supported. English is the default language.
Procedure
Run the switch language-mode command to switch from one language to the other language.
----End
Example
To switch from one language to the other language, do as follows:
huawei(config)#switch language-mode
Related Operation
Table 2-9 lists the related operation for switching the terminal language.
Background Information
l The time format is hh:mm:ss yyyy-mm-dd, that is, hour: minute: second year-month-day.
l The setting takes effect immediately.
l During the setting, the system checks the validity of the time. Special attention should be
paid to the settings of leap year and leap month.
Procedure
Step 1 Run the time command to set the system time.
Step 2 Run the display time command to query the current system time.
----End
Example
To set the current time of the system to 09:00:00 2007-05-08, do as follows:
huawei#time 09:00:00 2007-05-08
huawei#display time
{ <cr>|dst<K>|time-stamp<K> }:
Command:
display time
2007-05-08 20:00:26+08:00
Background Information
l By default, the device name is MA5600MA5680.
l The new system name takes effect immediately after it is set.
l After the system name is changed, the command line prompt changes to the new name
accordingly.
Procedure
Run the sysname command to set the system name.
----End
Example
To name the first MA5600T at the New York office in U.S.A as NY_MA5600T_A, do as
follows:
huawei(config)#sysname NY_MA5600T_A
NY_MA5600T_A(config)#
Background Information
l Different terminals feature different edit characteristics. To ensure that most terminals are
mutually compatible, the system divides terminals into the following two types:
– Standard terminals (ANSI)
– VT series terminals
l The default terminal type is ANSI.
l Certain terminal tools, such as HyperTerminal, Telnet, and Neterm, allow you to set the
terminal types. You can use the associated menu to set the terminal emulation type so that
the type of the terminal tool is consistent with the type of the terminal in the system.
Procedure
Step 1 Run the terminal type command to set the terminal type.
Step 2 Run the display terminal type command to query the terminal type.
----End
Example
To set the terminal type as VT 100, do as follows:
huawei#terminal type vt100
huawei>display terminal type
The terminal type: VT100
Background Information
By default, the system allows the user to exit the system when the user fails to type any
information on the terminal within 5 minutes.
Procedure
Step 1 Run the idle-timeout command to set the timeout exit time.
Step 2 Run the display idle-timeout command and the timeout exit time is set correctly.
----End
Example
To set the timeout exit time to 23 minutes, do as follows:
huawei>idle-timeout 23
huawei>display idle-timeout
The timeout value is set to 23 minutes currently. If there is no input from
terminal during this time, the user will be disconnected
Related Operation
Table 2-10 lists the related operation for setting the timeout exit time.
Table 2-10 Related operation for setting the timeout exit time
To… Run the Command…
Background Information
When a terminal is locked, and if you press any button on the terminal, the system prompts you
to enter the password. After entering the correct password, you can operate the terminal.
Procedure
Run the terminal hold command to lock the terminal.
----End
Example
To lock, and then unlock the current CLI terminal, do as follows:
huawei(config)#terminal hold
Hold Password(<=1523 chars):
Confirm Password(<=1523 chars):
The user terminal has been held
Hold Password(<=1523 chars)://Press any key and the system will prompt you to
enter
the unblocking password.
huawei(config)# //Input the correct password.
Related Operation
Table 2-11 lists the related operation for locking the terminal.
Background Information
This command clears only what is displayed on the screen and not the contents in the buffer.
Procedure
Run the cls command to clear the contents displayed on the terminal screen.
----End
Example
To clear the contents of a terminal screen, do as follows:
huawei>cls
Background Information
The command cannot show the version of a faulty board.
Procedure
Run the display version command to display the system or board version.
----End
Examples
To display the information about the version on the system, do as follows:
huawei>display version
{ <cr>|frameid/slotid<S><1,15>|backplane<K>}:
Command:
display version
Command:
display version
Procedure
Run the display cpu command to query the CPU usage of a board.
----End
Example
To query the CPU usage of the control board, do as follows:
huawei>display cpu 0/9
CPU occupancy: 12%
Background Information
You can query the following:
l The memory usage of the control board
l The average memory usage of the system in the last ten minutes
l The threshold of the memory overload
NOTE
When the memory usage exceeds the threshold of the memory overload, the system reports an alarm. You can
run the resource threshold mem command to set the threshold of the memory overload.
Procedure
Step 1 Run the display mem command to query the memory usage of the control board.
Step 2 Run the display resource occupancy mem command to query the average memory usage of
the system in the last ten minutes.
Step 3 Run the display resource threshold mem command to query the threshold of the memory
overload.
----End
Examples
To query the memory usage of the control board, do as follows:
huawei(config)#display mem 0/9
Memory occupancy: 47%
To query the average memory usage of the system in the last ten minutes, do as follows:
huawei(config)#display resource occupancy mem
Average usage rate of system memory in 10 minutes: 64%
Background Information
The commands used to test the network state include ping and tracert.
l ping
To check the network connectivity and the host reachability, run the ping command.
l tracert
To send test packets from the transmit host to the destination host, run the tracert command.
With this command, you can check the connectivity of a network and locate faults in the
network.
The following section describes the execution process of the tracert command:
1. The host sends a packet with the Time to Live (TTL) of 1 to the destination.
2. During the first hop, the system returns an Internet Control Message Protocol (ICMP)
packet to indicate the failure in sending the packet due to TTL timeout.
3. The host sends a packet with the TTL of 2. The system also returns TTL timeout during
the second hop.
The process continues in this manner until the packet reaches the destination.
In this way, the system can record the source address of each ICMP TTL timeout message,
and provide a path along which an IP packet reaches the destination.
Procedure
l Run the ping command to test the network state.
l Run the tracert command to test the network state.
----End
Examples
To test the connectivity of a network by using the ping command, do as follows:
huawei(config)#ping 10.11.52.240
PING 10.11.52.240: 56 data bytes, press CTRL_C to break
Reply from 10.11.52.240: bytes=56 Sequence=0 ttl=64 time = 10 ms
Reply from 10.11.52.240: bytes=56 Sequence=1 ttl=64 time = 10 ms
Reply from 10.11.52.240: bytes=56 Sequence=2 ttl=64 time = 13 ms
Reply from 10.11.52.240: bytes=56 Sequence=3 ttl=64 time = 10 ms
Reply from 10.11.52.240: bytes=56 Sequence=4 ttl=64 time = 10 ms
--- 10.11.52.240 Ping statistics ---
5 packets transmitted
5 packets received
0.00% packet loss
round-trip min/avg/max = 10/10/13 ms
This topic describes how to manage the MA5600T through the N2000, and the related
configuration operations.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations that can be performed on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
3.1 Overview
This topic describes the network management protocols, and the NMS that the MA5600T
supports.
3.2 Basic Concepts
This topic describes the concepts in the network configuration.
3.3 Configuration Example of an Outband NMS
This topic describes how to connect the MA5600T to the N2000 through the maintenance
network port. Then, you can maintain and manage the MA5600T through an outband
management channel. In the outband NMS mode, the non-service channel is used to transmit
the management information. In this case, the management channel is separated from the service
channel, and a more reliable device management channel is provided compared with the inband
NMS mode. Thus, when the MA5600T is faulty, the information about the device in the network
can be located in time, and the real-time monitoring can be performed.
3.4 Configuration Example of an Inband NMS
This topic describes how to connect the MA5600T to the N2000 through the GE port. You can
then maintain and manage the MA5600T through an inband management channel. In the inband
NMS mode, the NMS interactive information is transmitted through the service channel of the
device. For the flexible networking of the inband NMS mode, no additional device is required.
Thus, it saves cost, however, it is not easy to maintain.
3.1 Overview
This topic describes the network management protocols, and the NMS that the MA5600T
supports.
Service Description
Based on the Simple Network Management Protocol (SNMP), the MA5600T communicates
with the NMS through its network management interface. Here, the iManager N2000 Fixed
Network Integrated Management System (N2000) is used as the NMS.
The N2000 can manage and maintain the MA5600T through the network port of the
MA5600T. The MA5600T uses traps to send the status information to the N2000 to report
configuration changes or emergency events.
Service Specification
This topic describes the network configuration performed on the MA5600T to realize normal
communication between the MA5600T and the N2000, including outband NMS configuration
and inband NMS configuration.
NOTE
To realize normal communication between the MA5600T and the N2000, you must also configure on the
N2000. For more information, refer to the MA5600T Commissioning Guide.
SNMP
The SNMP is an existing network management protocol. It includes the following two parts:
l Network management workstation
l Agent
The SNMP ensures normal transmission of administrative message between any two points. It
facilitates the following administrative operations on any node of the network:
l Retrieving information
l Modifying information
l Locating a fault
l Diagnosing a fault
l Planning the capacity
l Generating a report
The network management workstation can send GetRequest, GetNextRequest, and SetRequest
messages to the agent.
Agent
An agent is the server software running on a network device.
When receiving request messages from the manager, the agent performs the following:
l Reads or writes the management variables based on the message type.
l Generates and sends the response messages to the manager.
Alternatively, when a cold start or warm start is performed on the device and during failure and
fault recovery, the agent sends traps to report such events to the manager.
Trap
Traps refer to the unsolicited messages sent from a managed device to the manager to report
configuration changes or emergency events.
Networking
Figure 3-1 shows an example network for configuring the outband NMS.
The NMS maintains and manages the MA5600T through the maintenance network port in the
outband NMS mode. The primary NMS and the secondary NMS exist in the network. Add a
static route to the NMS on the MA5600T, and configure the parameters related to SNMP V1.
Secondary NMS
10.10.21.1/24
Primary NMS
Router
10.10.20.254/24
CON
ETH
ESC
SCU MA5600T
Data Plan
Table 3-1 provides the data plan for configuring the outband NMS.
SNMP version V1
Configuration Flowchart
Figure 3-2 shows the flowchart for configuring the outband NMS.
Start
End
NOTE
l This topic describes how to configure only the MA5600T. To set up the network connection, you also need
to configure the router.
l If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband
Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the maintenance network port.
huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.20.1 255.255.255.0
The setting of the MA5600T should match with the settings in the N2000.
huawei(config)#snmp-agent sys-info version v1
Step 6 Set the IP address of the maintenance network port as the source address for traps sending.
huawei(config)#snmp-agent trap source meth 0
----End
Result
After the configuration, you can manage the MA5600T through the N2000.
Networking
Figure 3-3 shows an example network for configuring the inband NMS.
The NMS maintains and manages the MA5600T through the upstream port in the inband NMS
mode. The primary NMS and the secondary NMS exist in the network. Add a static route to the
NMS on the MA5600T, and configure the parameters related to SSMPV3.
PC
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan
Table 3-2 provides the data plan for configuring the inband NMS.
Configuration Flowchart
Figure 3-4 shows the flowchart for configuring the inband NMS.
Start
End
NOTE
l This topic describes how to configure only the MA5600T. To set up the network connection, you also
need to configure the router.
l If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband
Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the inband NMS port.
l Create an NMS VLAN
huawei(config)#vlan 1000 standard
The setting of the MA5600T should match with the settings. Assume that the N2000 adopts SNMP
V3.
huawei(config)#snmp-agent sys-info version v3
Step 6 Set the IP address of the VLAN interface as the source address for traps sending.
huawei(config)#snmp-agent trap source vlanif 1000
----End
Result
After the configuration, you can manage the MA5600T successfully through the N2000.
This topic describes how to set the source interface for sending traps.
3.5.6 Setting the System Contact Information
This topic describes how to set the system contact information.
3.5.7 Setting the System Location Information
This topic describes how to set the system location information.
3.5.8 Configuring an SNMP V3 User
This topic describes how to add or modify an SNMP V3 user.
3.5.9 Configuring an SNMP V3 Group
This topic describes how to configure an SNMP V3 group. After a group is configured, you can
control the access authorities of all the users in that group.
3.5.10 Configuring an SNMP MIB View
This topic describes how to configure an SNMP MIB view.
3.5.11 Configuring the Local SNMP Engine ID
This topic describes how to configure an engine ID that uniquely identifies an SNMP entity.
3.5.12 Enabling the Timely Handshake Function between the MA5600T and the N2000
This topic describes how to enable the timely handshake function between the MA5600T and
the N2000.
3.5.13 Setting the Handshake Interval
This topic describes how to set the handshake interval.
Procedure
Step 1 Run the snmp-agent sys-info version command to set the SNMP version.
Step 2 Run the display snmp-agent sys-info version command to query the version of the SNMP
configured in the system.
----End
Example
To set the SNMP version as V1 and V2C, do as follows:
huawei(config)#snmp-agent sys-info version v1 v2c
huawei(config)#display snmp-agent sys-info version
{ <cr>|contact<K>|location<K> }:
Command:
display snmp-agent sys-info version
SNMP version running in the system:
SNMPv1 SNMPv2c
Related Operation
Table 3-3 lists the related operation for setting the SNMP version.
Delete the set SNMP version information undo snmp-agent sys-info version
Background Information
l The default read-only community name in the Huawei iManager N2000 BMS is public,
and the read-write community name in the N2000 is private.
l The MA5600T supports up to 10 community names.
l The read and write community names set in the MA5600T should match with the read and
write community names set in the manager.
Procedure
Step 1 Run the snmp-agent community command to add a community name and set its read/write
authorities.
Step 2 Run the display snmp-agent community command to query a community name.
----End
Example
To add a read-only community named public, do as follows:
huawei(config)#snmp-agent community read public
huawei(config)#display snmp-agent community read
Community name: public
Storage type: nonVolatile
View name: ViewDefault
Total number is 1
Related Operation
Table 3-4 lists the related operation for adding a community and setting its read/write authorities.
Table 3-4 Related operation for adding a community and setting its read/write authorities
Background Information
By default, the MA5600T is disabled in sending traps to the N2000.
Procedure
Step 1 Run the snmp-agent trap enable standard command to enable the traps sending.
Step 2 Run the display snmp-agent trap enable command to check whether traps sending is enabled.
----End
Example
To enable the MA5600T to send traps to the N2000, do as follows:
huawei(config)#snmp-agent trap enable standard
huawei(config)#display snmp-agent trap enable
Trap is enabled
Related Operation
Table 3-5 lists the related operation for enabling the traps sending.
Background Information
The N2000 can receive traps only when the IP address of a destination host for receiving traps
is set correctly. The system supports up to 20 destination hosts.
Procedure
Step 1 Run the snmp-agent target-host trap command to set the IP address of a destination host for
receiving traps.
Step 2 Run the display snmp-agent target-host command to query the destination host for receiving
traps.
----End
Example
To set the IP address of the destination host for receiving traps as 10.71.53.108, and to run the
community name "private", do as follows:
huawei(config)#snmp-agent target-host trap address 10.71.53.108 securityname
private v3
huawei(config)#display snmp-agent target-host
Traphost list:
Traphost address: 10.71.53.108
Traphost portnumber: 162
Traphost securityname: private
Traphost trapversion: v3
Total number is 1
Related Operation
Table 3-6 lists the related operation for setting the IP address of a destination host for receiving
traps.
Table 3-6 Related operation for setting the IP address of a destination host for receiving traps
To… Run the Command…
Prerequisite
The L3 interface that functions as the source interface must exist.
Background Information
The IP address of the interface for sending traps is the source IP address of the traps.
Procedure
Step 1 Run the snmp-agent trap source command to set the source interface for sending traps.
Step 2 Run the display snmp-agent trap-source command to query the source interface for sending
traps.
----End
Example
To set the source interface for sending traps as the L3 interface of VLAN 1000, do as follows:
huawei(config)#snmp-agent trap source vlanif 1000
huawei(config)#display snmp-agent trap-source
Trap source interface name: vlanif1000
Related Operation
Table 3-7 lists the related operation for setting the source interface for sending traps.
Table 3-7 Related operation for setting the source interface for sending traps
Delete the source interface for sending undo snmp-agent trap source
traps
Background Information
By default, the system contact information is "R&D Shenzhen, Huawei Technologies Co., Ltd.".
Procedure
Step 1 Run the snmp-agent sys-info contact command to set the system contact information.
Step 2 Run the display snmp-agent sys-info contact command to query the system contact
information.
----End
Example
To set the system contact information as HW-075528780808, do as follows:
huawei(config)#snmp-agent sys-info contact HW-075528780808
huawei(config)#display snmp-agent sys-info contact
{ <cr>|location<K>|version<K> }:
Command:
display snmp-agent sys-info contact
The contact person for this managed node:
HW-075528780808
Related Operation
Table 3-8 lists the related operation for setting the system contact information.
Table 3-8 Related operation for setting the system contact information
Background Information
By default, the system location information is "Shenzhen_China".
Procedure
Step 1 Run the snmp-agent sys-info location command to set the system location information.
Step 2 Run the display snmp-agent sys-info location command to display the system location
information.
----End
Example
To set the system location information as Shanghai China, do as follows:
huawei(config)#snmp-agent sys-info location Shanghai_China
huawei(config)#display snmp-agent sys-info location
{ <cr>|contact<K>|version<K> }:
Command:
display snmp-agent sys-info location
The physical location of this node:
Shanghai_China
Related Operation
Table 3-9 lists the related operation for setting the system location information.
Table 3-9 Related operation for setting the system location information
Background Information
l The MA5600T supports up to 20 SNMP V3 users.
l If the user name that is entered is an existing one, the system updates the configuration of
the user.
l If you do not enter the user authentication and the encryption modes, the user can access
the equipment without an authentication or encryption.
Procedure
Step 1 Run the snmp-agent usm-user command to configure an SNMP V3 user.
Step 2 Run the display snmp-agent usm-user command to query the SNMP V3 user.
----End
Example
To add an SNMP V3 user named user, belonging to a group named group, with the authentication
mode as md5, the authentication password as 1, the encryption mode as des56, and the encryption
password as 2, do as follows:
huawei(config)#snmp-agent usm-user v3 user group authentication-mode md5 1 privacy-
mode des56 2
huawei(config)#display snmp-agent usm-user user
User name: user
Engine ID: 800007DB0300E0FC995050
Group name: group
Authentication mode: md5, Privacy mode: des56
Storage type: nonVolatile
User status: active
Related Operation
Table 3-10 lists the related operation for configuring an SNMP V3 user.
Background Information
l The MA5600T supports up to 20 SNMP V3 groups.
l By default, the system has a read view named viewDefault with the range of internet sub-
tree; the write view and the notify view are blank.
l If the group name that is entered is an existing name, the system updates the configuration
of the group.
l A specified view can be a non-existing view. In this case, the users in the group fail to
access.
l A user can access views in the following three modes:
– With authentication and encryption
– With authentication but no encryption
– With no authentication or encryption
l If the access mode level is lower than the security level of the configured group, the user
fails to access. If the corresponding groups have multiple security levels, the user can select
the group with the highest security level, and then access the view corresponding to that
group.
Procedure
Step 1 Run the snmp-agent group v3 command to configure an SNMP V3 group.
Step 2 Run the display snmp-agent group command to query the SNMP V3 group.
----End
Example
To configure a group named group, with authentication but no encryption, with the read view
of internet, and with blank write and notify views, do as follows:
huawei(config)#snmp-agent group v3 group authentication read-view internet
huawei(config)#display snmp-agent group group
Group name: group
Security model: v3 AuthnoPriv
Readview: internet
Writeview: <no specified>
Notifyview: <no specified>
Storage type: nonvolatile
Related Operation
Table 3-11 lists the related operation for configuring an SNMP V3 group.
Background Information
l The number of sub-trees of all the views cannot exceed 20.
l By default, the system has a read view named ViewDefault, with the range of internet sub-
tree view.
l The view named ViewDefault cannot be deleted or updated.
NOTE
For SNMP V3, the access control is a type of control over the user access to the management information. The
MIB view-based access control is realized by associating users with MIB views. An MIB view defines the
management information both included in the view and excluded from the view.
Procedure
Step 1 Run the snmp-agent mib-view command to configure an SNMP MIB view.
Step 2 Run the display snmp-agent mib-view command to query the SNMP MIB view.
----End
Example
To configure a view named view1, including ip sub-tree, do as follows:
huawei(config)#snmp-agent mib-view view1 include ip
huawei(config)#display snmp-agent mib-view view1
View name: view1
MIB subtree: ip
Subtree mask:
Storage type: nonVolatile
View type: include
View status: active
Related Operation
Table 3-12 lists the related operation for configuring an SNMP MIB view.
Background Information
With no ID is configured manually, the MA5600T automatically initializes one ID at startup.
Procedure
Step 1 Run the snmp-agent local-engineid command to configure the local SNMP engine ID.
Step 2 Run the display snmp-agent local-engineid command to query the local SNMP engine ID.
----End
Example
To configure the engine ID of the local SNMP entity as 800007DB0300E0FC113333, do as
follows:
huawei(config)#snmp-agent local-engineid 800007DB0300E0FC113333
Info: Modify the local-engineid will disable the configured SNMPv3 user, all
of user local-engineid changes to the modified one after system reset, proceed?[
Y/N]:y
Related Operations
Table 3-13 lists the related operations for configuring the local SNMP engine ID.
Table 3-13 Related operations for configuring the local SNMP engine ID
Background Information
By default, the timely handshake function between the MA5600T and the N2000 is disabled.
Procedure
Step 1 Run the system handshake enable command to enable the timely handshake function between
the MA5600T and the N2000.
Step 2 Run the display system handshake command to query the timely handshake function between
the MA5600T and the N2000.
----End
Example
To enable the timely handshake function between the MA5600T and the N2000, do as follows:
huawei(config)#system handshake enable
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 300s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------
Related Operations
Table 3-14 lists the related operations for enabling the timely handshake function between the
MA5600T and the N2000.
Table 3-14 Related operations for enabling the timely handshake function between the
MA5600T and the N2000
Background Information
l By default, the handshake interval between the MA5600T and the N2000 is 300s.
l The handshake interval between the MA5600T and the N2000 determines the handshake
frequency.
– When the interval is short, and the number of network elements under the N2000 is
large, the N2000 is over-tasked to handle increasing handshake packets.
– When the interval is long, and the MA5600T and the N2000 are disconnected, the N2000
fails to locate the fault in time.
l You can set an appropriate handshake interval according to the actual conditions.
Procedure
Step 1 Run the system handshake interval command to set the handshake interval.
Step 2 Run the display system handshake command to query the handshake interval.
----End
Example
To set the handshake interval to 10 seconds, do as follows:
huawei(config)#system handshake interval 10
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 10s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------
Related Operation
Table 3-15 lists the related operation for setting the handshake interval.
Background Information
l By default, the IP address of the maintenance network port (ETH port on the control board)
is 10.11.104.1, and the subnet mask is 255.255.0.0.
l Make sure that the IP address of the ETH port is located in the same subnet as the IP address
of the gateway or the PC used for maintaining the MA5600T.
l After setting the IP address, save the record for future reference.
Procedure
Step 1 Run the interface meth command to enter the meth mode.
Step 2 Run the ip address command to set the IP address of the ETH port on the control board.
Step 3 Run the quit command to exit the meth mode.
Step 4 Run the display interface meth command to query the IP address of the ETH port on the control
board.
----End
Example
To set the IP address of the ETH port as 10.10.10.1 and the subnet mask as 255.255.255.0, do
as follows:
huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.10.1 255.255.255.0
huawei(config-if-meth0)#quit
huawei(config)#display interface meth 0
meth0 current state : UP
Line protocol current state : UP
Description : HUAWEI, , meth0 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcaa-8516
Auto-duplex(Full), Auto-speed(100M)
Related Operation
Table 3-16 lists the related operation for configuring the IP address of the outband NMS
interface.
Table 3-16 Related operation for configuring the IP address of the outband NMS interface
To… Run the Command… Remarks
Background Information
l The system supports up to 1000 static routes.
l When the MA5600T and the N2000 are located in different subnets, a route must be
configured for the gateway to forward IP packets.
Procedure
Step 1 Run the ip route-static command to configure a static route.
Step 2 Run the display ip routing-table command to query the current routing configuration.
----End
Example
To create a route to subnet 10.71.8.0 (where the manager is located), and the gateway as
10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1
huawei(config)#display ip routing-table verbose
Routing Table : Public
Destinations : 15 Routes : 15
Destination: 10.0.0.0/8
Protocol: Static Process ID: 0
Preference: 60 Cost: 0
NextHop: 10.71.57.1 Interface: vlanif1001
RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Tunnel ID: 0x0 Label: NULL
State: Active Adv GotQ Age: 00h21m49s
Tag: 0
Destination: 10.10.10.0/24
Destination: 10.10.10.20/32
Protocol: Direct Process ID: 0
Preference: 0 Cost: 0
NextHop: 127.0.0.1 Interface: InLoopBack0
RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Tunnel ID: 0x0 Label: NULL
State: Active NoAdv Age: 12d20h50m47s
Tag: 0
Destination: 10.70.0.0/16
Protocol: Static Process ID: 0
Preference: 60 Cost: 0
NextHop: 10.71.57.1 Interface: vlanif1001
RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Tunnel ID: 0x0 Label: NULL
State: Active Adv GotQ Age: 00h21m51s
Tag: 0
Destination: 10.71.8.0/24
Protocol: Static Process ID: 0
Preference: 60 Cost: 0
NextHop: 10.71.53.1 Interface:
RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Tunnel ID: 0x0 Label: NULL
State: Inactive Adv WaitQ Age: 00h00m10s
Tag: 0
Related Operation
Table 3-17 lists the related operation for configuring an NMS route.
Background Information
l The MA5600T realizes inband NMS through the port on the GIU board.
l To prevent login and access to the MA5600T from the user end, it is recommended that
you use the standard VLAN as the NMS VLAN.
Procedure
Step 1 Run the vlan command to create an NMS VLAN.
Step 2 Run the interface vlanif command to enter the VLAN interface mode.
Step 3 Run the ip address command to set the IP address of the VLAN interface.
Step 4 Run the quit command to exit the VLAN interface mode.
Step 5 Run the display interface vlanif command to query the IP address of the VLAN interface.
----End
Example
To set the IP address of the inband NMS interface as 10.10.10.2 and the subnet mask as
255.255.255.0, do as follows:
huawei(config)#vlan 1000 standard
huawei(config)#interface vlanif 1000
huawei(config-if-vlanif1000)#ip address 10.10.10.2 255.255.255.0
huawei(config-if-vlanif1000)#quit
huawei(config)#display interface vlanif 1000
Vlanif1000 current state : up
Line protocol current state : up
Description : HUAWEI, SmartAX Series, Vlanif1000 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0.fc11.223c
Related Operation
Table 3-18 lists the related operation for configuring the IP address of the inband NMS interface.
Table 3-18 Related operation for configuring the IP address of the inband NMS interface
To… Run the Command… Remarks
This topic describes the functions of a log host and the method of configuring a log host on the
MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration examples
directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
4.1 Overview
This topic describes the functions of the log and the application of the log on the MA5600T.
4.2 Configuration Example of a Log Host
This topic provides an example for configuring a log host. The log host is used for recording
logs, which are useful for the device maintenance and fault location.
4.3 Configuring a Log Host
This topic describes how to configure a log host, that is, how to add and activate the log host.
4.4 Deleting a Log Host
This topic describes how to delete a log host.
4.5 Deactivating a Log Host
This topic describes how to deactivate a log host.
4.6 Querying Logs
This topic describes how to query logs.
4.1 Overview
This topic describes the functions of the log and the application of the log on the MA5600T.
Function
Logs can function as important references for system maintenance and troubleshooting.
In the MA5600T, you can query the executed commands and other important information
recorded in the logs.
Background Information
l The log host is always installed on the NMS station and uses the NMS VLAN to
communicate with the MA5600T.
l The log host must be installed with the FTP or TFTP software, and must be able to receive
and save the logs reported by the MA5600T.
Networking
The log host resides in the NMS station and is connected to the upstream port of the
MA5600T in the IP network. Figure 4-1 shows the example network for configuring a log host.
Router
Log host
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan
Table 4-1 provides the data plan for configuring a log host.
Item Data
Configuration Flowchart
Figure 4-2 shows the flowchart for configuring a log host.
Start
End
Procedure
Step 1 Configure the L3 interface.
1. Create a VLAN.
huawei(config)#vlan 10 standard
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#ip address 10.10.10.10 255.255.255.0
NOTE
The port aggregation configuration is not allowed for upstream port 0/9/0 to which the ACL rule is applied.
----End
Result
l You can query the logs on the log server.
l The logs record the operation commands executed on the system. They are the same as the
commands queried on the MA5600T.
Background Information
l The MA5600T can log important operations in the log server (UNIX or Windows platform)
of the internal network through the syslog mechanism.
l After configuring a log host on the MA5600T, you need to enable the log host service, and
configure the directory for saving logs and the log file name. This helps to enable real-time
reporting of logs.
Procedure
Step 1 Run the loghost add command to add a log host.
Step 2 Run the loghost activate command to activate the log host.
Step 3 Run the display loghost list command to display the log host.
----End
Example
To add a log host as huawei with the IP address 10.10.10.1, do as follows:
huawei(config)#loghost add 10.10.10.1 huawei
huawei(config)#loghost activate name huawei
huawei(config)#display loghost list name huawei
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Normal
Related Operations
Table 4-2 lists the related operations for configuring a log host.
Procedure
Step 1 Run the loghost delete command to delete a log host
Step 2 Run the display loghost list command to display the log host.
----End
Example
To delete the log host with the IP address 10.10.10.1, do as follows:
huawei(config)#loghost delete ip 10.10.10.1
huawei(config)#display loghost list ip 10.10.10.1
Failure: The log server not exist
Related Operations
Table 4-3 lists the related operations for deleting a log host.
Background Information
The system sends log information only to the activated log hosts.
Procedure
Step 1 Run the loghost deactivate command to deactivate a log host.
Step 2 Run the display loghost list command to display the log host.
----End
Example
To deactivate the log host with the IP address 10.10.10.1, do as follows:
huawei#loghost deactivate ip 10.10.10.1
huawei#display loghost list ip 10.10.10.1
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Deactivate
Related Operations
Table 4-4 lists the related operations for deactivating a log host.
Background Information
l The MA5600T can maintain a record of the logs of the last 512 operations. System
administrators can query the last executed operation commands through logs. The executed
query commands cannot be recorded in the logs.
l Up to 512 logs can be stored in the system. When there are more than 512 records, the old
records are overwritten.
l Query and record the system logs immediately in the case of a system failure. This prevents
the loss of logs that can be used for locating a fault.
l To record the operation correctly, make sure that the system time is correct before service
configuration.
Procedure
Run the display log command to query logs.
----End
Example
5 User Management
This topic describes the classification of users and how to add, modify, delete and disconnect a
user.
5.1 Overview
This topic provides the definition of users, and describes the user levels and authorities supported
by the MA5600T.
5.2 Adding a User Profile
This topic describes how to add a user profile. To add a new user, you need to bind this user
profile to manage operators.
5.3 Adding a User
This topic describes how to add a user who can log in to the MA5600T to maintain it.
5.4 Modifying the User Attributes
You can modify the user attributes, such as user profile, authority, password, the permitted
number of reenters and the appended information.
5.5 Disconnecting an Online User
This topic describes how to disconnect an online user to prevent the user from logging in to the
MA5600T.
5.6 Deleting a User
This topic describes how to delete a user who is not permitted to log in to the MA5600T.
5.1 Overview
This topic provides the definition of users, and describes the user levels and authorities supported
by the MA5600T.
Service Description
Users refer to persons who configure and maintain the MA5600T through CLI.
Service Specification
In terms of authority, MA5600T users can be divided into the following four levels:
l Common user
l Operator
l Administrator
l Super user
Users of all levels can only add users of lower levels than them.
Common user Common users perform basic system operation and simple query
operation.
Background Information
l There is a root profile in the system. The root profile disables restrictions on users so that
root users can log in to the system easily after a system is upgraded. It is not recommended
to bind the root profile when you add a new user.
l The system provides three default profiles whose levels are administrator, operator, and
common user. They are convenient for unified management and for adding users.
l Up to 12 profiles can be added.
Parameters Description
Minimum length The minimum length of the user name can be 6 to 15 alphanumeric
of the user name characters and it must be equal to or longer than six alphanumeric
characters.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, the validity does not
the user name expire. By default, it is 30 days.
The system checks the validity of the user names in the unit of day when
a user logs in to the system.
Three days prior to the expiration, the system generates an alarm
informing the user of the expiration day. The system generates an alarm
informing the user of the expiration once the system identifies the
expiration of a user name.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, the validity does not
the password expire. By default, it is 30 days. The validity period of the password
should not be equal to or shorter than the validity period of the user
name.
The system checks the validity of passwords in the unit of day when a
user logs in to the system.
Three days prior to the expiration, the system generates an alarm
informing the user of the expiration day and prompting the user to
modify the password in time.
Parameters Description
Permitted start This parameter with the permitted end time of logon by a user
time of login for a parameter specifies the permitted period for a user to log in to the
user system. A user can log in to the system only in the permitted period.
Permitted end time This parameter with the permitted start time of logon by a user
of login for a user parameter specifies the permitted period for a user to log in to the
system.
A user can log in to the system only in the permitted period. If a user
logs in to the system at the permitted start time but does not log out at
the permitted end time, the system logs out the user and stops the user
from configuring the system.
Procedure
Step 1 Run the terminal user-profile add command to add a user profile.
Step 2 Run the display terminal user-profile command to query the information on the user profile.
----End
Example
Assume the following:
l Use profile name: userprofile
l Minimum length of the user name: eight alphanumeric characters
l Minimum length of the password: eight alphanumeric characters
l Validity period of the user name: 30 days
l Validity period of the password: 30 days
l Permitted start time of login for a user: 09:00
l Permitted end time of login for a user: 19:00
To add the user profile, do as follows:
huawei(config)#terminal user-profile add
User profile name(<=15 chars):userprofile
Min. length of user name(6--15)[6]:8
Min. length of password(6--15)[6]:8
Validity period of the user name(0--999 days)[30]:
Validity period of the password(0--999 days)[30]:
Permitted start time of logon by a user(hh:mm):09:00
Permitted end time of logon by a user(hh:mm):19:00
Repeat this operation? (y/n)[n]:
huawei(config)#display terminal user-profile name userprofile
---------------------------------------------------------------------------
User profile name : userprofile
Min. length of user name : 8
Min. length of password : 8
Validity period of the user name : 30
Validity period of the password : 30
Permitted start time of logon by a user : 09:00
Permitted end time of logon by a user : 19:00
---------------------------------------------------------------------------
Related Operations
Table 5-3 lists the related operations for adding a user profile.
Modify a user terminal user-profile The user profile name cannot be modified.
profile modify The default user profiles cannot be
modified, named root, admin, operator and
common user.
The bound user profiles cannot be
modified.
Delete a user terminal user-profile delete The default user profiles cannot be
profile deleted, named root, admin, operator and
common user.
The bound user profiles cannot be deleted.
Modify the terminal user user-profile This operation binds the user to another
profile bound profile.
with a user
Background Information
l The super user and the administrator can add users of lower levels than them. That is:
– The super user can add an administrator, operators, and common users.
– The administrator can only add an operator and a common user.
l A user name is unique, and cannot be all or online.
l The super user or administrator can add multiple users to the system simultaneously. Up
to 127 users can be added to the system. Up to 128 users can be added including the root
user.
When adding a user, you need to configure the user attributes, including the user profile, user
account, password, permitted number of reenters, authority, and appended information.
User name A user name (or a user account) consists of 1-15 printable characters.
A user name is unique, case sensitive and cannot contain any space.
Authority In terms of authority, the added users can be divided into the following
three levels:
l Common user
l Operator
l Administrator
Permitted number The permitted number of reenters means the concurrent login count of
of reenters a user account. Whether a username can be used to log in to the
MA5600T from several terminals at the same time depends on the
permitted number of reenters. It is in the range of 0-4, and is generally
set to 1.
Procedure
Step 1 Run the terminal user name command to add a user.
----End
Example
To add a common user with the name huawei, with the password huawei, the reenter number
3, the bound user profile root, and the appended information user, do as follows:
huawei(config)#terminal user name
User profile name(<=15 chars)[root]:
User Name(<=15 chars):huawei
User Password(<=15 chars):huawei
Confirm Password(<=15 chars):huawei
User's Level:
1. Common User 2. Operator 3. Administrator:1
Permitted Reenter Number(0--4):3
User's Appended Info(<=30 chars):user
This user has been added
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Profile Append
Num Info
----------------------------------------------------------------------------
root Super Online 1 root -----
huawei User Offline 3 root user
------------------------------------------------------------------------------
Total record(s) number: 2
Related Operations
Table 5-5 lists the related operations for adding a user.
Delete a user undo terminal user name l Only the super user and administrators
can delete users of lower levels than
them.
l Users cannot delete themselves.
l User root cannot be deleted.
l An online user cannot be deleted. To
delete an online user, you need to
disconnect the user first.
l Multiple users can be deleted at a time.
Modify the user terminal user user-profile The administrator can run this command to
profile modify the profile where the user is located.
That is, bind the user to another profile.
Background Information
l Administrators and root users can modify the bound profile of themselves and users of
lower levels than them.
l The user name and password must meet the specification of the user profile to be bound.
Otherwise, the binding operation fails.
Procedure
Step 1 Run the terminal user user-profile command to modify the bound profile of a user.
Step 2 Run the display terminal user command to query the bound profile of the user.
----End
Example
To modify the profile bound with the user named testuser to the default admin profile, do as
follows:
huawei(config)#terminal user user-profile
User Name(<=15 chars):testuser
Permitted user-profile[root]:admin
Confirm user-profile:admin
Configuration will take effect when the user logs on next time.
Repeat this operation? (y/n)[n]:
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Profile Append
Num Info
----------------------------------------------------------------------------
root Super Online 1 root -----
testuser User Offline 3 admin -----
----------------------------------------------------------------------------
Total record(s) number: 2
Related Operations
Table 5-6 lists the related operations for modifying the profile bound with a user.
Table 5-6 Related operations for modifying the profile bound with a user
To... Run the Command...
Modify the permitted times of login for a user terminal user reenter
Context
l Only the super user and administrators can perform this operation.
l The user login mode includes:
– The web mode
– The OSS mode
– The CLI mode
l By default, the user login mode is CLI.
Procedure
Step 1 Run the terminal user access-type command to modify the user login mode.
Step 2 Run the display terminal user command to query the user login mode.
----End
Example
To enable that common user huawei can login to the system in all three modes, do as follows:
huawei(config)#terminal user access-type
User Name(<=15
chars):huawei
User's access-type :(default : command line)
Authorize web user to login in? (y/n)[n]:y
Authorize OSS user to login in? (y/n)[n]:y
Information will take effect when this user logs on next time
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Access Profile Append
Num Type Info
----------------------------------------------------------------------------
root Super Online 1 CLI root none
Web
huawei Operator Offline 3 CLI root user
Web
OSS
----------------------------------------------------------------------------
Total record(s) number: 2
Related Operation
Table 5-7 lists the related operations for modifying the user login mode.
Table 5-7 Related operations for modifying the user login mode
T0… Run the Command…
Background Information
Only the super user and administrators can perform the operation for users of lower levels than
them.
l The super user can modify the level of a user to the level of a common user, an operator,
or an administrator.
l Administrators can modify the level of a user to the level of a common user or an operator.
Procedure
Step 1 Run the terminal user level command to modify a user level.
Step 2 Run the display terminal user command to query a user level.
----End
Example
To change the common user huawei to an operator, do as follows:
huawei(config)#terminal user level
User Name(<=15 chars):huawei
1. Common User 2. Operator 3.Administrator:
User's Level:2
Confirm Level: 2
Information will take effect when this user logs on next time
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Profile Append
Num Info
----------------------------------------------------------------------------
root Super Online 1 root -----
huawei Operator Offline 3 root user
------------------------------------------------------------------------------
Total record(s) number: 2
Related Operations
Table 5-8 lists the related operations for modifying a user level.
Background Information
l The super user and the administrator can change the passwords of lower-level users
(including themselves). When changing the passwords of lower-level users, the super user
and the administrator need not enter the old password.
l The common user and the operator can change their own password only, and they need to
enter the old password.
Procedure
Step 1 Run the terminal user password command to change a user password.
Step 2 Log in to the equipment with the previous user name and the new password.
----End
Example
To change the password of the common user huawei, do as follows:
huawei(config)#terminal user password
User name (<=15 chars):huawei
New password(<=15 chars):huawei
Confirm Password(<=15 chars):huawei
Information takes effect
Repeat this operation? (y/n)[n]:n
Related Operations
Table 5-9 lists the related operations for changing a user password.
Background Information
l The super user and administrators can modify the permitted number of reenters of lower-
level users.
l The permitted number of reenters of the super user cannot be modified.
Procedure
Step 1 Run the terminal user reenter command to modify the permitted number of reenters of a user.
Step 2 Run the display terminal user command to query the permitted number of reenters of a user.
----End
Example
To modify the permitted number of reenters of the common user huawei to 1, do as follows:
huawei(config)#terminal user reenter
User name (<=15 chars):huawei
Permitted reenter number(0--4):1
Confirm Reenter Number(0--4):1
Information takes effect
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Profile Append
Num Info
----------------------------------------------------------------------------
root Super Online 1 root -----
huawei User Offline 1 root user
--------------------------------------------------------------------
Total record(s) number: 2
Related Operations
Table 5-10 lists the related operations for modifying the permitted number of reenters.
Table 5-10 Related operations for modifying the permitted number of reenters
Background Information
l The super user and administrators can modify their own appended information and the
appended information of lower-level users.
l Common users and operators can modify their own appended information.
Procedure
Step 1 Run the terminal user apdinfo command to modify the appended information on a user.
Step 2 Run the display terminal user command to query the appended information on a user.
----End
Example
To modify the appended information of common user huawei to support@huawei.com, do as
follows:
huawei(config)#terminal user apdinfo
User name (<=15 chars):huawei
User's Appended Info(<=30 chars):support@huawei.com
Information takes effect
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Profile Append
Num Info
----------------------------------------------------------------------------
root Super Online 1 root -----
huawei User Offline 1 root
support@huawei.com
--------------------------------------------------------------------
Total record(s) number: 2
Related Operations
Table 5-11 lists the related operations for modifying the appended information.
Background Information
Only the super user and administrators can disconnect an online lower-level user.
Procedure
Step 1 Run the client kickoff command to disconnect an online user.
Step 2 Run the display client command to query an online user.
----End
Example
To disconnect user 2, and to run the display client command to check whether the user is
disconnected, do as follows:
huawei#client kickoff 2
Are you sure to kick the user off?(y/n)[n]: y
huawei#display client
-----------------------------------------------------------------------------
ID Client name Domain name IP Address Login Time
-----------------------------------------------------------------------------
1 root -- 10.71.60.100 2006-02-08 12:26:53
-----------------------------------------------------------------------------
Related Operation
Table 5-12 lists the related operation for disconnecting an online user.
Background Information
l Only the super user and administrators can delete the lower-level users other than
themselves.
l Users cannot delete themselves.
l User root cannot be deleted.
l An online user cannot be deleted. To delete an online user, you need to disconnect the user
first.
l Multiple users can be deleted at a time.
Procedure
Step 1 Run the undo terminal user name command to delete users.
Step 2 Run the display terminal user command to verify whether a user is deleted successfully.
----End
Example
To delete a user named huawei, do as follows:
huawei(config)#undo terminal user name
User Name(<=15 chars):huawei
Are you sure to delete the user?(y/n)[n]:y
This user has been deleted
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Profile Append
Num Info
----------------------------------------------------------------------------
root Super Online 1 root -----
----------------------------------------------------------------------------
Total record(s) number: 1
Related Operations
Table 5-13 lists the related operations for deleting a user.
6 Device Management
This topic describes the MA5600T management, which includes the shelf management and the
board management.
6.1 Overview
This topic describes the contents of the chapter and the board status.
6.2 Setting the Description of a Shelf
This topic describes how to set the description for a shelf to differentiate it from other shelves.
6.3 Resetting the Control Boards
This topic describes how to reset the control boards. When you need to reset the control boards
to run the newly-loaded program and the database, use this command.
6.4 Adding a Service Board Offline
This topic describes how to add a required service board in an idle slot and configure data of the
service board offline. After the corresponding service board is inserted, the board can start
immediately.
6.5 Confirming a Service Board
This topic describes how to confirm a service board that has been detected automatically.
6.6 Deleting a Service Board
This topic describes how to delete a service board that is no longer required.
6.7 Resetting a Service Board
This topic describes how to reset a service board when it is unstable.
6.8 Prohibiting a Service Board
This topic describes how to prohibit a service board. Through the operation, the service of the
board is suspended but not deleted and the dynamic resources are not released.
6.1 Overview
This topic describes the contents of the chapter and the board status.
Service Description
Device management involves the following:
l Shelf management
– Setting description of a shelf
– Querying description of a shelf
– Querying attributes of a shelf
l Control board management
– Resetting a control board
– Querying a control board
l Service board management
– Adding a service board offline
– Confirming a service board
– Deleting a service board
– Resetting a service board
– Prohibiting/Unprohibiting a service board
– Querying a service board
Board Status
Table 6-1 lists the service board status.
State Remarks
State Remarks
Procedure
Step 1 Run the frame set command to set the description of a shelf.
Step 2 Run the display frame desc command to query the description of a shelf.
----End
Example
To set the description of shelf 0, do as follows:
huawei(config)#frame set 0 desc adl
huawei(config)#display frame desc 0
--------------------------------------------------------
FrameID Frame description
--------------------------------------------------------
0 adl
--------------------------------------------------------
Related Operation
Table 6-2 lists the related operation for setting the description of a shelf.
Background Information
l The control boards include active control board and the standby control board.
l Resetting an active control board leads to the following two results:
– In the case of an active/standby configuration, the operation has no adverse impact on
the ongoing services.
– In the case there is no standby control board, the operation disconnects the control board
from all the service boards, that is, all service boards in the system are reset.
CAUTION
l The reset operation may cause loss to the unsaved data. Therefore, before the
operation, run the save command to save the system data.
l Reset the system only when necessary. In general, the system is reset after a new
application or a database is loaded.
l The board reset command cannot be used to reset the control boards.
l The reboot active command and the reboot standby command can be used to reset the
active control board and the standby control board respectively.
Procedure
Run the reboot command to reset the control board.
----End
Examples
To reset the active control board, do as follows:
huawei#reboot active
Please check whether data has saved, the unsaved data may lose if reboot
active board, are you sure to reboot active board? (y/n)[n]:y
Standby board failure or not exist, reboot active will cause system reboot,
are you sure to reboot active board? (y/n)[n]:y
Related Operations
Table 6-3 lists the related operations for resetting the control boards.
Query a board display board You can query the board type, board
status and port information.
Background Information
l After the service board is added offline, the service board becomes faulty. Only after a
service board of the configured type is inserted into this slot, the board becomes normal.
If a service board of a different type is inserted, the board keep resetting because the board
type is not matching.
l You can add a service board only in an idle slot.
Procedure
Step 1 Run the board add command to add a service board.
Step 2 Run the display board command to query the information on the board.
----End
Example
To add a service board in slot 0/2, do as follows:
huawei(config)#board add 0/4 h801gpbc
huawei(config)#display board 0
-------------------------------------------------------------------------
SlotID BoardName Status SubType0 SubType1 Online/Offline
-------------------------------------------------------------------------
0 H801CITA Normal
1
2 H801GPBC Failed Offline
3 H801GPBC Normal
4 H801GPBC Failed Offline
5
6 H801TOPA Failed NH1A Online
7
8
9 H801SCUL Active_normal
10
11
12
13
14
15
16
17
18
19 H801GICG Failed Online
20
21
22
-------------------------------------------------------------------------
Related Operation
Table 6-4 lists the related operation for adding a service board offline.
Background Information
After you insert a service board into an idle slot, the system automatically identifies the board
type and the board is in the auto-find state. To enable the board for normal service transmission,
you need to confirm this board.
Procedure
Step 1 Run the board confirm command to confirm a service board.
Step 2 Run the display board command to query the confirmed service board.
----End
Example
To confirm board 0/2, do as follows:
huawei(config)#board confirm 0/2
0 frame 2 slot board confirm successfully
Related Operation
Table 6-5 lists the related operation for confirming a service board.
Add a service board board add You can add a service board only
offline to an idle slot.
Background Information
l Before deleting a service board, you must delete its service data. If not, deleting the service
board fails.
l A service board in the auto-find state cannot be deleted.
Procedure
Run the board delete command to delete a service board.
----End
Example
To delete service board 0/2, do as follows:
huawei(config)#board delete 0/2
are you sure to delete this board? (y/n)[n]:y
Board delete successfully
Related Operation
Table 6-6 lists the related operation for deleting a service board.
Background Information
l The system generates a fault alarm after the reset operation, and a recovery alarm after the
board recovers.
l After a service board is reset and starts up successfully, it reports the registration
information to the control board. Then the control board recovers the data configuration of
the service board to recover the services.
Procedure
Run the board reset command to reset a service board.
----End
Example
To reset service board 0/1, do as follows:
Background Information
l A control board cannot be prohibited.
l A service board that is in the auto-find state and unconfirmed cannot be prohibited.
l Prohibiting a service board interrupts the services of the board.
Procedure
Step 1 Run the board prohibit command to prohibit a service board.
Step 2 Run the display board command to query the service board status.
----End
Example
To prohibit service board 0/2, do as follows:
huawei(config)#board prohibit 0/11
Prohibiting board will interrupt all services on this board, are you sure to
prohibit board? (y/n)[n]:y
Prohibited board successfully
Related Operation
Table 6-7 lists the related operation for prohibiting a service board.
This topic describes how to manage a remote user on the MA5600T, including the user
authentication, authorization, and accounting.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
7.1 Overview
This topic describes the remote user authentication and the authentication modes.
7.2 Related Concepts
This topic describes the concepts related to remote user authentication, including AAA,
RADIUS, SSH and 802.1xAAA, RADIUS and SSH.
7.3 Configuration Example of Remote User Authentication
This topic provides an example for authenticating the remote user so that the user can access the
network resources through the MA5600T.
7.4 Configuring the RADIUS
This topic describes the RADIUS configuration, including creating a RADIUS server template,
setting the IP address and port number of a RADIUS server, setting the shared key of the
RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum
retransmit count of RADIUS request packets, setting the RADIUS server type, setting the format
of user name sent to a RADIUS server.
7.5 Configuring 802.1x
This topic describes the 802.1x configuration, including configuring an 802.1x template,
enabling the 802.1x authentication on a port, configuring the control mode of a port, enabling
the 802.1x authentication globally, and enabling the DHCP-triggered authentication.
7.6 Configuring AAA
This topic describes the AAA configuration, including configuring an authentication scheme,
creating a domain, specifying the authentication scheme and binding the RADIUS server
template.
7.7 Configuring SSH
This topic describes the SSH configuration, including creating the local RSA key pair,
configuring the SSH user public key and configuring an SSH user.
7.1 Overview
This topic describes the remote user authentication and the authentication modes.
Service Description
Remote user authentication refers to the process of authenticating the users who remotely log
in to the MA5600T. Only the authenticated users can log in to the MA5600T to manage and
maintain it.
Service Specification
The MA5600T authenticates remote users in the following two ways:
l AAA/RADIUS
– In an authentication, authorization, and accounting (AAA)/Remote Authentication
Dial-In User Service (RADIUS) frame, the MA5600T functions as a network access
server (NAS). As for the RADIUS server, the MA5600T functions as a RADIUS client.
– The MA5600T forwards the user name and password of the login user to the RADIUS
server for authentication when the AAA/RADIUS function is enabled.
l Secure Shell (SSH)
– The SSH protocol is based on a client/server mode, using TCP for interconnections to
realize secure remote access to insecure networks.
What Is AAA
AAA provides a framework for the consistency configuration of authentication, authorization
and accounting. Actually, the AAA framework is used for network security management.
Advantages of AAA
Generally, the AAA framework adopts the server/client structure, where the server stores the
user information and the client runs on the managed resources side.
l Excellent expansibility
l Standardardized authentication schemes
l Centralized user management
l Multi-system based security mechanism
What Is RADIUS
As a management framework, AAA can be performed by a number of protocols. The RADIUS
protocol is commonly used to implement AAA.
l The RADIUS protocol is an information exchange protocol with the distributed server/
client structure. It is used to manage a large number of distributed dialup users.
l A RADIUS server manages a simple user database to provide the AAA function to the
users and to modify the service information of the users according to the service types and
rights.
l The users forward their AAA requests to the RADIUS server through an NAS.
Principles of RADIUS
l When a user tries to access another network (or some network resources) by setting up a
connection to the NAS through a network, the NAS forwards the user authentication and
accounting information to the RADIUS server. The RADIUS protocol specifies the means
of transmitting the user information and accounting information between the NAS and the
RADIUS server.
l The RADIUS server receives the connection requests of users sent from the NAS,
authenticates the user account and password contained in the user data, and returns the
required data to the NAS.
NOTE
l The NAS and the RADIUS server use a key to encrypt the data exchanged between them, thus
preventing the user password from being intercepted or stolen.
l The RADIUS configuration only defines the parameters related to the connections between the
NAS and the RADIUS server. To validate these parameters, you must specify the RADIUS
scheme in domain mode and specify the RADIUS mode for authentication and accounting.
What Is SSH
SSH RFC
The Internet Engineering Task Force (IETF) released an SSH RFC document. The SSH protocol
defined in the RFC document has two versions:
l SSHv1.5: The SSHv1.5 was issued earlier than the SSHv2. At present, a majority of SSHs
support this version.
l SSHv2: The SSHv2 is more standard and advanced than the SSHv1.5. It enhances security
and provides the file transfer function.
Advantages
The SSH protocol is based on a client/server mode. It uses TCP for interconnections to realize
secure remote access to insecure networks. Compared with telnet, SSH has the following
advantages:
l SSH supports the methods of using the password and RSA public key to authenticate clients.
l SSH supports data encryption standard (DES), 3DES, and AES to encrypt session data.
l When the SSH server communicates with the SSH client, both the user name and the
password are encrypted to prevent the password from being intercepted.
l SSH encrypts the data to guarantee security and reliability of the data during the
transmission.
l SSH supports authentication of a server.
l SSH supports the MD5 and SHA algorithms to identify the integrity of the session data to
guarantee authenticity of the session data and prevent the data from being altered
maliciously during the transfer process. SSH supports RSA authentication mode. In this
mode, SSH implements secure key exchange and authentication of the server by generating
public and private keys. These keys are generated according to the encryption principle of
the asymmetric encryption system. This guarantees the whole secure process of sessions.
What is 802.1x
802.1x (IEEE Std 802.1x-2001) is derived from the 802.11 protocol of Wireless Local Area
Network (WLAN), which is used for controlling the access and authentication of wireless users
at the link layer. After the expansion, 802.1x can use the Ethernet packets to bear data so that
802.1x can be employed to facilitate the Ethernet access or other wired access methods.
The access port (the physical port or the logical port) is under the control of the access device.
Before the authentication, the port is in the disabled state and users who are connected to this
port cannot access the network resources. If a user passes the authentication, the port is enabled
and users can access the permitted network resources.
Networking
Figure 7-1 shows an example network for configuring the remote user authentication.
The MA5600T connects the PC to the RADIUS server, and it supports the 802.1x feature. The
IP address of the primary RADIUS server is 10.10.10.1, and the IP address of the secondary
RADIUS server is 20.20.20.1. The IDs of the ports for authentication and accounting is 1812
and 1813 respectively. The 802.1x authentication mode is EAP-end, and the AAA authentication
scheme is RADIUS.
Figure 7-1 Example network for configuring the remote user authentication
10.10.10.1
Radius server
20.20.20.1
Router
G CON GE 0/19/0
P ETH
ESC
B
C
SCU MA5600T
Optical splitter
ONT
PC
Data Plan
Table 7-1 provides the data plan for configuring the remote user authentication.
Table 7-1 Data plan for configuring the remote user authentication
Item Data
VLAN: 10
VLAN: 10
Item Data
NOTE
l This topic provides information on configuration of the MA5600T only. For configuration of the
RADIUS server, refer to related documents. The RADIUS configuration profile contains the IP address
and port number of the RADIUS server. Configure other parameters such as RADIUS shared key and
RADIUS server type according to the normal practice.
l Currently, the MA5600T supports two authentication modes: RADIUS authentication and local
authentication.
Prerequisites
l The network devices and the lines must be in the normal state.
l All boards of the MA5600T must be in the normal state.
l The 802.1x client software has been installed on the PC, or the PC supports the DHCP-
triggered 802.1x authentication.
Configuration Flowchart
Figure 7-2 shows the flowchart for configuring the remote user authentication.
Start
Configuring an 802.1X
template
End
Procedure
Step 1 Configure the upstream port and the service port.
1. Create a VLAN.
huawei(config)#vlan 10 smart
huawei(config-dot1x-template3)#quit
huawei(config)#dot1x service-port 6
The configuration of the virtual profile for the RADIUS server must be the same as that of the remote RADIUS
server.
huawei(config-aaa-accounting-huawei)#quit
huawei(config-aaa)#quit
huawei(config)#radius-server template huawei
Note: Create a new server template
----End
Result
After the configuration on the RADIUS server is complete, log in to the MA5600T and type in
the user name in the format of "userid@huawei". If the RADIUS server contains the user name
and domain configuration, the user can log in to it and manage the devices.
RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum
retransmit count of RADIUS request packets, setting the RADIUS server type, setting the format
of user name sent to a RADIUS server.
7.4.1 Overview
This topic describes the specification and notes for configuring the RADIUS.
7.4.2 Creating a RADIUS Server Template
This topic describes how to create a RADIUS server template and enter the template
configuration mode.
7.4.3 Setting the IP Address and Port Number of a RADIUS Server
This topic describes how to set the IP address and UDP port number of the RADIUS server for
a new RADIUS server template.
7.4.4 Setting the Shared Key of the RADIUS Server
This topic describes how to set the shared key of the RADIUS server.
7.4.5 Setting the Response Timeout Interval of a RADIUS Server
This topic describes how to set the response timeout interval of a RADIUS server.
7.4.6 Setting the Maximum Number of Transmissions for the RADIUS Request Packets
This topic describes how to set the maximum number of transmissions for the RADIUS request
packets.
7.4.7 Setting the Format of the User Name Sent to a RADIUS Server
This topic describes how to set the format of the user name that is sent to a RADIUS server to
specify whether the user name contains the domain name.
7.4.1 Overview
This topic describes the specification and notes for configuring the RADIUS.
Specification
For the MA5600T, the RADIUS is configured based on each RADIUS server group.
In actual networking, a RADIUS server group can be any of the following:
l An independent RADIUS server
l A pair of primary/secondary RADIUS servers with the same configuration but different IP
addresses
The following lists the attributes of a RADIUS server template:
l IP addresses of primary and secondary servers
l Shared key
l RADIUS server type
NOTE
The RADIUS configuration only defines the parameters used for data exchange between the MA5600T
and the RADIUS server. To validate these parameters, you need to reference the RADIUS server group in
a domain. For details, see "7.6 Configuring AAA."
Background Information
l Before configuring the RADIUS, you must configure a RADIUS server template and enter
the template configuration mode.
l One RADIUS server template can be used by multiple domains at the same time.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter
RADIUS config mode.
Step 3 Run the display radius-server configuration command to query the created RADIUS server
template.
----End
Example
To create the RADIUS server template named radius1, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : huawei
Timeout-interval(in second) : 5
Retransmission : 3
Domain-included : yes
Primary-authentication-server : 0.0.0.0:0
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 0.0.0.0:0
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
Related Operation
Table 7-2 lists the related operation for creating a RADIUS server template
Background Information
l By default, the RADIUS servers may consist of the primary and secondary RADIUS
servers. The IP address of the primary and secondary RADIUS servers is 0.0.0.0.
l To ensure normal communication between the MA5600T and the RADIUS server, before
setting the IP address and UDP port number of the server, make sure that the route between
the MA5600T and the RADIUS server is in the normal state.
l Make sure that the port settings for the RADIUS service on the MA5600T must be
consistent with the port settings on the RADIUS server.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter
RADIUS config mode.
Step 2 Run the radius-server authentication command to configure the primary RADIUS server.
Step 3 Run the radius-server authentication secondary command to configure the secondary
RADIUS server.
Step 5 Run the display radius-server configuration command to query the IP address and port number
of the RADIUS servers.
----End
Example
To set the IP address and port number of the primary RADIUS server as 10.10.10.1 and 1812
respectively, and the IP address and port number of the secondary RADIUS server as 10.10.10.2
and 1812 respectively, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server authentication 10.10.10.1 1812
huawei(config-radius-radius1)#radius-server authentication 10.10.10.2 1812
secondary
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : huawei
Timeout-interval(in second) : 5
Retransmission : 3
Domain-included : yes
Primary-authentication-server : 10.10.10.1:1812
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 10.10.10.2:1812
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
Related Operation
Table 7-3 lists the related operation for setting the IP address and port number of a RADIUS
server.
Table 7-3 Related operation for setting the IP address and port number of a RADIUS server
To… Run the Command…
Background Information
l By default, the key is "huawei".
l The RADIUS client (namely the MA5600T) and the RADIUS server use the MD5
algorithm to encrypt the packets exchanged between them. Both the MA5600T and the
RADIUS server are configured with shared keys to verify the validity of packets. They
respond to the received packets only when the keys at both ends are identical.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter
RADIUS config mode.
Step 2 Run the radius-server shared-key command to set the shared key of the RADIUS server.
Step 3 Run the quit command to exit RADIUS config mode.
Step 4 Run the display radius-server configuration command to query the shared key of the RADIUS
server.
----End
Example
To set the shared key of a RADIUS server as "radius2004", do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server shared-key radius2004
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : radius2004
Timeout-interval(in second) : 5
Retransmission : 3
Domain-included : yes
Primary-authentication-server : 10.10.10.1:1812
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 10.10.10.2:1812
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
Background Information
l After the MA5600T sends RADIUS request packets to the RADIUS server, if no response
from the RADIUS server is received after the timeout interval, the MA5600T resends these
packets to the RADIUS server to ensure that the users can obtain the RADIUS service.
l By default, the timeout interval is 5s.
Procedure
Step 1 Run the radius-server template command to create a RADIUS template and enter RADIUS
config mode.
Step 2 Run the radius-server timeout command to set the response timeout interval of a RADIUS
server.
Step 4 Run the display radius-server configuration command to query the response timeout interval
of the RADIUS server.
----End
Example
To set the response timeout interval of a RADIUS server to 10s, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server timeout 10
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Retransmission : 3
Domain-included : yes
Primary-authentication-server : 10.10.10.1:1812
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 10.10.10.2:1812
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
Related Operation
Table 7-4 lists the related operation for setting the response timeout interval of a RADIUS server.
Table 7-4 Related operation for setting the response timeout interval of a RADIUS server
Background Information
l If no response has been received from the RADIUS server within the response timeout time
specified by the timeout timer, the MA5600T resends the request packets to the RADIUS
server. When the number of transmissions exceeds the specified maximum value, the
MA5600T considers that its connection to the RADIUS server is interrupted, and then sends
the request packets to another RADIUS server.
l By default, the maximum number of transmissions for the RADIUS request packets is 3.
l You can modify the configuration of a RADIUS server template. If there is an online user
who is using the RADIUS server template, the new configuration effects only after the user
gets online the next time.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter
RADIUS config mode.
Step 2 Run the radius-server retransmit command to configure the maximum number of
transmissions for the RADIUS request packets.
Step 4 Run the display radius-server configuration command to query the maximum number of
transmissions for the RADIUS request packets.
----End
Example
To set the maximum number of transmissions for the RADIUS request packets to 5, do as
follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server retransmit 5
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Retransmission : 5
Domain-included : yes
Primary-authentication-server : 10.10.10.1:1812
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 10.10.10.2:1812
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
Related Operation
Table 7-5 lists the related operation for setting the maximum number of transmissions for the
RADIUS request packets.
Table 7-5 Related operation for setting the maximum number of transmissions for the RADIUS
request packets
7.4.7 Setting the Format of the User Name Sent to a RADIUS Server
This topic describes how to set the format of the user name that is sent to a RADIUS server to
specify whether the user name contains the domain name.
Background Information
l By default, a user name sent to a RADIUS server contains the domain name.
l The names of the access users are generally in the format of "userid@domain-name". The
part following "@" is the domain name. The MA5600T learns the domains of users based
on their respective domain names.
l Some earlier RADIUS servers reject the user names that contain domain names. In this
case, you can run the undo radius-server user-name domain-included command to
specify that the user name to be sent to a RADIUS server carries no domain name.
l If a RADIUS server group does not accept user names that carry domain names, make sure
that the RADIUS server group is not used at the same time in two or more domains. This
is because users of different domains with the same user name can be mistaken as the same
user by the RADIUS when it is receiving these user names at the same time.
l You can modify the configuration of a RADIUS server template. If there is an online user
who is using the RADIUS server template, the new configuration can take effect only after
the user gets online next time.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the (undo)radius-server user-name domain-included command to set whether the user
name that is sent to RADIUS server contains a domain name.
Step 4 Run the display radius-server configuration command to query the format of a user name that
is sent to the RADIUS server.
----End
Examples
To specify that a user name to be sent to a RADIUS server contains no domain name, do as
follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#undo radius-server user-name domain-included
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Retransmission : 5
Domain-included : no
Primary-authentication-server : 10.10.10.1:1812
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 10.10.10.2:1812
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
To specify that a user name to be sent to a RADIUS server contains a domain name, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server user-name domain-included
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Retransmission : 5
Domain-included : yes
Primary-authentication-server : 10.10.10.1:1812
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 10.10.10.2:1812
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
Background Information
l The default 802.1x template is template 1 in the system. The default 802.1x template can
be modified but cannot be deleted.
l When you create an 802.1x template, all the parameters in the template have default
settings. By default, keep-alive in the 802.1x template is disabled. You can configure the
permitted handshake failure times to enable the keep-alive. By default, reauthentication is
enabled.
Procedure
Step 1 Run the dot1x-template command to enter dot1x-template mode.
Step 2 Run the keepalive retransmit command to configure the number of handshake failures allowed.
Step 3 Run the keepalive interval command to set the keep-alive interval.
Step 4 Run the reauthentication interval command to set the reauthentication interval.
Step 5 Run the authentication timeout command to set the timeout interval of the server.
Step 6 Run the request interval command to set the timeout interval of the client.
Step 7 Run the request retransmit command to configure the number of times for retransmitting
packets to the client.
Step 8 Run the quiet-period command to configure the quiet period after the authentication
configuration on the client fails. In the quiet period, the system does not respond to authentication
requests.
Step 9 Run the eap-end command to configure the authentication mode as EAP-end.
Step 11 Run the display dot1x-template command to query the configuration of the 802.1x template.
----End
Example
Assume the following:
l Permitted handshake failure times: 3
l Reauthentication interval: 100s
l Timeout interval of the server: 150s
l Timeout interval of the client: 30s
l Times for retransmitting packets to the client: 3
l Quiet period: 15s
l Authentication mode: EAP-end
To create 802.1x template 6, do as follows:
huawei(config)#dot1x-template 6
huawei(config-dot1x-template6)#keepalive retransmit 3
huawei(config-dot1x-template6)#keepalive interval 10
huawei(config-dot1x-template6)#reauthentication interval 100
huawei(config-dot1x-template6)#authentication timeout 150
huawei(config-dot1x-template6)#request interval 30
huawei(config-dot1x-template6)#request retransmit 3
huawei(config-dot1x-template6)#quiet-period 15
huawei(config-dot1x-template6)#eap-end
huawei(config-dot1x-template6)#quit
huawei(config)#display dot1x-template 6
Template Number : 6
Authentication Timeout : 150
KeepAlive Switch : enable
KeepAlive Interval : 10
KeepAlive Retransmit Times : 3
ReAuthentication Switch : enable
ReAuthentication Interval : 100
Request Interval : 30
Request Retransmit Times : 3
Quiet-Period : 15
Eap-Mode : eap-end
Related Operations
Table 7-6 lists the related operations for configuring an 802.1x template.
Background Information
l On the GPON service board, you can enable the 802.1x authentication on a service port
and not on a physical port.
l To reduce the occurrence of the abnormal logout caused by the change in the 802.1x
configuration, the configuration of the 802.1x template and the port on the MA5600T does
not take effect immediately. You must run the dot1x enable command to enable the 802.1x
authentication. Only then the configuration takes effect.
l After the 802.1x authentication is disabled, the parameter configuration is retained. When
the 802.1x authentication is enabled again, the configuration takes effect.
Procedure
Enable the 802.1x authentication based on the service port
1. Run the dot1x service-port command to enable the 802.1x authentication based on the
service port.
2. Run the display dot1x service-port command to query the 802.1x configuration of the
specified service port.
----End
Examples
To enable the 802.1x authentication of service port 8, do as follows:
huawei(config)#dot1x service-port 8
huawei(config)#display dot1x service-port 8
FlowID : 8
Authentication State : unauthorized
Authentication Mode : auto
User-Name :
Framed-Pool :
Related Operations
Table 7-7 lists the related operations for enabling the 802.1x authentication on a port.
Table 7-7 Related operations for enabling the 802.1x authentication on a port.
To... Run the Command... Remarks
Background Information
l By default, the control mode of a port for which the 802.1x authentication is enabled, is
automatic. In this mode, users can access the network resources only after the
authentication.
l When the control mode of a port is force-authorized, the port is enabled and users can
access the network resources without authentication. When the control mode of a port is
force-unauthorized, the port is disabled and users cannot access the network resources.
l On the GPON service board, you can configure the control mode on a service port and not
on a physical port.
Procedure
Step 1 Run the dot1x port-control command to configure the 802.1x authentication mode of the
specified port.
Step 2 Query the 802.1x configuration of the specified port.
l Run the display dot1x service-port command to query the 802.1x configuration of the
specified service port.
----End
Example
To configure the control mode of the 802.1x authentication for service port 6 as force-
authorized, do as follows:
huawei(config)#dot1x port-control force-authorized service-port 6
huawei(config)#display dot1x service-port 6
FlowID : 6
Authentication State : -
Authentication Mode : force-authorized
User-Name :
Framed-Pool :
Related Operations
Table 7-8 lists the related operations for configuring the control mode of a port.
Table 7-8 Related operations for configuring the control mode of a port
Background Information
l By default, the 802.1x authentication of the device is disabled.
l To minimize the occurrence of the abnormal logout caused by the change in the 802.1x
configuration, the configuration of the 802.1x template and the port on the MA5600T does
not take effect immediately. You must enable the 802.1x authentication and then the
configuration takes effect.
l After the 802.1x authentication is disabled, the parameter configuration is retained. When
the 802.1x authentication is enabled again, the configuration takes effect.
Procedure
Step 1 Run the dot1x enable command to enable the 802.1x authentication globally.
Step 2 Run the display dot1x command to query the global state of the 802.1x authentication.
----End
Example
To enable the 802.1x authentication globally, do as follows:
huawei(config)#dot1x enable
It will take several minutes to dot1x enable, please wait...
huawei(config)#display dot1x
{ <cr>|port<K>|service-port<K>|statistics<K> }:
Command:
display dot1x
802.1x global status : enable
802.1x dhcp-trigger status : disable
Related Operations
Table 7-9 lists the related operations for enabling the 802.1x authentication globally.
Table 7-9 Related operations for enabling the 802.1x authentication globally
To... Run the Command... Remarks
Background Information
l By default, the DHCP-triggered 802.1x authentication is disabled.
l The DHCP-triggered 802.1x authentication facilitates the devices that do not support the
802.1x client-triggered authentication to implement the 802.1x authentication.
Procedure
Step 1 Run the dot1x dhcp-trigger enable command to enable the DHCP-triggered 802.1x
authentication.
Step 2 Run the display dot1x command to query the global state of the 802.1x authentication.
----End
Example
To enable the DHCP-triggered 802.1x authentication, do as follows:
huawei(config)#display dot1x
{ <cr>|port<K>|service-port<K>|statistics<K> }:
Command:
display dot1x
802.1x global status : enable
802.1x dhcp-trigger status : enable
Related Operation
Table 7-10 lists the related operations for enabling the DHCP-triggered 802.1x authentication.
Table 7-10 Related operations for enabling the DHCP-triggered 802.1x authentication
When you need to configure the remotely managed users to contain the domain information for
authentication, This topic describes how to specify an authentication scheme for a domain.
7.6.8 Specifying an Accounting Scheme
This topic describes how to specify an accounting scheme for a domain for the purpose of
accounting.
7.6.9 Referencing an 802.1x Template
This topic describes how to reference an 802.1x template for a domain.
Background Information
l The MA5600T supports the authentication through the RADIUS server.
l After an authentication scheme is configured, it is validated when it is referenced by a
domain. A domain defines one type of users.
l To adopt radius as the authentication mode, you must configure the RADIUS protocol for
the MA5600T (for details, see "7.4 Configuring the RADIUS") and configure the related
user information on the remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the authentication-scheme command to configure an authentication scheme.
Step 3 Run the authentication-mode radius command to configure the authentication mode of the
scheme.
Step 4 Run the quit command to exit authentication mode.
Step 5 Run the display authentication-scheme command to query the configured authentication
scheme.
----End
Example
To configure authentication scheme "huawei", with the authentication mode of RADIUS, do as
follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme huawei
huawei(config-aaa-authen-huawei)#authentication-mode radius
huawei(config-aaa-authen-huawei)#quit
huawei(config-aaa)#display authentication-scheme
{ <cr>|string<S><1,32> }:
Command:
display authentication-scheme
---------------------------------------------------------------------------
Authentication-scheme-name Authentication-mode
---------------------------------------------------------------------------
default Local authentication
Related Operations
Table 7-11 lists the related operations for configuring an authentication scheme.
Query AAA display aaa configuration You can query the usage of
configuration the configuration resources
of the authentication scheme
table.
Background Information
l After configuring an accounting scheme, reference it for setting a user domain (the user
type has been specified) to bring it into operation.
l Before you reference the radius accounting scheme, you must configure the RADIUS
protocol (for details, see "7.4 Configuring the RADIUS") and configure the related user
information on the remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the accounting-scheme command to create an AAA accounting scheme and enter the
corresponding configuration mode.
Step 3 Run the quit command to exit the accounting mode.
Step 4 Run the display accounting-scheme command to query the configuration of the accounting
scheme.
----End
Example
To create an AAA accounting scheme named huawei, do as follows:
huawei(config)#aaa
huawei(config-aaa)#accounting-scheme huawei
Note: Create a new accounting scheme
huawei(config-aaa-accounting-huawei)#quit
Related Operations
Table 7-12 lists the related operations for configuring an accounting scheme.
Configure the interval accounting interim interval When the accounting mode
for real-time is RADIUS, by default, the
accounting real-time accounting is
disabled.
Show AAA display aaa configuration You can query the usage of
configuration the resources configured on
the accounting scheme table.
Background Information
l The MA5600T supports the RADIUS accounting mode. By default, the accounting mode
is none.
l After configuring an accounting scheme, reference it for setting a user domain (the user
type has been specified) to bring it into operation.
l Before you reference the radius accounting scheme, you must configure the RADIUS
protocol (for details, see "7.4 Configuring the RADIUS.") and also configure the related
user information on the remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the accounting-scheme command to create an AAA accounting scheme and enter the
corresponding configuration mode, or enter the mode of the specified accounting scheme.
Step 3 Run the accounting-mode command to configure the accounting mode.
Step 5 Run the display accounting-scheme command to query the configuration of the accounting
scheme.
----End
Example
To configure the accounting mode of the AAA accounting scheme of huawei as RADIUS, do
as follows:
huawei(config)#aaa
huawei(config-aaa)#accounting-scheme huawei
huawei(config-aaa-accounting-huawei)#accounting-mode radius
huawei(config-aaa-accounting-huawei)#quit
huawei(config-aaa)#display accounting-scheme huawei
---------------------------------------------------------------------------
Accounting-scheme-name : huawei
Accounting-mode : RADIUS accounting
Realtime-accounting-switch : Open
Realtime-accounting-interval(min) : 20
---------------------------------------------------------------------------
Related Operations
Table 7-13 lists the related operations for configuring an accounting mode.
Configure the interval accounting interim interval When the accounting mode
for real-time is RADIUS, by default, the
accounting real-time accounting is
disabled.
Show AAA display aaa configuration You can query the usage of
configuration the resources configured on
the accounting scheme table.
Background Information
When the accounting mode is RADIUS, by default, the real-time accounting is disabled.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the accounting-scheme command to create an AAA accounting scheme and enter the
corresponding configuration mode, or enter the mode of the specified accounting scheme.
Step 3 Run the accounting interim interval command to configure the interval for the real-time
accounting.
Step 5 Run the display accounting-scheme command to query the configuration of the accounting
scheme.
----End
Example
To configure the interval for the real-time accounting of the AAA accounting scheme of huawei
as 30 minutes, do as follows:
huawei(config)#aaa
huawei(config-aaa)#accounting-scheme huawei
huawei(config-aaa-accounting-huawei)#accounting interim interval 30
huawei(config-aaa-accounting-huawei)#quit
huawei(config-aaa)#display accounting-scheme huawei
---------------------------------------------------------------------------
Accounting-scheme-name : huawei
Accounting-mode : RADIUS accounting
Realtime-accounting-switch : Open
Realtime-accounting-interval(min) : 30
---------------------------------------------------------------------------
Related Operations
Table 7-14 lists the related operations for configuring the interval for the real-time accounting.
Table 7-14 Related operations for configuring the interval for the real-time accounting.
Show AAA display aaa configuration You can query the usage of
configuration the resources configured on
the accounting scheme table.
Background Information
l A domain is a group of users with the same attributes.
l For a user name in the format of "userid@domain-name", such as
huawei20041028@huawei.net, the "huawei.net" following "@" is the domain name, and
the "userid" is the user name for identity authentication.
l The length of the domain name used for login should be equal to or less than 15 characters.
The length of other domain names should be equal to or less than 20 characters.
Procedure
Step 1 Run the aaa command to enter AAA mode.
----End
Example
To create a domain named huawei.net, do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#display domain
{ <cr>|string<S><1,20> }:
Command:
display domain
-----------------------------------------------------------------------
Domain name Online
-----------------------------------------------------------------------
default 0
huawei.net 0
-----------------------------------------------------------------------
Total 2,2 printed
Related Operations
Table 7-15 lists the related operations for creating a domain.
Prerequisite
You must configure a RADIUS server template before this operation. For details, see "7.4
Configuring the RADIUS."
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode.
Step 3 Run the radius-server template command to bind a RADIUS server template with the AAA
domain.
Step 5 Run the display domain command to query the information on the domain.
----End
Example
To bind "radius1" as the RADIUS server template of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#radius-server template radius1
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Authentication-scheme-name : default
Accounting-scheme-name : default
Radius-server-template : radius1
Dot1x-template-number : 1
Online-number : 0
-------------------------------------------------------------------
Related Operation
Table 7-16 lists the related operation for binding the RADIUS server template.
Table 7-16 Related operation for binding the RADIUS server template
Cancel the reference of a undo radius-server template Run the command in domain
RADIUS server template mode to cancel the reference
of the RADIUS server
template.
Background Information
l An authentication scheme defines the policy to authenticate all the users of an ISP domain.
l An authentication scheme can be referenced by a domain only after it is created.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode.
Step 5 Run the display domain command to query the information on the domain.
----End
Example
To specify huawei as the authentication scheme of domain huawei.net, do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#authentication-scheme huawei
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Authentication-scheme-name : huawei
Accounting-scheme-name : default
Radius-server-template : -
Dot1x-template-number : 1
Online-number : 0
-------------------------------------------------------------------
Related Operations
Table 7-17 lists the related operations for specifying the authentication scheme.
Query AAA display aaa configuration You can query the usage of
configuration configuration resources of a
domain.
Prerequisite
Before specifying a scheme for a domain, you need to create the scheme.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode.
Step 3 Run the accounting-scheme command to specify the accounting scheme.
Step 4 Run the quit command to exit domain mode.
Step 5 Run the display domain command to query the information on the domain.
----End
Example
To specify "huawei" as the accounting scheme of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#accounting-scheme huawei
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Authentication-scheme-name : huawei
Accounting-scheme-name : huawei
Radius-server-template : -
Dot1x-template-number : 1
Online-number : 0
-------------------------------------------------------------------
Related Operations
Table 7-18 lists the related operations for specifying an accounting scheme.
Query AAA display aaa configuration You can query the usage of
configuration resources configured on the
domain.
Prerequisite
You need to configure the 802.1x template before you reference it. For details on the
configuration, see "7.5.1 Configuring an 802.1x Template."
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode.
Step 3 Run the dot1x-template command to bind an 802.1x template with a domain.
Step 4 Run the quit command to exit domain mode.
Step 5 Run the display domain command to query the information of the domain.
----End
Example
To configure the domain huawei.net and enable the domain to implement the authentication by
using the 802.1x template, do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#dot1x-template 3
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Authentication-scheme-name : default
Accounting-scheme-name : default
Radius-server-template : radius1
Dot1x-template-number : 3
Online-number : 0
-------------------------------------------------------------------
Related Operation
Table 7-19 lists the related operation for referencing an 802.1x template.
Background Information
l The key size ranges from 512 bits to 2048 bits. You can change it to 512, 1024, or 2048
bits as required. By default, it is 512 bits.
l Before using the SSH service for the first time, you must run the rsa local-key-pair
create command.
l If you destroy the SSH server host key pair and service key pair, you must create a new
SSH server host key pair and service key pair.
Procedure
Step 1 Run the rsa local-key-pair create command to create the local RSA key pair.
Step 2 Run the display rsa local-key-pair public command to query the local RSA key pair.
----End
Example
To set the name of the local RSA key pair to huawei_Host and set the length of the password to
1024, do as follows:
huawei(config)#rsa local-key-pair create
The key name will be: huawei_Host
% RSA keys defined for huawei_Host already exist.
Confirm to replace them? [y/n]:y
The range of public key size is (512 ~ 2048).
Related Operation
Table 7-20 lists the related operation for creating a local RSA key pair.
Table 7-20 Related operation for creating a local RSA key pair
To… Run the Command…
Configuration Flowchart
Figure 7-3 shows the flowchart for configuring the SSH user public key.
Figure 7-3 Flowchart for configuring the SSH user public key
Start
Enter config-rsa-public-key
mode
End
Procedure
Step 1 Run the rsa peer-public-key command to enter rsa-public-key mode.
Step 2 Run the public-key-code begin command to enter public key edit mode.
Step 3 Input the user public key.
Step 4 Run the public-key-code end command to exit public key edit mode.
Step 5 Run the peer-public-key end command to exit to global config mode.
Step 6 Run the display rsa peer-public-key command to query the SSH user public key.
----End
Example
To paste the conversed user public key in the current system, do as follows:
huawei(config)#rsa peer-public-key key
huawei(config-rsa-public-key)#public-key-code begin
huawei(config-rsa-key-code)#30450240 B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E
huawei(config-rsa-key-code)#FD00ED66 B8B5E954 2B053A82 131B967C 8DDC1176 0746A8BB
huawei(config-rsa-key-code)#C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F 020125
huawei(config-rsa-key-code)#public-key-code end
huawei(config-rsa-public-key)#peer-public-key end
huawei(config)#display rsa peer-public-key
{ <cr>|brief<K>|name<K> }:
Command:
display rsa peer-public-key
=====================================
Key name: key
=====================================
Key Code:
3045
0240
Background Information
SSH user authentication is classified as follows:
Procedure
Step 1 Run the ssh user assign rsa-key command to set the RSA public key of SSH user.
Step 2 Run the ssh user authentication-type rsa command to set the RSA authentication mode of SSH
user.
Step 3 Run the display ssh user-information command to query the authentication mode of an SSH
user.
----End
Example
To set the RSA public key of SSH user huawei as key, and the authentication mode as RSA, do
as follows:
huawei(config)#ssh user huawei assign rsa-key key
huawei(config)#ssh user huawei authentication-type rsa
huawei(config)#display ssh user-information
{ <cr>|string<S><1,16> }:
Command:
display ssh user-information
Username Authentication-type User-public-key-name Service-type
huawei rsa key stelnet
Related Operations
Table 7-21 lists the related operations for configuring an SSH user.
Delete the RSA public key of an undo ssh user assign rsa-key
SSH user
8 VLAN Configuration
This topic describes how to configure the VLANs supported by the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
8.1 Overview
This topic describes the VLAN technology, and also the count, types and attributes of the VLANs
supported by the MA5600T.
8.2 Configuration Example of a VLAN
This topic provides an example for configuring a MUX VLAN to implement the ADSL2+ access
service. For the configuration examples of VLANs of other types, see "8.1 Overview."
8.3 Configuration Example of a MUX VLAN
This topic provides an example for configuring a MUX VLAN to implement the GPON access
service. For the configuration example of VLANs of other types, see "8.1 Overview."
8.4 Creating a VLAN
This topic describes how to create a VLAN or VLANs of the same type in batches. To control
the communication between different ports of a device, you need to create the VLAN to logically
group the ports into different subnets.
8.5 Configuring the VLAN Attribute
This topic describes how to configure the VLAN attribute. You can configure the VLAN attribute
to QinQ, stacking or common as required.
8.6 Setting the Inner and Outer Ethernet Protocols Type of a VLAN Stacking
This topic describes how to set the inner and outer Ethernet protocol type that a stacking VLAN
supports. The inner VLAN tag does not adopt the standard 802.1q protocol. Therefore, to enable
the interconnection between the MA5600T and the devices of other vendors, you must configure
the inner and outer Ethernet protocol type of a stacking VLAN to be the same as the inner and
outer Ethernet protocol type of the interconnected devices.
8.7 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN
This topic describes how to set the inner VLAN priority of the service port in a stacking VLAN.
To classify different users, you can configure the important user packets with higher priorities.
In this way, these packets can be processed first.
8.8 Adding an Upstream Port to a VLAN
This topic describes how to add an upstream port to a VLAN. To transmit the user packets with
the VLAN tag through the upstream port, you must add the upstream port to a VLAN.
8.9 Adding a Service Port to a VLANAdding Service Port(s) to a VLAN
This topic describes how to add a service port to a VLAN. This topic describes how to add
service port(s) to a VLAN. The service port is used for user access. For the user connected to a
user port of the MA5600T through a terminal, the service traffic of this user is borne on one
service port of the user port.
8.10 Adding Service Ports in Batches
This topic describes how to add service ports in batches. The MA5600T supports the function
of adding multiple service ports on an ADSL2+ board, a SHDSL board, or a VDSL board to a
smart VLAN. The MA5600T also supports the function of adding multiple service ports on one
or more ADSL2+, SHDSL, or VDSL boards to different successive MUX VLANs at a time.
8.11 Configuring the Description of a Service Port
This topic describes how to configure the description of a service port. Then the service ports
are identified and classified based on the description to facilitate the management and
maintenance of users or services.
8.1 Overview
This topic describes the VLAN technology, and also the count, types and attributes of the VLANs
supported by the MA5600T.
Service Description
Virtual local area network (VLAN) technology is a technology used to form virtual workgroups
by logically grouping the devices of a LAN into different subtnets. The Institute of Electrical
and Electronics Engineers (IEEE) issued draft IEEE 802.1q in 1999, aiming at standardizing
VLAN implementations.
For details on the VLAN feature, refer to "VLAN" in the MA5600T Feature Description.
Service Specification
The MA5600T supports up to 4K VLANs.
The MA5600T supports the following types of VLANs:
l Standard VLAN
l Smart VLAN
l MUX VLAN
l Super VLAN
Smart VLAN A smart VLAN can contain multiple xDSL It is applied to xDSL
service ports. The service streams of any two access, such as the Internet
service ports in a smart VLAN are isolated. access service for
The service streams of different VLANs are residential users.
also isolated from each other. A smart VLAN Applied to GPON access,
can serve multiple users, thus saving VLAN such as residential areas to
resources. provide access to the
A smart VLAN can contain multiple GPON Internet.
service ports. Service streams of these ports For the configuration of the
in a smart VLAN are isolated from each smart VLAN, see
other. Service streams of different VLANs "Configuration Example
are also isolated from each other. A smart of the ADSL2+ PPPoE/
VLAN can serve multiple users, thus saving IPoE Service25.2
VLAN resources. Configuration Example
of the GPON Service."
MUX VLAN A MUX VLAN can contain only one xDSL It is applied to xDSL
service port. Service streams of different access for the purpose of
VLANs are isolated from each other. One-to- distinguishing users by
one mapping can be set up between a MUX VLANs.
VLAN and an access user. In this way, a It is applied to GPON
MUX VLAN can uniquely identify an access access for the purpose of
user. distinguishing users by
A MUX VLAN can contain only one GPON VLANs.
service port. Service streams of different For the configuration of the
VLANs are isolated from each other. One-to- MUX VLAN, see "8.2
one mapping can be set up between a MUX Configuration Example
VLAN and an access user. In this way, a of a VLAN8.3
MUX VLAN can uniquely identify an access Configuration Example
user. of a MUX VLAN."
Super VLAN A super VLAN is a layer 3 (an L3)-based It is used for saving IP
VLAN. It consists of multiple sub VLANs. address resources, thus
The sub VLANs can communicate with each improving the usage
other based on the ARP proxy feature. A sub efficiency of IP addresses.
VLAN can be a smart VLAN or a MUX For the configuration of the
VLAN. super VLAN, see "10.2
ARP Proxy
Configuration Example."
l Common
l QinQ
l Stacking
Common A VLAN with this attribute can be used as an L2 VLAN. You can create
an L3 virtual interface for a common VLAN if necessary.
QinQ When a packet contains the tag of a VLAN with the QinQ attribute, the
packet contains two VLAN tags:
l Inner VLAN tag from the private network
l Outer VLAN tag allocated by the MA5600T
Through the outer VLAN tag, an L2 VPN tunnel can be set up to
transparently transmit service data among private networks. For details on
the QinQ VLAN, see "29 QinQ VLAN Private Line Service
Configuration."
Stacking When a packet contains the tag of a VLAN with the stacking attribute, the
packet contains two VLAN tags allocated by the MA5600T: inner VLAN
tag and outer VLAN tag.
The upper layer BRAS can authenticate users based on the double VLAN
tags, thus increasing the number of access users. The upper layer network
working in L2 mode can forward packets based on the outer VLAN tag +
MAC to provide the wholesale service function for ISPs. For details on the
stacking VLAN, see "28 VLAN Stacking Wholesale Service
Configuration."
Networking
Figure 8-1 shows an example network for configuring a MUX VLAN.
In this example network, the PCs are connected to the MA5600T through modems. PC1 and
PC2 belong to different MUX VLANs. On the control board of the MA5600T, the packets from
PC1 and PC2 are differentiated by the VLAN, and transmitted to the upper layer network.
Router
A CON
ETH
D ESC
L
F GE 0/9/0
SCU MA5600T
Modem Modem
PC1 PC2
Data Plan
Table 8-3 provides the data plan for configuring a MUX VLAN.
Item Data
Prerequisites
l The network devices and lines must be in the normal state.
l All the boards of the MA5600T must be in the normal state.
l The VPI/VCI of the modem is 0/35.
Configuration Flowchart
Figure 8-2 shows the flowchart for configuring a MUX VLAN.
Start
End
Procedure
Step 1 Create MUX VLANs.
huawei(config)#vlan 20 mux
huawei(config)#vlan 21 mux
----End
Result
After the configuration, both PC1 and PC2 can access the Internet, but they cannot communicate
with each other.
Networking
Figure 8-3 shows an example network for configuring a MUX VLAN.
Router
MA5600T SCU
G CON GE 0/19/0
ETH
P
ESC
B
C
Optical
splitter
Level-1 split ratio 1:2
ONT
Level-2 split ratio
1:32
PC
Data Plan
Table 8-4 provides the data plan for configuring a MUX VLAN.
Item Data
Item Data
Prerequisites
l The network devices and lines must be in the normal state.
l All the boards of the MA5600T must be in the normal state.
l The ONT has been configured and the configuration data of the ONT must be consistent
with that of the OLT.
Configuration Flowchart
Figure 8-4 shows the flowchart for configuring a MUX VLAN.
Add an ONT
Add a service port
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 20 mux
----End
Result
After the configuration, the PC can access the Internet.
Prerequisite
The ID of the VLAN to be added does not exist in the system.
Background Information
The MA5600T supports up to 4000 VLANs and some VLANs are reserved for the system.
NOTE
l By default, 15 VLANs are reserved in the system, and the VLAN ID is in the range of 4079-4093.
l You can run the vlan reserve command to configure the reserved VLANs in the MA5600T.
Procedure
Step 1 Run the vlan command to add a VLAN.
Step 2 Run the display vlan command to query the VLAN information.
----End
Examples
To add a standard VLAN with the VLAN ID of 2, do as follows:
huawei(config)#vlan 2 standard
huawei(config)#display vlan 2
{ <cr>|to<K> }:
Command:
display vlan 2
VLAN ID: 2
VLAN type: standard
VLAN attribute: common
Standard port number: 0
Service virtual port number: 0
To add 10 standard VLANs with VLAN IDs ranging from 1000 to 1009, do as follows:
huawei(config)#vlan 1000 to 1009 standard
It will take several minutes, and console may be timeout, please use command
idle-timeout to set time limit
Are you sure to add VLANs? (y/n)[n]:y
huawei#display vlan all
{ <cr>|vlantype<E><mux,standard,smart,super>|vlanattr<K> }:
Command:
display vlan all
---------------------------------------------------------
VLAN Type Attribute STND-Port NUM SERV-Port NUM
---------------------------------------------------------
1 MUX common 8 0
2 standard common 0 0
1000 standard common 0 0
1001 standard common 0 0
1002 standard common 0 0
1003 standard common 0 0
1004 standard common 0 0
1005 standard common 0 0
1006 standard common 0 0
1007 standard common 0 0
1008 standard common 0 0
1009 standard common 0 0
---------------------------------------------------------
Total: 12
Note : STND-Port--standard port, SERV-Port--service virtual port
Related Operations
Table 8-5 lists the related operations for creating a VLAN.
Display VLAN display statistics vlan The traffic statistics of the service ports
traffic statistics in a VLAN are collected.
Prerequisite
The VLAN with its attribute to be configured is already added by running the vlan command.
Background Information
l The attribute of the default VLAN (VLAN 1) cannot be configured to QinQ or stacking.
l When the attribute of a smart VLAN or a MUX VLAN is common, you can configure the
attribute of the VLAN to QinQ or stacking. The attribute of a super VLAN or a standard
VLAN cannot be configured to QinQ or stacking.
l The attribute of a VLAN cannot be changed from QinQ to stacking or from stacking to
QinQ directly.
Procedure
Step 1 Run the vlan attrib command to configure the VLAN attribute.
Step 2 Run the display vlan command to display the VLAN attribute.
----End
Example
To configure the attribute of smart VLAN 10 to QinQ, do as follows:
huawei(config)#vlan attrib 10 q-in-q
huawei(config)#display vlan 10
{ <cr>|to<K> }:
Command:
display vlan 10
VLAN ID: 10
VLAN type: smart
VLAN type: smart
VLAN attribute: QinQ
VLAN description:
------------------------------
F/S /P Native VLAN State
------------------------------
0/9/0 2 down
------------------------------
Standard port number: 1
Service virtual port number: 0
Related Operation
Table 8-6 lists the related operation for configuring the VLAN attribute.
Restore the VLAN undo vlan attrib By default, the VLAN attribute is
attribute common.
Background Information
l By default, the inner and outer Ethernet protocol type of a stacking VLAN is 0x8100. That
is, the Ethernet frame has an 802.1q VLAN Tag.
l The protocol type to be set cannot be set as a value for other protocols, such as 0x0800 (IP
packets) or 0x0806 (ARP packets).
Procedure
Step 1 Run the stacking inner-ethertype command to set the inner Ethernet protocol type of a stacking
VLAN, and run the stacking outer-ethertype command to set the outer Ethernet protocol type
of a stacking VLAN.
Step 2 Run the display stacking inner-ethertype command to display the inner Ethernet protocol type
of a stacking VLAN, and run the display stacking outer-ethertype command to display the
outer Ethernet protocol type of a stacking VLAN.
----End
Examples
To set the inner Ethernet protocol type that the stacking VLAN supports as 0x8100, do as follows:
huawei(config)#stacking inner-ethertype 0x8100
huawei(config)#display stacking inner-ethertype
The inner Ethernet type in the system: 0x8100
Background Information
The larger the value of the priority, the higher the priority.
Procedure
Run the stacking inner-priority command to set the inner VLAN priority of the service port.
----End
Example
To set GEM port ID as 128, and the inner priority of service port in user-side VLAN 10 to 5, do
as follows:
huawei(config)#stacking inner-priority 0/2/0 gemport 128 user-vlan 10 5
To set the inner VLAN priority of the service port in stacking VLAN 4000 to 5, do as follows:
huawei(config)#stacking inner-priority vlan 4000 5
Prerequisite
The VLAN to which an upstream port is to be added already exists.
Background Information
The upstream port of a VLAN must be an Ethernet port.
Procedure
Step 1 Run the port vlan command to add an upstream port.
Step 2 Run the display vlan command to query the VLAN information.
----End
Example
To add upstream port 0/9/0 to VLAN 10, do as follows:
huawei(config)#port vlan 10 0/9 0
huawei(config)#display vlan 10
{<cr>|to<K>}:
Command:
display vlan 10
VLAN ID: 10
VLAN type: MUX
VLAN attribute: common
------------------------------
F/S /P Native VLAN State
------------------------------
0/9/0 1 up
------------------------------
Standard port number: 1
Service virtual port number: 0
Related Operation
Table 8-7 lists the related operation for adding an upstream port to a VLAN.
Prerequisites
l The VLAN to which the service port is to be added is already added by running the vlan
command.
l A suitable traffic profile already exists.
Background Information
l An xDSL port supports up to eight service ports.
l In the smart VLAN application, a user port supports multiple service ports, and the VPIs/
VCIs of the service ports are different. If the VPI/VCI of the service port is auto-sensing,
only one service port can be created on a port.
l One GEM port supports up to eight service ports.
l The priorities of the upstream and downstream traffic entries must be consistent when you
configure the upstream and downstream traffic of a service port.
l When the service port needs to carry multiple services, the MA5600T supports the traffic
classification. The traffic can be classified by user VLAN, service encapsulation mode on
the user side, and the priority of packets on the user side. When the traffic is classified by
user VLAN, the untagged packets (data packet without VLAN tag) can be classified.
Procedure
Step 1 Run the service-port vlan command to add a service port.
Step 2 Run the display service-port vlan command to query the service port.
----End
Example
To add service port 0/2/0 whose GEM port ID is 128 and user-side VLAN is 10 to VLAN 30,
do as follows:
huawei(config)#service-port vlan 30 gpon 0/2/0 gemport 128 multi-service user-vlan
10 rx-cttr 5 tx-cttr 5
huawei(config)#display service-port port 0/2/0
{ gemport<K>|ont<K>|<cr>|sort-by<K>|autosense<K> }:
Command:
display service-port port 0/2/0
-------------------------------------------------------------------------
INDEX VLAN VLAN PORT F/ S/ P VPI VCI FLOW FLOW RX TX STATE
ID ATTR TYPE TYPE PARA
-------------------------------------------------------------------------
1 30 common gpon 0/2 /0 128 - - - 5 5 up
-------------------------------------------------------------------------
Total : 1 (Up/Down : 1/0)
Note : F--Frame, S--Slot, P--Port, VPI indicates GEM PortID for GPON
v/e--vlan/encap
pri-tag--priority-tagged, ppp--pppoe, ip--
ipoe
Related Operations
Table 8-8 lists the related operations for adding a service port to a VLAN.
Delete a service port undo service-port The service port cannot be deleted in the
following cases:
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for BTV users.
l The port is bound with an IP address
or a MAC address.
l The port is configured with a static
MAC address.
Background Information
l The VPI/VCI of the service port must be the same as that of the xDSL modem connected
to the port.
l The smart VLAN supports multiple service ports on the same port, and the VPIs/VCIs of
the service ports are different. If the VPI/VCI of a service port is auto-sensing, only one
service port can be created on a port.
l An xDSL port supports up to eight service ports.
l The VLAN(s) to which the service ports are to be added already exist.
l The suitable traffic profile already exists.
Procedure
Step 1 Run the multi-service-port vlan or multi-service-port from-vlan command to add service
ports.
Step 2 Run the display service-port vlan command to query service ports.
----End
Examples
To add service ports 0/11/0–0/11/4 to smart VLAN 10, do as follows:
To add all ADSL2+, SHDSL, or VDSL ports to MUX VLANs (to add port 1 to VLAN 2, port
2 to VLAN 3, and so on), do as follows:
huawei(config)#multi-service-port from-vlan 2 board 1-18 vpi 0 vci 35 rx-cttr 5 tx-
cttr 5
NOTE
If certain ports fail to be added, it indicates that these ports have been added to the corresponding VLANs
as service ports.
Related Operations
Table 8-9 lists the related operations for adding service ports in batches.
Delete a service port undo service-port A service port cannot be deleted in the
following cases:
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for a BTV user.
l The port is bound with an IP address
or MAC address.
l The port is configured with a static
MAC address.
By selecting the command parameters,
you can delete a specified service port
or all service ports according to the
board, port or VLAN.
Procedure
Step 1 Run the service-port desc command to configure the description of a service port.
Step 2 Run the display service-port desc command to query the description of the service port.
----End
Example
To configure the description of service port 0/11/0 with VPI/VCI of 0/35, do as follows:
huawei(config)#service-port desc 0/11/0 vpi 0 vci 35 description user0/11/0
huawei(config)#display service-port desc 0/11/0
{<cr>|autosense<K>|vpi<K>|user-vlan<K>|user-encap<K>}:
Command:
display service-port desc 0/11/0
------------------------------------------------------------------------------
PORT : adl
F/S/P : 0/11/0
VPI : 0
VCI : 35
FLOWTYPE : -
FLOWPARA : -
DESCRIPTION : user0/11/0
------------------------------------------------------------------------------
To configure the description of service port 0/11/0 with the GEM port of 128 and the user-side
VLAN of 10 to identify the user location, do as follows:
huawei(config)#service-port desc 0/11/0 gemport 128 user-vlan 10 description
{ description<S><1,63> }:F4-6-01
Command:
service-port desc 0/11/0 gemport 128 user-vlan 10 description F4-6-01
Related Operation
Table 8-10 lists the related operation for configuring the description of a service port.
Table 8-10 Related operation for configuring the description of a service port
To… Run the Command…
This topic describes the DHCP relay principles, configuration examples, and related
configuration operations on the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
9.1 Overview
This topic describes the DHCP relay function and its application on the MA5600T.
9.2 Configuration Example of DHCP Standard Mode
This topic provides an example for configuring DHCP standard mode to obtain the IP address
automatically.
9.3 Configuration Example of DHCP Option60 Mode
This topic provides an example for enabling PCs to obtain IP addresses automatically in DHCP
option60 mode.
9.4 Configuration Example of DHCP MAC Address Segment Mode
This topic provides an example for enabling the PC to obtain the IP address automatically in
DHCP MAC address segment mode.
9.5 Enabling the DHCP Proxy Function
This topic describes how to enable the DHCP proxy function, including the server ID agent and
lease-time agent functions.
9.6 Creating a DHCP Server Group
This topic describes how to create a DHCP server group to provide DHCP service for the DHCP
clients in the network.
9.7 Setting the Working Mode of a DHCP Server
This topic describes how to set the working mode of a DHCP server. That is to configure the
working mode of the DHCP server for sending DHCP packets, including load-sharing mode and
backup mode.
9.8 Setting the DHCP Relay Mode
This topic describes how to set the DHCP relay mode, including the switching between the
DHCP L2 forwarding and L3 forwarding, and the DHCP server selection mode when the L3
DHCP relay is adopted. If the device functions as the L2 device, the DHCP packets are forwarded
at L2.
9.9 Binding a DHCP Server Group with a VLAN Interface
This topic describes how to bind a DHCP server group with a VLAN interface so that the received
DHCP packets on the specified VLAN interface are all forwarded to the bound DHCP server
group.
9.10 Creating an Option60 Domain
This topic describes how to create an option60 domain. When the device is enabled with the
DHCP relay function and the forwarding mode is option60, the DHCP option60 domain needs
to be created.
9.11 Binding a DHCP Server Group with a DHCP Option60 Domain
This topic describes how to bind a DHCP server group with a DHCP Option60 domain. When
the device is enabled with the DHCP relay function and the DHCP server selection mode is
Option60, the DHCP Option60 domain needs to be bound with a DHCP server group.
9.12 Configuring the Gateway of a DHCP Option60 Domain
This topic describes how to configure the gateway of a DHCP option60 domain. When the device
is enabled with the DHCP relay function and the forwarding mode is Option60, the DHCP
option60 domain needs to be configured with a gateway.
9.13 Creating a DHCP MAC Address Segment
This topic describes how to create a DHCP MAC address segment. When the device is enabled
with the DHCP relay function and the forwarding mode is MAC address segment, a MAC
address segment needs to be created.
9.14 Setting the Range of a DHCP MAC Address Segment
This topic describes how to set the range of a DHCP MAC address segment. When the device
is enabled with the DHCP relay function and the forwarding mode is MAC address segment,
the range of a DHCP MAC address segment needs to be configured.
9.15 Binding a DHCP Server Group with a DHCP MAC Address Segment
This topic describes how to bind a DHCP server group with a DHCP MAC address segment.
When the device is enabled with the DHCP relay function and the DCHP server selection mode
is MAC address segment, a DHCP server group needs to be bound with a DHCP MAC address
segment.
9.16 Configuring the Gateway of a DHCP MAC Address Segment
This topic describes how to configure the gateway of a DHCP MAC address segment. When
the device is enabled with the DHCP relay function and the forwarding mode is MAC address
segment, a DHCP MAC address segment needs to be configured with the gateway.
9.17 Setting the DHCP Proxy Lease-Time
This topic describes how to set the DHCP proxy lease-time. After the setting, the shorter lease-
time between the lease-time allocated by the DHCP server and the lease-time allocated by the
MA5600T is used as the lease-time for a user.
9.18 Kicking Off a DHCP User
This topic describes how to kick off a DHCP user when you find that the user is invalid, or is
offline already though the MA5600T detects that the user is still online. This operation helps to
release the resources occupied by the user.
9.1 Overview
This topic describes the DHCP relay function and its application on the MA5600T.
Service Description
The Dynamic Host Configuration Protocol (DHCP) works in the server/client mode. The DHCP
client can dynamically request configuration data and the DHCP server can provide the data for
the client conveniently.
Initially, the DHCP was only suitable for applications where the DHCP client and server were
located on the same subnet and could not work across network segments. If the early DHCP is
used to dynamically configure the host, each subnet should be equipped with a DHCP server.
That is obviously uneconomical.
The introduction of DHCP relay solves the mentioned problem. The DHCP relay functions as
relay between the DHCP client and the server located on different subnets. The DHCP packets
can be relayed to the destination DHCP server (or client) across network segments. In this way,
the DHCP clients on different networks can use the same DHCP server. This is economical and
convenient for centralized management. Figure 9-1 shows the principle of DHCP relay.
LAN
LAN switch
DHCP client
MA5600T
DHCP server
DHCP client
For details on DHCP, refer to "DHCP Relay" in the MA5600T Feature Description.
Service Specification
The MA5600T guarantees DHCP security as it supports L2 and L3 DHCP relay, and DHCP
Option82.
NOTE
For the configuration of the DHCP Option82, see "22.5 Enabling the DHCP Option82 Function" and
"22.6 Setting the Maximum Length of DHCP Packets."
Prerequisite
The primary IP address of the L3 interface of VLAN 2 and VLAN 3 should be in the same subnet
as that of the upper layer router. There should be routing between the device and the DHCP
server.
Networking
Figure 9-2 shows an example network for configuring DHCP standard mode.
The MA5600T functions as a DHCP relay to obtain IP addresses from the DHCP servers on the
network side for the PCs (DHCP clients) in VLAN 2 and VLAN 3. The MA5600T is configured
with two DHCP server groups.
l The two PCs in VALN 2 obtain IP addresses from DHCP server group 1 through the DHCP
standard mode.
l The two PCs in VLAN 3 obtain IP addresses from DHCP server group 2 through the DHCP
standard mode.
10.1.1.1/24
10.1.1.2/24
10.2.1.1/24
MA5600T
VLAN 3
DHCP server group 2
10.2.1.2/24
Data Plan
Table 9-1 provides the data plan for configuring DHCP standard mode.
Configuration Flowchart
NOTE
Figure 9-3 shows the flowchart for configuring DHCP standard mode.
Start
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 standard
For details on setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP
Server."
Step 4 Configure the VLAN upstream port and the service port.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 2
huawei(config-if-scu-0/9)#quit
huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 128 multi-service user-vlan
10 rx-cttr 5 tx-cttr 5
huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 129 multi-service user-vlan
11 rx-cttr 5 tx-cttr 5
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 2
huawei(config-if-scu-0/9)#quit
huawei(config)#service-port vlan 2 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
huawei(config)#service-port vlan 2 adsl 0/11/1 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
----End
Result
The PCs can obtain IP addresses dynamically, and can access the Internet.
Prerequisite
The primary IP address of the L3 of VLAN 2 should be in the same subnet as that of the upper
layer router. There should be routing between the device and the DHCP server.
Background Information
In multi-service provisioning on MA5600T, the services such as the video multicasting and IP
phone services are provided by different service providers. These providers may use different
DHCP servers or different relay IP addresses of the same DHCP server for allocating IP addresses
for users. Hence, the DHCP option60 mode must be configured for the users to apply for the IP
address from the DHCP server
NOTE
Option60 is one of the options of the DHCP packets, and it can identify the terminal type.
Networking
Figure 9-4 shows an example network for configuring DHCP option60 mode.
10.10.10.10/24
MA5600T 10.10.10.11/24
Data Plan
Table 9-2 provides the data plan for configuring DHCP option60 mode.
Background Information
l The name of option60 domain must be configured according to the type of connected
terminal device.
l If Windows 98/2000/XP/NT series runs on the DHCP client, the domain name must be
msft.
l The system selects the domain based on option60 field in the packet by the longest-match
rules. If there is no appropriate domain matched, the default domain is used.
Configuration Flowchart
Figure 9-5 shows the flowchart for configuring DHCP option60 mode.
Start
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 option60
For details on setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP
Server."
Step 6 Configure the VLAN upstream port and the service port.
huawei(config-dhcp-domain-msft)#quit
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 2
huawei(config-if-scu-0/9)#quit
huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 128 multi-service user-vlan
10 rx-cttr 5 tx-cttr 5
huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 129 multi-service user-vlan
11 rx-cttr 5 tx-cttr 5
huawei(config-dhcp-domain-msft)#quit
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 2
huawei(config-if-scu-0/9)#quit
huawei(config)#service-port vlan 2 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
----End
Result
The PCs can obtain IP addresses dynamically, and can access the Internet.
Prerequisite
The primary IP address of the L3 interface of VLAN 2 should be in the same subnet as that of
the upper layer router. There should be routing between the device and the DHCP server.
Networking
Figure 9-6 shows an example network for configuring MAC address segment mode.
Figure 9-6 Example network for configuring MAC address segment mode
10.10.10.10/24
MA5600T 10.10.10.11/24
Data Plan
Table 9-3 provides the data plan for configuring MAC address segment mode.
Table 9-3 Data plan for configuring MAC address segment mode
Function Data Remarks
Configuration Flowchart
Figure 9-7 shows the flowchart for configuring MAC address segment mode.
Start
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 mac-range
For details of setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP
Server."
Step 5 Bind the MAC address segment with the DCHP server group.
huawei(config-mac-range-huawei)#dhcp-server 2
Step 6 Configure the upstream port and the service port to the VLAN.
huawei(config-mac-range-huawei)#quit
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 2
huawei(config-if-scu-0/9)#quit
huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 128 multi-service user-vlan
10 rx-cttr 5 tx-cttr 5
huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 129 multi-service user-vlan
11 rx-cttr 5 tx-cttr 5
huawei(config-mac-range-huawei)#quit
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 2
huawei(config-if-scu-0/9)#quit
huawei(config)#service-port vlan 2 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
----End
Result
The PCs can obtain IP addresses dynamically.
Context
After the DHCP proxy function is enabled, the server ID agent and lease-time agent functions
are enabled.
l Server ID agent: indicates that the MA5600T functioning as the DHCP proxy replaces the
server ID in the DHCP packets. In this way, the DHCP client considers that the
MA5600T is the DHCP server in the DHCP system. By replacing the server ID of the
DHCP packets, the MA5600T prevents the users from locating the actual DHCP server,
thus protecting the DHCP server from network attacks.
l Lease-time agent: indicates that the lease-time allocated by the DHCP server to a DHCP
client is replaced with a shorter lease-time, and then allocated to the client. A shorter lease-
time is used to quickly detect whether a user gets offline. For details on the lease-time agent
configuration, see "9.17 Setting the DHCP Proxy Lease-Time."
Procedure
Step 1 Run the dhcp proxy command to enable the DHCP proxy function.
Step 2 Run the display dhcp config command to query the current DHCP configuration.
----End
Example
To enable the DHCP proxy function, do as follows:
huawei(config)#dhcp proxy enable
huawei(config)#display dhcp config
{ <cr>|vlan<K> }:
Command:
display dhcp config
DHCP relay mode : layer-3
DHCP proxy state : enable
DHCP proxy lease-time : not configured
Related Operation
Table 9-4 lists the related operation for enabling the DHCP proxy function.
Table 9-4 Related operation for enabling the DHCP proxy function
Background Information
l To improve the reliability of a network, you can specify a primary DHCP server and a
secondary one in a server group to form a DHCP server group.
l Up to 20 DHCP server groups (0–19) can be configured in the system.
l The primary server or the secondary server is identified by its IP address. The secondary
server cannot be added independently. Instead, it has to be added together with the primary
server.
Procedure
Step 1 Run the dhcp-server command to create a DHCP server group.
Step 2 Run the display dhcp-server command to query the information on the DHCP server group.
----End
Example
To add the primary and secondary DHCP servers with IP addresses of 10.1.1.1 and 10.1.1.2
respectively to DHCP server group 1, do as follows:
huawei(config)#dhcp-server 1 ip 10.1.1.1 10.1.1.2
huawei(config)#display dhcp-server 1
The primary IP address of DHCP server group 1: 10.1.1.1
The secondary IP address of DHCP server group 1: 10.1.1.2
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP OFFER messages: 0
DHCP ACK messages: 0
DHCP NAK messages: 0
DHCP DECLINE messages: 0
DHCP DISCOVER messages: 0
DHCP REQUEST messages: 0
DHCP INFORM messages: 0
DHCP RELEASE messages: 0
Related Operation
Table 9-5 lists the related operation for creating a DHCP server group.
Background Information
The MA5600T supports two DHCP server working modes:
l load-sharing: In this mode, the MA5600T sends DHCP messages to both the active and
standby DHCP servers. By default, the system is in load-sharing mode.
l backup: In this mode, the MA5600T sends DHCP messages to the DHCP server that is
running at the current time. The system firstly takes the active DHCP server as the running
DHCP server at the current time. When the DHCP server does not reply OFFER message
to the MA5600T within a specified period, the system switches the standby DHCP server
to the running DHCP server at the current time. This mode can reduce the message load in
the network.
Procedure
Step 1 Run the dhcp server mode command to set the working mode of a DHCP server.
Step 2 Run the display dhcp server config command to query the working mode of the DHCP server.
----End
Example
To set the DHCP server to backup mode, the maximum response time to DISCOVER message
to 50s and the maximum timeout times for responding to DISCOVER message to 100, do as
follows:
huawei(config)#dhcp server mode backup 50 100
huawei(config)#display dhcp server config
DHCP server mode: backup
DHCP server reply max time: 50 second
DHCP server reply timeout max times: 100
Related Operations
Table 9-6 lists the related operations for setting the working mode of a DHCP server.
Table 9-6 Related operations for setting the working mode of a DHCP server
Background Information
The MA5600T supports the L2 and the L3 DHCP relay. For the L3 DHCP relay, the DHCP
server selection modes involve the following:
l DHCP standard mode: Select the DHCP server according to the IP address of the VLAN
L3 interface for forwarding DHCP packets.
l DHCP option60 mode: Select the DHCP server according to the DHCP option60 domain.
Option60 is one of the options of the DHCP packets, and it can identify the terminal type.
DHCP Option60 mode selects the DHCP server according to the different terminal type.
l DHCP MAC address segment mode: Select the DHCP server group according to the source
MAC address segment of DHCP packets.
Procedure
Step 1 Run the dhcp mode command to set the DHCP relay mode.
Step 2 Run the display dhcp config command to query the DHCP relay mode.
----End
Examples
To set the DHCP relay mode as layer-2, do as follows:
huawei(config)#dhcp mode layer-2
huawei(config)#display dhcp config
DHCP relay mode: layer-2
To set the DHCP relay mode as layer-3 and the DHCP server selection mode as option60, do as
follows:
huawei(config)#dhcp mode layer-3 option60
huawei(config)#display dhcp config
DHCP relay mode: layer-3
DHCP server select mode: option60
Prerequisite
The DHCP server group has been created by running the dhcp-server command.
Background Information
l A VLAN L3 interface can be bound with only one DHCP server group. Therefore, all
DHCP packets to be sent upstream through the VLAN L3 interface should be forwarded
to the DHCP server group bound with the VLAN interface.
l If an L3 interface has been bound with a DHCP server group, the new setting overwrites
the old one.
l By default, a VLAN interface is not bound with any DHCP server.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the dhcp-server command to bind a DHCP server group.
Step 3 Run the display dhcp-server interface vlanif command to query the DHCP server group that
is bound with VLAN interface.
----End
Example
To bind DHCP server group 1 to VLAN interface 2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-Vlanif2)#dhcp-server 1
huawei(config)#display dhcp-server interface vlanif 2
The DHCP server group of this interface is 1
Related Operations
Table 9-7 lists the related operations for binding a DHCP server group with a VLAN interface.
Table 9-7 Related operations for binding a DHCP server group with a VLAN interface
To... Run the Command... Remarks
Background Information
l The system supports up to 128 DHCP option60 domains.
l If the domain exists, enter domain mode directly. By default, the system has a DHCP
option60 domain named default.
Procedure
Step 1 Run the dhcp domain command to create a domain.
Step 2 Run the quit command to exit domain mode.
Step 3 Run the display dhcp domain command to query the option60 domain.
----End
Example
To create domain msft, do as follows:
huawei(config)#dhcp domain msft
huawei(config-dhcp-domain-msft)#quit
huawei(config)#display dhcp domain
{ <cr>|string<s><1,32> }:
Command:
display dhcp domain
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
0 default none none none
Related Operation
Table 9-8 lists the related operation for creating a DHCP option60 domain.
Delete a DHCP option60 domain undo dhcp domain The domain named default
cannot be deleted.
Background Information
Only one DHCP server group can be bound to a DHCP domain.
Procedure
Step 1 Run the dhcp domain command to enter domain mode.
Step 2 Run the dhcp-server command to bind a DHCP server group.
Step 3 Run the display dhcp domain command to query the DHCP server group.
----End
Examples
To bind DHCP server group 1 to DHCP domain msft, do as follows:
huawei(config)#dhcp domain msft
huawei(config-dhcp-domain-msft)#dhcp-server 1
huawei(config-dhcp-domain-msft)#quit
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
1 msft 1 none none
--------------------------------------------------------------------
Related Operations
Table 9-9 lists the related operations for binding a DHCP server group with a DHCP option60
domain.
Table 9-9 Related operations for binding a DHCP server group with a DHCP option60 domain
Background Information
l A DHCP domain can be configured with only one gateway address.
l By default, the gateway address of a domain is the IP address of the VLAN L3 interface.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the dhcp domain gateway command to set the gateway address.
Step 4 Run the display dhcp domain command to query the DHCP server group.
----End
Example
To set the gateway address of domain msft as 10.1.2.1, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1
huawei(config-if-vlanif2)#quit
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
1 msft 1 2 10.1.2.1
--------------------------------------------------------------------
Related Operation
Table 9-10 lists the related operation for configuring the gateway of a DHCP option60 domain.
Table 9-10 Related operation for configuring the gateway of a DHCP option60 domain
Delete the gateway of a DHCP undo dhcp domain gateway In VLAN interface
option60 domain mode
Prerequisites
l The IP address of the VLAN L3 interface has been configured.
l By default, the system has a MAC address segment named default.
Background Information
The system supports up to 128 MAC address segments.
Procedure
Step 1 Run the dhcp mac-range command to create a DHCP MAC address segment and enter MAC
address segment mode.
Step 2 Run the display dhcp mac-range command to query the MAC address segment.
----End
Example
To set a MAC address segment named huawei, do as follows:
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#quit
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Index Name MAC-start MAC-end Server VLAN Gateway
-group -IF
------------------------------------------------------------------------------
0 default none none none none none
1 huawei none none none none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 9-11 lists the related operation for creating a DHCP MAC address segment.
Table 9-11 Related operation for creating a DHCP MAC address segment
To... Run the Command... Remarks
Delete a DHCP MAC undo dhcp mac-range The MAC address segment
address segment named default cannot be deleted.
Background Information
l A MAC address segment is a consecutive MAC address range specified by a start MAC
address and an end MAC address.
l The MAC address adopts the format of "H-H-H" ("H" is a 4-bit hexadecimal number).
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 2 Run the mac-range command to set the range of a MAC address segment.
Step 3 Run the quit command to exit the MAC address segment mode.
Step 4 Run the display dhcp mac-range command to query the range of the MAC address segment.
----End
Example
To set the range of MAC address segment huawei from 0000-0000-0001 to 0000-0000-0100,
do as follows:
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
huawei(config-mac-range-huawei)#quit
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Index Name MAC-start MAC-end Server VLAN Gateway
-group -IF
------------------------------------------------------------------------------
0 default none none none none none
1 huawei 0000-0000-0001 0000-0000-0100 none none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 9-12 lists the related operation for setting the range of a DHCP MAC address segment.
Table 9-12 Related operation for setting the range of a DHCP MAC address segment
Cancel the range of a MAC undo mac-range The MAC address segment
address segment named default cannot be
deleted.
Background Information
A MAC address segment can be bound with only one DHCP server group.
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 3 Run the quit command to exit MAC address segment mode.
Step 4 Run the display dhcp mac-range command to query the information on the MAC address
segment.
----End
Example
To bind server group 10 to MAC address segment huawei, do as follows:
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#dhcp-server 10
huawei(config-mac-range-huawei)#quit
hauwei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Index Name MAC-start MAC-end Server VLAN Gateway
-group -IF
------------------------------------------------------------------------------
0 default none none none none none
1 huawei none none 10 none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 9-13 lists the related operation for binding a DHCP server group with a DHCP MAC
address segment.
Table 9-13 Related operation for binding a DHCP server group with a DHCP MAC address
segment
Background Information
A DHCP MAC address segment can be configured with only one gateway address.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the dhcp mac-range gateway command to configure the gateway address.
Step 4 Run the display dhcp mac-range command to query the information on the gateway address.
----End
Example
To set the gateway address of MAC address segment huawei as 10.1.2.1, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1
huawei(config-if-vlanif2)#quit
huawei(config)#display dhcp mac-range huawei
------------------------------------------------------------------------------
Index Name MAC-start MAC-end Server VLAN Gateway
-group -IF
------------------------------------------------------------------------------
0 huawei none none none 2 10.1.2.1
------------------------------------------------------------------------------
Related Operations
Table 9-14 lists the related operations for configuring the gateway of a DHCP MAC address
segment.
Table 9-14 Related operations for configuring the gateway of a DHCP MAC address segment
To... Run the Command... Remarks
Unbind the DHCP server group from undo dhcp-server In MAC address segment
a MAC address segment mode.
Context
l Lease-time agent: indicates that the lease-time allocated by the DHCP server to a DHCP
client is replaced with a shorter lease-time, and then allocated to the client. A shorter lease-
time is used to quickly detect whether a user gets offline.
l This function takes effect only when the DHCP proxy function is enabled. For how to
enable the DHCP proxy function, see "9.5 Enabling the DHCP Proxy Function."
Procedure
Step 1 Run the dhcp proxy lease-time command to set the DHCP proxy lease-time.
Step 2 Run the display dhcp config command to query the current DHCP setting.
----End
Example
To set the DHCP proxy lease-time as one day, 12 hours, and 30 minutes, do as follows:
huawei(config)#dhcp proxy lease-time day 1 hour 12 minute 30
huawei(config)#display dhcp config
{ <cr>|vlan<K> }:
Command:
display dhcp config
DHCP relay mode : layer-2
DHCP proxy state : enable
DHCP proxy lease-time : 1 day(s) 12 hour(s) 30 minute(s)
Related Operation
Table 9-15 lists the related operation for setting the DHCP proxy lease-time.
Table 9-15 Related operation for setting the DHCP proxy lease-time
To... Run the Command...
Procedure
Step 1 Run the dhcp user kickoff command to kick off an online DHCP user.
NOTE
To kick off a DHCP user, you need to specify the user index. The user index is allocated dynamically. To
query the user indexes, run the display dhcp proxy user command.
Step 2 Run the display dhcp proxy user command to query the DHCP users.
----End
Example
To kick off a DHCP user with the index of 1, do as follows:
huawei(config)#display dhcp proxy user all
-------------------------------------------------------------------
Index : 1 IP-Address : 100.100.100.5
MAC-Address : 00E0-4C77-7115 VLANID : 4001
F/S/P : 0 /1 /32 Service-Port Index : 0
Server IP : 192.168.10.1 Expiration date : 2000-01-10 06:37
-------------------------------------------------------------------
Total: 1
huawei(config)#dhcp user kickoff 1
huawei(config)#display dhcp proxy user all
Failure: No DHCP proxy user exists
This topic describes the principles of ARP and ARP proxy and the method of configuring them
on the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
10.1 Overview
This topic describes the ARP proxy service description and service specification.
10.2 ARP Proxy Configuration Example
This topic describes how to configure ARP proxy to enable users in isolated ports of the same
broadcast domain or in ports of different broadcast domains to communicate with each other.
The ARP proxy must be enabled on the L3 interface. To reduce the network load, the ARP
requests are limited in a VLAN.
10.3 Adding a Static ARP Entry
This topic describes how to configure the static mapping between the specified IP address and
the MAC address, that is, to add a static ARP entry.
10.4 Enabling the ARP Proxy
This topic describes how to enable the ARP proxy. To implement the communication between
users who are in isolated ports of the same broadcast domain or in ports of different broadcast
domains, the ARP proxy needs to be enabled on the L3 interface.
10.1 Overview
This topic describes the ARP proxy service description and service specification.
Service Description
For two hosts in a network to communicate with each other, they are required to know the
physical addresses of each other. These physical addresses are the MAC addresses. The IP
address represents only the address of a host at the network layer. To send the data at the network
layer to a destination host, the source host must know the physical address of the destination
host; therefore, an IP address is required to be translated into an MAC address.
Address Resolution Protocol (ARP) is used to translate an IP address into a MAC address.
Through ARP proxy and a super VLAN, two PCs subject to L2 isolation can interconnect with
each other at L3.
For details on the ARP proxy feature, refer to "ARP Proxy" in the MA5600T Feature
Description.
Service Specification
The MA5600T can maintain ARP entries both dynamically and manually. In addition, the
MA5600T supports ARP proxy function.
The MA5600T supports the ARP protocol and maintains an ARP table for mapping between
the MAC addresses and the IP addresses. You can configure the static ARP entry manually. The
MA5600T supports up to 500 static ARP entries and 4096 dynamic ARP entries.
Networking
Figure 10-1 shows an example network for configuring the ARP proxy. PC1 and PC2 are in
sub VLAN 10, service ports 0/11/0 and 0/11/1 are isolated, and PC3 is in service port 0/12/0 of
sub VLAN 20. User packets can be forwarded in the L3 forwarding mode through upstream port
0/9/0 of the super VLAN. The IP address of the super VLAN interface is 10.0.0.254, and the
interface is in the same subnet with PC1, PC2, and PC3. After the ARP proxy function is enabled,
PC1 and PC2 can communicate with each other, and PC3 can communicate with PC1 and PC2.
Router
MA5600 T
10.0.0.254/24
VLAN 10 VLAN 20
Data Plan
Table 10-1 provides the data plan for configuring the ARP proxy.
IP address: 10.0.0.254/24
IP address: 10.0.1.254/24
Prerequisites
l The network equipment and line must work in the normal state.
l Service boards must work in the normal state.
l VPI/VCI configured on the modem must be 0/35.
Configuration Flowchart
Figure 10-2 shows the flowchart for configuring the ARP proxy.
Start
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create Sub VLANs 3 and 4, and add them to the super VLAN.
huawei(config)#vlan 10 smart
huawei(config)#vlan 20 mux
huawei(config)#supervlan 100 subvlan 10
huawei(config)#supervlan 100 subvlan 20
NOTE
The IP address of the L3 interface of the super VLAN must be in the same subnet as the IP address of the
PC.
NOTE
Skip substep 3 in step 6 if you only want PCs in different VLANs to communicate with each other.
----End
Result
After the global ARP proxy function and the ARP proxy function of the super VLAN interface
are enabled, PC1, PC2, and PC3 in different VLANs can communicate with each other.
After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and
that of the sub VLAN interface are enabled, PC1 and PC2 in the same VLAN can communicate
with each other.
Background Information
The system supports the configuration of up to 500 static ARP entries.
Procedure
Step 1 Run the arp command to add a static ARP entry.
Step 2 Run the display arp static command and you can find that a static ARP entry has been added
successfully.
----End
Example
To add a static ARP entry to set up the mapping between the IP address 129.102.0.1 and the
MAC address 00e0-fc01-0000, passing through port 0/11/0 of VLAN 10, do as follows:
huawei(config)#arp 129.102.0.1 00e0-fc01-0000 10 0/11/0
huawei(config)#display arp static
IP Address MAC Address VLAN ID Port Type
129.102.0.1 00e0-fc01-0000 10 0/11/0 Static
--- 1 entry found ---
Related Operations
Table 10-2 lists the related operations for adding a static ARP entry.
Delete an ARP undo arp The system can delete both static and
entry dynamic ARP entries.
Clear an ARP reset arp You can clear a static ARP entry, a dynamic
entry ARP entry, or ARP entries related to a port.
By entering the parameter "all", you can clear
all ARP entries.
Background Information
Principles for applying the ARP proxy are as follows:
Hosts isolated at L2 can communicate with each other through the ARP proxy function of the
MA5600T. This topic offers an example for the principles of applying of the ARP proxy.
For the topology as shown in Table 10-3, to achieve interconnections between PCs in the VLAN,
you must set the ARP proxy as follows:
PC B
l For the interconnection between PC A and PC B, enable the global ARP proxy and the
ARP proxy on super VLAN 2 and sub VLAN 3.
l For the interconnection between PC A and PC C, enable the global ARP proxy and the
ARP proxy on super VLAN 2.
Procedure
Step 1 Run the arp proxy command to enable the ARP proxy function.
Step 2 Run the display arp proxy command to query the configuration of the ARP proxy.
----End
Examples
To enable the global ARP proxy, do as follows:
huawei(config)#arp proxy enable
huawei(config)#display arp proxy
Global arp proxy is enabled
Related Operation
Table 10-4 lists the related operation for enabling the ARP proxy.
This topic describes how to configure the RIP routing protocol supported by the MA5600T.
11.1 Overview
This topic describes Routing Information Protocol (RIP) and its application on the MA5600T.
11.2 Configuration Example of the Static Route
This topic provides an example for configuring the static route which enables users in different
network segments to interconnect across different MA5600T devices.
11.3 Configuration Example of RIP
This topic provides an example for configuring the RIP. Through the protocol, you can create
the route from the device to the network to implement the interconnection between the device
and the management network.
11.4 Configuration Example of a Routing Policy
This topic provides an example for configuring a routing policy for imported routes.
11.5 Adding a Static Route
This topic describes how to add a static route to the destination address. This helps to realize the
L3 interconnection among network devices in different network segments.
11.6 Configuring RIP
This topic describes how to configure RIP to make it function properly.
11.7 Controlling the RIP Routing Information
This topic describes how to control the RIP route advertisement and reception such as advertising
the aggregated routes, filtering the received routes, and importing the external routes.
11.8 Adjusting and Optimizing RIP
This topic describes how to adjust and optimize the RIP configuration to improve the RIP
network performance.
11.9 Configuring a Routing Policy
This topic describes how to configure a routing policy.
11.10 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN
This topic describes how to enable the transparent transmission function of the RIP packet based
on the VLAN. When you want to transmit the RIP packet in a VLAN transparently, enable this
function.
11.1 Overview
This topic describes Routing Information Protocol (RIP) and its application on the MA5600T.
Service Description
RIP is a distance-vector algorithm-based protocol.
RIP is a simple interior gateway protocol and it applies to the small-scale networks such as the
campus network, and the regional network with a simple architecture. In general, for the complex
application scenarios and the large-scale networks, it is not recommended to adopt RIP.
Networking
Figure 11-1 shows an example network for configuring the static route.
In this example network, MA5600T_A, MA5600T_B, and MA5600T_C have the routing
function. It is expected that after the configuration, any two PCs can communicate with each
other.
PC_C 1.1.5.1/24
ONT 1.1.5.2/24
1.1.2.2/24
1.1.3.1/24
1.1.1.2/24 1.1.4.2/24
ONT MA5600T_ A MA5600T_ B
ONT
Data Plan
Table 11-1 provides the data plan for configuring the static route on the user side.
Table 11-1 Data plan for configuring the static route on the user side
Item Data
VLAN ID: 2
VLAN ID: 2
VLAN ID: 2
Background Information
Configure a native VLAN of the L3 interface of each MA5600T to ensure a normal
communication among MA5600T devices.
Configuration Flowchart
Figure 11-2 shows the flowchart for configuring the static route.
Start
End
NOTE
The procedure shown in the preceding flowchart is for configuring static routes on one MA5600T. To
configure static routes on multiple MA5600T devices, repeat the procedure.
Procedure
Step 1 Configure the IP address of the L3 interface.
NOTE
The configurations for the three MA5600T devices are the same. Here, the configuration of the MA5600T is
considered as an example.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 1.1.1.2 24
huawei(config-if-vlanif2)#ip address 1.1.2.1 24 sub
huawei#save
----End
Result
After the configuration, an interconnection can be set up between all the hosts and between all
the MA5600T devices.
Networking
Figure 11-3 shows an example network for configuring RIP.
MA5600T_A is subtended with MA5600T_B through port 0/9/1, and uses port 0/9/0 to transmit
services in the upstream. Besides, it connects to the management center network through the
MAN.
RIP is enabled on MA5600T_A and MA5600T_B so that the administrator can access
MA5600T_A and MA5600T_B through the RIP route. Then, you can operate and maintain
MA5600T_A and MA5600T_B.
Management
center
Router
192.13.24.5/22
GE MA5600T_A
192.15.24.1/26 Loopback ip
192.13.2.1/24
MA5600T_B Operation and maintenance
Loopback ip
192.13.2.2/24 192.15.24.2/26
Data Plan
Table 11-2 provides the data plan for configuring RIP.
RIP version: V2
RIP route filtering policy: filtering routes based on the IP address prefix
list "abc". Only the routes with the IP addresses 192.13.2.1 and
192.13.2.2 can be advertised through the L3 interface of VLAN 100.
RIP version: V2
RIP route filtering policy: filtering routes based on the IP address prefix
list "abc". Only the route with the IP address 192.13.2.2 can be
advertised through the L3 interface of VLAN 10.
Configuration Flowchart
Figure 11-4 shows the flowchart for configuring RIP.
Start Start
Configure the route filtering policy Configure the route filtering policy
End
Procedure
l Configure MA5600T_A.
1. Configure the RIP-supported L3 interface.
huawei(config)#vlan 100 smart
huawei(config)#port vlan 100 0/9 0
huawei(config)#interface vlanif 100
huawei(config-if-vlanif100)#ip address 192.13.24.5 22
huawei(config-if-vlanif100)#quit
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.1 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
huawei(config)#rip 1
huawei(config-rip-1)#network 192.13.24.0
huawei(config-rip-1)#network 192.13.2.0
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
l Configure MA5600T_B.
1. Configure the RIP-supported L3 interface.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/9 0
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#ip address 192.15.24.2 26
huawei(config-if-vlanif10)#quit
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.2 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
huawei(config)#rip 1
huawei(config-rip-1)#network 192.15.24.0
huawei(config-rip-1)#network 192.13.2.0
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
----End
Result
The maintenance terminal of the administration center can access MA5600T_A and
MA5600T_B, and operate and maintain the two devices.
Networking
Figure 11-5 shows an example network for configuring the routing policy.
In this example network, two MA5600Ts that have the routing function are adopted, namely
MA5600T_A and MA5600T_B. Both of them are running the OSPF routing protocol, and within
area 0. MA5600T_A imports static routes, and MA5600T_B is configured with the routing
policy.
Static:20.0.0.1
30.0.0.1
40.0.0.1
Vlanif2 Vlanif2
10.0.0.1/24 10.0.0.2/24
Data Plan
Table 11-3 provides the data plan for configuring the routing policy.
VLAN ID: 2
OSPF area: 0
VLAN ID: 2
OSPF area: 0
Configuration Flowchart
Figure 11-6 shows the flowchart for configuring the routing policy.
Start Start
End End
Procedure
Step 1 Configuring MA5600T_A.
1. Configure the IP address of the L3 interface on MA5600T_A.
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.0.0.1 24
huawei(config-if-vlanif2)#quit
2. Enable OSPF on MA5600T_A and specify the area ID to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
5. Import static routes into the OSPF routing table to improve its capability of obtaining routes.
huawei(config)#ospf
hawei(config-ospf-1)#import-route static
hawei(config-ospf-1)#quit
3. Enable OSPF on MA5600T_B and specify the area id to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
----End
Result
1. MA5600T_A and MA5600T_B run OSPF successfully, and they can communicate well
with each other.
2. After a filter is configured on MA5600T_B, parts of the three imported static routes are
available while part of them is screened. That is, routes from segments 20.0.0.0 and 40.0.0.0
are available, while the route from segment 30.0.0.0 is screened.
Prerequisite
The IP address has been configured for the L3 interface.
Background Information
l The system supports up to 1000 static routes.
l The following items are contained in a static route:
– Destination address: It is used to label the destination address or destination network of
an IP packet.
– Subnet mask: The subnet mask is comprised of consecutive "1"s, and expressed in dotted
decimal format, or the count of consecutive "1"s. The mask is used with the destination
address to identify the subnet address of the destination host or router.
Procedure
Step 1 Run the ip route-static command to add a static route.
Step 2 Run the display ip routing-table command to query the routing table.
----End
Example
To set up a static route to the subnet 10.71.8.0 through gateway 10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1
huawei(config)#display ip routing-table protocol static
{ <cr>|inactive<K>|verbose<K> }:
Command:
display ip routing-table protocol static
Related Operation
Table 11-4 lists the related operation for adding a static route.
Background Information
To configure the global parameters of RIP, you need to enable RIP first. However, you do not
have to comply with this when configuring the interface related parameters.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the display rip command to query the RIP.
----End
Example
To enable RIP process 1, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Related Operation
Table 11-5 lists the related operation for enabling the RIP process.
Background Information
l The MA5600T supports packets in two formats: RIP-1 and RIP-2.
l The default is RIP-1.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the version command to set the RIP version.
Step 3 Run the display rip command to query the RIP information.
----End
Example
To set the format of packets as RIP-2, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Related Operation
Table 11-6 lists the related operation for setting the RIP version.
Restore the system default format of the RIP packets undo version
Background Information
By default, an interface is enabled to receive and transmit RIP packets.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip input (rip output) command to enable an interface to receive/transmit RIP packets.
----End
Examples
To allow VLAN interface 2 to receive RIP packets, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip input
Related Operations
Table 11-7 lists the related operations for enabling an interface to receive and transmit RIP
packets.
Table 11-7 Related operations for enabling an interface to receive and transmit RIP packets
To... Run the Command... Remarks
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the default-route originate command to create a default route and set its cost.
Step 3 Run the display rip command to query the configured cost of the default route.
----End
Example
To create a default route and set its cost as 5, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#default-route originate cost 5
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 11-8 lists the related operation for setting the cost of the default route.
Table 11-8 Related operation for setting the cost of the default route
To... Run the Command...
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the default-cost command to specify the default routing metric.
Step 3 Run the display rip command to query the configuration information on the default routing
metric.
----End
Example
To set the default routing metric to 10, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#default-cost 10
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 11-9 lists the related operation for specifying the default routing metric.
Table 11-9 Related operation for specifying the default routing metric
Background Information
The default input metric is 0 while the default output metric is 1.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip metricin (rip metriout) command to set the added metric when the interface
receives or transmits the RIP packets.
----End
Examples
To set the added metric to 5 when the interface receives the RIP packets, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip metricin 5
To set the added metric to 5 when the interface transmits the RIP packets, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip metriout 5
Related Operations
Table 11-10 lists the related operations for setting the additional metric of a route.
Table 11-10 Related operations for setting the additional metric of a route
To... Run the Command...
Background Information
Route summarization is to combine routes of different subnets into one route. Route
summarization helps to reduce the routing traffic on the network as well as the size of the routing
table.
Procedure
Step 1 Run the rip command to start RIP process.
Step 3 Run the display rip command to query the configuration of default route summarization.
----End
Example
To enable the route summarization, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#summary
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Number of routes in database : 0
Number of interfaces enabled : 0
Related Operation
Table 11-11 lists the related operation for enabling the route summarization.
Background Information
l The summary address is valid only when the classful summarization is disabled.
l With split horizon or poison reverse is enabled, summary address and classful
summarization fail. That is, to transmit route summarization to neighbors, disable split
horizon or poison reverse of the related interface.
Procedure
Step 1 Runt the interface vlanif command to enter VLAN interface mode.
Step 2 Runt the rip summary-address command to configure IP address of a summary route.
----End
Example
To configure the summary IP address of VLAN interface 2 as 10.0.0.0, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip summary-address 10.0.0.0 255.255.255.0
Related Operation
Table 11-12 lists the related operation for configuring a summary route IP address.
Background Information
By default, receiving host routes is enabled.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the undo host-route command to prohibit the host route from being added to the route
table.
Step 3 Run the display rip command to query the configuration of the host route.
----End
Example
To set the system to prohibit the host route from being added to the route table, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#undo host-route
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Number of routes in database : 0
Number of interfaces enabled : 0
Related Operation
Table 11-13 lists the related operation for disabling receiving host routes.
Background Information
l Each kind of IGP routing protocol has its own preference. The route policy selects the route
of the routing protocol with the highest preference as the optimal route.
l The greater the preference value, the lower the preference.
l The default RIP preference is 100.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the preference command to configure the RIP preference.
Step 3 Run the display rip command to query the configuration of RIP preference.
----End
Example
To set the RIP preference to 120, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#preference 120
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 11-14 lists the related operation for configuring the RIP preference.
Background Information
To enhance the routing function, the MA5600T allows RIP to import routes (including direct
route, static routes and OSPF routes) of other protocols into the routing table at a certain metric.
This greatly improves the capability of RIP to obtain routes and enhances the performance of
RIP.
Procedure
Step 1 Run the rip command to enable the RIP process.
----End
Example
To import static routes, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#import-route static
Related Operation
Table 11-15 lists the related operation for importing the routes of other protocols.
Table 11-15 Related operation for importing the routes of other protocols
Background Information
The route filtering can be performed based on the ACL, IP-prefix list of the system, or the IP-
prefix of the VLAN interface. Routes which fail to meet the filtering criteria are not be received
or sent.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the filter-policy ip-prefix export static command to configure the route filtering policy.
----End
Example
To filter the transmitted RIP routing updates based on the IP-prefix list abc, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#filter-policy ip-prefix abc export static
Related Operation
Table 11-16 lists the related operation for configuring the route filtering policy.
Table 11-16 Related operation for configuring the route filtering policy
To... Run the Command...
Background Information
In general, do not disable this function.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the verify-source command to verify the source IP address of a RIP route update.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To enable the RIP route verification function, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#verify-source
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 11-17 lists the related operation for verifying the source IP address of a RIP route update.
Table 11-17 Related operation for verifying the source IP address of a RIP route update
Background Information
By default:
The suppression time must be set to 0. Otherwise, the system prompts "Suppress time will not
take effect in system."
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the timers rip command to configure the RIP timer.
Step 3 Run the display rip route command to query configuration information on the RIP timer.
----End
Example
To set the interval for sending the update packet to 35s, route expiration time as 170s, suppression
time as 0s and garbage-collect time as 240s, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#timers rip 35 170 0 240
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces :
vlanif7
Default routes : Disabled
Verify-source : Enabled
Networks :
192.0.1.0
Configured peers :
10.0.0.1
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Number of routes in database : 0
Number of interfaces enabled : 1
Related Operation
Table 11-18 lists the related operation for configuring the RIP timer.
Background Information
If the field is not zero, RIP refuses to process the packet.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the checkzero command to configure the zero field check for RIP-1 packets.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To configure the zero field check for RIP-1 packets, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#checkzero
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Number of routes in database : 0
Number of interfaces enabled : 0
Related Operation
Table 11-19 lists the related operation for configuring the zero field check for RIP-1 packets.
Table 11-19 Related operation for configuring the zero field check for RIP-1 packets
Cancel the zero field check for RIP-1 packets undo checkzero
Background Information
RIP-2 supports two authentication modes: plain text authentication and MD5 encrypted text
authentication.
l The plain text authentication does not ensure security. The authentication key, which is not
encrypted, is sent together with the packet.
l MD5 encrypted text authentication ensures security in that the authentication key is
encrypted and then sent. MD5 encrypted text authentication has two formats: one is a
common packet format and the other is a non-standard packet format.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip authentication-mode command to configure the RIP-2 authentication mode.
----End
Example
To configure the RIP-2 authentication mode as plain text mode and password as huawei, do as
follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip authentication-mode simple huawei
Related Operation
Table 11-20 lists the related operation for configuring the RIP-2 authentication mode.
Table 11-20 Related operation for configuring the RIP-2 authentication mode
Background Information
l Once the function is enabled, RIP does not send the routing information learned from a
neighbor back to it again. This helps to prevents routing loops.
l By default, the split horizon function is enabled.
l The split horizon and poison reserve functions cannot be enabled at the same time.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip split-horizon command to enable the split horizon function.
----End
Example
To enable the RIP split horizon function, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip split-horizon
Related Operation
Table 11-21 lists the related operation for enabling the split horizon function.
Table 11-21 Related operation for enabling the split horizon function
Background Information
You are not allowed to enable both the split horizon and poison reverse functions at the same
time.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip poison-reverse command to enable the poison reverse function.
----End
Example
To enable the RIP poison reverse function, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip poison-reverse
NOTE
Once the function is enabled, if a route breaks down but is still kept in RIP packets, the route is configured
as infinite, that is, the routing metric is set as 16. The poison reversal function helps to prevent routing
loops among multiple routers.
Related Operation
Table 11-22 lists the related operation for enabling the poison reverse function.
Table 11-22 Related operation for enabling the poison reverse function
Background Information
l Up to 1000 route policies can be defined in the system, and each routing policy can be
configured with up to 20 nodes.
l A routing policy may consist of several nodes, with each node as a unit for the match test.
The node number is also the matching order.
l The relationship between nodes of a routing policy is "or". The system checks every node
of a routing policy. If one node passes the match test, it means that the routing policy passes
the match test.
l Every node consists of if-match clause and apply clause:
– The if-match clause defines the matching order. The relationship between two if-
match clauses of a node is "and". In other words, the match test can be considered as
pass-through only when all if-match clauses of a node are met.
– The apply clause specifies the action to be taken when node match test is conducted,
that is, set some attributes of the routes.
Parameter Description
Table 11-23 lists the parameters for defining a routing policy.
Parameter Description
Procedure
Step 1 Run the route-policy command to create a routing policy and the enter routing policy
configuration mode.
Step 2 Run the display route-policy command to query the running status of the configured routing
policy.
----End
Example
To configure routing policy 1 with node number of 10 and the matching mode "permit", do as
follows:
huawei(config)#route-policy policy1 permit node 10
Info: New Sequence of this List !
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:policy1
Command:
display route-policy policy1
Route-policy : policy1
permit : 10
Related Operation
Table 11-24 lists the related operation for configuring a routing policy.
Background Information
l By default, no match action is taken.
l The relationship between two if-match clauses of a node is "and". The match test can be
considered as pass-through only when all if-match clauses of a node are met. The apply
clause specifies the action to be taken when node match test is conducted.
l If no if-match clause is specified, all routes can pass through the node.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match ip command to set the filtering criteria of routing information.
Step 3 Run the display route-policy command to query the configuration information.
----End
Example
To set filtering the address prefix list p1 of destination address of route, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip next-hop ip-prefix p1
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Related Operation
Table 11-25 lists the related operation for defining the route policy matching rule.
Table 11-25 Related operation for defining the route policy matching rule
To... Run the Command...
Background Information
l The apply clause specifies the commands to be used for modifying the attributes of the
routes when if-match clauses are met.
l By default, no setting is available.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match command to set the filtering criteria of routing information.
Step 3 Run the apply tag command to set the tag of the route information.
Step 4 Run the display route-policy command to query the configured route policy.
----End
Example
To set the routing information tag of the filtered route as 100, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip-prefix p1
huawei(config-route-policy)#apply tag 100
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Apply clauses :
apply tag 100
Related Operation
Table 11-26 lists the related operation for modifying the attributes of the filtered route.
Table 11-26 Related operation for modifying the attributes of the filtered route
To... Run the Command...
Background Information
By default, the function is disabled.
Procedure
Step 1 Run the rip tunnel command to enable the transparent transmission function of the RIP packet
based on the VLAN.
Step 2 Run the display rip tunnel command to query the status of the function.
----End
Example
To enable the transparent transmission function of the RIP packet based on VLAN 10, do as
follows:
huawei(config)#rip tunnel enable vlan 10
huawei(config)#display rip tunnel vlan 10
rip tunnel is enable
This topic describes how to configure the OSPF routing protocol supported by the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
12.1 Overview
This topic describes the Open Shortest Path First (OSPF) routing protocol and its application on
the MA5600T.
12.2 Configuration Example of OSPF
This topic provides an example for configuring OSPF on the MA5600T.
12.3 Configuring OSPF
This topic describes how to configure OSPF.
12.4 Controlling the OSPF Routing Information
This topic describes how to control the OSPF routing information, including transmitting
aggregation routes, filtering received routes, and importing external routes.
12.5 Adjusting and Optimizing OSPF
This topic describes how to adjust and optimize the OSPF configuration to improve the OSPF
network performance.
12.1 Overview
This topic describes the Open Shortest Path First (OSPF) routing protocol and its application on
the MA5600T.
Service Description
OSPF is a dynamic routing protocol based on the link state algorithm such as the Shortest Path
First (SPF) algorithm.
OSPF is an interior gateway protocol (IGP), which is used to divide the network of an
Autonomous System (AS) into different tiers of areas for management, thus decreasing the
number of OSPF packets, and accelerating the convergence of the network.
OSPF applies to the networks of various scales, and supports up to hundreds of routers in a
network.
Networking
Figure 12-1 shows an example network for configuring OSPF.
In this example network, OSPF is enabled on the four MA5600Ts. Besides, MA5600T_A is
configured with the highest designated router (DR) priority, MA5600T_C is configured with
the second highest DR priority, and MA5600T_A realizes the broadcast of network link status
for the DR.
DR
192.1.1.1/24 192.1.1.4/24
192.1.1.2/24 192.1.1.3/24
BDR
Data Plan
Table 12-1 provides the data plan for configuring OSPF.
Priority: 100 -
VLAN ID: 2 -
Priority: 80 -
VLAN ID: 2 -
Priority: 90 -
VLAN ID: 2 -
VLAN ID: 2 -
Background Information
l The native VLAN of each interface of the MA5600T must be configured to ensure a normal
communication.
l The OSPF area IDs of the MA5600T devices must be consistent.
Configuration Flowchart
Figure 12-2 shows the flowchart for configuring OSPF.
Start
Enable OSPF
End
NOTE
The procedure shown in the preceding flowchart is for configuring OSPF on one MA5600T. To configure
OSFP on multiple MA5600T devices, repeat the procedure.
Procedure
Step 1 Configure MA5600T_A.
1. Configure the IP address of the L3 interface.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 192.1.1.1 24
huawei(config-if-vlanif2)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 1.1.1.1 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 2.2.2.2 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 3.3.3.3 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
----End
Result
Run the display ip routing-table command and you can find the learnt route table. Hosts can
communicate with each other.
Background Information
l By default, OSPF is disabled.
l To configure the related parameters, enable OSPF first.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the display ospf command to query the OSPF process.
----End
Example
To enable OSPF process 1, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#quit
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 10.71.62.27
OSPF Protocol Information
RouterID: 10.71.62.27 Border Router:
Route Tag: 0
Multi-VPN-Instance is not enabled
Spf-schedule-interval: 5
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 0
RFC 1583 Compatible
Retransmission limitation is disabled
Area Count: 0 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Related Operation
Table 12-2 lists the related operation for enabling the OSPF process.
Background Information
l OSPF does not support the configuration of the DR priority for interface NULL.
l The DR is for broadcast or NBMA type interfaces. The interfaces of p2p, p2mp network
type do not need DR election.
l Before this operation, the IP address of the L3 interface must be in an OSPF domain.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 3 Run the display ospf interface command to query the DR priority.
----End
Example
To configure the DR priority 8 for VLAN interface 2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 192.1.1.1 24
huawei(config-if-vlanif2)#ospf dr-priority 8
huawei(config-if-vlanif2)#quit
huawei(config)#display ospf interface vlanif 2
OSPF Process 1 with Router ID 192.168.1.1
Interfaces
Interface: 192.1.1.1 (vlanif2)
Cost: 1 State: Down Type: Broadcast MTU: 1500
Priority: 8
Designated Router: 0.0.0.0
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Background Information
A router ID is a 32-bit unsigned integer, which uniquely identifies a router in the AS.
Procedure
Step 1 (Optional) Run the ospf router-id command to set an OSPF router ID.
NOTE
If this operation is omitted, the router ID configured by running the router id command in global config
mode is used as the OSPF router ID.
Step 2 Run the display ospf brief command to query the configured OSPF router ID.
----End
Example
To set the ID of a router as 192.168.1.1, do as follows:
huawei(config)#ospf router-id 192.168.1.1
Warning: OSPF The new router id will be activated only after Reset Ospf Process
huawei(config-ospf-1)#quit
huawei(config)#reset ospf 1 process
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 192.168.1.1
OSPF Protocol Information
RouterID: 192.168.1.1 Border Router:
Route Tag: 0
Multi-VPN-Instance is not enabled
Spf-schedule-interval: 5
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 0
RFC 1583 Compatible
Retransmission limitation is disabled
Area Count: 0 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Related Operation
Table 12-3 lists the related operation for setting an OSPF router ID.
Background Information
After the transmission is disabled on an interface, the interface should be in silent state. The
interface can still advertise its direct route. However, the OSPF Hello packets of the interface
are blocked, and no adjacency can be set up on the interface.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the silent-interface command to prohibit an interface from transmitting OSPF packets.
----End
Example
To prohibit VLAN interface 7 from transmitting OSPF packets, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#silent-interface vlanif 7
Related Operation
Table 12-4 lists the related operation for prohibiting an interface from transmitting OSPF
packets.
Table 12-4 Related operation for prohibiting an interface from transmitting OSPF packets
Background Information
l OSPF further divides the AS into different areas. Routing information is transmitted
between the areas through the ABRs which are located at the boarders of the areas. This
helps to reduce the number of OSPF packets in the network, thus improving the
performance of OSPF.
l If the specified area does not exist, the system first creates the area and then enters area
config mode.
l An area ID can be set in the form of an integer or an IP address, but it is displayed only in
the form of an IP address.
l If an area ID is an integer, the MA5600T automatically converts the integer into an IP
address.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
----End
Example
To create area 1 and enter area config mode, do as follows:
huawei(config)#ospf 100
huawei(config-ospf-100)#area 1
huawei(config-ospf-100-area-0.0.0.1)#
Related Operation
Table 12-5 lists the related operation for entering OSPF area config mode.
Table 12-5 Related operation for entering OSPF area config mode
To... Run the Command...
Background Information
Wildcard-mask in the network command is the reverse of the IP address, that is, the mask of
the IP address is reserved (0 changed to 1 and 1 changed to 0). "1" indicates the digit in the IP
address is omitted and "0" indicates that the digit must be reserved.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
Step 3 Run the network command to configure the interface running OSPF and the area the interface
belongs to.
----End
Example
To configure the subnet 192.1.1.0 for the interface running OSPF, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#area 1
huawei(config-ospf-1-area-0.0.0.2)#network 192.1.1.0 0.0.0.255
Related Operation
Table 12-6 lists the related operation for configuring the subnets for an area.
Table 12-6 Related operation for configuring the subnets for an area
To... Run the Command...
of the Stub area does not transmit the external routes of the autonomous system, thus greatly
decreasing the route information transmission and the size of the route tables of routers in this
area.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
Step 3 Run the stub command to configure the OSPF stub area.
----End
Example
To configure OSPF area 1 as a Stub area, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#area 1
huawei(config-ospf-1-area-0.0.0.1)#stub
Related Operations
Table 12-7 lists the related operations for configuring a Stub area.
Background Information
l By default, the preference for NBMA interface adjacent router is 1.
l Up to 128 adjacent routers can be configured in a process.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
----End
Example
To configure the IP address of the NBMA adjacent router as 1.1.1.1 and specify the DR priority
as 120, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#peer 1.1.1.1 dr-priority 120
Related Operation
Table 12-8 lists the related operation for configuring an NBMA adjacent router.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the enable log command to query log information.
----End
Example
To enable the logging function of OSPF, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#enable log config
Related Operation
Table 12-9 lists the related operation for enabling the OSPF logging function.
Table 12-9 Related operation for enabling the OSPF logging function
To... Run the Command...
Background Information
OSPF divides networks into four types. By default, the network type of an interface is determined
by the physical interface. For details, see Table 12-10.
p2mp Point-to-Multipoint -
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf network-type command to configure the network type.
----End
Example
Assume that the Ethernet port 0/9/0 is in VLAN 2, to configure the network type of the port
0/9/0 as P2P, do as follows:
huawei(config)#interface vlanif 2
huawei(config-vlanif-2)#ospf network-type p2p
Related Operation
Table 12-11 lists the related operation for configuring the network type on an OSPF interface.
Table 12-11 Related operation for configuring the network type on an OSPF interface
Background Information
l After the adjacency is set up between two routers, the routers begin to transmit DD packets
to each other to exchange the owned routing information.
l By default, the interface does not fill in the MTU field while transmitting DD packets. In
other words, the MTU field in the DD packets is 0.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf mtu-enable command to configure the MTU of the DD packet.
----End
Example
To configure VLAN interface 2 to fill in the MTU field when transmitting DD packet, do as
follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf mtu-enable
Related Operation
Table 12-12 lists the related operation for configuring the MTU of the DD packet.
Table 12-12 Related operation for configuring the MTU of the DD packet
To... Run the Command...
Restore the default setting for the interface undo ospf mtu-enable
when transmitting DD packets
Background Information
l The OSPF preference ranges from 1 to 255.
l By default, it is 10.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the preference command to set OSPF preference.
Step 3 Run the display ospf brief command to query the OSPF preference.
----End
Example
To set the OSPF preference to 12, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#preference 12
huawei(config-ospf-1)#quit
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 192.0.2.3
OSPF Protocol Information
Related Operation
Table 12-13 lists the related operation for setting the OSPF preference.
Background Information
The default maximum route count is:
l Intra-area routes: 10000
l Inter-area routes: 10000
l External routes: 10000
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the maximum-routes command to configure the maximum OSPF route count.
----End
Example
To configure the maximum count of OSPF routes as 500, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#maximum-routes intra 500
Related Operation
Table 12-14 lists the related operation for configuring the maximum OSPF route count.
Table 12-14 Related operation for configuring the maximum OSPF route count
To... Run the Command...
Background Information
l OSPF supports plain text authentication or MD5/HMAC-MD5 encrypted text
authentication for adjacent routes to transmit OSPF packets.
l By default, the interface is not configured with any authentication mode.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf authentication-mode command to configure OSPF packet authentication.
----End
Example
To configure the OSPF authentication as plain text authentication and the authentication
password as "huawei", do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf authentication-mode simple huawei
Related Operation
Table 12-15 lists the related operation for configuring the OSPF packet authentication.
Table 12-15 Related operation for configuring the OSPF packet authentication
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf cost command to configure the cost of the interface running OSPF.
----End
Example
To configure the cost of the interface running OSPF as 5, do as follows:
huawei(config)#interface vlanif 2
huawei(config-vlanif2)#ospf cost 5
Related Operation
Table 12-16 lists the related operation for configuring the OSPF cost.
Restore the default undo ospf cost By default, the system calculates the
cost cost needed for the interface running
OSPF according to the current baud
rate of the interface.
Background Information
l By default, the ABR does not summarize routes between areas.
l One area can be configured with multiple summarization network segments.
l The route summarization is valid when configured on an ABR.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
Step 3 Run the network command to configure the interface running OSPF protocol and the area the
interface belongs to.
Step 4 Run the abr-summary command to configure route summarization between areas.
----End
Example
To summarize the routes in the two network segments of 20.20.10.0 and 20.20.20.0 in OSPF
area as one route entry 20.20.0.0 and send it to other areas, do as follows:
huawei(config)#ospf 100
huawei(config-ospf-100)#area 1
huawei(config-ospf-100-area-0.0.0.1)#network 20.20.10.0 0.0.0.255
huawei(config-ospf-100-area-0.0.0.1)#network 20.20.20.0 0.0.0.255
Related Operation
Table 12-17 lists the related operation for configuring the route summarization between areas.
Table 12-17 Related operation for configuring the route summarization between areas
Background Information
OSPF supports the aggregation of imported routes. By default, the aggregation of imported
routes is disabled.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the asbr-summary command to configure the aggregation of routes with the same prefix.
----End
Example
To enable the aggregation of routes with the same prefix of 10.2, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#asbr-summary 10.2.0.0 255.255.0.0
Related Operation
Table 12-18 lists the related operation for configuring the aggregation of routes imported by
OSPF.
Table 12-18 Related operation for configuring the aggregation of routes imported by OSPF
Background Information
l OSPF processes the routes found by other routing protocols to be processed as routes
outside the AS. The protocol types of routes that OSPF can import are RIP routes, direct
routes and static routes.
l By default, importing routes from other protocols by OSPF is disabled.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the import-route rip command to import routes from other protocols into OSPF.
----End
Example
To specify the imported RIP route as Type 2 external route, the route tag as 33, and the metric
as 50, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#import-route rip 40 type 2 tag 33 cost 50
Related Operation
Table 12-19 lists the related operation for importing routes from other protocols into OSPF.
Table 12-19 Related operation for importing routes from other protocols into OSPF
Background Information
The default settings are:
l Cost: 10
l The type of imported route: Type-2
l The upper limit of the imported external routes: 1000 at a time
l The tag value: 10
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the default command to set the default parameters for OSPF to import external routes.
----End
Example
Assume the following:
l The upper limit of the default imported external routes: 100
l The default cost for OSPF to accept external routes: 8
l The default tag for OSPF to accept external routes: 8
l The default type of imported routes: Type-1
To set the OSPF imported routes, do as follows:
huawei(config)#ospf 100
huawei(config-ospf-100)#default cost 8 type 1 tag 8 limit 100
Related Operations
Table 12-20 lists related operations for setting parameters for OSPF to import external routes.
Table 12-20 Related operations for setting parameters for OSPF to import external routes
Restore the default upper limit for OSPF to import undo default limit
external routes each time
Restore the default cost for OSPF to import external undo default cost
routes
Restore the default tag when OSPF imports external undo default tag
routes
Restore the default type of the external routes to be undo default type
imported
This topic describes how to set the dead time between adjacent routers. If a router fails to receive
any Hello packet from an adjacent router for a certain period, it considers the adjacent router as
unavailable. This period is called the dead time between adjacent routers.
12.5.3 Setting the Hello Packet Poll Interval
This topic describes how to set the Hello packet poll interval.
12.5.4 Setting the LSA Transmit Delay
This topic describes how to set the LSA transmit delay.
12.5.5 Setting the LSA Retransmit Interval between Adjacent Routers
This topic describes how to set the LSA retransmit interval between adjacent routers.
12.5.6 Setting the SPF Calculation Interval for OSPF
This topic describes how to set the SPF calculation interval for OSPF.
Background Information
l By default, Hello interval of the P2P, P2MP and broadcast interfaces is 10s and that of the
NBMA interface is 30s.
l The intervals for sending Hello packets of network neighbors should be consistent with
each other.
l The interval for sending Hello packets should be in inverse proportion of route convergence
speed and network load.
l After the network type of the interface is modified, the interval for sending Hello packets
restores the default value.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer hello command to set the interval for sending Hello packets.
----End
Example
To set the interval for sending OSPF Hello packet to 15s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer hello 15
Related Operation
Table 12-21 lists the related operation for setting the interval for sending Hello packets.
Table 12-21 Related operation for setting the interval for sending Hello packets
Restore the default interval for sending undo ospf timer hello
Hello packets
Background Information
l By default, the dead time between adjacent routers on the P2P, P2MP and broadcast
interfaces is 40s and that on the NBMA (non-broadcast) interface is 120s.
l The value of dead seconds must be 4 times that of hello seconds at least.
l After the network type of the interface is modified, the dead time is restored to the default
value.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer dead command to set the dead time of adjacent routers.
----End
Example
To set the dead time of adjacent routers to 60s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer dead 60
Related Operation
Table 12-22 lists the related operation for setting the dead time between adjacent routers.
Table 12-22 Related operation for setting the dead time between adjacent routers
Background Information
l In the NBMA network, after the adjacent router fails, a router transmits Hello packet to the
failed router periodically with the Hello packet poll interval.
l The Hello packet poll interval shall at least four times the interval for sending Hello packets.
l By default, the Hello packet poll interval is 120s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer poll command to set the Hello packet poll interval.
----End
Example
To set the Hello packet poll interval to 60s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer poll 60
Related Operation
Table 12-23 lists the related operation for setting the Hello packet poll interval.
Table 12-23 Related operation for setting the Hello packet poll interval
Background Information
l The Link State Advertise (LSA) describes the interface state and the adjacency state of a
router. An LSA gets aged when it is saved in the LSDB of the local router. However, an
LSA does not get aged in the transmission process.
l Before an LSA is transmitted by an interface, you must configure the delay for the interface
to transmit the LSA according to the transmission condition of the network, especially for
a low speed network. Besides, you must add the delay to the aging time for the LSA during
the transmission process. This configuration is to ensure the LSA validity.
l By default, the LSA transmit delay is 1s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf trans-delay command to set the LSA transmit delay.
----End
Example
To set LSA transmit delay as 10s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf trans-delay 10
Related Operation
Table 12-24 lists the related operation for setting the LSA transmit delay.
Table 12-24 Related operation for setting the LSA transmit delay
Background Information
l When a router sends an LSA to its neighbors, it shall wait for an ACK from them. If no
ACK is received from the neighbors within the retransmit interval, this LSA should be
resent.
l A very small LSA retransmit interval on an interface may lead to unnecessary
retransmission. A very large LSA retransmit interval affects the flooding speed in case of
packet loss.
l By default, the LSA retransmit interval between adjacent routers is 5s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer retransmit command to set the LSA retransmit interval.
----End
Example
To set the LSA retransmit interval to 8s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer retransmit 8
Related Operation
Table 12-25 lists the related operation for setting the LSA retransmit interval between adjacent
routers.
Table 12-25 Related operation for setting LSA retransmit interval between adjacent routers
Background Information
l Whenever the LSDB of OSPF changes, the SPF should be recalculated.
l Calculating the shortest path upon any change consumes vast amounts of resources and
affects the operation efficiency of the router. Adjusting the SPF calculation interval,
however, can restrain the resource consumption due to frequent network changes.
l By default, the interval of SPF recalculation is 5s.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the spf-schedule-interval command to set the SPF calculation interval for OSPF.
----End
Example
To set the interval of SPF recalculation to 10s, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#spf-schedule-interval 10
Related Operation
Table 12-26 lists the related operation for setting the SPF calculation interval for OSPF.
Table 12-26 Related operation for setting the SPF calculation interval for OSPF
This topic describes how to configure the IS-IS routing protocol supported by the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
13.1 Overview
This topic describes the Intermediate System-to-Intermediate System (IS-IS) routing protocol
and its application on the MA5600T.
13.2 Configuration Example of IS-IS
This operation enables the corresponding device configured data to run the IS-IS protocol on
the MA5600T.
13.3 Configuring IS-IS
This topic describes how to configure IS-IS. Before configuring or validating other functions
related to IS-IS, you must start the IS-IS process, specify the NET, and then enable IS-IS on the
specified port.
13.4 Controlling the IS-IS Routing Information
This topic describes how to control the IS-IS routing information, including advertising
aggregated routes, filtering received routes, and importing external routes. It also describes how
to modify the attributes of a route such as its priority and cost. Based on the methods described
in this topic, you can control the propagation of the IS-IS routing information in the AS.
13.5 Adjusting and Optimizing IS-IS
This topic describes how to adjust and optimize the configurations of an IS-IS network, including
modifying the network type of an interface, adjusting the IS-IS protocol parameters, and
configuring the IS-IS verification function.
13.1 Overview
This topic describes the Intermediate System-to-Intermediate System (IS-IS) routing protocol
and its application on the MA5600T.
Service Description
IS-IS is a dynamic routing protocol based on the link state algorithm.
IS-IS belongs to the Interior Gateway Protocols (IGPs). It is used to create two-level hierarchical
network topologies, namely Level-1 areas and Level-2 areas, by dividing areas within the AS.
Level-1 routers manage the intra-area routes, and Level-2 routers manage the inter-area routes.
The border router that belongs to the Level-1 area and the Level-2 area is a Level-1-2 router. In
this way, a large-scale routing network is supported, and the bandwidth occupied by the IS-IS
packets is decreased. Figure 13-1 shows the IS-IS network topology.
Level-1
Area
Level-2
Backbone
Level-1 Level-1
Area Area
The MA5600T acts as an MSAN. When the MA5600T supports the IS-IS protocol, it always
runs in the Level-1 area as an Intermediate System (IS).
Related Concepts
l IS: It is the basic unit used for generating routes and transmitting routing information in
the IS-IS application. The function of an IS is similar to that of a router in the TCP/IP
application. When enabled with the IS-IS protocol, the MA5600T can act as an IS.
l End system (ES): It is not involved in the processing of the IS-IS protocol. The function of
an ES is similar to that of a host system in the TCP/IP application.
l Routing domain (RD): In an RD, a group of ISs exchange routing information by adopting
the same routing protocol.
l Area: It is the division unit of a routing domain.
l Link state database (LSDB): It contains the information on the states of all the links in a
network. Each IS has a minimum of one LSDB. An IS generates its own routes through the
link state SPF algorithm by using the LSDB.
l Link state protocol data unit (LSP): In the IS-IS application, each IS generates LSP. The
LSP contains information on the states of all the links of the IS. Each IS collects all LSPs
within an area and generates its own LSDB by exchanging LSP packets.
l Network protocol data unit (NPDU): It indicates the protocol packets at the network layer
in the ISO. The function of NPDU packets is similar to that of the IP packets in the TCP/
IP application.
l Designated IS (DIS): It is an elected router in a broadcast network. The function of a DIS
is similar to that of a DR in the OSPF application.
l Network service access point (NSAP): It indicates the address of the network layer in the
ISO. The function of an NSAP address is similar to that of an IP address in the TCP/IP
application.
Networking
Figure 13-2 shows an example network for configuring IS-IS on the MA5600T.
In this example network, the MA5600T forwards the access VoIP service through the L3
interface to the NGN network. Then, the MA5600T obtains the routes of the NGN networking
through the IS-IS protocol. The area ID of the Level-2 router differs from the area ID of the
Level-1-2 router to which the Level-2 router connects.
Backbone
Area 10 Level-2
Level-1
RG
VoIP NGN
Router2
Router1
MA5600T
DHCP Server
Phone
Data Plan
Table 13-1 provides the data plan for configuring IS-IS.
Item Data
Item Data
IS-IS interface:
l Port number: 0/19/0
l VLAN ID: 20
l IP address: 192.15.24.5/16
NOTE
Configuration Flowchart
Figure 13-3 shows the flowchart for configuring IS-IS.
Start
End
Procedure
l Configure IS-IS on the MA5600T.
1. Configure the L3 interface.
huawei(config)#vlan 20 standard
huawei(config)#port vlan 20 0/19 0
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#ip address 192.15.24.5 16
huawei(config-if-vlanif20)#quit
huawei(config-isis-1)#is-name MA5600T
huawei(config-isis-1)#quit
Result
l Run the display isis lsdb command and you can query the IS-IS LSDB.
l Run the display isis route command and you can query the IS-IS route. The routing table
of the Level-1 router should have a default route, and the next hop should be the Level-1-2
router. The Level-2 router should have the routes to all the Level-1 routers and the Level-2
routers.
Background Information
l You can configure the IS-IS process only in IS-IS mode.
l If the IS-IS process ID is not specified, the system creates IS-IS process 1 by default.
l The IS-IS protocol be started only when an IS-IS process is created, and is activated on the
interface that may have connection to other routers.
Prerequisite
The IP address of the interface on the MA5600T is configured, and the ping operation between
the MA5600T and the adjacent router is successful.
Procedure
In global config mode, run the isis command to create an IS-IS process and enter IS-IS mode of
the process.
----End
Example
To create IS-IS process 1 and enter IS-IS mode of process 1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#
Related Operation
Table 13-2 lists the related operation for enabling the IS-IS process.
Background Information
An NET defines the area address and the system ID of the current IS-IS. Figure 13-4 shows the
architecture of the IS-IS network topology.
Where:
l Area Address
An area address indicates the ID of an area. The area addresses must be unique in any two
routing domains.
In general, a router requires only one area address, and the area addresses of all nodes in
an area must be the same. If a router needs to support the functions of an area, such as
smooth merge, split, and conversion, multiple area addresses must be configured. The
MA5600T supports up to three area addresses.
l System ID
A system ID is used to uniquely identify a router in an area. The length of an ID is always
48 bits (six bytes).
In actual applications, a router ID is always mapped with a system ID. For example, if a
router uses the IP address (168.10.1.1) of an L3 interface as the router ID, the system ID
used by the router in the IS-IS can be converted in the following way:
1. Extend each segment of the IP address 168.10.1.1 to three bytes by adding 0 to the
left of the segment
2. Divide the extended address 168.010.001.001 into three segments. Each of these
segments should consist of four bytes.
3. The new address 1680.1000.1001 can be used as the system ID of the router.
NOTE
A system ID can be specified in different ways. It should uniquely identify a router in an area.
l SEL
The function of an SEL (also referred as NSAP Selector or N-SEL) is similar to that of a
protocol identifier in the IP application. The SEL varies according to the transfer protocols.
The SEL corresponding to the IP protocol is 00.
Because the foresaid address format definitely defines an area, the routing mode is simplified
in this way:
l The Level-1 router performs the routing in an area based on the system ID. Upon detecting
that the destination address of the packets does not belong to its area, the Level-1 router
forwards the packets to the nearest Level-1-2 router.
l The level-2 router performs the routing between different areas based on the area address.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
----End
Example
To configure the NET of IS-IS process 1 as 10.0001.1010.1020.1030.00, where the area address
is 10.0001, the system ID is 1010.1020.1030 and the SEL is 00, do as follows:
huawei(config)#isis
huawei(config-isis-1)#network-entity 10.0001.1010.1020.1030.00
Related Operation
Table 13-3 lists the related operation for configuring an NET.
Background Information
The levels of a router are classified into Level-1, Level-2 and Level-1-2. The default router level
of the MA5600T is Level-1-2.
l Level-1 router
A Level-1 router manages the intra-area routes, and has adjacencies only with other Level-1
routers and Level-1-2 routers in the same area. The Level-1 router maintains a Level-1
LSDB, which contains only the information on the routes of the local area. When the
Level-1 router exchanges data with the routers in other areas, it forwards the data to the
nearest Level-1-2 router.
l Level-2 router
A Level-2 router manages the inter-area routes, and has adjacencies with the Level-2 and
Level-1-2 routers in other areas. The Level-2 router maintains a Level-2 LSDB, which
contains the information on the inter-area routes.
All the Level-2 routers constitute the backbone network of a routing domain for inter-area
communication. The Level-2 routers in a routing domain must be deployed successively
for ensuring the continuity of the backbone network. Only the Level-2 routers can directly
exchange data packets or routing information with the routers that exist outside the routing
domain.
l Level-1-2 router
The router that belongs to both Level-1 area and Level-2 area is a Level-1-2 router. Such
a router can have Level-1 adjacencies with the Level-1 and Level-2 routers in the same
area, and have Level-2 adjacencies with the Level-2 and Level-1-2 routers in other areas.
A Level-1 router can connect to other areas only through a Level-2 router.
A Level-1-2 router maintains two LSDBs, where, Level-1 LSDB is used for maintaining
the intra-area routes, and Level-2 LSDB is used for maintaining the inter-area routes.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of a specified process.
----End
Example
To enable the current router to work at Level-1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#is-level level-1
Related Operation
Table 13-4 lists the related operation for configuring the router level.
Background Information
When the IS-IS function on a specified interface is enabled, the IS-IS process running on the
interface is activated, and the IS-IS protocol is started.
After the IS-IS function is enabled successfully, the interface starts exchanging routing
information with its adjacent routers and also starts learning the network routes. In this case,
you can query the information on the IS-IS LSDB, adjacent routers, routes and statistics.
Prerequisites
l The router must be enabled with the IS-IS process, and configured with the NET.
l The specified virtual L3 interface of the VLAN must be configured.
l The virtual L3 interface of the VLAN must be up.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure IS-IS on the L3 interface.
Step 2 Run the isis enable command to enable the IS-IS function on the L3 interface and associate the
interface with the specified IS-IS process.
----End
Examples
To enable the IS-IS function and IS-IS process 1 on VLAN interface 10, do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis enable 1
To enable the IS-IS function and IS-IS process 1 on loopback interface 0, do as follows:
huawei(config)#interface loopback 0
huawei(config-if-loopback0)#isis enable 1
Related Operations
Table 13-5 lists the related operations for enabling the IS-IS function on an interface.
Table 13-5 Related operations for enabling the IS-IS function on an interface
Background Information
Multiple routing protocols can concurrently run on a router. When these routing protocols detect
the routes to the same destination, the system selects the route detected by the protocol with the
highest priority as the route to the destination.
By default, the priority of the IS-IS protocol is 15. The smaller the priority value, the higher the
priority.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the preference command to configure the priority of the IS-IS protocol.
----End
Examples
To configure the priority of the IS-IS protocol as 20, do as follows:
huawei(config)#isis
huawei(config-isis-1)#preference 20
To configure the priority of the IS-IS route matching routing policy abc as 50, and the priority
of other IS-IS routes as 30, do as follows:
huawei(config)#route-policy abc permit node 1
huawei(config-route-policy)#if-match cost 20
huawei(config-route-policy)#apply preference 50
huawei(config)#display route-policy abc
Route-policy : abc
permit : 1
Match clauses :
if-match cost 20
Apply clauses :
apply preference 50
huawei(config)#isis
huawei(config-isis-1)#preference 30 route-policy abc
NOTE
If the priority is not specified in the routing policy, the priority specified by running the preference
command is used as the priority for all IS-IS routes.
Related Operations
Table 13-6 lists the related operations for configuring the IS-IS priority.
Background Information
The IS-IS determines the cost of its interface in the following ways:
l Interface cost: indicates that the link cost is configured for a single IS-IS interface. By
default, the link cost of an IS-IS interface is 10.
l Global cost: indicates that the link cost is configured for all interfaces. By default, the global
cost is not configured in the system.
l Auto-cost: indicates that the link cost is automatically calculated based on the IS-IS
interface bandwidth.
If the IS-IS interface cost is not configured by using any of the foresaid ways, the default cost
of an IS-IS interface is 10.
IS-IS supports multiple cost types. For different cost types, the cost range of an interface is
different, and the cost range of the routes that can be received also varies. The cost types are as
follows:
l Narrow: If the cost type is narrow, the cost of an interface ranges from 0 to 63, and the
maximum cost of the received route is 1023.
l Narrow-compatible or compatible: If the cost type is narrow-compatible or compatible, the
cost of an interface ranges from 0 to 63, and the cost of the received route is related to the
parameter relax-spf-limit.
l Wide or wide-compatible: If the cost type is wide or wide-compatible, the cost of an
interface ranges from 1 to 16777215. When the cost is 16777215, the neighbor TLV (cost:
16777215) generated on the link cannot be used in the routing calculation and can only be
used to deliver the information related to TE. The maximum cost of the received route is
0xFFFFFFFF.
Notes
l If the IS-IS interface cost is not configured by using any of the foresaid ways, the default
cost of an IS-IS interface is 10.
l The priority of the global cost is lower than the priority of the interface cost. If the link cost
is not configured for a specified interface, the global cost configured for the interface takes
effect.
l The priority of the auto-cost is the lowest. If the function of automatic cost calculation is
enabled on an interface, the system automatically calculates the cost of the interface only
when the interface cost is not configured for the interface and the global cost is not
configured for the IS-IS process.
l The cost of a loopback interface cannot be modified by enabling the function of automatic
cost calculation or by configuring the global cost. It must be separately configured only in
loopback interface mode.
Procedure
l Configure the cost of the specified interface.
1. (Optional) In global config mode, run the isis command to enter IS-IS mode of the
specified process.
2. (Optional) Run the cost-style command to configure the cost type of the interface.
3. In global config mode, run the interface vlanif command to enter VLAN interface
mode, or run the interface loopback command to enter loopback mode to configure
the L3 interface enabled with the IS-IS function.
4. Run the isis cost command to configure the link cost of the interface.
l Configure the global cost.
1. In global config mode, run the isis command to enter IS-IS mode of the specified
process.
2. (Optional) Run the cost-style command to configure the cost type of the interface.
3. Run the circuit-cost command to configure the global cost of the interface.
l Configure the auto-cost.
1. In global config mode, run the isis command to enter IS-IS mode of the specified
process.
2. (Optional) Run the cost-style command to configure the cost type of the interface.
3. (Optional) Run the bandwidth-reference command to configure the reference value
for calculating the bandwidth.
4. Run the auto-cost enable command to enable the function of automatic cost
calculation on the IS-IS interface.
NOTE
l The bandwidth reference value configured by running the bandwidth-reference is valid only
when the cost type is wide or wide-compatible. Then, the cost of each interface = (bandwidth –
reference/interface bandwidth) x 10.
l When the cost type is narrow, narrow-compatible, or compatible, the cost of each interface can
be obtained by referring to Table 13-7.
Table 13-7 Relationship between the interface cost and the bandwidth
----End
Examples
To configure the link cost of VLAN interface 10 as 8, do as follows:
huawei(config)#interface vlanif
huawei(config-if-vlanif10)#isis cost 8
NOTE
If the Level-1 or Level-2 is not specified in the command lines, the same link cost is configured for the
level-1 and level-2 interfaces by default.
To configure the cost of all Level-1 interfaces as 10 and that of all Level-2 interfaces as 8, do
as follows:
huawei(config)#isis
huawei(config-isis-1)#circuit-cost 10 level-1
huawei(config-isis-1)#circuit-cost 8 level-2
NOTE
If Level-1 or Level-2 is not specified in the command lines, the cost of all Level-1-2 interfaces is configured
by default.
Related Operations
Table 13-8 lists the related operations for configuring the IS-IS interface cost.
Table 13-8 Related operations for configuring the IS-IS interface cost
Background Information
The minimum cost of the routes to be aggregated is used as the cost of the aggregated route.
By default, the IS-IS route aggregation is not configured in the MA5600T.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the summary command to configure the IS-IS route aggregation.
----End
Example
To configure aggregation route 202.0.0.0/8, do as follows:
huawei(config)#isis
huawei(config-isis-1)#summary 202.0.0.0 255.0.0.0
Related Operations
Table 13-9 lists the related operations for configuring the IS-IS route aggregation.
Table 13-9 Related operations for configuring the IS-IS route aggregation
To... Run the Command...
Background Information
Based on the route level, you can configure the MA5600T to generate the Level-1 and Level-2
default routes. If the level is not specified, the Level-2 default route is generated.
The generated default routes are advertised only to the routers at the same level.
By using the routing policy, you can force the IS-IS to generate the default routes only if there
is a matching route in the routing table.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the default-route-advertise command to configure the IS-IS to generate default routes.
----End
Example
To configure the IS-IS to generate the Level-1 default route, do as follows:
huawei(config)#isis
huawei(config-isis-1)#default-route-advertise level-1
Related Operations
Table 13-10 lists the related operations for configuring the IS-IS to generate default routes.
Table 13-10 Related operations for configuring the IS-IS to generate default routes
To... Run the Command...
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the filter-policy import command or the filter-policy export command to configure the
MA5600T to filter the received or advertised routing information.
----End
Examples
To apply ACL rule 2000 filter to filter the routing information received by the MA5600T, do as
follows:
huawei(config)#isis
huawei(config-isis-1)#filter-policy 2000 import
NOTE
The ACL rule applied must be a basic ACL rule. That means the ID of the ACL rule must be in the range of
2000–2999.
To filter the routing information advertised by the MA5600T applying IP address prefix abc,
and allow the MA5600T to advertise the routing information of the network 10.0.192.0/8, do as
follows:
huawei(config)#ip ip-prefix abc permit 10.0.192.0 8
huawei(config)#isis
huawei(config-isis-1)#filter-policy ip-prefix abc export
Related Operations
Table 13-11 lists the related operations for filtering the received or advertised routing
information.
Table 13-11 Related operations for filtering the received or advertised routing information
To... Run the Command...
Background Information
When the IS-IS network connects to other ASs, the IS-IS protocol must be enabled on the egress
interface, so that the routers within an area can learn the egress routes. In this way, the interface
sends IS-IS Hello packets to the network segment where it belongs. However, this is not required.
Then, you can enable the suppression function on the IS-IS interface. With the function enabled,
the interface does not send or receive Hello packets. But, the routes of the network segment, to
which the interface belongs, can still be advertised to other routers within the area.
NOTE
If the IS-IS protocol on the egress interface in the area is Down, the routers within the area cannot learn
the egress routes.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure the L3 interface enabled
with the IS-IS function.
Step 2 Run the isis silent command to enable the suppression function on the interface.
----End
Example
To enable the suppression function on VLAN interface 10, do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis silent
Related Operations
Table 13-12 lists the related operations for configuring the suppression function on an IS-IS
interface.
Background Information
The MA5600T enabled with the IS-IS protocol considers the routes discovered by other routing
protocols as external routes.
When importing the routes of other routing protocols, you can specify the default cost and the
level of the imported routes. If the level is not specified, the system imports the external routes
to the Level-2 routing table by default.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the import-route command to configure the IS-IS to import external routes.
Step 3 (Optional) Run the filter-policy import command to apply a routing policy to filter the imported
routes.
----End
Example
To import an internal static route and set its cost as 15, do as follows:
huawei(config)#isis
huawei(config-isis-1)#impor-route static cost-style internal cost 15
Related Operations
Table 13-13 lists the related operations for configuring the IS-IS to import external routes.
Table 13-13 Related operations for configuring the IS-IS to import external routes
Background Information
A Level-1 router manages the intra-area routes, and a Level-2 router manages the inter-area
routes. By default, a Level-2 router does not advertise the known routing information of Level-2
areas and other Level-1 areas to the routers in a Level-1 area.
A Level-1 router cannot determine the routes outside the local area. Therefore, it may fail to
determine an optimal route to other areas. Through the IS-IS route leaking, a Level-2 router can
advertise its own routing information of other Level-1 areas and Level-2 areas to a specified
Level-1 area, and the routing information can be filtered by applying the ACL rule, routing
policy, and IP address prefix.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the import-route isis level-2 into level-1 command to configure the IS-IS to import external
routes.
----End
Example
To enable the IS-IS route leaking, do as follows:
huawei(config)#isis
huawei(config-isis-1)#import-route isis level-2 into level-1
Related Operations
Table 13-14 lists the related operations for configuring the IS-IS route leaking.
Table 13-14 Related operations for configuring the IS-IS route leaking
To... Run the Command...
Disable the IS-IS route leaking undo import-route isis level-2 into level-1
This topic describes how to configure the LSDB overload flag bit. This allows other routers in
an area not to take the overloaded router into consideration during the SPF calculation.
13.5.12 Enabling Output of the Adjacency State
This topic describes how to enable the output of the adjacency state, allowing the change of IS-
IS adjacency state to be output to the maintenance terminal.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure the L3 interface enabled
with the IS-IS function.
Step 2 Run the isis circuit-type command to set the network type of the IS-IS interface to P2P.
----End
Example
To set the network type of IS-IS VLAN interface 10 to P2P, do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis circuit-type p2p
Related Operation
Table 13-15 lists the related operation for configuring the network type of an IS-IS interface.
Table 13-15 Related operation for configuring the network type of an IS-IS interface
Background Information
The levels of an IS-IS interface are as follows:
l Level-1: indicates that only the Level-1 adjacency can be established for the interface.
l Level-2: indicates that only the Level-2 adjacency can be established for the interface.
l Level-1-2: indicates that both Level-1 and Level-2 adjacencies can be established for the
interface.
By default, the level of an IS-IS interface is Level-1-2. That is, both Level-1 and Level-2
adjacencies can be established for the IS-IS interface.
To prevent unnecessary processing and to save the network bandwidth, you can configure the
level of an interface on a Level-1-2 router, allowing the interface to receive and send Hello
packets of a certain level (Level-1 or Level-2), and to establish an adjacency with another
interface.
For a P2P link, only one type of Hello packets can be received and sent. Hence, the level
configuration is invalid for a P2P interface.
NOTE
The level configuration of an interface takes effect only for the Level-1-2 router. For the routers of other
levels, the level of a router determines the level of the adjacency with a peer router.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure the L3 interface enabled
with the IS-IS function.
Step 2 Run the isis circuit-level command to configure the level of an IS-IS interface.
----End
Example
To configure the level of VLAN interface 10 as Level-1, do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis circuit-level level-1
Related Operations
Table 13-16 lists the related operations for configuring the IS-IS interface level.
Table 13-16 Related operations for configuring the IS-IS interface level
Background Information
Level-1 designated ISs (DISs) and Level-2 DISs are elected respectively. The higher the DIS
priority value of a router is, the more likely that the router is elected as a DIS. If there are two
or more routers with the same DIS priority in the network, the router with the largest MAC
address is elected. If the level is not specified when you configure the DIS priority, the Level-1-2
DIS priority is preferred by default. By default, the DIS priority of an IS-IS interface is 64.
NOTE
The DIS priority is valid only for the broadcast network. If the network type of an IS-IS interface is set to
P2P running the isis circuit-type command, the DIS priority setting does not take effect for the interface.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure the L3 interface enabled
with the IS-IS function.
Step 2 Run the isis dis-priority command to configure the DIS priority of the IS-IS interface.
----End
Example
To configure the DIS priority of VLAN interface 10 as 50, and the level as Level-1, do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis dis-priority 50 level-1
Related Operations
Table 13-17 lists the related operations for configuring the DIS priority of an IS-IS interface.
Table 13-17 Related operations for configuring the DIS priority of an IS-IS interface
To... Run the Command...
Background Information
When the network type of an IS-IS interface is set to P2P by running the isis circuit-type
command for simulating a P2P interface, the IS-IS checks the IP address of the received Hello
packets. The adjacency can be set up only when the IP address of the packets and the address
of the local interface receiving the Hello packets belong to the same subnet. If the IP address of
the interface that sends the Hello packets and the IP address of the interface that receives the
Hello packets belong to different subnets, and the IS-IS is configured for not checking the IP
addresses of the received Hello packets, the adjacency can also be set up between the interfaces
at both ends. The routing table has routes of two different subnets. The ping between the two
subnets, however, fails.
Prerequisites
The network type of the IS-IS interface is P2P.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure the L3 interface enabled
with the IS-IS function.
Step 2 Run the isis peer-ip-ignore command to configure the IS-IS for not checking the IP addresses
of the received Hello packets.
----End
Example
To configure VLAN interface 10 for not checking the IP address of the received Hello packets,
do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis peer-ip-ignore
Related Operations
Table 13-18 lists the related operations for configuring the IS-IS for not checking the IP
addresses of the received Hello packets.
Table 13-18 Related operations for configuring the IS-IS for not checking the IP addresses of
the received Hello packets
Background Information
By configuring the IS-IS packet timer, you can specify the interval for sending Hello packets,
the number of Hello packets which invalidates an adjacency, the interval for sending CSNP
packets, the interval for retransmitting Label Switched Path (LSP) packets, and the minimum
interval for sending the LSP packets.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure the L3 interface enabled
with the IS-IS function.
Step 2 (Optional) Run the isis timer hello command to configure the interval for sending Hello packets
on the interface.
Step 3 (Optional) Run the isis timer holding-multiplier command to configure the number of Hello
packets which invalidates an adjacency.
Step 4 (Optional) Run the isis timer csnp command to configure the interval for sending the CSNP
packets on the interface.
Step 5 (Optional) Run the isis timer lsp-retransmit command to configure the interval for
retransmitting LSP packets on the P2P link.
Step 6 (Optional) Run the isis timer lsp-throttle command to configure the minimum interval for
sending LSP packets.
----End
Example
For VLAN interface 10, to configure the interval for sending Level-1 Hello packets as 20s, the
number of Hello packets which invalidates an adjacency as 6, and the minimum interval for
sending LSP packets as 500 ms, do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis timer hello 20 level-1
huawei(config-if-vlanif10)#isis timer holding-multiplier 6 level-1
huawei(config-if-vlanif10)#isis timer lsp-throttle 500
Related Operations
Table 13-19 lists the related operations for configuring the IS-IS packet timer.
Table 13-19 Related operations for configuring the IS-IS packet timer
To... Run the Command...
Restore the default interval for sending undo isis timer hello
Hello packets
Restore the default interval for sending undo isis timer csnp
CSNP packets
Background Information
You can modify the LSP parameters according to the running status of the network to improve
the efficiency of the IS-IS protocol. A router supports the following LSP parameters. In general,
it is recommended that you use the default LSP configurations.
The cache for LSP packets must be smaller than the MTU of the IS-IS interface. Otherwise, the
forwarding of the LSP packets may fail.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 (Optional) Run the timer lsp-refresh command to configure the LSP refreshment period.
Step 3 (Optional) Run the timer lsp-max-age command to configure the LSP aging time.
Step 4 (Optional) Run the timer lsp-generation command to configure the intelligent timer for
generating the LSPs.
Step 5 (Optional) Run the ignore-lsp-checksum-error command to configure the function of ignoring
the LSP checksum errors.
Step 6 (Optional) Run the lsp-length receive command to configure the size of the LSP packets
received currently.
Step 7 (Optional) Run the lsp-length originate command to configure the size of the LSP packets
generated by the current router.
----End
Example
To configure the LSP refresh period as 1000 ms, the LSP aging time as 1500 ms, the max-interval
as 20s, the initial-interval as 50 ms, the incremental-interval as 2000 ms, and the size of generated
LSP packets as 1024 bytes, do as follows:
huawei(config)#isis
huawei(config-isis-1)#timer lsp-refresh 1000
huawei(config-isis-1)#timer lsp-max-age 1500
huawei(config-isis-1)#timer lsp-generation 20 50 2000
huawei(config-isis-1)#lsp-length originate 1024
Related Operations
Table 13-20 lists the related operations for configuring the LSP parameters.
Background Information
You can specify the maximum number of LSPs flooded each time and the maximum interval
for LSP flooding for an interface. The configuration takes effect for all the interfaces.
By default, for an interface, the maximum number of LSPs flooded each time is 5, and the
maximum interval for LSP flooding is 10 ms. If the level is not specified, the configuration takes
effect for both Level-1 and Level-2 LSPs.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the flash-flood command to configure the LSP fast flooding.
----End
Example
To configure the LSP fast flooding on the MA5600T running the IS-IS protocol, allowing each
interface to send up to six LSPs each time at a maximum interval of 100 ms, do as follows:
huawei(config)#isis
huawei(config-isis-1)#flash-flood 6 max-timer-interval 100
Related Operation
Table 13-21 lists the related operation for configuring the LSP fast flooding.
Table 13-21 Related operation for configuring the LSP fast flooding
To... Run the Command...
Background Information
For the IS-IS protocol, when the LSDB changes, the router needs to recalculate the routes.
Recalculating the routes frequently occupies many system resources and affects the system
efficiency. Delaying SPF calculation improves the efficiency in route calculation to some extent
and reduces consumption of system resources. A long delay, however, slows the network
convergence.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 (Optional) Run the timer spf command to configure the delay for SPF calculation.
Step 3 (Optional) Run the spf-slice-size command to configure the duration for each SPF calculation.
----End
Example
To configure the maximum delay for SPF calculation as 5s, and the duration for SPF calculation
as 500 ms, do as follows:
huawei(config)#isis
huawei(config-isis-1)#timer spf 5
huawei(config-isis-1)#spf-slice-size 500
Related Operations
Table 13-22 lists the related operations for configuring the SPF parameters.
Background Information
l An IS-IS router supports the mapping of both the local IS-IS host name and the remote IS-
IS host name. A DIS router also supports the mapping of DIS host name.
l By default, the mapping of the IS-IS host name is not configured.
l When you run the display isis peer command to query the adjacency, the mapping name
is displayed in the command response, provided that the mapping of the IS-IS host name
is configured on both ends. The mapping name is not displayed if the mapping of the IS-
IS host name is configured on only one end.
NOTE
The DIS host name is configured for the DIS interface. A P2P interface does not support the configuration
of a host name.
Procedure
l Configure the host name of the local IS-IS and that of the remote IS-IS.
1. In global config mode, run the isis command to enter IS-IS mode of the specified
process.
2. Run the is-name command to configure the host name of the local or remote IS-IS.
l Configure the DIS host name.
1. In global config mode, run the interface vlanif command to enter VLAN interface
mode, or run the interface loopback command to enter loopback mode to configure
the L3 interface enabled with the IS-IS function.
2. Run the isis dis-name command to configure the DIS host name.
----End
Examples
To configure the host name of the local IS-IS process as RUTA, and to configure the host name
of the remote IS-IS process (System ID: 0000.0000.0041) as RUTB, do as follows:
huawei(config)#isis
huawei(config-isis-1)#is-name RUTA
huawei(config-isis-1)#is-name map 0000.0000.0041 RUTB
Related Operations
Table 13-23 lists the related operations for configuring host name mapping.
Background Information
l Area authentication
This function is used to verify the Level-1 routing packets such as LSP, CSNP, and PSNP
received by the router, and filter the routing packets that cannot pass the authentication.
With the area authentication enabled, a router encapsulates the specified authentication
mode and password into the LSP, CSNP, and PSNP packets for advertisement. At the same
time, the router authenticates the received LSP, CSNP and PSNP packets. The packets can
be received only when these packets contain the authentication mode and password
consistent with those configured on the router. If other routers in the same area also start
the area authentication process, the authentication modes and the passwords of these routers
should be identical. Otherwise, the routers cannot work normally. By default, the area
authentication is not disabled.
l Routing domain authentication
This function is used to verify the Level-2 routing packets such as LSP, CSNP, and PSNP
received by the router, and filter the routing packets that cannot pass the authentication.
With the routing domain authentication enabled, a Level-2 router at the backbone layer
encapsulates the specified authentication mode and password into the LSP, CSNP, and
PSNP packets for advertisement. At the same time, the router authenticates the received
LSP, CSNP and PSNP packets. The packets can be received only when these packets
contain the authentication mode and password consistent with the authentication mode and
password configured on the router. If other routers at the backbone layer also start the
routing domain authentication process, the authentication modes and the passwords of these
routers should be identical. Otherwise, the routers cannot work normally. By default, the
routing domain authentication is not disabled.
l Interface authentication
This function is used to verify the received Hello packets to confirm if their adjacencies
are valid and correct.
NOTE
Procedure
l Configure the area and domain authentication.
1. In global config mode, run the isis command to enter IS-IS mode of the specified
process.
2. Run the area-authentication-mode command to configure the area authentication.
3. Run the domain-authentication-mode command to configure the routing domain
authentication.
l Configure the interface authentication.
1. In global config mode, run the interface vlanif command to enter VLAN interface
mode, or run the interface loopback command to enter loopback mode to configure
the L3 interface enabled with the IS-IS function.
2. Run the isis authentication-mode command to configure the interface authentication.
----End
Examples
To configure the area authentication password as hello and the authentication mode as simple,
do as follows:
huawei(config)#isis
huawei(config-isis-1)#area-authentication-mode simple hello
To configure the routing domain authentication password as huawei and the authentication mode
as MD5, do as follows:
huawei(config)#isis
huawei(config-isis-1)#domain-authentication-mode md5 huawei
To configure the authentication password as huawei and the authentication mode as simple for
VLAN interface 10, do as follows:
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#isis authentication-mode simple huawei
Related Operations
Table 13-24 lists the related operations for configuring the IS-IS authentication.
Background Information
With the LSDB overload flag bit configured, a router still advertises the LSP packets containing
the overload flag bit. The other routers in the network, however, do not use the LSP packets with
the overload flag bit for calculating the routes of the overloaded router. That is, after a router is
configured with the overload flag bit, other routers do not take the routes learned by this router
into consideration during the SPF calculation. But the direct routes of this router are calculated.
In the IS-IS network, if a router is faulty, the routes for the entire area are not calculated correctly.
Then, you can set the overload flag bit for the faulty router to temporarily remove it from the
IS-IS network. This helps you to locate the fault easily.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the set-overload command to configure the LSDB overload flag bit.
----End
Example
To configure the LSDB overload flag bit for IS-IS process 1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#set-overload
Related Operation
Table 13-25 lists the related operation for configuring the LSDB overload flag bit.
Table 13-25 Related operation for configuring the LSDB overload flag bit
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the log-peer-change command to enable the output of the adjacency state.
----End
Example
To enable the output of the adjacency state for IS-IS process 1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#log-peer-change
Related Operation
Table 13-26 lists the related operation for enabling the output of the adjacency state.
Table 13-26 Related operation for enabling the output of the adjacency state
To... Run the Command...
This topic describes how to configure the BGP routing protocol supported by the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
14.1 Overview
This topic describes the Border Gateway Protocol (BGP) and its application on the MA5600T.
14.2 Configuration Example of BGP
This topic provides an example for configuring the BGP on the MA5600T.
14.3 Configuring Basic BGP Functions
This topic describes how to configure the basic BGP functions.
14.4 Configuring BGP Route Attributes
This topic describes how to configure the BGP route attributes.
14.5 Controlling the BGP Routing Information
This topic describes how to control the BGP routing information.
14.6 Adjusting and Optimizing BGP
This topic describes how to adjust and optimize the configurations of a BGP network such as
modifying the BGP timers, configuring the interval for sending update messages, and
configuring the BGP verification function.
14.1 Overview
This topic describes the Border Gateway Protocol (BGP) and its application on the MA5600T.
Service Description
l BGP is a dynamic routing protocol used between Autonomous Systems (ASs).
l BGP is an Exterior Gateway Protocol (EGP). It controls the route propagation and selection
of optimal routes. It does not control the discovery and calculation of routes. This
distinguishes BGP from the Interior Gateway Protocols (IGPs) such as OSPF and RIP.
l As an exterior routing protocol for the Internet, BGP is widely used among various Internet
service providers (ISPs).
Service Specifications
BGP runs on the MA5600T in either of the following modes:
l Interior BGP (IBGP): BGP is called an IBGP when it runs within an AS.
l Exterior BGP (EBGP): BGP is called an EBGP when it runs among ASs.
Networking
Figure 14-1 shows an example network for configuring the BGP.
In this example network, an EBGP connection is set up between MA5600T_A and
MA5600T_B, and an IBGP connection is set up among MA5600T_B, MA5600T_C, and
MA5600T_D.
AS 2001
AS 2000
9.1.3.2/24 9.1.2.1/24
8.1.1.1/8 MA5600T_C
3.3.3.3
200.1.1.2/24
9.1.3.1/24 9.1.2.2/24
MA5600T_A
1.1.1.1
200.1.1.1/24 9.1.1.1/24
9.1.1.2/24
MA5600T_B
MA5600T_D
2.2.2.2
4.4.4.4
Data Plan
Table 14-1 provides the data plan for configuring the BGP.
Router ID:1.1.1.1 -
AS number: 2000 -
Router ID:2.2.2.2 -
AS number: 2001 -
Router ID:3.3.3.3 -
AS number: 2001 -
Router ID:4.4.4.4 -
AS number: 2001 -
Configuration Flowchart
Figure 14-2 shows the flowchart for configuring the BGP.
Start
End
Procedure
Step 1 Configure MA5600T_A.
1. Configure the IP address of the L3 interface.
huawei(config)#vlan 6 smart
huawei(config)#port vlan 6 0/9 0
huawei(config)#interface vlanif 6
huawei(config-if-vlanif6)#ip address 200.1.1.2 24
huawei(config-if-vlanif6)#quit
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 8.1.1.1 8
huawei(config-if-vlanif2)#quit
----End
Result
l Run the display bgp peer command, and you can see that:
– The EBGP connection is set up between MA5600T_A and MA5600T_B.
– The IBGP connections are set up among MA5600T_B, MA5600T_C, and
MA5600T_D.
– The route with the destination subnet 8.0.0.0/8 exists on MA5600T_C and
MA5600T_D, and the next hop of the route is the interface address of MA5600T_A
l Run the ping command on MA5600T_C and MA5600T_D to ping the Layer 3 interface
(8.1.1.1/24) on MA5600T_A. The ping command is executed successfully.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the router-id command to set the BGP router ID.
NOTE
l This configuration is optional. If the BGP router ID is not set, the router ID set in global config mode
by running the router id command is used as the BGP router ID.
l Setting the BGP router ID reestablishes the connections between the MA5600T and the peer. Exercise
caution when you perform this operation.
Step 3 Run the peer as-number command to specify the IP address and the AS number of the peer.
NOTE
Step 4 Run the peer description command to configure the description of the peer.
Step 5 Run the display bgp peer command to query the peer.
----End
Example
To enable BGP process 1 and enter BGP mode to set the router ID to 10.10.10.1, to specify the
peer IP address as 10.10.10.2 and AS number as 10, and to set the description of the peer to
huawei, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#router-id 10.10.10.1
CAUTION! Changing configuration will reset peer session. Continue?(Y/N):y
huawei(config-bgp)#peer 10.10.10.2 as-number 10
huawei(config-bgp)#peer 10.10.10.2 description huawei
huawei(config-bgp)#quit
huawei(config)#display bgp peer 10.10.10.2 verbose
Related Operation
Table 14-2 lists the related operation for configuring the BGP basic description.
Table 14-2 Related operation for configuring the BGP basic description
To... Run the Command...
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the network command to configure the BGP router to advertise the local routes.
Step 3 Run the display bgp network command to query the routing information advertised by the BGP
router running the network command.
Step 4 Run the display bgp routing-table command to query the BGP routing information.
NOTE
After the BGP router is configured to advertise the local routes by running the network command, the
routing information advertised by the BGP router by running the command can be queried by running the
display bgp network command. A route, however, exists in the BGP routing table only when the
destination address and the mask specified by the network command match the local route. You can run
the display bgp routing-table command to query the routes in the BGP routing table.
----End
Example
To configure the BGP router to advertise local route with the destination address/mask of
10.10.10.0/24 by applying routing policy huawei, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#network 10.10.10.0 24 route-policy huawei
huawei(config-bgp)#quit
huawei(config)#display bgp network
BGP Local Router ID is 10.10.10.1
Local AS Number is 1
Network Mask Route-policy
Command:
display bgp routing-table
Related Operations
Table 14-3 lists the related operations for advertising the BGP local routes.
Table 14-3 Related operations for advertising the BGP local routes
To... Run the Command...
Context
l By default, the physical interface that is directly connected to the peer is used as the local
interface for a BGP connection.
l To ensure that a BGP connection is reliable and stable, you can configure the local interface
used for the BGP connection as the loopback interface. In this way, when there are
redundant links in the network, the BGP connection should not break off due to the failure
of a certain interface or link.
l In general, to create a BGP connection, you need to configure the local interface used for
the BGP connection as the loopback interface. Otherwise, the BGP connection cannot be
created.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the peer connect-interface command to configure the local interface of the peer for sending
the BGP packets.
Step 3 Run the display bgp peer command to query the BGP peer.
----End
Example
To set the local interface for the peer 10.10.10.2 to send BGP packets as the loopback interface,
do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.2 connect-interface loopback 0
huawei(config-bgp)#quit
huawei(config)#display bgp peer 10.10.10.2 verbose
Related Operation
Table 14-4 lists the related operation for configuring the local interface used for a BGP
connection.
Table 14-4 Related operation for configuring the local interface used for a BGP connection
Context
By default, the maximum number of hops in an EBGP connection is 1, which indicates that the
EBGP connection cannot be set up between the BGP router and the peers on the network. An
EBGP connection can be set up with the peers on the network that is not connected directly only
when the maximum number of hops in the EBGP connection is configured.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the peer ebgp-max-hop command to configure the maximum number of hops for setting
up an EBGP connection to the peers on the network that is not connected directly.
Step 3 Run the display bgp peer command to query the BGP peer.
----End
Example
To configure the maximum number of hops as 10 for setting up an EBGP connection to peer
20.20.20.1 on the network that is not connected directly, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 20.20.20.1 ebgp-max-hop 10
huawei(config-bgp)#quit
huawei(config)#display bgp peer 20.20.20.1 verbose
Related Operation
Table 14-5 lists the related operation for configuring the maximum number of hops in an EBGP
connection.
Table 14-5 Related operation for configuring the maximum number of hops in an EBGP
connection
Context
You can configure the preference for the following three types of BGP routes.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the preference(BGP) command to configure the BGP route preference.
Step 3 Run the display ip routing-table command to query the preference of the EBGP and IBGP
routes.
----End
Example
To configure the preference of the EBGP route as 200, and to adopt the default preference 255
for the IBGP and BGP local routes, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#preference 200 255 255
huawei(config-bgp)#quit
huawei(config)#display ip routing-table
{ <cr>|vpn-instance<K>|verbose<K>|statistics<K>|protocol<K>|acl<K>|ip-prefix<K>|
ip_addr<I><X.X.X.X> }:
Command:
display ip routing-table
Routing Tables: Public
Destinations : 2 Routes : 2
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the default local-preference command to configure the Local_Pref attribute of the
MA5600T.
----End
Example
To configure the default BGP local preference as 200, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#default local-preference 200
Context
When a router where BGP is running obtains multiple routes with the same destination address
but different next hops through different EBGP peers, the router chooses the route with the
minimum MED value as the optimal route, provided that the other parameters of the routes are
the same. Configuring the MED attribute involves the following:
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the default med command to configure the MED value of the BGP route.
Step 3 Run the compare-different-as-med command to enable the comparison of MED values of the
routes from different ASs.
Step 4 Run the bestroute med-none-as-maximum command to configure the disposal method when
the MED value is lost.
----End
Example
To configure the MED value of the BGP route as 200, enable the comparison of MED values
of the routes from different ASs, and use the maximum MED value during the optimal route
selection when the MED value does not exist in the route attributes, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#default med 200
huawei(config-bgp)#compare-different-as-med
huawei(config-bgp)#bestroute med-none-as-maximum
Context
If BGP load balancing is configured, the MA5600T sets the address of its outbound interface as
the next hop address when advertising routes to IBGP peer groups, regardless of whether the
Next_Hop attribute is configured by running the peer next-hop-local command.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the peer next-hop-local command to enable the MA5600T to change the address of its
outbound interface as the next hop address when advertising routes to the IBGP peer.
----End
Example
To enable the MA5600T to set its outbound interface as the next hop address when it advertises
routes to IBGP peer 10.101.10.1, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 next-hop-local
Related Operation
Table 14-6 lists the related operation for configuring the Next_Hop attribute.
Context
Configuring the AS_Path attribute involves the following:
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the peer allow-as-loop command to allow repeat local AS numbers.
Step 3 Run the bestroute as-path-neglect command to configure the BGP to ignore the AS_Path
attribute during the optimal route selection.
Step 4 Run the peer fake-as command to configure the fake AS number.
Step 5 Run the peer substitute-as command to enable the function of replacing the AS number in the
AS_Path attribute.
Step 6 Run the peer public-as-only command to configure the AS_Path attribute to carry only the
public AS number when the BGP router sends BGP update messages.
NOTE
Each attribute above can be configured. If it is not configured, the value is default.
----End
Examples
To configure the repeat count of the local AS number allowed by peer 10.10.10.1 as 2, do as
follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 allow-as-loop 2
To configure the BGP to ignore the AS_Path attribute during the optimal route selection, do as
follows:
huawei(config)#bgp 1
huawei(config-bgp)#bestroute as-path-neglect
To configure peer 10.10.10.1 to carry only public AS numbers when the BGP router sends BGP
update messages, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 public-as-only
Related Operation
Table 14-7 lists the related operation for configuring the AS_Path attribute.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the import-route command to enable the BGP to import the routes of other protocols.
----End
Example
To import static routes to the BGP routing table, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#import-route static
Related Operations
Table 14-8 lists the related operations for configuring the BGP to import routes.
Table 14-8 Related operations for configuring the BGP to import routes
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the filter-policy import command to configure the rules for filtering the received routes.
----End
Example
To filter the received routes according to the rules defined in ACL 2001, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#filter-policy 2001 import
Related Operation
Table 14-9 lists the related operation for filtering the routes imported by BGP.
Table 14-9 Related operation for filtering the routes imported by BGP
Context
The BGP route aggregation can be automatic aggregation and manual aggregation. The
preference of manual aggregation is higher than that of automatic aggregation.
l Automatic aggregation: aggregates the imported routes, which can be direct routes, static
routes, RIP routes, OSPF routes, and IS-IS routes, except the routes advertised by running
the network command.
l Manual aggregation: aggregates the routes existing in the local BGP routing table. For
example, when the route to the subnet 10.1.0.0/24 does not exist in the BGP routing table,
BGP does not advertise the aggregated route even if you run the aggregate 10.1.0.0 16
command to aggregate the route.
Procedure
l Configure the automatic route aggregation function.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the summary automatic command to configure the function of automatically
aggregating the BGP subnet routes.
l Configure the manual route aggregation function.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the aggregate command to aggregate routes in BGP.
----End
Examples
To configure the function of automatically aggregating the BGP subnet routes, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#summary automatic
Related Operations
Table 14-10 lists the related operations for configuring the BGP route aggregation.
Table 14-10 Related operations for configuring the BGP route aggregation
Context
Perform this operation to enable a router to unconditionally send a default route with its own
address as the next hop address to a peer in case that the routing table does not have to contain
any default route.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the peer default-route-advertise command to configure the MA5600T to advertise the
default route to its peer.
----End
Example
To configure the MA5600T to advertise the default route to peer 10.10.10.1, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 default-route-advertise
Related Operations
Table 14-11 lists the related operations for configuring the MA5600T to advertise the default
route to its peer.
Table 14-11 Related operations for configuring the MA5600T to advertise the default routes to
its peer
Procedure
Step 1 Run the ip as-path-filter command to configure the AS path filter.
Step 2 Run the ip community-filter command to configure the community attributes filter.
----End
Examples
To set AS path filter 1, which permits the routes of AS 30 to pass through (regular expression
"-30-" indicates any AS list that contains AS30), do as follows:
huawei(config)#ip as-path-filter 1 permit -30-
To configure basic community attribute filter 10, where the community number is 20, the
community attributes list is 100:2, and the matching mode for the community attributes is permit,
do as follows:
Related Operations
Table 14-12 lists the related operations for configuring the BGP access list.
Table 14-12 Related operations for configuring the BGP access list
Context
l The MA5600T supports up to 16 routing policies, each of which can be configured with
up to eight nodes.
l A routing policy can have multiple nodes. Each node acts as a unit of a matching test, and
the nodes are identified by sequence number for the matching test.
l The relation between different nodes of a routing policy is OR. That is, the router checks
the nodes of the routing policy one by one. If one node passes the match test, it means that
the route policy passes the match test, and match test for the next node is not required.
l Each node consists of the following clauses:
– if-match clause
It defines the matching rules. The relation between different if-match clauses of a node
is AND. That is, the node can pass the matching test only when all the if-match clauses
of the node are met.
– apply clause
It specifies the actions to be taken after a route passes the matching test. The apply
clause is used to configure the attributes of the route.
Procedure
Step 1 Run the route-policy command to create a routing policy and enter routing policy mode.
Step 2 Run the if-match command to configure the matching rules of the routing policy for filtering
the routing information.
NOTE
You can configure the rules in different ways. For details, see Table 14-13.
Step 4 Run the display route-policy command to query the configured routing policies.
----End
Example
To create routing policy huawei with the node of 1 and the matching mode of permit, set the IP
address prefix list 100 as the matching condition, and set the cost of the route meeting the
matching condition as 40000, do as follows:
huawei(config)#route-policy huawei permit node 1
Info: You are overwriting this sequence !
huawei(config-route-policy)#if-match ip-prefix 100
huawei(config-route-policy)#apply cost 40000
huawei(config-route-policy)#quit
huawei(config)#display route-policy huawei
Route-policy : huawei
permit : 1
Match clauses :
if-match ip-prefix 100
Apply clauses :
apply cost 40000
Parameter Description
Table 14-13 lists the parameters for configuring a routing policy.
permit Specifies the matching mode of the node as permit. If the routing
information is permitted to pass the node, the apply clause of
the node is executed, and the matching test of another node is
not performed. If the routing information is not permitted to pass
the node, the matching test continues on the next node.
deny Specifies the matching mode of the node as deny. In this case,
the apply clause is not executed. When the routing information
meets all the if-match clauses of the node, the matching test is
not performed on the next node. If the routing information does
not meet the if-match clause of the node, the matching test
continues on the next node.
Related Operations
Table 14-14 lists the related operations for configuring a routing policy.
Configure the routing cost for the matched route apply cost
Context
Configuring the policy for advertising the BGP routing information involves the following:
Procedure
l Filter the advertised BGP routing information.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the filter-policy export command to configure the rules for filtering the
advertised BGP routes.
l Apply a routing policy to the advertised routing information.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the peer route-policy command and select the parameter export to apply the
routing policy to the routing information advertised to the peer.
NOTE
The routing policy applied in the peer route-policy command does not support taking a certain
interface as one of the matching rules. That is, the if-match interface command is not supported
for applying a routing policy.
l Filter the routing information advertised to the peer.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the peer filter-policy command and select the parameter export to configure the
ACL-based routing policy for the routing information advertised to the peer.
NOTE
The routes advertised to the peer can also be filtered in the following ways:
l Run the peer as-path-filter command and select the parameter export to configure a policy
based on the AS path for filtering the routes advertised to the peer.
l Run the peer ip-prefix command and select the parameter export to configure a policy
based on the IP address prefix for filtering the routes advertised to the peer.
----End
Examples
To filter the advertised information on the static routes based on the rules defined in ACL 2001,
do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#filter-policy 2001 export static
To apply routing policy abc to the routing information advertised to peer 10.10.10.1, do as
follows:
huawei(config)#bgp 1
To apply ACL-based routing policy 2009 to the routing information advertised to peer
10.10.10.1, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 filter-policy 2009 export
Related Operations
Table 14-15 lists the related operations for configuring the policy for advertising the BGP
routing information.
Table 14-15 Related operations for configuring the policy for advertising the BGP routing
information
Configure the rules for filtering the received BGP filter-policy import
routing information
Context
Configuring the policy for receiving the BGP routing information involves the following:
l Filtering the received BGP routing information: filters all received BGP routing
information. The routes from all peers are discarded if they do not comply with the filtering
rules.
l Applying a routing policy to the received routing information: indicates that if the routing
information from a specified peer complies with the routing policy, the route is configured
according to the routing policy. The received route is not affected even if the routing
information does not comply with the routing policy.
l Filtering the routing information from the peer: indicates that the routing information from
a specified peer is discarded if it does not comply with the routing policy.
l Limiting the number of the routes received from peers: Limits the number of routes from
a specified peer.
Procedure
l Filter the received BGP routing information.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the filter-policy import command to configure the rules for filtering the received
BGP routes.
l Apply a routing policy to the received routing information.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the peer route-policy command and select the parameter import to apply the
routing policy to the received routing information.
NOTE
The routing policy applied in the peer route-policy command does not support taking a certain
interface as one of the matching rules. That is, the if-match interface command is not supported
for applying a routing policy.
l Filter the routing information received from the peer.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the peer filter-policy command and select the parameter import to configure the
ACL-based routing policy for the routes received from the peer.
NOTE
The routes received from the peer can also be filtered in the following ways:
l Run the peer as-path-filter command and select the parameter import to configure a policy
based on the AS path for filtering the routes received from the peer.
l Run the peer ip-prefix command and select the parameter import to configure a policy
based on the IP address prefix for filtering the routes received from the peer.
l Limit the number of routes received from the peer.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the peer route-limit command to configure the number of routes allowed to be
received from the peer.
----End
Examples
To filter the received routes based on the rules defined in ACL 2001, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#filter-policy 2001 import
To apply routing policy abc to the routes received from peer 10.10.10.1, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 route-policy abc import
To apply ACL-based routing policy 2009 to the routes received from peer 10.10.10.1, do as
follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 filter-policy 2009 import
To set the maximum number of routes allowed to be received from peer 10.10.10.1 to 200, and
enable the generation of only an alarm when the number of received routes exceeds the threshold,
do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 10.10.10.1 route-limit 200 alert-only
Related Operations
Table 14-16 lists the related operations for configuring the policy for receiving the BGP routing
information.
Table 14-16 Related operations for configuring the policy for receiving the BGP routing
information
To... Run the Command...
Background Information
There are two types of BGP timers, which are used for controlling the BGP keepalive time and
holding time.
l keepalive-time
The BGP router sends keepalive messages to the peer at an interval of keepalive time for
maintaining the connectivity of the BGP connection.
The maximum interval for sending keepalive messages is one third of the holding time,
and cannot be less than 1s.
l hold-time
If the BGP router does not receive keepalive messages or update messages from the peer
within the specified holding time, it considers that the BGP connection is closed and then
exits the connection.
By default, the keepalive time is 60s and the holding time is 180s.
When creating a BGP connection to a peer, a router negotiates with the peer to obtain the
keepalive time and the holding time. Between the holding time of the BGP router and that of its
peer, the smaller one is considered as the negotiated holding time. Between the keepalive time
(one third of the holding time) and the keepalive time configured locally, the smaller one is
considered as the negotiated keepalive time.
The BGP router allows you to configure the global BGP timer and the peer BGP timer. The
priority for configuring the global BGP timer is lower than that for configuring the peer BGP
timer.
Notes
CAUTION
Modifying the BGP timer value temporarily interrupts the BGP connection between routers.
Exercise caution when you perform this operation.
l If the values of keepalive time and holding time are 0, the BGP timers are invalid. That is,
the BGP router does not send keepalive messages or detect whether the holding time has
expired.
l The holding time is more than the keepalive time. For example, the keepalive time is 1,
and the holding time is 65535. A longer holding time, however, cannot ensure that BGP
detects the link faults in time.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.
Step 2 Run the time command to configure the global BGP timer.
Step 3 Run the peer timer command to configure the peer BGP timer.
----End
Example
To configure the global BGP timer with the keepalive time of 30s and the holding time of 90s,
and configure the peer BGP timer with the keepalive time of 10s and the holding time of 30s,
do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#timer keepalive 30 hold 90
huawei(config-bgp)#peer 20.20.20.1 timer keepalive 10 hold 30
Related Operations
Table 14-17 lists the related operations for configuring the BGP timer.
Background Information
Update messages are used for exchanging routing information among the peers. The packets can
be used for advertising the information on a reachable route, or can be used for canceling multiple
unreachable routes.
By default, the interval for the IBGP peer to send the update messages is 15s, and that for the
EBGP peer to send the update messages is 30s.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.
Step 2 Run the peer route-update-interval command to configure the interval for the peer to send the
update messages.
----End
Example
To configure the interval for the peer to send the update messages as 10s, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 20.20.20.1 route-update-interval 10
Related Operations
Table 14-18 lists the related operations for configuring the interval for sending the update
messages.
Table 14-18 Related operations for configuring the interval for sending the update messages
To... Run the Command...
Background Information
After changing the BGP routing policies, you must reset the current BGP connection to validate
the new configuration. The BGP connection is thus interrupted temporarily.
BGP supports the route-refresh function. In this way, when routing policies change, the router
refreshes the BGP routing table automatically without interrupting the BGP connection.
l If the route-refresh function is enabled on all peers, the local router advertises route-refresh
messages to its peers when the BGP routing policy is changed. The peer receiving the
messages sends its routing information to the local router again. In this way, the BGP
routing table is updated dynamically by applying the new routing policy without
interrupting the BGP connection. You can also run the refresh bgp command to perform
soft reset on the local router to update the routing table manually.
By default, the route-refresh function is enabled on the BGP router.
l For a peer not supporting the route-refresh function, you can configure the local router to
reserve all the route update information of the peer. When the routing policy of the local
router changes, the BGP soft reset command is executed, allowing the routing information
to generate the BGP routes again.
By default, the route update information of the peer is not reserved.
Procedure
l Configure the BGP soft reset when the peer supports the route-refresh function.
1. In global config mode, run the bgp command to enter BGP mode.
2. Run the peer capability-advertise command to advertise the route-fresh function that
the MA5600T supports to the peer.
3. (Optional) Run the refresh bgp command to perform soft reset on the BGP connection
manually.
l Configure the BGP soft reset when the peer does not support the route-refresh function.
1. In global config mode, run the bgp command to enter BGP mode.
2. Run the ipv4-family unicast command to enter IPv4 unicast mode.
3. Run the peer keep-all-routes command to reserve all route update information of the
peer.
4. Run the refresh bgp command to perform soft reset on the BGP connection manually.
----End
Examples
To advertise the route-refresh function that the MA5600T supports to the peer with the IP address
of 20.20.20.1, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 20.20.20.1 capability-advertise route-refresh
To perform soft reset on the ingress direction of the BGP connection to peer 20.20.20.1, do as
follows:
huawei(config)#bgp 1
huawei(config-bgp)#ipv4-family unicast
huawei(config-bgp-af-ipv4)peer 20.20.20.1 keep-all-routes
huawei(config-bgp)#return
huawei#refresh bgp 20.20.20.1 import
Related Operations
Table 14-19 lists the related operations for configuring the BGP soft reset.
Table 14-19 Related operations for configuring the BGP soft reset
Background Information
l When this function is enabled, if the EBGP connection is faulty, that is, the status of a
certain interface becomes Down, the BGP immediately deletes failure and then resets.
l When this function is disabled, the repeated setup and deletion of the BGP session caused
by route flapping is prevented. This saves the network bandwidth to some extent.
l By default, the quick reset function of the EBGP connection is enabled.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.
Step 2 Run the ebgp-interface-sensitive command to enable the quick reset function of the EBGP
connection.
----End
Example
To enable the quick reset function of the EBGP connection, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#ebgp-interface-sensitive
Related Operation
Table 14-20 lists the related operation for enabling the quick reset function of the EBGP
connection.
Table 14-20 Related operation for enabling the quick reset function of the EBGP connection
Background Information
A BGP router uses the TCP protocol as the transport layer protocol for setting up the BGP
connection to the peer. To improve the security of the BGP connection, the BGP router supports
the MD5 authentication for setting up the TCP connection.
The MD5 authentication supported by BGP applies to the TCP connection, but does not apply
to the BGP packets. TCP completes the authentication procedure. The TCP connection can be
set up only when the authentication is successful.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.
Step 2 Run the peer password command to configure the MD5 authentication.
----End
Example
To configure the MD5 authentication with the password huawei and the plaintext mode (simple)
for the TCP connection set up between the local router and the peer 20.20.20.1, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#peer 20.20.20.1 password simple huawei
Related Operation
Table 14-21 lists the related operation for configuring the MD5 authentication.
Background Information
The maximum number of equal-cost routes varies with products and protocols, and it must be
adjusted according to the license file of a product.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.
Step 2 Run the ipv4-family unicast command to enter IPv4 unicast mode.
Step 3 Run the maximum load-balancing command to configure the maximum number of BGP equal-
cost routes.
----End
Example
To allow two equal-cost routes to reach the destination address, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#ipv4-family unicast
huawei(config-bgp-af-ipv4)maximum load-balancing 2
Related Operation
Table 14-22 lists the related operation for configuring the maximum number of equal-cost
routes.
Table 14-22 Related operation for configuring the maximum number of equal-cost routes
To... Run the Command...
Background Information
In general, the split horizon function among the EBGP neighbors can be enabled only when
multiple EBGP peers exist between two ASs.
When the function is disabled, the route received from one AS is advertised through other EBGP
peers back to the AS again. If the EBGP peer does not support AS loops, it discards the route
based on the AS_Path attribute, thus wasting the resources.
When the function is enabled, the route received from an AS is not advertised back to the AS.
In this way, the unnecessary route advertising is decreased.
By default, the split horizon function among ASs is disabled.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.
Step 2 Run the as-split-horizon command to enable the split horizon function among the EBGP
neighbors.
----End
Example
To enable the split horizon function among the EBGP neighbors, do as follows:
huawei(config)#bgp 1
huawei(config-bgp)#as-split-horizon
Related Operations
Table 14-23 lists the related operations for configuring the split horizon function among the
EBGP neighbors.
Table 14-23 Related operations for configuring the split horizon function among the EBGP
neighbors
To... Run the Command...
15 MSTP Configuration
15.1 Overview
This topic describes the multiple spanning tree protocol (MSTP) and its application on the
MA5600T.
15.2 Enabling the MSTP Function
This topic describes how to enable the MSTP function on the MA5600T.
15.3 Setting the Working Mode of MSTP
This topic describes how to set the working mode of MSTP.
15.4 Setting the MST Region Parameters
This topic describes how to set the parameters of the multiple spanning tree (MST) region.It
includes setting the MD5-Key for the MD5 encryption algorithm,configuring the MST region
name,mapping the specified VLAN to the specified MSTP instance,mapping all VLANs to the
MSTP instances by modular arithmetic,setting the MSTP revision level,restoring the default
settings for all parameters of the MST region.
15.5 Activating the Configuration of the MST Region
This topic describes how to activate the configuration of the MST region.
15.6 Specifying the Device as a Root Bridge or a Backup Root Bridge
This topic describes how to specify the device as a root bridge or a backup root bridge.
15.7 Setting the Priority of the Device in the Specified Spanning Tree Instance
This topic describes how to set the priority of the device in the specified spanning tree instance.
15.8 Setting the Maximum Number of Hops of the MST Region
This topic describes how to set the maximum number of hops of the MST region.
15.9 Setting the Diameter of the Switching Fabric
This topic describes how to set the diameter of the switching fabric.
15.10 Setting the Calculation Standard for the Path Cost
This topic describes how to set the calculation standard for the path cost.
15.11 Setting the Time Parameters of the Specified Network Bridge
This topic describes how to set the time parameters of the specified network bridge. The time
parameters include Forward Delay, Hello Time, MAX Age, and Time Factor.
15.12 Setting the Parameters of the Specified Port
This topic describes how to set the parameters of the specified port.
15.13 Setting the mCheck Variable
This topic describes how to set the mCheck variable to force a port to work in MSTP mode.
15.14 Configuring the Device Protection Function
This topic describes how to configure the device protection functions, including BPDU
protection, loopback protection and root protection.
15.15 Clear the MSTP Protocol Statistics
This topic describes how to clear the protocol statistics.
15.1 Overview
This topic describes the multiple spanning tree protocol (MSTP) and its application on the
MA5600T.
Service Description
MSTP applies to a redundant network. It makes up for the drawback of STP and RSTP. MSTP
makes the network converge fast and the traffic of different VLANs distributed along their
respective paths, which provides a better load-sharing mechanism.
MSTP trims a loop network into a loop-free tree network. It prevents the proliferation and infinite
cycling of the packets in the loop network. In addition, MSTP provides multiple redundant paths
for VLAN data transmission to achieve the load-sharing purpose.
For details on MSTP, refer to "MSTP" in the MA5600T Feature Description.
Service Specification
The MA5600T supports MSTP, which is compatible with the STP and RSTP. It supports MSTP
loop network to meet the various networking requirements.
Background Information
l By default, the MSTP function is disabled.
l After the MSTP function is enabled, the device determines whether it works in STP
compatible mode or MSTP mode based on the configured protocol.
l After the MSTP function is enabled, MSTP maintains dynamically the spanning tree of the
VLAN based on the received BPDU packets. After the MSTP function is disabled, the
MSTP device becomes a transparent bridge and does not maintain the spanning tree.
Procedure
Step 1 Run the stp enable command or the stp port enable command to enable the MSTP function of
the bridge or the port.
Step 2 Run the display stp command or the display stp port command to query the MPLS state of the
bridge or the port.
----End
Examples
To enable the MSTP function of the bridge, do as follows:
huawei(config)#stp enable
Change global stp state may active region configuration,it may take several
minutes,are you sure to change global stp state? [Y/N][N]y
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 1 days :18m:27s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :32768.00e0-fc99-5050 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :3 packets/hello-time
Protection Type :None
Port Stp Mode :Stp
PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0, MST: 0
Related Operations
Table 15-1 lists the related operations for enabling the MSTP function.
Restore the default MSTP state of the undo stp port By default, it is
port enabled.
Background Information
l MSTP supports two working modes:
– MSTP mode
– STP mode
l MSTP is compatible with STP. If the network bridge that runs STP exists in the switching
fabric, MSTP automatically runs in MSTP/STP compatible mode.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the stp mode
mstp command to force the port to work in MSTP mode.
Procedure
l The following section shows the procedure for setting the STP working mode.
1. Run the stp mode stp command to set the STP working mode.
2. Run the display stp command to query the working mode.
l The following section shows the procedure for setting the RSTP working mode.
1. Run the stp mode mstp command to set the MSTP working mode.
2. Run the display stp command to query the working mode.
----End
Examples
To set the STP working mode, do as follows:
huawei(config)#stp mode stp
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE compatible Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 2 days :16m:14s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 2 days :16m:16s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-2 lists the related operation for setting the working mode of MSTP.
Table 15-2 Related operation for setting the working mode of MSTP
To... Run the Command... Remarks
Restore the default working mode of undo stp mode By default, the
MSTP device works in
MSTP mode.
Background Information
l The purpose of setting the MD5-Key is for device security. Two devices in the same
multiple spanning tree (MST) can communicate with each other when their MD5-Key
values are the same.
l The MD5-Key value is a hex character string not more than 32 bytes. In addition, its length
must be a multiple of 2. By default, it is 0x13AC06A62E47FD 51F95D2BA243CD0346.
Procedure
Step 1 Run the stp md5-key command to set the MD5-Key for the MD5 encryption algorithm
configured on the MST region.
Step 2 Run the display current-configuration command to query the configuration of the device.
----End
Example
To set the MD5-Key for the MD5 encryption algorithm as 0x11ed224466, do as follows:
huawei(config)#stp md5-key 11ed224466
huawei(config)#display current-configuration section config
[MA5680V800R005: 1001]
#
[config]
<config>
mpls vlan 10
mpls vlan 20
mpls vlan 500
mpls vlan 1000
mpls vlan 1001
#
stp region-configuration
region-name huawei
instance 1 vlan 1000
instance 2 vlan 100
active region-configuration
stp instance 0 priority 0
stp timer hello 1000
stp md5-key 11ED224466
stp port 0/9/0 root-protection enable
stp enable
#
lacp priority 0 system
lacp long-period 20
---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-3 lists the related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region.
Table 15-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region
To... Run the Command...
Background Information
You can configure the parameters related to the MST regions, such as the name, revision level,
and VLAN instance mapping table.
The default values of the three parameters are as follows:
l The MST region name is the MAC address of the maintenance network port of the device.
l All VLANs are mapped to common and internal spanning tree (CIST).
l The revision level of MSTP is 0.
Procedure
Step 1 Run the stp region-configuration command to enter MST region mode.
Step 2 Run the region-name command to configure the name of the MST region.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To configure the name of the MST region as huawei-mstp-bridge, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#region-name huawei-mstp-bridge
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :0
Related Operations
Table 15-4 lists the related operations for configuring the MST region name.
Table 15-4 Related operations for configuring the MST region name
To... Run the Command...
Background Information
l By default, all VLANs are mapped to CIST, that is, instance 0.
l One VLAN can be mapped to only one instance. If you re-map a VLAN to another instance,
the original mapping is disabled.
l A maximum of 10 VLAN sections can be configured for an MSTP instance.
l The configuration does not take effect immediately. It is validated only after being
activated.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the instance vlan command to map the specified VLAN to the specified MSTP instance.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To map VLANs 2-10 and VLANs 12-16 to MSTP instance 3, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#instance 3 vlan 2 to 10 12 to 16
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :0
Related Operations
Table 15-5 lists the related operations for mapping the specified VLAN to the specified MSTP
instance.
Table 15-5 Related operations for mapping the specified VLAN to the specified MSTP instance
Background Information
l By default, all VLANs are mapped to CIST, that is, instance 0.
l On the MA5600T, you can specify the VLAN to each MSTP instance rapidly by modular
arithmetic.
– When you map the VLAN to the MSTP instance by modular arithmetic, the ID of the
mapped instance is (VLANID - 1) % module + 1.
– The modular value for the modular arithmetic ranges from 1 to 16. It indicates the
number of the MSTP instances.
l This operation is used to map the VLANs to the MSTP instances rapidly, which results in
the change of the mapping relations for all VLANs. In actual application, you can run the
instance vlan command to adjust the mappings as required.
l The configuration does not take effect immediately. It is validated only after being
activated.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the vlan-mapping module command to map all VLANs to the MSTP instances by modular
arithmetic.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To map all VLANs to the MSTP instances by modular arithmetic, with the modular value of 16,
do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#vlan-mapping module 16
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :0
InstanceVlans Mapped
1 1, 17, 33, 49, 65, 81, 97, 113, 129, 145, 161,
177, 193, 209, 225, 241, 257, 273, 289, 305, 321, 337,
353, 369, 385, 401, 417, 433, 449, 465, 481, 497, 513,
529, 545, 561, 577, 593, 609, 625, 641, 657, 673, 689,
705, 721, 737, 753, 769, 785, 801, 817, 833, 849, 865,
881, 897, 913, 929, 945, 961, 977, 993, 1009, 1025, 1041,
1057, 1073, 1089, 1105, 1121, 1137, 1153, 1169, 1185, 1201, 1217,
1233, 1249, 1265, 1281, 1297, 1313, 1329, 1345, 1361, 1377, 1393,
1409, 1425, 1441, 1457, 1473, 1489, 1505, 1521, 1537, 1553, 1569,
1585, 1601, 1617, 1633, 1649, 1665, 1681, 1697, 1713, 1729, 1745,
1761, 1777, 1793, 1809, 1825, 1841, 1857, 1873, 1889, 1905, 1921,
1937, 1953, 1969, 1985, 2001, 2017, 2033, 2049, 2065, 2081, 2097,
2113, 2129, 2145, 2161, 2177, 2193, 2209, 2225, 2241, 2257, 2273,
2289, 2305, 2321, 2337, 2353, 2369, 2385, 2401, 2417, 2433, 2449,
2465, 2481, 2497, 2513, 2529, 2545, 2561, 2577, 2593, 2609, 2625,
2641, 2657, 2673, 2689, 2705, 2721, 2737, 2753, 2769, 2785, 2801,
2817, 2833, 2849, 2865, 2881, 2897, 2913, 2929, 2945, 2961, 2977,
2993, 3009, 3025, 3041, 3057, 3073, 3089, 3105, 3121, 3137, 3153,
3169, 3185, 3201, 3217, 3233, 3249, 3265, 3281, 3297, 3313, 3329,
3345, 3361, 3377, 3393, 3409, 3425, 3441, 3457, 3473, 3489, 3505,
3521, 3537, 3553, 3569, 3585, 3601, 3617, 3633, 3649, 3665, 3681,
3697, 3713, 3729, 3745, 3761, 3777, 3793, 3809, 3825, 3841, 3857,
3873, 3889, 3905, 3921, 3937, 3953, 3969, 3985, 4001, 4017, 4033,
4049, 4065, 4081
2 2, 18, 34, 50, 66, 82, 98, 114, 130, 146, 162,
178, 194, 210, 226, 242, 258, 274, 290, 306, 322, 338,
---- More ( Press 'Q' to break ) ----
Related Operations
Table 15-6 lists the related operations for mapping all VLANs to the MSTP instances.
Table 15-6 Related operations for mapping all VLANs to the MSTP instances
To... Run the Command...
Background Information
l By default, the revision level is 0.
l Activate the setting to validate it.
NOTE
l When you configure the parameters related to the MST region, the current device is placed into a specified
MST region.
l Two devices belong to the same MST region when they meet the following conditions:
l They have the same MST region name and the MSTP revision level.
l The VLAN mapping tables, which correspond to all the spanning tree instances, must be the same with
each other.
Procedure
Step 1 Run the stp region-configuration command to enter MST region mode.
Step 2 Run the revision-level command to set the MSTP revision level of the device.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To set the MSTP revision level as 100, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#revision-level 100
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :00e0fc995050
Revision level :100
Related Operations
Table 15-7 lists the related operations for setting the MSTP revision level of the device.
Table 15-7 Related operations for setting the MSTP revision level of the device
15.4.6 Restoring the Default Settings for All Parameters of the MST
Region
This topic describes how to restore the default settings for all parameters of the MST region.
Background Information
By default, the name of the MST region is its management MAC address, all VLANs are mapped
to instance 0, and the revision level of MSTP is 0.
Procedure
Step 1 Run the reset stp region-configuration command to restore the default settings to all parameters
of the MST region.
Step 2 Run the stp region-configuration command to switch over to MST region mode.
Step 3 Run the display stp region-configuration command to query the configuration of the MST
region.
----End
Example
To restore the default settings for all parameters of the MST region, do as follows:
huawei(config)#reset stp region-configuration
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Region name :00e0fc995050
Revision level :0
Background Information
When you configure the parameters related to the MST region, especially the VLAN mapping
table, MSTP recalculates the spanning tree. This results in an unstable network topology.
To prevent it, MSTP does not recalculate the spanning tree immediately after you configure the
parameters, unless the following conditions are met:
l Run the active region-configuration command to activate the configuration of the MST
region.
l Run the stp enable command to enable the MSTP function.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the active region-configuration command to activate the configuration of the MST region.
Step 3 Run the display stp region-configuration command to query the effective configuration of the
MST region.
----End
Example
To activate the configuration of the MST region, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#active region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :100
Related Operation
Table 15-8 lists the related operation for activating the configuration of the MST region.
Table 15-8 Related operation for activating the configuration of the MST region
Background Information
l By default, the device is not used as a root bridge or a backup root bridge.
l After specifying the current bridge as a root bridge or a backup root bridge, you cannot
modify the system priority of the root bridge.
l One spanning tree instance can be configured with only one root bridge, but more backup
root bridges.
– If the root bridge fails or is powered off, the backup root bridge is used as the root bridge.
– If multiple backup root bridges are configured, the root bridge with the smallest MAC
address is used as the root bridge of the specified spanning tree instance.
Procedure
Step 1 Run the stp root command to specify the device as a root bridge or a backup root bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To specify the current device as the root bridge of MSTP instance 2, do as follows:
huawei(config)#stp instance 2 root primary
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 2
{ <cr>|port<K> }:
Command:
display stp instance 2
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :15m:52s
Related Operation
Table 15-9 lists the related operation for specifying the device as a root bridge or a backup root
bridge.
Table 15-9 Related operation for specifying the device as a root bridge or a backup root bridge
To... Run the Command...
Background Information
l The priority of the device ranges from 0 to 61440, with the step of 4096. By default, it is
32768.
l The priority of the device determines whether it can be selected as the root bridge of the
spanning tree. A device with a smaller priority is likely to be selected as the root bridge of
the spanning tree.
l The device that supports MSTP has different priorities in different spanning tree instances.
l If the devices have the same priority, then the device with the smallest MAC address is
selected as the root bridge of the spanning tree.
Procedure
Step 1 Run the stp priority command to set the priority of the device in the specified spanning tree
instance.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the priority of the device in spanning tree instance 2 as 4096, do as follows:
huawei(config)#stp instance 2 priority 4096
NOTE
If you set the parameter instance instance-id as 0, the priority you set is used as the priority of the device in the
CIST.
huawei(config)#display stp instance 2
{ <cr>|port<K> }:
Command:
display stp instance 2
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :16m:20s
Related Operations
Table 15-10 lists the related operations for setting the priority of the device in the specified
spanning tree instance.
Table 15-10 Related operations for setting the priority of the device in the specified spanning
tree instance
To... Run the Command...
Set the priority of the port in the specified stp port port-priority
spanning tree instance
Background Information
l By default, the maximum number of hops of the MST region is 20.
l The device takes the root device of the spanning tree in the MST region as a start point.
When the configuration message in the region, that is, the BPDU packet, is forwarded by
one device, the hop is reduced by 1. The device drops the packet with the hop of 0. In this
case, the network scale in the region is restricted.
l If the current device becomes the root bridge device of the CIST or multiple spanning tree
instance (MSTI) in the MST region, the maximum number of hops configured on the bridge
device becomes the network diameter of the spanning tree. In this case, the spanning tree
scale in the region is restricted.
Procedure
Step 1 Run the stp max-hops command to set the maximum number of hops of the MST region.
Step 2 Run the display stp command to query the MSTP configuration of the current device.
----End
Example
To set the maximum number of hops of the MST region to 10, do as follows:
huawei(config)#stp max-hops 10
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 10
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :17m:39s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-11 lists the related operation for setting the maximum number of hops of the MST
region.
Table 15-11 Related operation for setting the maximum number of hops of the MST region
Background Information
l The setting takes effect only to CIST.
l If the current device becomes the root bridge of the CIST or MSTI in the MST region, the
maximum hop configured on the root bridge is the network diameter of the spanning tree.
l The parameters Hello Time, Forward Delay and Max Age are related to the network scale.
When you set the diameter of the switching fabric, MSTP sets automatically the parameters
Hello Time, Forward Delay and Max Age to a proper value based on the configured network
diameter.
l By default, the diameter of the switching fabric is 7, the Forward Delay is 15s, the Hello
Time is 2s, and the Max Age is 20s.
NOTE
l The diameter of the switching fabric is the path with the most switching devices along it. The diameter is
indicated by the number of the switching devices along the path.
l Network diameter indicates the scale of a network. The larger the network diameter is, the larger the network
scale is.
Procedure
Step 1 Run the stp bridge-diameter command to set the diameter of the switching fabric.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the diameter of the switching fabric to 6, do as follows:
huawei(config)#stp bridge-diameter 6
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :17m:55s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-12 lists the related operation for setting the diameter of the switching fabric.
Table 15-12 Related operation for setting the diameter of the switching fabric
Background Information
l The MA5600T supports three kinds of calculation standards for the path cost: the IEEE
802.1d standard (dot1d), the IEEE 802.1t standard (dot1t), and the private standard of
Huawei (legacy). By default, the private standard of Huawei (legacy) is used.
l After the calculation standard is set, the path cost of the device is calculated based on it
automatically.
l Different calculation standards define different path cost values for the ports. If the set
calculation standard is different from the current standard, all ports use the default path cost
of the set calculation standard.
Procedure
Step 1 Run the stp pathcost-standard command to set the calculation standard for the path cost.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the calculation standard for the path cost as IEEE 802.1t, do as follows:
huawei(config)#stp pathcost-standard dot1t
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 95 Time since last TC : 0 days : 0m: 4s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-13 lists the related operation for setting the calculation standard for the path cost.
Table 15-13 Related operation for setting the calculation standard for the path cost
Background Information
l For MSTP, when the port switches from discarding to forwarding state, an intermediate
state (Learning) is used if the rapid transition condition of the port state is not met, and the
state switching needs to wait for some time. This is to maintain the state switching
concurrent with the remote switch and to prevent temporary loops.
l The Forward Delay of the root bridge specifies the interval of state transition. If the current
device is a root bridge, its state transition interval is specified by the Forward Delay. The
other devices use the Forward Delay specified by the root bridge to perform state transition.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Forward Delay is 15 seconds. The unit of the Forward Delay is centisecond
(one second equals to 100 centiseconds).
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer forward-delay command to set the Forward Delay of the specified network
bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the Forward Delay of the specified network bridge to 2000 centiseconds, do as follows:
huawei(config)#stp timer forward-delay 2000
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operations
Table 15-14 lists the related operations for setting the Forward Delay of the specified network
bridge.
Table 15-14 Related operations for setting the Forward Delay of the specified network bridge
To... Run the Command...
Set the Max Age of the specified network stp timer max-age
bridge
Background Information
l The device transmits the configuration packets at regular intervals specified by the Hello
Time to keep the spanning tree stable. If a device does not receive the configuration packets,
it considers that the configuration packets are timed out and then recalculates the spanning
tree.
l If the current device is a root bridge, the configuration packets are sent at regular intervals
specified by the Hello Time. The other devices use the Hello Time specified by the root
bridge to send the configuration packets.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Hello Time is 2 seconds. The unit of the Hello Time is centisecond (one
second equals to 100 centiseconds).
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer hello command to set the Hello Time of the specified network bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the Hello Time of the specified network bridge to 1000 centiseconds, do as follows:
huawei(config)#stp timer hello 1000
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operations
Table 15-15 lists the related operations for setting the Hello Time of the specified network
bridge.
Table 15-15 Related operations for setting the Hello Time of the specified network bridge
Set the Max Age of the specified network stp timer max-age
bridge
Background Information
l The Max Age takes no effect to MSTI.
l On the CIST, the MA5600T uses the Max Age to determine whether the configuration
received by the port is out of date. If it is out of date, the MA5600T recalculates the spanning
tree instance.
l If the device is a CIST root bridge, it uses the Max Age to determine whether the
configuration is out of date. If the device is not a CIST root bridge, it uses the Max Age set
on the CIST root bridge to determine it.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Max Age is 20 seconds. The unit of the Max Age is centisecond (one second
equals to 100 centiseconds).
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer max-age command to set the Max Age of the specified network bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the Max Age of the specified network bridge to 3000 centiseconds, do as follows:
huawei(config)#stp timer max-age 3000
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operations
Table 15-16 lists the related operations for setting the Max Age of the specified network bridge.
Table 15-16 Related operations for setting the Max Age of the specified network bridge
To... Run the Command...
Background Information
l The device that supports MSTP sends Hello packets at regular intervals to the neighboring
network bridges. In this case, it checks whether the links are in the normal state.
l If the device does not receive the Hello packets from the upstream device within a triple
Hello Time, it considers the upstream device faulty and recalculates the spanning tree. By
doing so, the link problem can be resolved in time.
l Generally, the network condition is good. If the upstream devices are busy, the spanning
tree may be recalculated. You can avoid such an unnecessary calculation by the timeout
time factor of the specified network bridge.
l By default, the timeout time factor of the specified network bridge is 3.
Procedure
Step 1 Run the stp time-factor command to set the timeout time factor of the specified network bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the timeout time factor of the specified network bridge as 6, do as follows:
huawei(config)#stp time-factor 6
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 6
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-17 lists the related operation for setting the timeout time factor of the specified network
bridge.
Table 15-17 Related operation for setting the timeout time factor of the specified network bridge
To... Run the Command...
Background Information
l The maximum transmission rate of the port indicates the maximum number of MSTP
packets transmitted by the port within one Hello Time.
l The port can transmit a maximum of 255 packets within one Hello Time. The default
number of packets transmitted is 3.
Procedure
Step 1 Run the stp port transmit-limit command to set the number of packets transmitted by the port
within the Hello Time.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To set the maximum number of packets transmitted by the port within one Hello Time to 16, do
as follows:
huawei(config)#stp port 0/9/0 transmit-limit 16
huawei(config)#display stp port
{ frame/slot/port<S><1,15> }:0/9/0
Command:
display stp port 0/9/0
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :32768.2222-2222-2222 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :16 packets/hello-time
Protection Type :None
Port Stp Mode :Stp
PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0, MST: 0
Related Operation
Table 15-18 lists the related operation for setting the maximum transmission rate of the specified
port.
Table 15-18 Related operation for setting the maximum transmission rate of the specified port
Background Information
l You can set only the port connected to the terminal as an edge port. When the BPDU
protection is disabled from the switching device, after the port receives the BPDD packets,
even if the port is set as an edge port, it still works as a non-edge port. By default, all ports
are set as non-edge ports.
l If you specify a port as an edge port, the rapid transition can be implemented if the port is
transited from blocking to forwarding state.
l This setting takes effect to all spanning tree instances. When a port is set as an edge port,
it works as an edge port on all spanning tree instances. When a port is set as a non-edge
port, it works as a non-edge port on all spanning tree instances.
NOTE
For the port directly connected to the terminal, set it as an edge port, and enable its BPDU protection function.
For more details, see This topic "15.14.1 Enabling the BPDU Protection Function of the Device." In this case,
the rapid transition of the port state can be implemented, and the network security is guaranteed.
Procedure
Step 1 Run the stp port edged-port enable command to set the port as an edge port.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set port 0/9/0 as an edge port, do as follows:
huawei(config)#stp port 0/9/0 edged-port enable
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 0 days : 2m:25s
-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/9/ 0 128 200000 Disabled Disa Down Edge
Related Operation
Table 15-19 lists the related operation for setting the specified port as an edge port.
Table 15-19 Related operation for setting the specified port as an edge port
To... Run the Command...
Background Information
l By default, the network bridge obtains the path cost of the port based on the link status.
l Setting the path cost of the Ethernet port results in the recalculation of the spanning tree.
Therefore, the default path cost is recommended.
NOTE
l Path cost is a parameter related to the rate of the link connected to the port. For the device that supports
MSTP, the port has different path costs in different spanning tree instances.
l Setting a proper path cost makes various VLAN traffic be forwarded along different physical links. In this
case, the VLAN load-sharing function is implemented.
Procedure
Step 1 Run the stp port cost command to set the path cost of a specified port.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set the path cost of the port in the specified spanning tree instance to 1024, do as follows:
huawei(config)#stp port 0/9/0 instance 0 cost 1024
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 0
{ <cr>|port<K> }:
Command:
display stp instance 0
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/9/ 0 128 1024 Disabled Disa Down Edge
3 0/9/ 2 128 200000 Enabled Disa Down None
17 0/ 2/ 0 0 200000 Enabled Disa Down None
18 0/ 2/ 1 128 200000 Enabled Disa Down None
19 0/ 2/ 2 128 200000 Enabled Disa Down None
20 0/ 2/ 3 128 200000 Enabled Disa Down None
-----------------------------------------------------------------------------
Related Operation
Table 15-20 lists the related operation for setting the path cost of a specified port.
Table 15-20 Related operation for setting the path cost of a specified port
To... Run the Command...
Background Information
l The priority of a port affects its role in the specified spanning tree instance. You can set
different priorities for the same port on the different MSTIs. This makes various VLAN
traffic be forwarded along different physical links. In this case, the VLAN load-sharing
function is implemented.
l If the priority of the port changes, MSTP recalculates the role of the port and perform state
transition.
l The priority of the port ranges from 0 to 240, with the step of 16. By default, it is 128.
Procedure
Step 1 Run the stp port port-priority command to set the priority of the specified port.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set the priority of the specified port to 64, do as follows:
huawei(config)#stp port 0/9/0 instance 0 port-priority 64
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 0
{ <cr>|port<K> }:
Command:
display stp instance 0
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 0 days : 5m:57s
-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/9/ 0 64 1024 Disabled Disa Down Edge
3 0/9/ 2 64 200000 Enabled Disa Down None
17 0/ 2/ 0 0 200000 Enabled Disa Down None
18 0/ 2/ 1 128 200000 Enabled Disa Down None
19 0/ 2/ 2 128 200000 Enabled Disa Down None
20 0/ 2/ 3 128 200000 Enabled Disa Down None
-----------------------------------------------------------------------------
Related Operation
Table 15-21 lists the related operation for setting the priority of the specified port.
Table 15-21 Related operation for setting the priority of the specified port
To... Run the Command...
Background Information
l By default, the point-to-point parameter is set to auto mode. MSTP checks whether the
link connected to the specified port is a point-to-point link.
l The port state cannot be changed rapidly if the port is not connected to a point-to-point link.
The default setting is recommended.
l This setting takes effect to CIST and MSTI. When the port is set as connecting (or not
connecting) to the point-to-point link, the setting applies to all the spanning tree instances.
l If the port is set as connecting to the point-to-point link, but actually it is not connected to
a point-to-point link, the port is in loopback state.
NOTE
l For an aggregated port, only the primary port can be set as connecting to the point-to-point link.
l Assume that a port works in auto negotiation mode, if it is in full-duplex mode after the negotiation, it can
be set as connecting to the point-to-point link.
Procedure
Run the stp port point-to-point command to set whether the link that is connected to the port
is a point-to-point link.
----End
Example
To set the link that is connected to port 0/9/0 as a point-to-point link, do as follows:
huawei(config)#stp port 0/9/0 point-to-point force-true
Related Operation
Table 15-22 lists the related operation for setting the point-to-point link connection of the
specified port.
Table 15-22 Related operation for setting the point-to-point link connection of the specified port
Set the link connected to the port as the undo stp port point-to-point
default state
Background Information
Run the stp port mcheck command to check whether there is any network bridge that runs STP
in the subnet to which the current port is connected.
l If the network bridge that runs STP exists in the subnet where the port is connected, the
port runs in MSTP/STP compatible mode automatically.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the command
to force the port to work in MSTP mode. After that, the type of the packets received by the
port determines whether it works in MSTP or STP compatible mode.
This command takes effect only when the network bridge runs MSTP.
Procedure
Run the stp port mcheck command to set the mCheck variable.
----End
Example
To transit port 0/9/0 to work in MSTP mode, do as follows:
huawei(config)#stp port 0/9/0 mcheck
Background Information
l By default, the BPDU protection function is disabled.
l If the port of an access device is connected directly to the user terminal, such as a PC, or
connected to the file server, the port is usually set as an edge port to implement rapid state
transition. When the port receives the BPDU packets, the system sets the port as a non-
edge port and recalculates the spanning tree. This results in an unstable network topology.
l MSTP provides the BPDU protection function to prevent users from forging BPDU packets
to attack the device maliciously. If the BPDU protection function is enabled on the device,
the system disables the edge port that receives the BPDU packets. If the disabled port does
not receive the BPDU packets within 180s, it is enabled automatically.
Procedure
Step 1 Run the stp bpdu-protection enable command to enable the BPDU protection function of the
device.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To enable the BPDU protection function of device, do as follows:
huawei(config)#stp bpdu-protection enable
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : enabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 0 days : 6m:42s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-23 lists the related operation for enabling the BPDU protection function of the device.
Table 15-23 Related operation for enabling the BPDU protection function of the device
Background Information
l To prevent the switching fabric loop due to the link congestion or unidirectional link fault,
MSTP provides the loop protection function.
l After the loop protection function is enabled, the root port keeps its role, and the blocked
port keeps its discarding state and does not forward any packets. In this case, the loop does
not occur in the network.
l By default, the loop protection function is disabled.
Procedure
Step 1 Run the stp port loop-protection enable command to enable the loop protection function of
the port.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To enable the loop protection function of port 0/9/0, do as follows:
huawei(config)#stp port 0/9/0 loop-protection enable
huawei(config)#display stp port 0/9/0
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :0.00e0-fc99-5050 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :3 packets/hello-time
Protection Type :Loop
Port Stp Mode :Stp
PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop
20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0, MST: 0
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
---- More ( Press 'Q' to break ) ----
Related Operations
Table 15-24 lists the related operations for enabling the loop protection function of the device.
Table 15-24 Related operations for enabling the loop protection function of the device
Background Information
l Due to the incorrect configuration or malicious attacks, the legal root bridge in the network
might receive the configuration packets with a higher priority. In this case, the current root
bridge becomes invalid, which causes the network topology changed. MSTP provides the
root protection function to prevent such a case.
l For the port that is enabled with the root protection function, it is only used as a specified
port for all instances. Once the port receives the configuration packets with a higher priority,
which sets the port as a non-specified port, the port is in the listening state, and does not
forward the packets. When the port does not receive the configuration packets with a higher
priority for a certain period, the port restores to the normal state.
l By default, the root protection function of the port is disabled.
Procedure
Step 1 Run the stp port root-protection enable command to enable the root protection function of the
port.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To enable the root protection function of port 0/9/0, do as follows:
huawei(config)#stp port 0/9/0 root-protection enable
huawei(config)#display stp port 0/9/0
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :0.00e0-fc99-5050 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :3 packets/hello-time
Protection Type :Root
Port Stp Mode :Stp
PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop
20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0, MST: 0
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
---- More ( Press 'Q' to break ) ----
Related Operations
Table 15-25 lists the related operations for enabling the root protection function of the device.
Table 15-25 Related operations for enabling the root protection function of the device
To... Run the Command...
Disable the root protection function of the stp port root-protection disable
device
Background Information
You can clear the device/port protocol statistics.
Procedure
l Run the reset stp statistics command to clear the protocol statistics.
l Run the reset stp port statistics command to clear the protocol statistics of a port.
----End
Examples
To clear the protocol statistics on the MA5600T, do as follows:
huawei(config)#reset stp statistics
16 NTP Configuration
This topic describes how to configure the NTP protocols supported by the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and provides a detailed
description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
16.1 Overview
This topic describes the NTP concepts and its specification on the MA5600T.
16.2 Configuration Example of NTP Broadcast Mode
This topic describes how to configure the NTP broadcast mode on the MA5600T, and implement
the clock synchronization among network devices. The server and the client must be configured
in the broadcast mode. After the configuration, the server broadcasts the clock synchronization
packets periodically, and the client intercepts the broadcast packets and synchronizes the local
clock based on the received packet.
16.3 Configuration Example of NTP Multicast Mode
This topic describes how to configure the NTP multicast mode on the MA5600T, and implement
the clock synchronization among network devices. After the configuration, the server broadcasts
the clock synchronization packets periodically, and the client intercepts the broadcast packets
and synchronizes the local clock based on the received packet.
16.4 Configuration Example of NTP Server/Client Mode
This topic provides an example for configuring the MA5600T as the NTP client to implement
clock synchronization with the NTP server.
16.5 Configuration Example of NTP Peer Mode
This topic describes how to configure the NTP peer mode on the MA5600T, and implement the
clock synchronization among network devices. In the peer mode, only the active peer needs to
be configured, whereas the passive peer needs not to be configured. In addition to it, the active
and passive peers can synchronize each other, and the peer with a higher clock stratum is
synchronized by the peer with a lower clock stratum.
16.6 Configuring the NTP ID Authentication
This topic describes how to configure the NTP ID authentication to enhance network security
and prevent unauthorized clock modification.
16.7 Configuring the NTP Master Clock
This topic describes how to configure the NTP master clock. You can select the external
reference clock or local clock as the master clock.
16.8 Configuring the NTP Broadcast Mode
This topic describes how to configure the MA5600T as the NTP broadcast server mode and NTP
broadcast client mode.
16.9 Configuring the NTP Multicast Mode
This topic describes how to configure the MA5600T as the NTP multicast server or the client.
16.10 Configuring the NTP Server/Client Mode
This topic describes how to configure the MA5600T as the NTP server or the client in the NTP
server/client mode.
16.11 Configuring the NTP Peer Mode
This topic describes how to configure the MA5600T as the peer of a local device.
16.12 Configuring the Authority of Access to an NTP Service of a Local Device
This topic describes how to configure the authority of access to an NTP service of a local device.
The access control authority provides minimum security measures. A more secure method is to
configure the NTP authentication.
16.13 Configuring an Interface for Transmitting/Receiving NTP Packets
This topic describes how to configure an interface for transmitting or receiving NTP packets.
16.1 Overview
This topic describes the NTP concepts and its specification on the MA5600T.
Service Description
The Network Time Protocol (NTP) is an application layer protocol in the TCP/IP protocol suite.
The NTP is used to synchronize the time between the distributed time server and the client. The
network devices that support NTP synchronizes the time by exchanging NTP packets to
implement various service applications based on universal time, such as the network
management system and the network accounting system.
The NTP synchronization is a relatively advanced time-based mode. If the network or the lower
level server can access the upper level server, the NTP synchronization can be implemented.
The NTP mode is accurate to microsecond, hence it is applicable to alarm, log, and charging.
Service Specification
There are four NTP modes, which are as follows:
l Server/client
l Peer
l Broadcast
l Multicast
The MA5600T supports all these modes.
The MA5600T, which is an access layer device, mainly works in the server/client mode and
functions as an NTP client to synchronize the NTP server in the network.
Networking
Figure 16-1 shows an example network for configuring the NTP broadcast mode.
An MA5600T functions as an NTP broadcast server, and periodically sends the clock
synchronization packets to destination 255.255.255.255. The other MA5600T functions as a
client to intercept the broadcast packets from the server, and then synchronizes its clock with
the clock of the server.
Figure 16-1 Example network for configuring the NTP broadcast mode
LAN switch
1.1.1.1/24 1.1.1.2/24
MA5600T_ A MA5600T_B
Data Plan
Table 16-1 provides the data plan for configuring the NTP broadcast mode.
Table 16-1 Data plan for configuring the NTP broadcast mode
Item Data
Clock: selects the local clock as the NTP master clock at stratum
2.
Background Information
l The network devices and the line must be in the normal state.
l The clock stratum of the synchronizing device must be equal to or lower than the clock
stratum of the synchronized device. Otherwise, the clock synchronization fails.
Configuration Flowchart
Figure 16-2 shows the flowchart for configuring the NTP broadcast mode.
Start
Is there a clock No
reference?
Yes
Configure the master NTP clock
No Configure
authentication
Yes
No
Add a layer 3 virtual port?
Yes
End
Procedure
l Configure the NTP broadcast server MA5600T_A.
1. Define the local clock of MA5600T_A as the master NTP clock at stratum 2.
huawei(config)#ntp-service refclock-master 2
4. Define the master NTP clock as the NTP broadcast server and specify the
authentication ID.
huawei(config-if-vlanif2)#ntp-service broadcast-server
authentication-keyid 88
huawei(config-if-vlanif2)#quit
----End
Result
Perform the following steps to verify the configuration:
By analyzing the sessions of the MA5600T_B, you can find that the MA5600T_B is
connected to the MA5600T_A.
Networking
Figure 16-3 shows an example network for configuring the NTP multicast mode.
The MA5600T_A sends multicast packets through VLAN interface 2, whereas the
MA5600T_B intercepts multicast information from VLAN interface 2. After receiving multicast
packets from the MA5600T_A, the MA5600T_B synchronizes with the MA5600T_A.
Figure 16-3 Example network for configuring the NTP multicast mode
LAN switch
1.1.1.1/24 1.1.1.2/24
MA5600T_ A MA5600T_B
Data Plan
Table 16-2 provides the data plan for configuring the NTP multicast mode.
Table 16-2 Data plan for configuring the NTP multicast mode
Item Data
Clock: selects the local clock as the NTP master clock at stratum
2.
Background Information
The stratum of the NTP server must be higher than or equal to the stratum of the NTP client.
Otherwise, the synchronization fails.
Configuration Flowchart
Figure 16-4 shows the flowchart for configuring the NTP multicast mode.
Start
Is there a clock No
reference?
Yes
Configure the master NTP clock
No Configure
authentication?
Yes
Configure the NTP
authentication
No
Add a layer 3 virtual port?
Yes
End
Procedure
l Configure the NTP multicast server MA5600T_A.
1. Set the local clock as the master clock working at stratum 2.
huawei(config)#ntp-service refclock-master 2
4. Set the MA5600T_A as the multicast server and specify the authentication ID.
huawei(config-if-vlanif2)#ntp-service multicast-server authentication-
keyid 88
----End
Result
Perform the following steps to verify the configuration:
1. After synchronization, check the status of the MA5600T_B.
huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 1.1.1.1
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 996.5820 ms
root delay: 0.00 ms
root dispersion: 10.45 ms
peer dispersion: 10.93 ms
reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
By analyzing the sessions of the MA5600T_B, you can find that the MA5600T_B is
connected to the MA5600T_A.
Prerequisites
l The NTP server has been configured and must be in the normal state.
l There is a route from the NTP server to the gateway of the MA5600T.
Networking
Figure 16-5 shows an example network for configuring NTP server/client mode.
An MA5600T functions as an NTP broadcast server, while the other MA5600T functions as a
client. The client sends the clock synchronization request to the server and the server
synchronizes the clock according to the request.
NTP server
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan
Table 16-3 provides the data plan for configuring NTP server/client mode.
Item Data
Configuration Flowchart
Figure 16-6 shows the flowchart for configuring NTP server/client mode.
Start
End
Procedure
Step 1 Configure the L3 interface.
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/9 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#quit
----End
Result
1. Query the status of the MA5600T before the synchronization.
huawei(config)#display ntp-service status
clock status:
unsynchronized
clock stratum:
16
reference clock ID:
none
nominal frequency: 100.0000
Hz
actual frequency: 100.0000
Hz
clock precision:
2^18
clock offset: 0.0000
ms
root delay: 0.00
ms
root dispersion: 0.00
ms
peer dispersion: 0.00
ms
reference time: 00:00:00.000 UTC Jan 1 1900
(00000000.00000000)
Command:
display ntp-service
sessions
source reference stra reach poll now offset delay
disper
******************************************************************************
**
[12345]195.10.10.10 LOCAL(0) 2 377 64 20 -307 -0.3
4.9
note: 1 source(master),2 source(peer),3 selected,4 candidate,5
configured,
6 vpn-
instance
Networking
Figure 16-7 shows an example network for configuring the NTP peer mode.
One MA5600T functions as an NTP active peer, whereas the other MA5600T functions as a
passive peer. The active peer sends a clock synchronization request to the passive peer, and the
passive peer responds to the request. In this case, the peer with a higher clock stratum is
synchronized by the peer with a lower clock stratum.
Figure 16-7 Example network for configuring the NTP peer mode
LAN switch
1.1.1.1/24 1.1.1.2/24
MA5600T_ A MA5600T_B
Data Plan
Table 16-4 provides the data plan for configuring the NTP peer mode.
Table 16-4 Data plan for configuring the NTP peer mode
Item Data
Configuration Flowchart
Figure 16-8 shows the flowchart for configuring the NTP peer mode.
Start
Is there a clock No
reference?
Yes
Configure the NTP master clock
No Configure
authentication?
Yes
Configure the NTP
authentication
No
Add a layer 3 virtual port?
Yes
End
Procedure
l Configure the server MA5600T_A.
1. Set the local clock as the NTP master clock at stratum 2.
huawei(config)#ntp-service refclock-master 2
----End
Result
According to the preceding configurations, the MA5600T_A and MA5600T_B are defined as
peers. The MA5600T_A works in the active peer mode, and the MA5600T_B works in the
passive peer mode.
By default, the system clock is at stratum 16; hence, the clock of the MA5600T_B is at stratum
16. The clock of the MA5600T_A is at stratum 2. Therefore, the MA5600T_B synchronizes
with the MA5600T_A.
NOTE
Whether the active peer synchronizes with the passive peer or the passive peer synchronizes with active
peer is determined by the clock stratum and is not determined by the active or the passive states of the
peers.
Background Information
l If the NTP authentication is disabled on the client, the client can synchronize with the server,
regardless of whether the NTP authentication is enabled on the server.
l If NTP authentication is enabled, a reliable key should be configured.
l The configuration of the server should be consistent with the configuration of the client.
l If NTP is enabled on the client, the client can pass the authentication by the server only if
the server is configured with the same key as the key of the client, regardless of whether
NTP authentication is enabled on the server or its key is reliable.
l The client synchronizes with the server that provides the reliable key. If the server provides
an unreliable key, the client does not synchronize with the server.
Configuration Flowchart
Figure 16-9 shows the flowchart for configuring the NTP server/client mode with ID
authentication.
Figure 16-9 Flowchart for configuring the NTP server/client mode with ID authentication
Start
End
Procedure
Step 1 Run the ntp-service authentication enable command to enable the NTP ID authentication.
Step 2 Run the ntp-service authentication-keyid command to set a key for the ID authentication.
Step 3 Run the ntp-service reliable authentication-keyid command to define the key as a reliable
key.
Step 4 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To enable the NTP ID authentication, configure the NTP configuration key as aNiceKey with
key number 42, and then define key 42 as a reliable key, do as follows:
huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5
aNiceKey
huawei(config)#ntp-service reliable authentication-keyid 42
huawei(config)#display current-configuration section post-system
#
[post-system]
<post-system>
ip route-static 0.0.0.0 0.0.0.0 10.71.55.1
ip route-static 2.2.2.2 255.255.255.255 10.1.1.2
ip route-static 2.2.2.2 255.255.255.255 20.1.1.2
#
static-lsp ingress tunnel-interface tunnel1 destination 2.2.2.2 nexthop 10.1.1
.2 out-label 8200
static-lsp ingress tunnel-interface tunnel2 destination 2.2.2.2 nexthop 20.1.1
.2 out-label 8210
#
snmp-agent local-engineid 000007DB0300E0FC590001
snmp-agent sys-info version v1 v2c
snmp-agent group v3 group authentication read-view internet
snmp-agent usm-user v3 user group authentication-mode md5
5B35F3BA2B65CA9D4A35CC868E5963CF privacy-mode des56
B889728872508FA68D4C91595D092958
snmp-agent
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 X&9#$^U(!:[Q=^Q`
MAF4<1!!
ntp-service reliable authentication-keyid 42
#
ssh user op authentication-type password
ssh user user authentication-type password
ssh user test authentication-type password
#
tunnel-policy policy10
#
return
Related Operations
Table 16-5 lists the related operations for configuring the NTP ID authentication.
Background Information
l The IP address of the local reference clock is set to 127.127.t.u, in which:
– t ranges from 0 to 37, but is currently set to 1.
– u ranges from 0 to 3, representing the NTP process number.
l When the IP address is not specified, local clock 127.127.1.0 functions as the NTP master
clock by default.
l Clock stratum represents clock accuracy. The clock stratum number ranges from 1 to 15.
The default value of the clock stratum is 16 before it is configured. The most accurate clock
is at stratum 1. The larger the clock stratum number, the lower is the clock accuracy.
Procedure
Step 1 Run the ntp-service refclock-master command to configure the NTP master clock.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To define the clock of a local device as the master NTP clock at stratum 2 and specify the IP
address as 127.127.127.0, do as follows:
huawei(config)#ntp-service refclock-master 127.127.1.0 2
huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 13:41:41.065 UTC Feb 14 2006(C79C5C95.10ADBC66)
Related Operation
Table 16-6 lists the related operation for configuring the NTP master clock.
Table 16-6 Related operation for configuring the NTP master clock
Background Information
l This task is performed to specify an interface on the local device to transmit the NTP
broadcast packets. The local device operates in the broadcast-server mode, and functions
as a broadcast server to broadcast packets to its clients regularly.
l Perform this operation on the interface where the NTP broadcast packets are to be
transmitted.
Procedure
Step 1 Run the interface vlanif command to enter the VLAN interface mode.
Step 2 Run the ntp-service broadcast-server command to configure the NTP broadcast server mode.
Step 3 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To define VLAN interface 2 on a local device to transmit NTP broadcast packets which are
encrypted by key 88, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-keyid 88
Related Operations
Table 16-7 lists the related operations for configuring the NTP broadcast server mode.
Table 16-7 Related operations for configuring the NTP broadcast server mode
To... Run the Command... Remarks
Display NTP service trace display ntp-service trace Synchronize NTP server chain
from the local device to the
reference clock source, and
display brief information on
each NTP server.
Background Information
l The local device first detects the broadcast packets from the server. When the local device
receives the first broadcast packet, it enters the client/server mode briefly to exchange
packets with a remote server for estimating the network delay. The local device then enters
the broadcast client mode, continues to detect the broadcast packets, and synchronizes the
local clock according to the received broadcast packets.
l Perform this operation on the interface where the NTP multicast packets are to be
transmitted.
Procedure
Step 1 Run the interface vlanif command to enter the VLAN interface mode.
Step 2 Run the ntp-service broadcast-client command to configure the NTP broadcast client mode.
Step 3 Run the display ntp-service status command to query the NTP information.
----End
Example
To specify a local device as a broadcast client to receive broadcast packets through VLAN
interface 2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service broadcast-client
huawei(config)#display ntp-service status
Related Operations
Table 16-8 lists the related operations for configuring the NTP broadcast client mode.
Table 16-8 Related operations for configuring the NTP broadcast client mode
To... Run the Command…
Background Information
Working principle of the NTP multicast server is as follows:
l The multicast server sends the clock synchronization packets to multicast destination IP
address 224.0.1.1. The client detects the multicast packets and synchronizes the local clock
according to the packets.
Working principles of the NTP multicast client are as follows:
l The local device first detects the multicast packets from the server. When local device
receives the first multicast packet, it enters the client/server mode briefly to exchange
packets with a remote server for estimating the network delay.
l The local device then enters the multicast client mode, continues to detect the multicast
packets, and synchronizes the local clock according to the received multicast packets.
Note the following:
l The server and the client can be configured only on the interface where the NTP multicast
packets are to be transmitted or received.
l In the multicast mode, the NTP configurations must be performed on both the server and
the client. The client must be synchronized by the clock of the server.
Procedure
Step 1 Run the interface vlanif command to enter the L3 interface mode.
Step 2 Run the ntp-service multicast-server command to configure the NTP multicast mode.
Step 3 Run the display ntp-service status command to query the NTP status information.
----End
Examples
To define a local device as multicast server to transmit multicast packets through VLAN interface
2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service multicast-server
huawei(config-if-vlanif2)#quit
huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 10.94 ms
peer dispersion: 10.00 ms
reference time: 21:57:54.244 UTC Sep 9 2006(C8ADB762.3E7CD035)
To define a local device as multicast client to receive multicast packets through VLAN interface
2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service multicast-client
huawei(config)#display ntp-service status
UA5000(config)#display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 10.94 ms
peer dispersion: 10.00 ms
reference time: 22:00:03.537 UTC Sep 9 2006(C8ADB7E3.89A7E308)
Related Operations
Table 16-9 lists the related operations for configuring the NTP multicast mode.
Table 16-9 Related operations for configuring the NTP multicast mode
Background Information
l The client sends the clock synchronization request to the server. After receiving the request,
the server automatically works in the server mode and sends the response. After receiving
the response from the server, the client filters and selects the clock, and synchronizes with
the preferred server.
l In this mode, only the local client initiates the clock synchronization with the remote server,
whereas the remote server does not initiate the clock server.
Procedure
Step 1 Run the ntp-service unicast-server command to configure the NTP server/client mode.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To specify the device with the IP address of 1.0.1.11 as the NTP server and the version as 3 for
the client, do as follows:
huawei(config)#ntp-service unicast-server 1.0.1.11 version 3
huawei(config)#display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operations
Table 16-10 lists the related operations for configuring the NTP server/client mode.
Table 16-10 Related operations for configuring the NTP server/client mode
To... Run the Command...
Background Information
l The active peer sends the clock synchronization request to the passive peer. After receiving
the request, the passive peer automatically works in the passive peer mode and sends the
response. The clocks between the active peer and the passive peer are synchronized
mutually.
l In the NTP peer mode, the NTP configuration is performed only on the active peer.
l The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
Procedure
Step 1 Run the ntp-service unicast-peer command to configure the NTP peer mode.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To specify the remote device with IP address of 3.0.1.32 as the peer of the local device, do as
follows:
huawei(config)#ntp-service unicast-peer 3.0.1.32
huawei(config)#display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operation
Table 16-11 lists the related operation for configuring the NTP peer mode.
Table 16-11 Related operation for configuring the NTP peer mode
Prerequisite
The ACL applied already exists.
Background Information
By default, access to an NTP service of a local device is not controlled. With this configuration,
when there is an access request, the request is matched with the peer, query, server, and
synchronization in the descending order. The peer, query, server, and synchronization are
described as follows:
l peer: authority for absolute access
l query: control and query authority.
l server: authority for server's access and query
l synchronization: authority for only the server access
Procedure
Step 1 Run the ntp-service access command to configure the authority of access to an NTP service of
a local device.
Step 2 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To configure the authority of access to an NTP service of a local device as "peer", and the ACL
applied as 2000, do as follows:
huawei(config)#ntp-service access peer 2000
Related Operations
Table 16-12 lists the related operations for configuring the authority of access to an NTP service
of a local device.
Table 16-12 Related operations for configuring the authority of access to an NTP service of a
local device
To... Run the Command…
Prerequisite
The applied ACL must exist.
Background Information
l Once an interface is specified through the ntp-service source-interface command, the IP
address of the interface is also the IP address of the packets.
l If the ntp-service unicast-server or the ntp-service unicast-peer command also specifies
a transmit interface, take the transmit interface specified by the ntp-service unicast-
server or the ntp-service unicast-peer command.
Procedure
Run the ntp-service source-interface command to specify an interface for transmitting NTP
packets.
----End
Example
To specify interface MEth 0 for transmitting NTP packets, do as follows:
huawei(config)#ntp-service source-interface meth 0
Related Operations
Table 16-13 lists the related operations for configuring an interface for transmitting or receiving
NTP packets.
Table 16-13 Related operations for configuring an interface for transmitting or receiving NTP
packets
To... Run the Command… Remarks
This topic describes the synchronization of system clock and the method of configuring the
system clock on the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
17.1 Overview
This topic describes the specification and synchronization of system clock on the MA5600T.
17.2 Configuration Example of the System Clock
This topic provides an example for configuring the system clock to restrict the clock frequency
and phase of each node in a network within the predefined tolerance scope.
17.3 Configuring a Clock Source
This topic describes how to set the MA5600T to extract clock signals from the E1 port as the
clock source.
17.4 Setting the Priority of a Clock Source
This topic describes how to set the priority of a clock source. The clock source with the highest
priority and in the normal state is used as the system clock source.
17.1 Overview
This topic describes the specification and synchronization of system clock on the MA5600T.
Service Description
The MA5600T provides the solution to Time Division Multiplex (TDM) over packet switching
network. In a TDM network, the problem that needs to be solved initially is the clock
synchronization. The purpose of clock synchronization is to restrict the clock frequency and
phase of each node in a network within the predefined tolerance scope. This prevents degradation
of transmission performance due to inaccurate location at both Tx and Rx ends.
To achieve clock synchronization in a digital network, the MA5600T provides the following
methods:
l Pseudo synchronization
l Master-slave synchronization
Table 17-1 describes the two modes of clock synchronization.
Service Specification
The MA5600T often applies the master-slave synchronization mode. The MA5600T supports
the system clock and the line clock. By default, the system clock is applied.
The control board delivers the system clock to various service boards. The clock signals are
transmitted to the lower layer network element through the service boards.
The line clock is provided by the E1 data signal of the TOPA board. The working procedure is
as follows:
1. The MA5600T extracts the clock source signals from the upper-layer equipment. A clock
source that has the highest priority is used as the system clock source.
2. After processed by the TOPA board, the clock source provides clock signals.
NOTE
When the TOPA board is not configured, or when the board is not in position or not in the normal state,
the MA5600T uses the input clock source as the output clock signal.
3. The clock signal processed by the TOPA board is sent to all service boards.
4. The service boards transmit the clock signals to the lower-layer network element.
Networking
Figure 17-1 shows an example network for configuring the system clock.
In this example network, the MA5600T is uplinked to the TDM network through the E1 port on
the TOPA board. The TOPA board obtains the clock signals with high priority from the TDM
device at the upper layer network, and sends the signals to each service board. Then the service
board sends the signals to the TDM device connected to the ONT.
TDM
network
TDM device
E1
SCU
G CON
ETH
P ESC
B
A
MA5600T
Optical splitter
ONT
E1
TDM device
Data Plan
Table 17-2 provides the data plan for configuring the system clock.
Configuration Flowchart
Figure 17-2 shows the flowchart for configuring the system clock.
Start
End
Procedure
Step 1 Set system clock sources.
Set the input clocks of ports 0/6/0 and 0/6/2to function as the clock sources.
huawei(config)#clock source 0 0/6/0
huawei(config)#clock source 2 0/6/2
----End
Result
After the configuration, the system obtains the reference clock source from port 0/6/2 when the
clock source is in the normal state.
Background Information
l By default, the MA5600T adopts the system clock.
l The system supports up to 10 clock sources. The system adopts the clock that has the highest
priority and is normal as the clock source.
Procedure
Step 1 Run the clock source command to specify the system clock source.
Step 2 Run the display clock source command to query the information on the clock source.
----End
Example
To set E1 port 0 of the TOPA board in slot 0/6 as clock source 0, and E1 port 2 as clock source
2, do as follows:
huawei(config)#clock source 0 0/6/0
huawei(config)#clock source 2 0/6/2
huawei(config)#display clock source
--------------------------------------------------------------------
Index Config Source State Priority Output
--------------------------------------------------------------------
0 YES H801TOPA 0/6 /0 Failed --- ---
1 NO
2 YES H801TOPA 0/6 /2 Failed --- ---
3 NO
4 NO
5 NO
6 NO
7 NO
8 NO
9 NO
--------------------------------------------------------------------
Related Operations
Table 17-3 lists the related operations for configuring the system clock.
Set the priority of a clock priority When there are multiple clock sources,
clock source the system selects the clock source
with the highest priority as the
reference clock source.
Query working mode display clock mode The MA5600T supports two clock
of a clock source modes: system clock and line clock.
Background Information
l The system supports up to 10 priorities. They also stand for the priority sequence of the
clock sources. The highest priority is p0 and the lowest priority is p9.
l The system selects the port with the highest priority as the clock source irrespective of the
quality of the clock source. Therefore, assign a higher priority for the clock source with
better quality.
l The clock priority takes effect after the clock module is configured. Setting the priority of
a clock source may cause the switchover of clock sources.
Procedure
Step 1 Run the clock priority command to specify the priority of a clock source.
Step 2 Run the display clock source command to query the information on the clock source.
----End
Example
To assign the highest priority (p0) to clock source 5, the second highest priority (p1) to clock
source 2, and the third highest priority (p2) to clock source 0, do as follows:
huawei(config)#clock priority 5/2/0
huawei(config)#display clock source
--------------------------------------------------------------------
Index Config Source State Priority Output
--------------------------------------------------------------------
0 YES H801TOPA 0/6 /0 Failed 2 ---
1 NO
2 YES H801TOPA 0/6 /2 Failed 1 ---
3 NO
4 NO
5 YES H801TOPA 0/6 /5 Failed 0 ---
6 NO
7 NO
8 NO
9 NO
--------------------------------------------------------------------
Related Operations
Table 17-4 lists the related operations for setting the priority of a clock source.
Table 17-4 Related operations for setting the priority of a clock source
To... Run the Command... Remarks
Query the working display clock mode The MA5600T supports two clock
mode of a clock modes: system clock and line clock.
This topic describes how to configure the MAC address and MAC address pool on the
MA5600T.
18.1 Overview
This topic describes MAC address and its application on the MA5600T.
18.2 Adding a Static MAC Address
This topic describes how to add a static MAC address.
18.3 Setting the Maximum MAC Address Number Learned by a Service Port
This topic describes how to set the maximum MAC address number learned by a service port.
This helps to restrict the number of users connected to the port.
18.4 Configuring the Aging Time of a Dynamic MAC Address
This topic describes how to configure the aging time of a dynamic MAC address.
18.5 Binding the MAC Address
This topic describes how to bind a service port with a MAC address. This helps to limit the
source MAC address of the packets passing through this service port to be only the bound MAC
address.
18.6 Configuring the MAC Address Filtering
This topic describes how to configure the function of MAC address filtering to discard the
packets with the specified source MAC address.
18.7 Configuring the MAC Address Pool
This topic describes how to configure the MAC address pool.
18.1 Overview
This topic describes MAC address and its application on the MA5600T.
Service Description
To meet the requirements for bearing multiple services, the MA5600T supports the MAC address
list and the MAC address pool.
The MAC address list of the MA5600T can learn the new MAC addresses. If the source MAC
address of a packet does not exist in the list, the MA5600T can add the source MAC address
and the port number of the received packet to the list as a new item.
Dynamic MAC addresses in the MAC address list also features the aging function. If the
MA5600T does not receive any packet from a device for a certain period, it deletes the associated
address items of the device.
In IP over ATM (IPoA) or PPP over ATM (PPPoA) access, the MA5600T needs to convert the
IPoA/PPPoA packets into IP over Ethernet (IPoE)/PPP over Ethernet (PPPoE) packets. In this
case, the MAC address pool of the MA5600T needs to allocate MAC addresses to users, and
add ATM cells with the MAC address, that is, source MAC addresses (SMAC), to convert ATM
cells into Ethernet frames.
Service Specification
The MA5600T supports up to 1024 static MAC addresses.
The MA5600T supports up to 20 MAC address pools, but the total number of configurable MAC
addresses cannot exceed 1024.
Prerequisites
l The service port must be created before you set the static MAC address of the port.
l The port must be added to the specified VLAN before you set the static MAC address of
the upstream port.
Background Information
l When you add a static MAC address and a similar dynamic MAC address already exists
in the specified service channel or the upstream port of a specified VLAN, the dynamic
MAC address is overwritten by the static MAC address. A static MAC address cannot be
added if the same static MAC address already exists in the system.
l The configured static MAC address must be excluded from the MAC address pool. You
can run the display mac-pool command to check it.
l An upstream port which is included in different VLANs can be configured with the same
static MAC address.
Procedure
Step 1 Run the mac-address static command to add a static MAC address.
Step 2 Run the display mac-address static command to query the configured static MAC address.
----End
Example
To configure the MAC address of port 0/11/0 with VPI/VCI of 0/32 with GEM port of 151 as
1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/11/0 vpi 0 vci 32 1010-1010-1010
huawei(config)#display mac-address static
---------------------------------------------------------------------------
Type MAC MAC Type F/S /P VPI VCI FLOWTYPE FLOWPARA VLANID
---------------------------------------------------------------------------
adl 1010-1010-1010 static 0/11/0 0 32 - - 3
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in epon port
Related Operation
Table 18-1 lists the related operation for adding a static MAC address.
Background Information
l By default, the maximum MAC address number learned by a service port is 255.
l The maximum MAC address number learned by a service port does not include the
configured static MAC addresses.
Procedure
Step 1 Run the mac-address max-mac-count command to set the maximum MAC address number
learned by a service port.
Step 2 Run the display mac-address max-mac-count command to query the configured maximum
MAC address number learned by the service port.
----End
Example
To set the maximum MAC address number learned by service port 0/11/0 with VLAN ID of 10
on the user side to 10, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan 10 10
huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan
10
Command:
display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan 10
----------------------------------------------------------------------------
Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
----------------------------------------------------------------------------
adl 0/11/0 0 32 10 user-vlan 10 10
----------------------------------------------------------------------------
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in gpon port
To set the maximum MAC address number learned by port 0/2/0, with VLAN ID of 10, GEM
Port ID of 128 on the user side to 10, do as follows:
huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 user-vlan 10 10
Background Information
l To effectively realize the aging function of dynamic MAC addresses, you need to configure
the aging time. If a device has not transmitted any packet during the period which is the
one to two times of the aging time, the MA5600T deletes the MAC address of the device
from the MAC address list.
l By default, the aging time is 300s. In general, the default value is recommended.
l If the aging time is set very short, a dynamic MAC address is deleted very soon. As a result,
the data packets associated with the address are broadcast to all the ports in a VLAN due
to the failure to find the destination address, thus affecting the running efficiency of the
MA5600T.
l On the other hand, if the aging time is set very long, the MA5600T cannot update its MAC
address list according to the network change. Consequently, if the number of MAC
addresses learnt by the specified port reaches the maximum value, packets with new MAC
addresses are directly discarded due to the failure to find the destination address.
l The address aging function is only effective to dynamic MAC addresses.
Procedure
Step 1 Run the mac-address timer command to configure the aging time of a dynamic MAC address.
Step 2 Run the display mac-address timer command to query the configured aging time of the
dynamic MAC address.
----End
Examples
To set the aging time of a dynamic MAC address to 500s, do as follows:
huawei(config)#mac-address timer 500
huawei(config)#display mac-address timer
MAC aging time: 500s
Background Information
The MA5600T does not support the configuration of binding a MAC address directly. By
configuring a static MAC address entry and setting the maximum address count to 0, you can
bind a port with a MAC address.
l The MA5600T supports up to 1K static MAC addresses. The number of MAC addresses
that can be bound with a service stream is not limited.
l The MA5600T supports up to 8K dynamic MAC addresses. Each service stream can be
bound with up to eight MAC addresses dynamically.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/11/0 is 1010-1010-1010, and the
maximum address count is 0. To bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/11/0 vpi 0 vci 35 1010-1010-1010
huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35 0
huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35
----------------------------------------------------------------------------
Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
----------------------------------------------------------------------------
adl 0/11/0 0 35 4000 - - 0
--------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in epon port
Assume that the static MAC address of GPON port 0/11/0 is 1010-1010-1010, and the maximum
address count is 0. To bind the port with the MAC address so that the port only allows the pass
of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static gpon 0/2/0 gemport 128 1010-1010-1010
huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 0
huawei(config)#display mac-address max-mac-count gpon 0/2/0 gemport 128
{ <cr>|user-vlan<K>|user-8021p<K> }:
Command:
display mac-address max-mac-count gpon 0/2/0 gemport 128
---------------------------------------------------------------------------
Type F /S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
---------------------------------------------------------------------------
gpon 0 /2 /0 128 - 10 - - 0
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port; VPI indicates GEM PortID for GPON
Background Information
The system supports up to four MAC addresses to be filtered.
Procedure
Step 1 Run the security mac-filter command to configure the MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End
Example
To filter the data packets with the source MAC address of 1000-0000-0000, do as follows:
huawei(config)#security mac-filter source 1000-0000-0000
huawei(config)#display security mac-filter
---------------------------------------------------------
Index MAC-Address Type
---------------------------------------------------------
1 1000-0000-0000 source
---------------------------------------------------------
Total: 1
Related Operation
Table 18-2 lists the related operation for configuring the MAC address filtering.
Table 18-2 Related operation for configuring the MAC address filtering
To… Run the Command…
Background Information
l The system supports up to 20 MAC address pools and totally 1024 MAC addresses.
l The configured static MAC address must be excluded from the MAC address pool to be
configured. You can run the display mac-pool static command to check it.
l A MAC address pool cannot contain the MAC address of the control board.
l When adding a MAC address pool, you do not need to specify the index and range of the
MAC address pool. By default, the range is 256.
Procedure
Step 1 Run the mac-pool command to configure the MAC address pool.
Step 2 Run the display mac-pool command to query the added MAC address pool.
----End
Example
To add a MAC address pool with the index of 0, the start MAC address of 1000-0000-0000, and
the address count of 800, do as follows:
huawei(config)#mac-pool 0 1000-0000-0000 800
huawei(config)#display mac-pool all
Current allocation method of MAC addresses: manual
User-configured MAC pools :
----------------------------------------------------------------
Index StartMAC EndMAC Scope UsedNum
----------------------------------------------------------------
0 1000-0000-0000 1000-0000-031f 800 0
----------------------------------------------------------------
MAC pools : 1, MAC addresses :800, Addresses in use : 0
This topic describes how to configure the TCP/IP connections on the MA5600T.
19.1 Overview
This topic describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application on the MA5600T.
19.2 Basic Concepts
This topic describes the concepts of synwait timer and finwait timer.
19.3 Configuring the Synwait Timer
This topic describes how to configure the synwait timer.
19.4 Configuring the Finwait Timer
This topic describes how to configure the finwait timer.
19.5 Configuring the Socket Buffer
This topic describes how to configure the size of the socket transmit and receive buffer.
19.6 Enabling the TCP Debugging
This topic describes how to enable the TCP debugging so that the required information can be
displayed on the terminal.
19.7 Enabling the IP Packets Debugging
This topic describes how to enable the IP packets debugging.
19.1 Overview
This topic describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application on the MA5600T.
Service Description
TCP connection configuration supported by the MA5600T includes the following:
Service Specification
The MA5600T supports the configuration of TCP/IP connection.
Synwait Timer
When the synchronization (SYN) packet is sent, TCP enables the synwait timer. If no
acknowledgement (ACK) packet is received before time specified by the synwait timer, the TCP
connection is terminated.
Finwait Timer
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer
is enabled.
If no FIN packet is received before the time specified by the finwait timer, the TCP connection
is dropped.
Background Information
The timeout time of synwait timer ranges from 2s to 600s. The default is 75s.
Procedure
Run the tcp timer syn-timeout command to configure the synwait timer.
----End
Example
To set the TCP timer time to 100s, do as follows:
huawei(config)#tcp timer syn-timeout 100
Related Operation
Table 19-1 lists the related operation for configuring the synwait timer.
Restore the default setting of the syswait undo tcp timer syn-timeout
timer
Background Information
The timeout time of finwait timer ranges from 76s to 3600s. The default is 675s.
Procedure
Run the tcp timer fin-timeout command to configure the finwait timer.
----End
Example
To set the time of finwait timer to 200s, do as follows:
huawei(config)#tcp timer fin-timeout 200
Related Operation
Table 19-2 lists the related operation for configuring the finwait timer.
Background Information
The buffer size ranges from 1 KB to 32 KB. The default is 4 KB.
Procedure
Run the tcp window command to set the size of the socket transmit and receive buffer.
----End
Example
To set the size of the socket transmit & receive buffer to 12 KB, do as follows:
huawei(config)#tcp window 12
Related Operation
Table 19-3 lists the related operation for configuring the socket buffer.
Background Information
The debugging information is displayed on the terminal only after the terminal monitor and
terminal debugging function are enabled.
Procedure
Run the debugging tcp packet command to enable the TCP debugging.
----End
Example
To enable the TCP debugging, do as follows:
huawei(config)#debugging tcp packet
Related Operations
Table 19-4 lists the related operations for enabling the IP packets debugging.
Background Information
The debugging information is displayed on the terminal only after the terminal monitor and
terminal debugging function are enabled.
By default, the terminal monitor and terminal debugging function are disabled.
NOTE
A large amount of debugging information may be displayed on the terminal after the debugging is enabled.
Perform this operation with caution!
Procedure
Run the debugging ip packet command to enable the IP packets debugging.
----End
Example
To enable the IP packets debugging, do as follows:
huawei(config)#debugging ip packet
*0.24271340 MA5600-42 IP/8/debug_case:
Receiving, interface = vlanif3000, version = 4, headlen = 20, tos = 192,
pktlen = 70, pktid = 35614, offset = 0, ttl = 1, protocol = 17,
checksum = 17131, s = 10.11.0.209, d = 224.0.0.2
prompt: Receiving IP packet
*0.880717530 huawei IP/8/debug_case:
Sending, interface = meth0, version = 4, headlen = 20, tos = 192,
pktlen = 316, pktid = 5152, offset = 0, ttl = 255, protocol = 6,
checksum = 36292, s = 10.78.212.64, d = 10.70.47.67
prompt: Sending the packet from local at meth0
Related Operations
Table 19-5 lists the related operations for enabling the IP packets debugging.
20 ACL Configuration
This topic describes the ACL types, rules and related configurations on the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
20.1 Overview
This topic describes access control list (ACL) and its application on the MA5600T.
20.2 Configuring the Basic ACL
This topic describes how to filter data packets that meet the source IP address conditions within
a certain period of time.
20.3 Configuring the Advanced ACL
This topic describes how to filter data packets that meet the source IP address and DSCP
conditions within a certain period of time.
20.4 Configuring the L2 ACL
This topic describes how to filter data packets that meet the source MAC address, destination
MAC address, and VLAN ID conditions within a certain period of time.
20.5 Configuration Example of the User-Defined ACL
This topic describes how to filter data packets that meet the customized conditions within a
certain period of time.
20.6 Creating an ACL
This topic describes how to create a basic ACL, an advanced ACL, an L2 ACL or a customized
ACL.
20.7 Configuring a Time Range
This topic describes how to configure a time range to specify the valid time of an ACL rule.
20.1 Overview
This topic describes access control list (ACL) and its application on the MA5600T.
Service Description
An ACL performs the packet filtering function. You can configure some matching rules on
network devices to filter unwanted data packets. With the matching rules, network devices can
allow or disallow the matching data packets to pass. The classified traffic is the prerequisite for
configuring the Quality of Service (QoS) or user security.
For details on ACL, refer to "ACL" in the MA5600T Feature Description.
Service Specification
The MA5600T supports the following types of ACLs:
l Basic ACL
l Advanced ACL
l L2 ACL
l Customized ACL
The MA5600T performs filtering, traffic mirroring, traffic limitation, adding the priority tag,
redirection, and traffic measurement on packets filtered by ACL rules.
If ACL rules are delivered to user port of the MA5600T, such as ADSL2+ port 0/11/0, then all
ADSL2+ ports in slot 0/11 filter packets. If ACL rules are delivered to an Ethernet port, then
only the Ether port filters the packets.
For the basic, advanced or L2 ACL, the mask of the IP/MAC address is the inverse mask. For
the customized ACL, the mask of the IP/MAC address is the positive mask.
ACL Types
Table 20-1 describes the four types of ACLs.
Data Plan
Table 20-2 provides the data plan for configuring the basic ACL.
Configuration Flowchart
Figure 20-1 shows the flowchart for configuring a basic ACL.
Start
Create an ACL
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, the port 0/9/0 on the MA5600T
can receive the data packets from IP address 2.2.2.2, and discard other data packets.
Data Plan
Table 20-3 provides the data plan for configuring the advanced ACL.
DSCP 23 -
Configuration Flowchart
Figure 20-2 shows the flowchart for configuring an advanced ACL.
Start
Create an ACL
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T can
receive the data packets from 2.2.2.0 to 3.3.3.3 with DSCP of 23. Other packets are discarded.
Data Plan
Table 20-4 provides the data plan for configuring the L2 ACL.
Source VLAN ID 12 -
CAUTION
If you omit "0x" when entering the type of an Ethernet bearer protocol, the input should be
considered as a decimal number. The decimal number you input is converted to hexadecimal
number for the protocol type.
Configuration Flowchart
Figure 20-3 shows the flowchart for configuring an L2 ACL.
Start
Create an ACL
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T can
receive the Ethernet frames with the source MAC address of 2222-2222-2222, destination MAC
address of 00e0-fc11-4141, VLAN ID of 12, and COS of 1. Other packets are discarded.
Background Information
In the user-defined ACL, the regular mask and the offset are used to extract any bytes from the
first 80 bytes for comparison with the user-defined rule. After the comparison, the data frames
matching the rule are obtained for related processing.
Data Plan
Table 20-5 provides the data plan for configuring the user-defined ACL.
Offset 27 -
Configuration Flowchart
Figure 20-4 shows the flowchart for configuring a user-defined ACL.
Start
Create an ACL
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T rejects
TCP packets.
Background Information
The MA5600T supports up to 64 ACLs. Each ACL can be configured with up to 64 rules.
Procedure
Step 1 Run the acl command to create an ACL.
Step 3 Run the display acl command to query the configuration of the ACL.
----End
Example
To create an advanced ACL with ID of 3000, do as follows:
huawei(config)#acl 3000
huawei(config-acl-adv-3000)#quit
huawei(config)#display acl 3000
Advanced ACL 3000, 0 rule
Acl's step is 5
Related Operations
Table 20-7 lists the related operations for creating an ACL.
Delete an ACL undo acl If an ACL and its rules are activated, or if
they are quoted by other QoS functions,
the ACL and the rules cannot be deleted.
Configure the step step Step means the difference between two
for an ACL neighboring rules in a group of ACL rules.
By default, it is 5.
Background Information
ACL time ranges include relative time and absolute time.
l Relative time refers to periodical intervals, such as the period from 8:30 in the morning to
18:30 in the afternoon every Monday.
l Absolute time refers to intervals from a specific moment to another specific moment, such
as the period from 12:00 in the noon on June 8, 2006 to 18:00 in the afternoon on August
8, 2006.
The principle for a time range to take effect is as follows:
l When a time range includes only absolute time or relative time, the union set of all intervals
in the time range takes effect.
l When a time range includes both absolute time and relative time, the intersection set of the
union sets of both relative time and absolute time takes effect.
NOTE
Procedure
Step 1 Run the time-range command to configure a time range.
Step 2 Run the display time-range command and you can find that the time range is configured.
----End
Example
To create a time range named "last24hrs" that is valid for the whole day of 2008-03-24, do as
follows:
huawei(config)#time-range last24hrs from 00:00 2008/03/24 to 24:00 2008/03/24
huawei(config)#display time-range all
Background Information
l By default, the step is 5.
l If a step changes, the rules in an ACL should be re-numbered.
For example, assume that the rules of an ACL are numbered as 5, 10, and 15. If you set the
step to 2 by using the command step 2, the rules are numbered as 2, 4, and 6.
l To restore the default step value and renumber the ACL rules, run the undo step command.
Assume that ACL 1 contains rules 1, 3 and 5 with a step of 2. After you run the undo step
command, the numbers of the ACL rules are 5, 10, and 15, with the default step of 5.
Procedure
Step 1 Run the step command to modify the step of ACL rule.
Step 2 Run the display acl command to query the set step.
----End
Example
To set the step to 10, do as follows:
huawei(config-acl-basic-2000)#step 10
huawei(config)#display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 10
rule 10 permit (0 times matched)
Related Operation
Table 20-8 lists the related operation for setting the step.
Prerequisite
The basic ACL to which the rule is added already exists.
Background Information
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create a basic ACL rule.
Step 2 Run the rule command to configure the basic ACL rule.
Step 3 Run the quit command to exit the basic ACL config mode.
Step 4 Run the display acl command to query the information on the basic ACL rule.
----End
Example
To define a basic ACL rule that enables data packets from 2.2.2.2 to pass, do as follows:
huawei(config)#acl 2000
huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0
huawei(config-acl-basic-2000)#quit
huawei(config)#display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 2.2.2.2 0 (0 times matched)
Related Operation
Table 20-9 lists the related operation for creating a basic ACL rule.
Prerequisite
The advanced ACL to which the rule is added already exists.
Background Information
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create an advanced ACL rule.
Step 2 Run the rule command to configure the advanced ACL rule.
Step 3 Run the quit command to exit the advanced ACL config mode.
Step 4 Run the display acl command to query the information on the ACL rule.
----End
Example
To define an advanced ACL rule that enables data packets from 2.2.2.2 to 3.3.3.3 with DSCP
of 23 to pass, and the valid time as the predefined time 1, do as follows:
huawe(config)#acl 3000
huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3
0 dscp 23 time-range time1
huawei(config-acl-adv-3000)#quit
huawei(config)#display acl 3000
Advanced ACL 3000, 1 rule
Acl's step is 5
rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3 0 dscp 23 time-range
time1 (0 times matched)(Inactive)
Related Operation
Table 20-10 lists the related operation for creating an advanced ACL rule.
Prerequisite
The L2 ACL to which the rule is added already exists.
Background Information
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create an L2 ACL rule.
Step 3 Run the quit command to exit the L2 ACL config mode.
Step 4 Run the display acl command to query the information on the L2 ACL rule.
----End
Example
To define an L2 ACL rule that enables data packets with type of 0x8863, VLAN ID of 12, COS
of 1, source MAC address of 2222-2222-2222 and destination MAC address of 00e0-fc11-4141
to pass, do as follows:
huawei(config)#acl 4000
huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12
2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000
huawei(config-acl-link-4000)#quit
huawei(config)#display acl 4000
Basic ACL 4000, 1 rule
Acl's step is 5
rule 1 permit type 0x8863 cos background source 2222-2222-2222 0000-0000-0000
12 destination 00e0-fc11-4141 0000-0000-0000
Related Operation
Table 20-11 lists the related operation for creating an L2 ACL rule.
Prerequisite
The customized ACL to which the rule is added already exists.
Background Information
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Figure 20-5 shows the first 64 bytes of an IP frame. Every letter represents one hexadecimal,
and every two letters represent one byte.
Table 20-12 lists the meaning of the letters and their offset values.
G IP packet 20 R Acknowledgem 46
length ent
K Protocol 27 V Other 54
number (6
refers to TCP
and 17 refers to
UDP)
NOTE
In Figure 20-5, the offset value of their field is their offset value in the 802.3 data frame of Sub Network Access
Protocol (SNAP) + tag. For the customized ACL, the user can use the rule mask and offset parameters to extract
any byte from the first 80 bytes of data frame, and then compare the extracted byte with customized rules to
filter matched data frames for processing.
Procedure
Step 1 Run the acl command to create a customized ACL rule.
Step 2 Run the rule command to configure the customized ACL rule.
Step 3 Run the display acl command to query the information on the ACL rule.
----End
Example
To filter all TCP packets, do as follows:
huawei(config)#acl 5000
huawei(config-acl-adv-5000)#rule permit 06 ff 27
huawei(config-acl-adv-5000)#quit
huawei(config)#display acl 5000
User ACL 5000, 1 rule
Acl's step is 5
rule 5 permit 06 ff 27
Related Operation
Table 20-13 lists the related operation for creating a customized ACL rule.
Table 20-13 Related operation for creating a used defined ACL rule
Prerequisite
The ACL to be activated must be configured, and the port for which the ACL is to be activated
must work in the normal state.
Procedure
Step 1 Run the packet-filter command to activate an ACL.
Step 2 Run the display packet-filter port command and you can find that the ACL is activated.
----End
Example
To activate ACL 3000 of port 0/11/0, do as follows:
huawei(config)#packet-filter inbound ip-group 3000 port 0/11/0
huawei(config)#display packet-filter port 0/11/0
port0/11/0
Inbound:
inbound Acl 3000 rule 1 port 0/11/0 running
Related Operation
Table 20-14 lists the related operation for activating the ACL of a port.
21 QoS Configuration
This topic describes the QoS configuration examples and related configuration operations on
the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
21.1 Overview
This topic describes various QoS functions and their applications on the MA5600T.
21.2 Configuration Example of Queue Scheduling
This topic provides an example for configuring queue scheduling so that services with different
priorities have different scheduling policies. Then corresponding QoS of these services can be
guaranteed.
21.3 Configuration Example of Traffic Management Based on service streams
This topic provides an example for configuring the IP and ATM traffic profiles to manage the
traffic of different service streams through different traffic profiles.
21.4 Configuration Example of Traffic Management Based on ACL rules
This topic provides an example for applying different ACL rules to different VLANs to
implement flow control on upstream services transmitted through different VLANs.
21.5 Configuring the Traffic Management Based on service streams
This topic describes the types and application of the traffic profile supported by the
MA5600T. The MA5600T specifies different traffic profiles for different streams to implement
the traffic management based on service streams.
21.6 Configuring the Traffic Management Based on Port + CoS
This topic describes how to configure the traffic management based on port + CoS to specify a
specified IP traffic profile for service streams that have the same 802.1p priority and are borne
on the same port. This facilitates the service traffic management through the traffic profile.
21.7 Configuring Queue Scheduling
A queue is the unit of the packet scheduling in the physical port. After the queue scheduling is
configured, the packet of the key service can be processed in time when the network congestion
occurs.
21.8 Configuring Traffic Management Based on ACL rules
This topic describes the function of filtering the traffic of the port through the ACL rule and
manages the traffic that complies with the ACL rule.
21.9 Enabling the Line Rate Limit on an Upstream Port
This topic describes how to enable the line rate limit on a specified upstream port.
21.1 Overview
This topic describes various QoS functions and their applications on the MA5600T.
Service Description
Quality of service (QoS) means the performance of the data stream that passes the network. By
setting different parameters of the QoS, such as service availability, throughput, time delay,
jitter, and loss rate, you can provide users with high quality services.
For details on QoS, refer to "QoS" in the MA5600T Feature Description.
Service Specification
The MA5600T mainly supports the following QoS functions:
l Traffic management based on service streams
l Traffic management based on port + CoS
– If this mode is configured based on a service board, it is valid to all ports of the board.
– The AIUG, GPON, and ETHAGPON and ETHA boards do not support this mode.
l Queue scheduling
The MA5600T supports the following queue scheduling modes:
– PQ: Strict-Priority queue
– WRR: Weighted Round Robin
– PQ + WRR
l Traffic management based on ACL rules
l Line rate limit on an upstream port
Networking
Figure 21-1 shows an example network for configuring queue scheduling.
The MA5600T is configured with the queue scheduling policy based on the service type. The
VoIP service priority is 7, the video service priority is 6, and the Internet service priority is 5.
When congestion occurs, the system can ensure that the service stream with higher priority can
be processed in time, and can also guarantee the QoS of services with lower priority.
LAN switch
MA5600T
Internet VoIP
IPTV
Data Plan
Table 21-1 provides the data plan for configuring queue scheduling.
Item Data
Mapping between the queue and the Adopts the default mapping and needs no separate
priority configuration.
Queue 0: 0 (802.1p)
Queue 1: 1 (802.1p)
Queue 2: 2 (802.1p)
Queue 3: 3 (802.1p)
Queue 4: 4 (802.1p)
Queue 5: 5 (802.1p)
Queue 6: 6 (802.1p)
Queue 7: 7 (802.1p)
Item Data
Configuration Flowchart
Figure 21-2 shows the flowchart for configuring queue scheduling.
Start
End
Procedure
Step 1 Map the queue to the 802.1 priority of the packet.
huawei(config)#cos-queue-map cos0 0 cos1 1 cos2 2 cos3 3 cos4 4 cos5 5 cos6 6 cos7
7
huawei(config)#display cos-queue-map
CoS and queue map:
------------------------
CoS Queue ID
------------------------
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
------------------------
------------------------
Queue Depth size ratio
------------------------
0 7
1 6
2 13
3 13
4 12
5 12
6 25
7 12
------------------------
----End
Result
When network congestion occurs, the system performs scheduling based on the configured
scheduling policy.
Networking
Figure 21-3 shows an example network for configuring the traffic management based on service
streams.
The MA5600T is accessed with the broadband service through ADSL port 0/11/0 and ATM port
0/6/0. To implement the traffic management on this service, select or configure the proper IP
and ATM profiles, and bind the profiles with the specified service streams.
Figure 21-3 Example network for configuring the traffic management based on service streams
LAN switch
MA5600T
Data Plan
Table 21-2 provides the data plan for configuring the traffic management based on service
streams.
Table 21-2 Data plan for configuring the traffic management based on service streams
Item Data
ATM Internet service ATM traffic profile with the index of 5 (the default profile)
l Service type: UBR
l Access rate: 3072 kbit/s
Upstream port: 0/9/0
Upstream VLAN: type 10, and smart VLAN
Access port: 0/6/0
Configuration Flowchart
Figure 21-4 shows the flowchart for configuring the traffic management based on service
streams.
Figure 21-4 Flowchart for configuring the traffic management based on service streams
Start
End
Procedure
l Configure the traffic management of the ADSL service.
1. Check whether the proper IP traffic profile exists in the system.
huawei(config)#display traffic table ip from-index 0
-------------------------------------------------------------------------
TID CIR(kbps) CBS(bytes) PIR(kbps) PBS(bytes) Pri Copy-policy Pri-Policy
-------------------------------------------------------------------------
0 1024 34768 2048 69536 6 - tag-pri
1 2496 81872 4992 163744 6 - tag-pri
2 512 18384 1024 36768 0 - tag-pri
3 576 20432 1152 40864 2 - tag-pri
4 64 4048 128 8096 4 - tag-pri
5 2048 67536 4096 135072 0 - tag-pri
6 off off off off 0 - tag-pri
-------------------------------------------------------------------------
Total Num : 7
-------------------------------------------------------------------------
----
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/
SHAPE
Type Type kbps kbps kbps kbps cells
1/10us
-------------------------------------------------------------------------
----
0 cbr 2 1024 -- -- -- -- -- off/
--
1 cbr 2 2500 -- -- -- -- -- off/
--
2 ubr 2 512 -- -- -- -- -- on /
--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /
--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /
off
5 ubr 2 2048 -- -- -- -- -- on /
--
6 ubr 1 -- -- -- -- -- -- off/
--
-------------------------------------------------------------------------
----
Total Num :
7
Traffic type
definition:
1:NoTrafficDescriptor 2:NoClpNoScr
3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr
6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr
9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr
12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt
15:ClpTaggingScrCdvt
-------------------------------------------------------------------------
----
2. Bind the default ATM traffic profile 5 with the service stream.
huawei(config)#service-port vlan 10 atm 0/6/0 vpi 0 vci 35 rx-cttr 5 upc
off tx-cttr 5 upc off
----End
Result
The system manages the traffic of the ADSL and ATM services respectively based on the
specified traffic profiles.
Networking
Figure 21-5 shows an example network for configuring the traffic management based on ACL
rules.
The MA5600T transmits the service streams to the upper layer network through VLANs 10, 20,
and 30. To manage the service stream received through different VLANs, the MA5600T applies
different ACL rules to different VLANs for flow control.
Figure 21-5 Example network for configuring the traffic management based on ACL rules
LAN switch
MA5600T
PC PC PC
Data Plan
Table 21-3 provides the data plan for configuring the traffic management based on ACL rules.
Table 21-3 Data plan for configuring the traffic management based on ACL rules
Item Data
Flow control policy Limits VLAN 10 to receive the traffic with bandwidth of 6400
kbit/s.
Limits VLAN 20 to receive the traffic with bandwidth of 12800
kbit/s.
Limits VLAN 30 to receive the traffic with bandwidth of 19200
kbit/s.
Configuration Flowchart
Figure 21-6 shows the flowchart for configuring the traffic management based on ACL rules.
Figure 21-6 Flowchart for configuring the traffic management based on ACL rules
Start
End
Procedure
Step 1 Configure the upstream port.
huawei(config)#vlan 10,20,30 smart
huawei(config)#port vlan 10,20,30 0/9 0
----End
Result
The service traffic received in VLANs 10, 20, and 30 do not exceed their respective flow control
bandwidth.
Overview
The MA5600T performs the traffic management by specifying a traffic profile for each service
stream accessing the device.
By default, the system supports the traffic management based on service streams.
21.5.1 Configure the IP Traffic Profile
This topic describes how to configure the IP traffic profile. The IP traffic profile defines multiple
traffic parameters. When configuring a service port, apply the IP traffic profile to the port and
manages the traffic of the port through the traffic parameters defined in the profile.
21.5.2 Configure the ATM Traffic Profile
The ATM traffic profile defines ATM traffic parameters. When configuring the service
connection, apply the ATM traffic profile to the service port and manages the ATM service
traffic through the traffic parameters defined in the profile.
Background Information
l The system contains seven default IP traffic profiles with the IDs of 0-6. You can run the
display traffic table command to query the traffic parameters of these default traffic
profiles.
l It is recommended to select the default traffic profiles first. You need to configure a new
IP traffic profile only when the default traffic profiles cannot meet the demand.
Table 21-4 lists the traffic parameters defined in the IP traffic profile.
Priority policy The priority policies are classified into the following three types:
l Specified priority: specifying the 802.1p priority for the packet.
l user-cos: copying the 802.1p priority in the VLAN of the packet to
the VLAN of the upstream packet.
l user-cos: copying the ToS priority in the VLAN of the packet to the
VLAN of the upstream packet.
Scheduling policy The scheduling policies are classified into the following two types:
l Tag-In-Package: The system performs scheduling based on the
802.1p priority of the packet.
l Local-Setting: the local priority. The system performs scheduling
based on the 802.1p priority specified in the traffic profile bound
with the service stream.
NOTE
The scheduling policy is only valid to the downstream packet.
Procedure
Step 1 Run the traffic table ip command to configure the traffic profile.
Step 2 Run the display traffic table ip command to query the traffic profile.
----End
Example
To add IP traffic profile 9, with the CIR as 2048 kbit/s, the 802.1p priority of the upstream packet
as 6, and the scheduling policy of downstream packet as tag-in-package, do as follows:
huawei(config)#traffic table ip index 9 cir 2048 priority 6 priority-policy tag-In-
Package
Create traffic descriptor record successfully
--------------------------------------------
TD Index : 9
Priority : 6
Copy Priority : -
Priority Policy : tag-pri
CIR : 2048 kbps
CBS : 67536 bytes
PIR : 4096 kbps
PBS : 135072 bytes
Referenced Status: not used
--------------------------------------------
Related Operations
Table 21-5 lists the related operations for configuring the traffic entry.
Delete the IP undo traffic table ip Only the traffic entry that is not
traffic profile applied can be deleted.
Modify the IP traffic table ip modify l The priority policy and the
traffic profile scheduling policy in the traffic
profile cannot be modified.
l The default and the applied traffic
profiles can be modified.
Background Information
l The system contains seven default ATM traffic profiles with the IDs of 0-6. You can run
the display traffic table atm command to query the traffic parameters of these default
traffic profiles.
l It is recommended to select the default traffic profiles first. You need to configure a new
traffic profile only when the default traffic profiles cannot meet the demand.
Table 21-6 lists the relations between the service type, traffic description, and traffic parameters.
Table 21-6 Relations between the service type, traffic description, and traffic parameters.
NoTrafficDescriptor -
CBR CBR service is used for connections that require static bandwidth and top
priority. CBR features high stability and low burst. Data services are
delivered in fixed period. Typical applications of CBR services are circuit
service, emulation voice service and video service. Peak cell rate (PCR)
is the only parameter required for applying CBR service. Cells are
delivered at the source end at the PCR rate or a rate below PCR.
rt_VBR rt-VBR service is very sensitive to delay and jitter. Typical applications
of rt-VBR are voice service and video service. Compared with CBR
service, rt-VBR service allows a certain degree of delay. The data may be
delivered at the source end at different rates. Parameters required for
applying rt-VBR service include PCR, SCR, and MBS.
nrt_VBR nrt-VBR service is used for connections in which there is no fixed timing
relationship between samples. Compared with rt-VBR, nrt-VBR has lower
priority than rt-VBR. Parameters required for service application include
PCR, SCR, and MBS.
UBR UBR service is used for services with high burst and without real-time
requirement. UBR users only demand optimum network service, but
require no guarantee on quality of service (QoS). The network offers no
QoS guarantee for UBR service. In the case of network congestion, UBR
cells are the first to be discarded. Error correction is implemented by the
upper layer protocols. Typical applications of UBR service are FTP and
E-mail.
Procedure
Step 1 Run the traffic table atm command to configure the ATM traffic profile.
Step 2 Run the display traffic table atm command to query the ATM traffic profile.
----End
Example
To add ATM traffic profile 12, with the service type of UBR, traffic description type of
NoClpNoScr and 2048 kbit/s, and Clp01Pcr of 2048 kbit/s, do as follows:
huawei(config)#traffic table atm index 12 srvcategory ubr tdtype noclpnoscr
clp01Pcr 2048
Create traffic descriptor record successfully
-----------------------------------------------------------------------------
TD Index : 12
Priority : 0
Priority Policy : tag-pri
TD Type : NoClpNoScr
Service Category : ubr
Referenced Status: not used
EnPPDISC : off
Related Operation
Table 21-8 lists the related operation for configuring the traffic entry.
Delete the ATM undo traffic table atm Only the traffic entry that is not
traffic profile applied can be deleted.
Background Information
l Traffic management based on service streams and based on port + CoS are mutually
exclusive. By default, the system supports traffic management based on service streams.
l If the board is configured with the service stream, the traffic management mode cannot be
modified.
l You cannot set or query the CAR mode of a GPON service board.
l The AIUG and GPON boards supportGPON board supports only the traffic management
based on service streams while not supporting that based on port + CoS.
Procedure
Step 1 Run the car-mode command to set the traffic management mode of a service board as port +
CoS.
NOTE
l The configured traffic management mode is valid to all ports of the board.
l service-port: traffic management mode based on service streams, which is the default mode.
l port-cos: traffic management mode based on port + CoS.
Step 2 Run the car-port command to set the 802.1p priority of the a port, bind the IP traffic profile
with the service stream that matches the set priority, and manage the traffic of the service stream
through the profile.
Step 3 Run the display car-mode command to query the traffic management mode of the service board.
Step 4 Run the display car-mode command to query the traffic management mode of the port.
----End
Example
Assume that the packets with the 802.1p priority of 4 on port 0 in upstream is bound with IP
traffic profile 2 and those in downstream is bound with profile 5, and the packets with the 802.1p
priority of 6 on port 0 in upstream is bound with IP traffic profile 2 and those in downstream is
bound with profile 7. To set the traffic management mode of service board 0/2 to port + COS,
do as follows:
huawei(config)#interface adsl 0/2
huawei(config-if-adsl-0/2)#car-mode port-cos
huawei(config-if-adsl-0/2)#car-port 0 cos 4 inbound 2 outbound 5
huawei(config-if-adsl-0/2)#car-port 0 cos 6 inbound 2 outbound 7
huawei(config-if-adsl-0/2)#display car-mode
The CAR mode of the board : port-cos
huawei(config-if-adsl-0/2)#display car-port 0
-------------------------------------
Port CoS Inbound-index Outbound-index
-------------------------------------
0 4 2 5
0 6 2 7
-------------------------------------
Background Information
The MA5600T supports the following three queue scheduling modes: Strict-Priority Queue (PQ)
and Weighted Round Robin (WRR) and PQ+WRR.
Table 21-9 Mapping between the queue weight and the actual queue
7 W7 W7 -
6 W6 W6 -
5 W5 W5 -
4 W4 W4 -
3 W3 W3 W7+W6
2 W2 W2 W5+W4
1 W1 W1 W3+W2
0 W0 W0 W1+W0
Wn: indicates the weight of queue n. The weight sum of queues must be equal to 100.
l PQ + WRR
– The system supports PQ for some queues and WRR for the other queues. When the
value of WRR is 0, it indicates that this queue adopts the PQ mode.
– The queues adopting the PQ mode must be the ones with higher priorities.
– The weight sum of queues must be equal to 100.
Procedure
Step 1 Run the queue-scheduler command to configure the queue scheduling mode.
Step 2 Run the display queue-scheduler command to query configuration of the queue scheduling.
----End
Examples
To configure a WRR scheduler and assign these weight values to the eight queues: 10, 10, 20,
20, 10, 10, 10 and 10, do as follows:
huawei(config)#queue-scheduler wrr 10 10 20 20 10 10 10 10
huawei(config)#display queue-scheduler
Queue scheduler mode : WRR
---------------------------------
Queue Scheduler Mode WRR Weight
---------------------------------
0 WRR 10
1 WRR 10
2 WRR 20
3 WRR 20
4 WRR 10
5 WRR 10
6 WRR 10
7 WRR 10
---------------------------------
To configure a PQ+WRR scheduler and assign these weight values to the six queues: 20, 20,
10, 30, 10, and 10, do as follows:
huawei(config)#queue-scheduler wrr 20 20 10 30 10 10 0 0
huawei(config)#display queue-scheduler
Queue scheduler mode : WRR
---------------------------------
Queue Scheduler Mode WRR Weight
---------------------------------
0 WRR 20
1 WRR 20
2 WRR 10
3 WRR 30
4 WRR 10
5 WRR 10
6 PQ --
7 PQ --
---------------------------------
Related Operations
Table 21-10 lists the related operations for configuring the queue scheduling mode.
Table 21-10 Related operations for configuring the queue scheduling mode
Background Information
l The configuration applies to all the service boards in the system.
l By default, the mapping between the 802.1p priority and queues is as shown in Table
21-11.
7 7 3 7
6 6 3 6
5 5 2 5
4 4 2 4
3 3 1 3
2 2 1 2
1 1 0 1
0 0 0 0
Procedure
Step 1 Run the cos-queue-map command to map the 802.1p priority to the queues.
Step 2 Run the display cos-queue-map command to query the mapping setting.
----End
Example
To map 802.1p priority 0 to queue 0, 802.1p priority 1 to queue 2, and others to queue 6, do as
follows:
Related Operations
Table 21-12 lists the related operations for mapping the 802.1p priority to the queue of a service
board.
Table 21-12 Related operations for mapping the 802.1p priority to the queue of a service board
Background Information
The queue buffer determines the capacity of queues for handling the burst packet. The larger
the queue buffer, the stronger the capacity for handling the burst packet.
The buffer size of a port is set by proportion. Table 21-13 lists the default buffer size.
Queue Number Queue Buffer (the port Actual queue number (the
supporting 8 queues) port supporting 4 queues)
7 L7 (Default: 6) -
6 L6 (Default: 25) -
5 L5 (Default: 12) -
Queue Number Queue Buffer (the port Actual queue number (the
supporting 8 queues) port supporting 4 queues)
4 L4 (Default: 12 -
Ln: indicates the buffer size of queue n. The sum of proportions must be equal to 100.
Procedure
Step 1 Run the queue-buffer command to configure the buffer size for the queue of a service board.
Step 2 Run the display queue-buffer command to query the buffer size configuration for the queue of
a service board.
----End
Example
To configure the buffer size proportion of the eight queues as 20, 20, 10, 10, 10, 10, 10 and 10,
do as follows:
huawei(config)#queue-buffer 20 20 10 10 10 10 10 10
huawei(config)#display queue-buffer
------------------------
Queue Depth size ratio
------------------------
0 20
1 20
2 10
3 10
4 10
5 10
6 10
7 10
------------------------
Related Operations
Table 21-14 lists the related operations for configuring the queue buffer of a service board.
Table 21-14 Related operations for configuring the queue buffer of a service board
Prerequisite
The ACL and its rule have been configured, and the port for traffic limit is working in the normal
state.
Background Information
l The traffic limitation is only valid for permit rules of an ACL.
l The limited traffic must be a multiple of 64.
Procedure
Step 1 Run the traffic-limit command to enable traffic limit of packets matching an ACL rule on a
specified port.
Step 2 Run the display qos-info traffic-limit port command to query the traffic limitation information
on the specified port.
----End
Example
To limit the traffic received on port 0/11/0 that matches the rules of ACL 2001 to 512 kbit/s,
and mark the DSCP priority tag (af1) to packets that exceed the limitation, do as follows:
huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port
0/11/0
huawei(config)#display qos-info traffic-limit port 0/11/0
traffic-limit:
port 0/11/0:
Inbound:
Matches: Acl 2001 rule 5 running
Target rate: 512 Kbps
Exceed action: remark-dscp af1
Related Operation
Table 21-15 lists the related operation for enabling traffic limit of packets matching an ACL on
a specified port.
Table 21-15 Related operation for enabling traffic limit of packets matching an ACL on a
specified port
Prerequisite
The ACL and its rule have been configured, and the port involved in adding a priority tag to
packets is working in the normal state.
Background Information
l This operation is only valid for permit rules of an ACL.
l The ToS priority and the DSCP priority cannot be configured at the same time.
Procedure
Step 1 Run the traffic-priority command to add a priority tag to packets matching an ACL on a
specified port.
Step 2 Run the display qos-info traffic-priority port command to query the configured priority.
----End
Example
Assume the following:
l DSCP priority level: 10 (af1)
l Local priority level: 0
To add a priority tag to packets received on port 0/11/0 that match ACL 2001, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0
port 0/11/0
huawei(config)#display qos-info traffic-priority port 0/11/0
traffic-priority:
port 0/11/0:
Inbound:
Matches: Acl 2001 rule 5 running
Priority action: dscp af1 cos background
Related Operation
Table 21-16 lists the related operation for adding a priority tag to packets matching an ACL on
a specified port.
Table 21-16 Related operation for adding a priority tag to packets matching an ACL on a
specified port
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic statistics is working
in the normal state.
Background Information
The traffic statistics function is only valid for permit rules of an ACL.
Procedure
Step 1 Run the traffic-statistic command to measure traffic matching an ACL on a specified port.
Step 2 Run the display qos-info traffic-statistic port command to query the traffic statistics for packets
matching an ACL on the specified port.
----End
Example
To measure the packets received at port 0/9/0 that match ACL 2001, do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/9/0
huawei(config)#display qos-info traffic-statistic port 0/9/0
traffic-statistic:
port 0/9/0:
Inbound:
Matches: Acl 2001 rule 5 running
0 packet
Related Operations
Table 21-17 lists the related operations for enabling the traffic statistics for packets matching
an ACL on a port.
Table 21-17 Related operations for enabling the traffic statistics for packets matching an ACL
on a port
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic mirroring is working
in the normal state.
Background Information
l The command only works for permit rules of an ACL.
Procedure
Step 1 Run the traffic-mirror command to enable the traffic mirroring of packets matching an ACL
rule on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the traffic mirroring of packets
matching an ACL rule on a specified port.
----End
Example
To mirror the packets on ADSL2+ port 0/11/0 that match the rules of ACL 2001 to Ethernet port
0/9/0, do as follows:
huawei(config)#traffic-mirror inbound ip-group 2001 port 0/11/0 to port 0/9/0
huawei(config)#display qos-info traffic-mirror port 0/11/0
traffic-mirror:
port 0/11/0:
Inbound:
Matches: Acl 2001 rule 5 running
Mirror to: port 0/9/0
Related Operation
Table 21-18 lists the related operation for enabling the traffic mirroring of packets matching an
ACL rule on a specified port.
Table 21-18 Related operation for enabling the traffic mirroring of packets matching an ACL
rule on a specified port
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic redirection is working
in the normal state.
Background Information
l The traffic redirection is only valid for permit rules of an ACL.
l The service ports support only redirection of packets matching the ACL to upstream ports.
The upstream port supports only redirection of packets matching the ACL to ports on the
board of the same type.
Procedure
Step 1 Run the traffic-redirect command to redirect traffic matching an ACL on a port.
Step 2 Run the display qos-info traffic-redirect port command to query the redirection information
of packets matching an ACL on a port.
----End
Example
To redirect traffic matching with ACL 2001 on port 0/9/0 to port 0/9/1, do as follows:
huawei(config)#traffic-redirect inbound ip-group 2001 port 0/9/0 to port 0/9/1
huawei(config)#display qos-info traffic-redirect port 0/9/0
traffic-redirect:
port 0/9/0:
Inbound:
Matches: Acl 2001 rule 5 running
Redirected to: port 0/9/1
Related Operation
Table 21-19 lists the related operation for redirecting traffic matching an ACL on a port.
Table 21-19 Related operation for redirecting traffic matching an ACL on a port
Background Information
l Line rate limit on the MA5600T is to limit the transmit rate of an Ethernet port on the
SCU and GIU boards, instead of limiting the rate on a service port.
l The limited rate should be a multiple of 64.
Procedure
Step 1 Run the line-rate command to limit the line rate on a specified port.
Step 2 Run the display qos-info line-rate port command to query the line rate limit information on
the specified port.
----End
Example
To limit the rate at Ethernet port 0/9/0 to 6400 kbit/s, do as follows:
huawei(config)#line-rate 6400 port 0/9/0
huawei(config)#display qos-info line-rate port 0/9/0
line-rate:
port 0/9/0:
Line rate: 6400 Kbps
Related Operation
Table 21-20 lists the related operation for enabling the line rate limit on an upstream port.
Table 21-20 Related operation for enabling the line rate limit on an upstream port
To… Run the Command…
This topic describes how to configure the user security on the MA5600T.
22.1 Overview
This topic describes the service description and service specifications of user security.
22.2 Enabling PITP
This topic describes how to enable PITP so that the device can report the user port information
to the BRAS for authenticating the user.
22.3 Setting the RAIO Working Mode
This topic describes how to set the Relay Agent Information Option (RAIO) working mode to
correctly classify the format of the DHCP option82 tag and the PITP tag required by different
operators.
22.4 Setting the Ethernet Encapsulation Type
This topic describes how to set the Ethernet encapsulation type.
22.5 Enabling the DHCP Option82 Function
This topic describes how to enable the DHCP option82 function so that the BRAS can
authenticate the access users. The MA5600T adds the option82 field to the DHCP packets to
ensure the security of the DHCP function.
22.6 Setting the Maximum Length of DHCP Packets
This topic describes how to set the maximum length of DHCP packets.
22.7 Binding the IP Address
This topic describes how to bind a service channel with one or more IP addresses. In this way,
only the messages with the source IP address as the bound IP address can pass through the service
channel.
22.8 Binding the MAC Address
This topic describes how to bind a service port with a MAC address. This helps to limit the
source MAC address of the packets passing through this service port to be only the bound MAC
address.
22.9 Enabling the Anti MAC Spoofing
This topic describes how to enable the anti MAC spoofing function. With the anti MAC spoofing
function enabled, unauthorized users are prevented from sending PPPoE and DHCP control
packets through forging the MAC addresses of the valid users, thus guaranteeing the user security
greatly.
22.10 Enabling the Anti IP Spoofing
This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled,
unauthorized users are prevented from logging in to the device by forging legal IP addresses,
thus guaranteeing the user security.
22.1 Overview
This topic describes the service description and service specifications of user security.
Service Description
Policy Information Transfer Protocol (PITP), a member of Huawei Group Management Protocol
(HGMP) family, provides the Broadband Remote Access Server (BRAS) with the information
about the user port.
PITP binds user accounts with the user ports to prevent the theft and roaming of user accounts.
The DHCP option82 contains reliable user port information and terminal information, which are
added to the DHCP packets. The DHCP option82 is used as reference for the DHCP server to
allocate the IP address and other parameters.
For details on the user security feature, refer to "User Security" in the MA5600T Feature
Description.
Service Specification
The MA5600T supports the PITP V mode and P mode as well as DHCP option82 to implement
binding between the user account and the user port.
l PITP V mode (VBAS mode): After the PPPoE discovery phase, BRAS initiates a request
for querying user ports, requiring the MA5600T to report the information on the user ports.
The MA5600T sends the user port information to the BRAS when the MA5600T responds
to messages.
l PITP V mode (PPPoE Tag mode): In the PPPoE discovery phase, the MA5600T initiates
a request for querying user ports, and adds tags to the PPPoE authentication request
messages. In this way, the user port information is sent to the BRAS.
Background Information
PITP has two modes:
l vmode
VBAS mode: The BRAS sends the VBAS request packets to the MA5600T first, and the
MA5600T sends the port information to the BRAS.
l pmode
PPPoE mode: The MA5600T adds the tag to the PPPoE packets directly, and sends the port
information to the BRAS.
You can configure the PITP in the following two modes:
l Global configuration
– You can run the pitp { disable | enable { pmode | vmode } } command to disable PITP
or select PITP mode.
– By default, the PITP is disabled globally.
l Port configuration
– You can run the pitp { port frameid/slotid/portid { enable | disable } | board
frameid/slotid { enable | disable } } command to enable or disable PITP of the physical
port.
– By default, the port configuration of PITP is enabled.
l You can switch over between P and V modes of PITP. However, the system works in only
one mode. Disabling PITP invalidates both PITP modes.
l Global PITP configuration is of higher priority than port PITP configuration.
l If global PITP configuration is disabled, packets from a port do not contain user port
information no matter whether the port PITP is enabled.
l When you enable or disable PITP of the physical port on one board, the board must be in
the normal state or the offline configuration state.
l The ports on the control board do not support PITP, and it only transmits the PITP packets
transparently.
l To enable DHCP option82 or PITP, you need to configure the RAIO mode first. For the
configuration of the RAIO mode, see This topic "22.3 Setting the RAIO Working
Mode."
Procedure
Step 1 Run the pitp command to enable the PITP V mode or the PITP of the physical port.
Step 2 Run the display pitp config command to query the PITP configuration.
----End
Examples
To enable the PITP V mode, do as follows:
huawei(config)#pitp enable vmode
huawei(config)#display pitp config
PITP is enabled. Current mode:vmode
PITP sub-option90 is disabled
To enable PITP of port0/11/0the service port with GEM Port ID of 128 in port 0/11/0, do as
follows:
huawei(config)#pitp port 0/11/0 enablepitp port 0/11/0 gemport 128 enable
huawei(config)#display pitp port 0/11/0 configdisplay pitp port 0/11/0 gemport 128
config
PITP is enabled on this port
Background Information
l RAIO includes DHCP option82 and PITP tag. Because these two options are not
standardized, different carriers have different formats of them.
l By default, the RAIO working mode is common.
l To differentiate the formats, set correctly the RAIO working mode before using the DHCP
option82 and PITP tag function.
Procedure
Step 1 Run the raio-mode command to set the RAIO working mode.
Step 2 Run the display raio-mode command to query the RAIO working mode.
----End
Examples
To set the RAIO working mode as port-userlabel so that after the DHCP option82 function is
enabled on the port, and the PPPoE packets contain the description of the port, do as follows:
huawei(config)#raio-mode port-userlabel dhcp-option82
To set the RAIO working mode as user-defined so that after the PITP P mode is enabled on the
port, the PPPoE packets contain the user-defined description of the port, do as follows:
To set the RAIO working mode as xdsl-port-rate so that after the PITP P mode is enabled on
the port, the PPPoE packets contain the upstream/downstream activation rate of the port, do as
follows:
huawei(config)#raio-mode xdsl-port-rate pitp-pmode
huawei(config)#raio-mode user-defined pitp-pmode
huawei(config)#display raio-mode
{ <cr>|pitp-pmode<K>|pitp-vmode<K>|dhcp-option82<K>|detail<K> }:
Command:
display raio-mode
Current mode of PITP pmode: user-defined mode
Current mode of PITP vmode: common mode
Current mode of DHCP option82: xdsl-port-rate mode
Background Information
When setting a protocol type, make sure that it does not conflict with any of existing protocol
types, such as:
l IP: 0x0800
l ARP: 0x0806
l RARP: 0x8035
l 802.1q: 0x8100
l PPPoE: 0x8863 and0x8864
NOTE
Before setting the Ethernet encapsulation type, make sure that the PITP V mode is disabled.
Procedure
Step 1 Run the pitp vmode ether-type command to set the Ethernet encapsulation type.
Step 2 Run the display pitp vmode ether-type command and you can find the Ethernet encapsulation
type is set successfully.
----End
Example
To set the Ethernet encapsulation type in V mode, do as follows:
huawei(config)#pitp vmode ether-type 0x8200
huawei(config)#display pitp vmode ether-type
Vmode ethernet type is 0x8200
Related Operation
Table 22-1 lists the related operation for setting the Ethernet encapsulation type.
Table 22-1 Related operation for setting the Ethernet encapsulation type
Background Information
l With the DHCP option82 function enabled, the MA5600T can add/remove the option82
field to/from DHCP packets.
l With the DHCP option82 function disabled, the MA5600T transparently transmits or
directly forwards DHCP packets without processing them.
Procedure
Step 1 Run the dhcp option82 enable command to enable the DHCP option82.
Step 2 Run the display dhcp option82 config command to query the state of the DHCP option82
function.
----End
Example
To enable the DHCP option82, do as follows:
huawei(config)#dhcp option82 enable
huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes
Related Operations
Table 22-2 lists the related operations for enabling the DHCP option82.
Background Information
l By default, the maximum length of DHCP packets is 1500 bytes.
l You can set the maximum length for the DHCP packets added with Relay Agent
Information Option messages. If there are packets with length exceeding this value, the
system transparently transmits these packets.
Procedure
Step 1 Run the dhcp option82 max-length command to set the maximum length of DHCP packets.
Step 2 Run the display dhcp option82 config command to query the configured maximum length of
DHCP packets.
----End
Example
To set the maximum length of DHCP packets to 1300 bytes, do as follows:
huawei(config)#dhcp option82 max-length 1300
huawei(config)#huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes
Background Information
l A service channel can be bound with up to 8 IP addresses. The bound IP address must be
a unicast IP address.
l One port can be bound with either one IP address or eight consecutive IP addresses
according to the IP address mask at one time.
Procedure
Step 1 Run the bind ip command to bind an IP address.
Step 2 Run the display bind command to query the IP address binding information.
----End
Examples
To bind the IP address 10.1.1.245 of the service channel (VPI/VCI of 0/35) with ADSL port
0/11/0, do as follows:
To bind the IP address 10.10.10.1 of the service channel (GEM Port ID of 128) with GPON port
0/11/0, do as follows:
huawei(config)#bind ip gpon 0/11/0 gemport 128 10.10.10.1
huawei(config)#display bind gpon 0/11/0 gemport 128
{ <cr>|user-vlan<K>|user-8021p<K> }:
Command:
display bind gpon 0/11/0 gemport 128
-------------------------
No. IP address
-------------------------
0 10.10.10.1
1 -
2 -
3 -
4 -
5 -
6 -
7 -
-------------------------
To bind IP addresses 10.10.10.1/29 of the service channel (GEM Port ID of 128) with GPON
port 0/11/0 (the bound IP address segment is 0.10.10.0–10.10.10.7), do as follows:
huawei(config)#bind ip gpon 0/11/0 gemport 128 10.10.10.1 29
huawei(config)#display bind gpon 0/11/0 gemport 128
{ <cr>|user-vlan<K>|user-8021p<K> }:
Command:
display bind gpon 0/12/1 gemport 128
-------------------------
No. IP address
-------------------------
0 10.10.10.0
1 10.10.10.1
2 10.10.10.2
3 10.10.10.3
4 10.10.10.4
5 10.10.10.5
6 10.10.10.6
7 10.10.10.7
-------------------------
Related Operation
Table 22-3 lists the related operation for binding the IP address.
Background Information
The MA5600T does not support the configuration of binding a MAC address directly. By
configuring a static MAC address entry and setting the maximum address count to 0, you can
bind a port with a MAC address.
l The MA5600T supports up to 1K static MAC addresses. The number of MAC addresses
that can be bound with a service stream is not limited.
l The MA5600T supports up to 8K dynamic MAC addresses. Each service stream can be
bound with up to eight MAC addresses dynamically.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/11/0 is 1010-1010-1010, and the
maximum address count is 0. To bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
Assume that the static MAC address of GPON port 0/11/0 is 1010-1010-1010, and the maximum
address count is 0. To bind the port with the MAC address so that the port only allows the pass
of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static gpon 0/2/0 gemport 128 1010-1010-1010
huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 0
huawei(config)#display mac-address max-mac-count gpon 0/2/0 gemport 128
{ <cr>|user-vlan<K>|user-8021p<K> }:
Command:
display mac-address max-mac-count gpon 0/2/0 gemport 128
---------------------------------------------------------------------------
Type F /S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
---------------------------------------------------------------------------
gpon 0 /2 /0 128 - 10 - - 0
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port; VPI indicates GEM PortID for GPON
Background Information
l The anti MAC spoofing function is implemented through MAC address binding.
l Each service virtue port can be bound with up to eight different MAC addresses
dynamically.
l If a user has been online before the anti MAC spoofing function is enabled, the system does
not bind MAC address. Then the user is forced to log out, so the user must log in again.
l The user MAC address can be bound only when a user logs in after the anti MAC spoofing
function is enabled.
Procedure
Step 1 Run the security anti-macspoofing enable command to enable the anti MAC spoofing function.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable the anti MAC spoofing function, do as follows:
huawei(config)#security anti-macspoofing enable
huawei(config)#display security config
Anti-ipspoofing function : disable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
Related Operations
Table 22-4 lists the related operations for enabling the anti MAC spoofing function.
Table 22-4 Related operations for enabling the anti MAC spoofing function
Background Information
l The anti IP spoofing function is implemented through dynamic IP address binding.
l By default, the dynamic IP address binding function is disabled.
l The system only binds the IP address of the user who obtains the IP address through DHCP.
l If a user has been online before the anti IP spoofing function is enabled, the system does
not bind IP address. Then the user is forced to log out, so the user must log in again.
l The user IP address can be bound only when a user logs in after the anti IP spoofing function
is enabled.
Procedure
Step 1 Run the security anti-ipspoofing enable command to enable the anti IP spoofing function
globally.
Step 2 Run the display security config command to query the configuration status of the anti IP
spoofing function.
----End
Examples
To enable the anti IP spoofing function, do as follows:
huawei(config)#security anti-ipspoofing enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
Related Operations
Table 22-5 lists the related operations for enabling the anti MAC spoofing function.
Table 22-5 Related operations for enabling the anti MAC spoofing function
To… Run the Command…
This topic describes how to configure the system security on the MA5600T.
23.1 Overview
This topic describes the service description and service specification of system security.
23.2 Enabling the Anti DoS Attack
This topic describes how to enable the anti DoS attack function to prevent large amount of
packets sent by the access user from attacking the MA5600T.
23.3 Enabling the Anti IP Attack
This topic describes how to enable the anti IP attack function. This function prevents users from
maliciously sending IP packets to the IP address of the device to enhance the device security.
23.4 Enabling Anti ICMP Attack
This topic describes how to enable the anti ICMP attack function to prevent users from sending
malicious ICMP packets to the IP address of the device, thus protecting the device system.
23.5 Enabling the Source Route Filtering
This topic describes how to enable the function of source route filtering. This function filters
the IP packet containing the route option field.
23.6 Configuring the MAC Address Filtering
This topic describes how to configure the function of MAC address filtering to discard the
packets with the specified source MAC address.
23.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE Users
This topic describes how to set the time to detect exceptional disconnection of the PPPoE users.
23.8 Configuring the Black List
This topic describes how to configure a firewall black list, such as adding some IP addresses to
the firewall black list, so that the service packets from these IP addresses cannot pass the firewall.
23.9 Configuring the Firewall Function
This topic describes how to configure the firewall function to prohibit or allow the packets that
meet the criteria to pass the inband or outband management interface.
23.10 Configuring an Accessible Address Segment
This topic describes how to configure the accessible address segment for the firewall of a
specified protocol type.
23.11 Configuring the Inaccessible Address Segment
This topic describes how to add the inaccessible address segment for the firewall of the specified
protocol type.
23.1 Overview
This topic describes the service description and service specification of system security.
Service Description
The MA5600T supports system security setting to prevent attacks initiated on the network or
user side. This helps to guarantee user or equipment stability.
For details on the system security, refer to "System Security" in the MA5600T Feature
Description.
Service Specification
To ensure stable operation, the MA5600T supports the following security features:
l Anti DoS attack
l Anti IP attack
l Anti ICMP attack
l Source route filtering
l MAC address filtering
l IP/MAC address binding
l Firewall function
l SSH
Procedure
Step 1 Run the security anti-dos enable command to enable the anti DoS attack.
Step 2 Run the display security config command to query the status of anti DoS attack.
----End
Example
To enable the anti DoS attack, do as follows:
huawei(config)#security anti-dos enable
huawei(config)#display security config
Anti-ipspoofing function : disable
Anti-dos function : enable
Anti-macspoofing function : disable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
Related Operations
Table 23-1 lists the related operations for enabling the anti DoS attack.
Table 23-1 Related operations for enabling the anti DoS attack
Procedure
Step 1 Run the security anti-ipattack enable command to enable the anti IP attack function.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable the anti IP attack function, do as follows:
huawei(config)#security anti-ipattack enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : enable
Anti-icmpattack function : disable
Source-route filter function : disable
Related Operation
Table 23-2 lists the related operation for enabling the anti IP attack function.
Table 23-2 Related operation for enabling the anti IP attack function
Procedure
Step 1 Run the security anti-icmpattack enable command to enable the anti ICMP attack function.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable the anti ICMP attack function, do as follows:
huawei(config)#security anti-icmpattack enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : enable
Anti-icmpattack function : enable
Source-route filter function : disable
Related Operation
Table 23-3 lists the related operation for enabling the anti ICMP attack function.
Table 23-3 Related operation for enabling the anti ICMP attack function
Background Information
By default, the function of source route filtering is disabled.
Procedure
Step 1 Run the security source-route enable command to enable the function of source route filtering.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable the function of source route filtering, do as follows:
huawei(config)#security source-route enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : enable
Anti-icmpattack function : enable
Source-route filter function : enable
Related Operation
Table 23-4 lists the related operation for enabling the function of source route filtering.
Table 23-4 Related operation for enabling the function of source route filtering
To… Run the Command…
Background Information
The system supports up to four MAC addresses to be filtered.
Procedure
Step 1 Run the security mac-filter command to configure the MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End
Example
To filter the data packets with the source MAC address of 1000-0000-0000, do as follows:
Related Operation
Table 23-5 lists the related operation for configuring the MAC address filtering.
Table 23-5 Related operation for configuring the MAC address filtering
To… Run the Command…
Background Information
l For PPPoE users, the timeout time includes aging period and overall aging time.
– The system checks the online/offline status of a user every aging period. When the
offline period of a user exceeds the aging period but is less than the overall aging time,
the offline time of the user is accumulated.
– When the accumulated offline time exceeds the overall aging time, it is considered that
the user has been offline.
l By default, the PPPoE aging period is 90s, and the overall aging time is 360s.
Procedure
Step 1 Run the security timeout command to set the time to detect exceptional disconnection of the
PPPoE users.
Step 2 Run the display security config command and you can find the information about the time to
detect the exceptional disconnection of the PPPoE users.
----End
Examples
To set the timeout total time for PPPoE users to 1800s, do as follows:
huawei(config)#security pppoe timeout 1800
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : disable
Anti-macspoofing function : disable
Anti-ipattack function : disable
Prerequisite
The ACL applied to the firewall function exists.
Background Information
l The system supports up to 2000 items in a firewall black list.
l You can use the ACL rule when enabling the firewall black list function. In this case, the
priority level of the firewall black list is higher than that of the ACL rule. That is, the system
checks the firewall black list first, and then matches the ACL rule.
l The ACL rule used when the black list function is enabled can only be the advanced ACL
rule.
l The firewall black list function only takes effect to the service packets that are sent from
the user side.
Procedure
Step 1 Run the firewall blacklist item command to add a firewall black list item.
Step 2 Run the firewall blacklist enable command to enable the firewall black list item.
Step 3 Run the display firewall blacklist item command to show the configuration of the firewall black
list.
----End
Example
To add IP address 10.10.10.10 to a firewall black list with the aging time of 100 minutes, enable
the firewall black list function and apply ACL 3000, do as follows:
huawei(config)#firewall blacklist item 10.10.10.10 timeout 100
huawei(config)#firewall blacklist enable acl-number 3000
huawei(config)#display firewall blacklist item
{ <cr>|ip_addr<I><X.X.X.X> }:
Command:
display firewall blacklist item
Firewall blacklist items :
Current manual insert items : 1
Current automatic insert items : 0
Need aging items : 1
IP Reason AgeTime
---------------------------------------
Related Operations
Table 23-6 lists the related operations for configuring the firewall black list function.
Table 23-6 Related operations for configuring the firewall black list function
To… Run the Command…
Prerequisites
The ACL applied to the firewall function already exists.
NOTE
This topic takes the operation of enabling the outband firewall function as an example to describe how to enable
the firewall function.
Background Information
l Only one ACL can be configured respectively for the egress and ingress directions of the
inband or outband management interface.
l The ACL applied to the firewall function can be the basic ACL or the advanced ACL.
l The priority level of the ACL rule is superior to the default operation of firewall. That is,
the packets matching the ACL rule are handled based on the ACL rule, and those not
matching the rule are handled based on the default operation of firewall.
Configuration Flowchart
Figure 23-1 shows the flowchart for configuring the firewall function.
Start
End
Procedure
Step 1 Run the firewall enable command to enable the firewall function.
Step 2 Run the firewall default command to set the default operation of the firewall as deny.
Step 3 Run the interface meth 0 command to enter interface config mode.
Step 4 Run the firewall packet-filter command to apply ACL 2000 to the maintenance network port.
Step 5 Run the display firewall packet-filter statistics command and you can find the configuration.
----End
Example
To enable the firewall function, set the default operation of the firewall as deny, and apply ACL
2000 to the outband management interface to filter packets, do as follows:
huawei(config)#firewall enable
huawei(config)#firewall default deny
huawei(config)#interface meth 0
huawei(config-if-meth0)#firewall packet-filter 2000 inbound
huawei(config)#display firewall packet-filter statistics all
Interface: meth0
In-bound Policy: acl 2000
From 2008-02-16 10:00:26 to 2008-02-16 10:02:43
0 packets, 0 bytes, 0% permitted,
0 packets, 0 bytes, 0% denied,
0 packets, 0 bytes, 0% permitted default,
0 packets, 0 bytes, 0% denied default,
Totally 0 packets, 0 bytes, 0% permitted,
Totally 0 packets, 0 bytes, 0% denied.
Related Operation
Table 23-7 lists the related operation for configuring the firewall function.
Background Information
l The specified protocol types include: Telnet, SSH, and SNMP.
l Each firewall can be added with up to 10 address segments.
l When one address segment is added, the first address cannot be the same as the existed
one.
l When deleting one address segment, you can only input the first address of the address
segment.
Procedure
Step 1 Run the sysman ip-access command to add an accessible address segment.
Step 2 Run the display sysman ip-access telnet command to query the configuration of the accessible
address segment.
----End
Example
To add a legal address segment the refuse list of the telnet type, do as follows:
huawei (config)#sysman ip-access telnet 1.1.1.1 10.10.10.10
huawei(config)#display sysman ip-access telnet
IP-Access Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.1 10.10.10.10
--------------------------------------------
Related Operations
Table 23-8 lists the related operations for configuring an accessible address segment.
Background Information
l The protocol type that can be configured with the inaccessible address segment includes:
Telnet, SSH, SNMP.
l Each firewall is allowed to add ten address segments.
l When you add an address segment, the start address cannot be the same as an existing one.
l To delete an address segment, input the start address of the address segment.
Procedure
Step 1 Run the sysman ip-refuse command to configure the inaccessible address segment.
Step 2 Run the display sysman ip-refuse command to query configuration of the accessible address
segment.
----End
Example
To add a address segment to the telnet IP-refuse table, do as follows:
huawei(config)#sysman ip-refuse telnet 1.1.1.10 10.10.10.1
huawei(config)#display sysman ip-refuse telnet
IP-Refuse Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.10 10.10.10.1
--------------------------------------------
Related Operations
Table 23-9 lists the related operations for configuring the inaccessible address segment.
Table 23-9 Related operations for configuring the inaccessible address segment
This topic describes the P2P fiber access technology and the method of configuring the P2P fiber
access service on the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
24.1 Overview
This topic consists of the service description and specification of the fiber access service.
24.2 Configuration Example of Fiber Access Service-Single Port for Single Service
This topic provides an example for accessing the Internet through the fiber.
24.3 Configuration Example of Fiber Access Service-Single Port for Multi-service
This topic provides an example for configuring triple play (data, voice and video) through a
single port for multi-service.
24.4 Setting the Port Auto-negotiation Mode
This topic describes how to set the auto-negotiation mode of an Ethernet port.
24.5 Setting the Port Duplex Mode
This topic describes how to set the duplex mode of an Ethernet port.
24.6 Setting the Port Rate
This topic describes how to set the rate of an Ethernet port.
24.1 Overview
This topic consists of the service description and specification of the fiber access service.
Service Description
The MA5600T supports P2P network topology for fiber access to enable Ethernet access
convergence. In fiber access, the MA5600T provides 100 Mbit/s bandwidth for the users, which
is sufficient for the integrated video, voice and data applications.
For details on the fiber access, refer to "P2P FE Optical Access" in the MA5600T
Commissioning Guide.
Service Specification
The MA5600T supports fiber access through the high-density FE optical access board (OPFA).
The OPFA board provides 16 FE optical ports for single-fiber bi-directional transmission of
Ethernet frames.
Networking
Figure 24-1 shows an example network for the fiber access-single port for single service.
In this example network, the PC connects to a service port on the OPFA board of the
MA5600T through an optical access modem. The P2P fiber access service-single port for single
service is realized in this way. The user data packets are transmitted to the MA5600T through
the modem, and then to the upper layer network through the upstream port on the control board.
Figure 24-1 Example network for the fiber access service-single port for single service
Router
10.1.1.1/24
O CON
GE 0/19/0
ETH
P ESC
F
A
SCU MA5600T
Modem
PC
Data Plan
Table 24-1 provides the data plan for configuring the fiber access service-single port for single
service.
Table 24-1 Data plan for configuring the fiber access service-single port for single service
Item Data Remarks
Configuration Flowchart
Figure 24-2 shows the flowchart for configuring the fiber access service-single port for single
service.
Figure 24-2 Flowchart for configuring the fiber access service-single port for single service
Start
End
Procedure
Step 1 Create a VLAN and add an upstream port to it.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/9 0
Step 3 Add a service port to the VLAN and use traffic profile 8 for the port.
huawei(config)#service-port vlan 10 eth 0/11/0 rx-cttr 8 tx-cttr 8
----End
Result
After the configuration, the fiber access user can access the Internet.
Networking
Figure 24-3 shows an example network for the fiber access service-single port for multi-service.
In this example network, the PC, Ephone and TV connect to a service port on the OPFA board
of the MA5600T through an optical access modem. The fiber access service-single port for multi-
service is realized in this way. The user data packets are transmitted to MA5600T through the
modem, and then to the upper layer network through the upstream port on the control board.
NOTE
User 1 (LAN switch 1) and user 2 (LAN switch 2) adopt the triple play network.
Figure 24-3 Example network for the fiber access service-single port for multi-service
OSS&Radius
Multicast server
source
NMS
GW
IPTV DHCP server
F F
A A
SCU MA5600T
Modem Modem
STB
STB
Ephone Ephone PC
PC TV TV
Data Plan
Table 24-2 provides the data plan for configuring the fiber access service-single port for multi-
service.
Table 24-2 Data plan for configuring the fiber access service-single port for multi-service
Item Data
Program library For program BTV-1, the multicast address is 224.1.1.1, and
the program source IP address is 10.10.10.10.
NOTE
Configuration Flowchart
Figure 24-4 shows the flowchart for configuring the fiber access service-single port for multi-
service.
Figure 24-4 Flowchart for configuring the fiber access service-single port for multi-service
Start
Configure the VLAN and its Configure the VLAN and its Configure the VLAN and its
upstream port upstream port upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
End
Procedure
Step 1 Configure the Internet service.
1. Create the VLAN and add the upstream port to it.
huawei(config)#vlan 102 smart
huawei(config)#port vlan 102 0/9 0
3. Add the service port to the VLAN, and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 102 eth 0/11/0 multi-service user-vlan 2 rx-
cttr 7 tx-cttr 7
huawei(config)#service-port vlan 102 eth 0/12/0 multi-service user-vlan 2 rx-
cttr 7 tx-cttr 7
3. Add the service port to the VLAN, and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 103 eth 0/11/0 multi-service user-vlan 3 rx-
cttr 8 tx-cttr 8
huawei(config)#service-port vlan 103 eth 0/12/0 multi-service user-vlan 3 rx-
cttr 8 tx-cttr 8
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC does not take effect.
Add the service port to the VLAN, and use the traffic profile 9.
huawei(config)#multicast-vlan 104
huawei(config-mvlan104)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
huawei(config-mvlan4)#igmp uplink-port 0/9/0
huawei(config-mvlan4)#quit
huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode default
Are you sure to change the uplink port mode?(y/n)[n]:y
huawei(config-mvlan104)#quit
huawei(config)#btv
huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1 watch
huawei(config-btv)#multicast-vlan 104
huawei(config-mvlan104)#igmp multicast-vlan member port 0/11/0
huawei(config-mvlan104)#igmp multicast-vlan member port 0/12/0
huawei(config-mvlan104)#quit
----End
Result
After the configuration of the corresponding upstream/downstream devices, the following three
services run in the normal state:
l The Internet user can access the Internet in PPPoE dial mode.
l The VoIP user can make a call.
l The IPTV user connected to port 0/11/0 can watch all programs, and the user connected to
0/12/0 can watch BTV-1 only.
Background Information
By default, the auto-neg switch is disabled.
Procedure
Step 1 Run the interface opf command to enter OPF mode.
Step 2 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port.
Step 3 Run the display port state command to query the configuration of the Ethernet port.
----End
Example
To disable the auto-negotiation mode of Ethernet port 0/11/0 on the OPFA board, do as follows:
huawei(config)#interface opf 0/11
huawei(config-if-opf-0/11)#auto-neg 0 enable
huawei(config-if-opf-0/11)#display port state 0
Optics module status is absence
The port is active
Ethernet port is offline
Ethernet port duplex is auto-negotiation
Ethernet port rate is auto-negotiation
Background Information
l The duplex of the Ethernet port on the OPFA board supports full duplex and auto-
negotiation. However even if the port duplex mode is set to auto-negotiation, the Ethernet
port on the OPFA board is also auto-negotiated to full duplex mode.
l When setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet
port must be the same as that of the interconnected port on the peer device.
l To change the duplex mode of a port, you need to run the auto-neg command to disable
the auto-negotiation mode of the port first.
l By default, the FE optical port is in full duplex mode.
Procedure
Step 1 Run the interface opf command to enter OPF mode.
----End
Example
To change the auto-negotiation mode of Ethernet port 0/11/0 to full duplex, do as follows:
huawei(config)#interface opf 0/11
huawei(config-if-opf-0/11)#auto-neg 0 disable
huawei(config-if-opf-0/11)#duplex 0 full
huawei(config-if-opf-0/11)#display port state 0
Optics module status is absence
The port is active
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 100M
Background Information
l When a port is in auto-negotiation state, you must run the auto-neg command to disable
the auto-negotiation mode before you set the port rate.
l The required rate of the Ethernet port on the OPFA board must be 100 Mbit/s. You can run
the speed command to set the rate to 100 Mbit/s directly, or set it to 100 Mbit/s by auto-
negotiation.
l By default, the rate of an Ethernet rate is 100 Mbit/s.
Procedure
Step 1 Run the interface opf command to enter OPF mode.
Step 2 Run the auto-neg command to disable the auto-negotiation mode.
Step 3 Run the speed command to set the rate of the Ethernet port.
Step 4 Run the display port state command to query the configuration of the Ethernet port.
----End
Example
To set the rate of Ethernet port 0/11/0 to 100 Mbit/s, do as follows:
huawei(config)#interface opf 0/11
huawei(config-if-opf-0/11)#auto-neg 0 disable
huawei(config-if-opf-0/11)#speed 0 100
huawei(config-if-opf-0/11)#display port state 0
Optics module status is absence
The port is active
Ethernet port is offline
This topic describes the GPON technology and the method of configuring the GPON service on
the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
25.1 Overview
This topic describes the GPON service and its specification.
25.2 Configuration Example of the GPON Service
This topic provides an example for configuring the MA5600T to provide users with high-speed
Internet services when the MA5600T connects to the remote ONTs through the GPON ports.
25.3 Adding a DBA Profile
This topic describes how to add a DBA profile. The DBA profile describes the traffic parameters
of the T-CONT. You can control the traffic of a T-CONT by binding the T-CONT with a
specified DBA profile.
25.4 Binding a DBA Profile
This topic describes how to bind a DBA profile with one or more T-CONTs. After this operation
is executed successfully, the system controls the traffic of the T-CONT according to the
parameters of the DBA profile.
25.5 Adding an Alarm Profile
This topic describes how to add an alarm profile which contains majority of performance
parameters of the ONT line. After an alarm profile is added and bound with an ONT, it can be
directly referenced to activate the ONT.
25.6 Adding a GEM Port
This topic describes how to add a GEM port. The GEM port is contained in a T-CONT and is
used to carry service streams.
25.7 Configuring a GPON Port
This topic describes how to configure a GPON port.
25.8 Configuring a GPON ONT
This topic describes how to configure a GPON ONT.
25.1 Overview
This topic describes the GPON service and its specification.
Service Description
GPON is an access technology used to provide flexible broadband and narrowband access
services.
The GPON technology supports the following:
l Broadband access with ultra-high-bandwidth
l Multiple rate modes
l Multiple services, such as voice, data, and video services over a single fiber
For details on the GPON access, refer to "GPON Access" in the MA5600T Feature
Description.
Service Specification
The MA5600T provides the GPON service through the GPBC board. Each GPBC board can
provide four GPON ports. Each port supports a 1:64 split ratio. Therefore, a GPBC board can
support up to 256 ONTs.
Prerequisites
l The network devices and the lines must be in the normal state.
l The VLAN of the interface of the upper layer device must be consistent with the VLAN
configured on the upstream port of the MA5600T.
Background Information
There are multiple application scenarios for the GPON service, such as Fiber To The Home
(FTTH), Fiber To The Building (FTTB), and Fiber to the Curb (FTTC). The basic configuration
procedures for these application scenarios are the same and only the configuration data varies.
In this topic, the basic configuration of the Internet service in the FTTH scenario is considered
as an example. Table 25-1 lists the configurations of the GPON service in different application
scenarios.
FTTH The ONT is installed in the l In the triple play service application,
users' home to provide the configure different T-CONTs and GEM
Ethernet port and the phone ports for the three kinds of services to
port so that users can access isolate their traffic. Besides, configure
multiple services. user-side VLANs to differentiate
services.
l Whether the terminals, such as a PC and
an STB connected to the ONT support
VLAN tags determines the following:
– Whether to keep the port VLAN and
native VLAN consistent
– Whether to add VLAN tags to the
data packets received by the ONT
– Whether to remove VLAN tags from
the data packets sent by the ONT
FTTB The ONT is installed in the l To configure Internet services for home
corridor. It can be connected users, configure different VLANs for
to an L2 switch to provide each port of the ONT if the ONT
more Ethernet ports, thus connects to multiple users, the users
providing the access service cannot communicate with each other,
for more users. and each user is authenticated
independently. It is recommended to
configure different T-CONTs and GEM
ports for different users to isolate their
traffic.
l In the small office and home office
(SOHO) network, the L2 switch is
connected to the ONT. In this case, it is
recommended to configure different T-
CONTs and GEM ports for the services
of each port of the ONT.
l When the L2 switch is connected to the
ONT, the data received on a port of the
ONT carry VLAN tags. In this case, no
native VLAN needs to be configured
for the ONT port. However, the user-
side VLAN must be consistent with the
VLAN tag of the data.
FTTC The ONT and a mini DSLAM Configure the service ports on the
device or a mini DSLAM MA5600T according to the upstream
device with the GPON VLAN of the mini DSLAM device.
upstream transmission Because the traffic volume in each service
function are installed in the port is high, it is recommended to
street cabinet to provide the configure a unique T-CONT and a unique
access service for more users. GEM port for each service port.
Networking
Figure 25-1 shows an example network for configuring the GPON service.
In the networking, the PC connects to the FE port of the ONT, the user data frames are added
with the VLAN tag (user-side VLAN) on the FE port of the ONT, and the user data is transmitted
to different service channels based on the user-side VLAN. The MA5600T switches the user-
side VLAN tag to the upstream VLAN tag, and transmits the data out over the upstream port.
Router
MA5600T SCU
G CON GE 0/19/0
ETH
P
ESC
B
C
Optical
splitter
Level-1 split ratio 1:2
ONT
Level-2 split ratio
1:32
PC
Configuration Flowchart
Figure 25-2 shows the flowchart for configuring the GPON service.
Create a VLAN
No
Is there an appropriate Add an ONT
ONT profile?
Add an ONT profile
Yes Bind the alarm profile
End
Data Plan
Table 25-2 provides the data plan for configuring the GPON service.
Item Data
Index: 5 (default)
CIR: 2 Mbit/s
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 100 smart
NOTE
l To add an ONT, you can run the ont add command to add it offline, or run the ont confirm command to
confirm an automatically found ONT.
l Run the port ont-auto-find command in GPON mode to enable the function of automatically finding an
ONT.
huawei(config)#interface gpon 0/2
huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101010 password-auth huawei profile-
id 2
NOTE
In this example, the ONT uses the default capability set profile (profile 2). You can run the ont-profile add
command to configure an ONT capability set profile on demand.
If the ONT does not support the priority queue scheduling, you can adopt the CAR mode for rate limitation
when configuring the binding between a GEM port and an ONT T-CONT.
huawei(config-if-gpon-0/2)#ont gemport bind 1 0 150 1 priority-queue 3
----End
Result
After the configuration, the MA5600T can transmit user data at L2 and the user can access the
Internet.
Background Information
l The MA5600T supports up to 512 DBA profiles.
l DBA profiles 1–9 are the default DBA profiles that are configured with typical traffic
parameters. The default DBA profiles can be queried and modified, but they cannot be
added or deleted.
l When you add a DBA profile, the system adjusts the bandwidth value that you enter
downwards to a multiple of 64.
l The traffic value configured in the DBA profile is the traffic volume of GEM frames after
data encapsulation. The actual traffic value of data packets is less than the value configured
in the DBA profile.
Procedure
Step 1 Run the DBA-profile add command to add a DBA profile.
Step 2 Run the display DBA-profile command to query the information on the DBA profile.
----End
Example
To add a DBA profile with the ID of 30 and the fixed bandwidth of 100 Mbit/s, do as follows:
huawei(config)#DBA-profile add profile-id 30 type1 fix 102400
{ <cr>|bandwidth_compensate<K> }:
Command:
DBA-profile add profile-id 30 type1 fix 102400
Related Operations
Table 25-3 lists the related operations for adding a DBA profile.
Delete a DBA profile DBA-profile delete l Only the DBA profile that is
not referenced can be
deleted.
l The default DBA profile
cannot be deleted.
Background Information
l You can bind a DBA profile with one or more T-CONTs only after an ONT is added.
l By default, T-CONT 0 of the ONT is reserved for the Optical Network Termination
Management and Control Interface (OMCI), and it is bound with DBA profile 1. For the
OMCI T-CONT, the recommendations are as follows:
– It is recommended not to modify the DBA profile bound with the T-CONT. To modify
it if necessary, make sure that the fixed bandwidth for the new profile is equal to or
larger than 5 Mbit/s.
– It is recommended not to bind any the GEM port with the T-CONT, that is, not to bear
no service on the T-CONT.
Procedure
Step 1 Run the tcont bind-profile command to bind a T-CONT with a profile.
Step 2 Run the display ont info command to query the information on the ONT.
----End
Example
To bind DBA profile 12 with T-CONT 7 on ONT 0 under port 0/3/0, do as follows:
huawei(config-if-gpon-0/3)#tcont bind-profile 0 0 7 profile-id 12
huawei(config-if-gpon-0/3)#display ont info 0 0
------------------------------------------------------------------------------
F/S/P : 0/3/0
ONT-ID : 0
Control flag : active
Run state : down
Config state : initial
Match state : Initial
DBA type : NSR
Loop mode : disable
ONT RTD(us) : -
Ont Profile ID : 1
Authentic type : SN-auth
SN : hwhw-10101010
Description : ONT_NO_DESCRIPTION
------------------------------------------------------------------------------
----------------------------------------------
T-CONT-ID T-CONT profile Alloc-ID
----------------------------------------------
0 1 0
1 1 256
7 12 1792
----------------------------------------------
Related Operation
Table 25-4 lists the related operation for binding a DBA profile.
Background Information
The ONT alarm profile consists of a series of alarm threshold parameters. It is used to monitor
the performance statistics of the ONT line. When a statistic reaches the related alarm threshold,
the host is notified of this information, and then the host reports an alarm to the log host and the
NMS.
l The MA5600T supports up to 50 alarm profiles.
l There is a default alarm profile (profile 1) in the system. It cannot be deleted but can be
modified.
Procedure
Step 1 Run the gpon alarm-profile add command to add an alarm profile.
Step 2 Run the display gpon alarm-profile command to query the information on the alarm profile.
----End
Example
To add alarm profile 2, do as follows:
huawei(config)#gpon alarm-profile add profile-id 2
{ <cr>|profile-name<K> }:
Command:
gpon alarm-profile add profile-id 2
> GEM port loss of packets threshold (0~100)[0]: 20
> GEM port misinserted packets threshold (0~100)[0]: 30
> GEM port impaired blocks threshold (0~100)0[0]: 40
Related Operations
Table 25-5 lists the related operations for adding an alarm profile.
Delete an alarm profile gpon alarm-profile delete The alarm profile bound with
an ONT cannot be deleted.
Modify an alarm profile gpon alarm-profile modify The alarm profile bound with
an ONT cannot be modified.
Background Information
l To add a GEM port, you must select the correct attribute based on the service type. For
example, when the GEM port is used to carry the TDM service, the attribute must be TDM.
l The ONT can bear services only after the mapping between GEM ports and T-CONTs, and
the mapping between GEM ports and service streams are configured on the ONT.
l The system supports up to 16K GEM ports, with up to 8K GEM ports for each board and
with up to 3872 GEM ports for each PON port.
l The system supports up to 16K service streams, with up to 8K service streams for each
board and with up to eight service streams for each GEM port.
l Each smart VLAN supports up to 256 service streams.
Procedure
Step 1 Run the interface gpon command to enter GPON mode.
Step 2 Run the gemport add command to add a GEM port.
Step 3 Run the display gemport command to query the information on the GEM port.
----End
Example
To add GEM port 140 to port 0/2/1, with service type eth and downstream encryption switch
on, do as follows:
Related Operations
Table 25-6 lists the related operations for adding a GEM port.
Delete a GEM port gemport delete The GEM ports that are bound with
service ports cannot be deleted.
Modify a GEM port gemport modify For a bound GEM port, the
encryption attribute can be modified,
but the GEM port type cannot be
modified.
Background Information
l By default, the FEC function on a PON port is disabled.
l FEC involves adding redundant data to normal packets to grant error tolerance to the line.
FEC, however, uses a lot of bandwidth resources.
l When multiple ONTs are online, enabling the FEC function on a PON port may cause
certain ONTs to go offline. Therefore, it is not recommended to enable the FEC function
on a PON port when some ONTs are online.
Procedure
Step 1 Run the port portid fec command to enable or disable the FEC function on a PON port.
Step 2 Run the display port info command to query the configuration of the port.
----End
Example
To enable the FEC function on PON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 fec enable
The command for port configuration is executed successfully, PORT = 0
Thuawei(config-if-gpon-0/2)#display port info 0
----------------------------------------
F/S/P 0/2/0
Min distance(km) 15
Max distance(km) 20
Left bandwidth(kb) 1223040
Number of T-CONTs 3
Autofind Enable
FEC check Enable
Laser switch Off
ONT secret key interval(h) Disable
----------------------------------------
Background Information
By default, the laser on a PON port of the MA5600T is enabled.
NOTE
Before disabling the laser, ensure that the PON port bears no service.
Procedure
Step 1 Run the port portid laser-switch command to enable or disable the laser on a PON port.
Step 2 Run the display port info command to query the configuration of the port.
----End
Example
To disable the laser on PON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 laser-switch off
huawei(config-if-gpon-0/2)#display port info 0
----------------------------------------
F/S/P 0/2/0
Min distance(km) 15
Max distance(km) 20
Left bandwidth(kb) 1223040
Number of T-CONTs 3
Autofind Enable
FEC check Disable
Laser switch Off
Background Information
A GPON port supports up to 64 ONTs.
Procedure
Step 1 Run the ont add command to add a GPON ONT.
Step 2 Run the display ont info command to query the information on the GPON ONT.
----End
Example
Assume the following:
l The SN of ONT 2: hwhw-66666666
l Authentication mode: password-auth
l Password: huawei
Related Operations
Table 25-7 lists the related operations for adding a GPON ONT.
Delete a GPON ONT ont delete l An ONT can be deleted only when it
has no service channel bound with a
T-CONT.
l If an ONT is deleted, the
configuration of the physical ports on
the ONT is also deleted.
Background Information
l By default, an ONT is in the activated state after it is added.
l When an ONT is deactivated, the service of the ONT is interrupted. To resume the service
of the ONT, activate the ONT.
l If the control flag of an ONT is active, or if the ONT is in the fault state, the activation
command fails to be delivered to activate the ONT.
l If a board is prohibited or is being configured, the activation command fails to be delivered
to activate an ONT connected to the board.
l If the board fails, it is configured offline.
Procedure
Step 1 Run the ont activate command to activate an ONT.
Step 2 Run the display ont info command to query the information on the ONT.
----End
Example
To activate ONT 0 under port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#ont activate 0 0
huawei(config-if-gpon-0/2)#display ont info 0 all
----------------------------------------------------------------------------
F/S/P ONT-ID SN Control Run Config Match DBA
Flag State State State Type
----------------------------------------------------------------------------
0/2/0 0 hwhw-00140000 active down initial Initial NSR
0/2/0 2 hwhw-66666666 active down initial Initial NSR
------------------------------------------------------------------------------
In port 0, the total of ONTs are: 2
Related Operation
Table 25-8 lists the related operation for activating a GPON ONT.
Background Information
By default, the ONT auto-find function of a GPON port is disabled.
Procedure
Step 1 Run the port ont-auto-find command to configure the ONT auto-find function of a GPON port.
Step 2 Run the display port info command to query the information on the ONT.
----End
Example
To enable the ONT auto-find function of GPON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 ont-auto-find enable
huawei(config-if-gpon-0/2)#display port info 0
----------------------------------------
F/S/P 0/2/0
Min distance(km) 0
Max distance(km) 20
Left bandwidth(kb) 1233408
Number of T-CONTs 1
Autofind Enable
FEC check Disable
Laser switch On
ONT secret key interval(h) Disable
----------------------------------------
Related Operations
Table 25-9 lists the related operations for enabling the ONT auto-find function of a GPON port.
Table 25-9 Related operations for enabling the ONT auto-find function of a GPON port
Set the aging time of ont autofind timeout Run the command in
the ONT auto-find global config mode.
function
Set the interval for ont autofind distance-time Run the command in
automatically finding global config mode.
an ONT
Background Information
l By default, the aging time of the ONT auto-find function is 300 seconds.
l The aging time helps to prevent the ONT registration failure due to the full registration
buffer.
Procedure
Step 1 Run the ont autofind timeout command to set the aging time of the ONT auto-find function.
Step 2 Run the display ont autofind time command to query the aging time of the ONT auto-find
function.
----End
Example
To set the aging time of the ONT auto-find function to 150s, do as follows:
huawei(config)#ont autofind timeout 150
huawei(config)#display ont autofind time
Ageing time of the automatically found ONTs: 150
The value of auto-find interval: 5
Related Operations
Table 25-10 lists the related operations for setting the aging time of the ONT auto-find function.
Table 25-10 Related operations for setting the aging time of the ONT auto-find function
Set an interval for ont autofind distance-time Run the command in global
automatically finding config mode.
an ONT
Query the information display ont autofind all Run the command in global
on the ONTs config mode.
automatically found
by all ports
Query the information display ont autofind portid Run the command in GPON
on the ONTs mode.
automatically found
by a specified port
Background Information
l When the ONT auto-find function is enabled on a port, and if a new ONT gets online, the
system reports a message to the user to confirm the new ONT.
l An automatically found ONT is in the auto_find state and can work in the normal state only
after it is confirmed.
l You can confirm one or more ONTs that are automatically found under a port at a time.
Procedure
Run the ont confirm command to confirm the automatically found ONTs.
----End
Example
To confirm all ONTs that are automatically found under port 0/2/0 and bind capability profile
1 with them, do as follows:
huawei(config-if-gpon-0/2)#ont confirm 0 all profile-id 1
Related Operations
Table 25-11 lists the related operations for confirming an automatically found ONT.
Query the information display ont autofind all Run the command in global
on the ONTs config mode.
automatically found
by all ports
Query the information display ont autofind portid Run the command in GPON
on the ONTs mode.
automatically found
by a specified port
Clear the information ont cancel portid l Run the command in GPON
on the auto-found mode.
ONTs l You can clear the information
about the auto-found ONTs
that are not confirmed. The
information does not exist
after it is cleared. If the ONT
gets online next time, the
system saves its information
for the user to confirm it.
Background Information
l By default, the minimum logical reach is 0 km, and the maximum logical reach is 60 km.
l The maximum logical reach must be larger than the minimum logical reach. The maximum
differential fiber distance between the farthest and the nearest ONTs is 20 km.
l The configuration granularity is 1 km.
Procedure
Step 1 Run the port range command to set the minimum and maximum logical reach.
Step 2 Run the display port info command to query the information on the port.
----End
Example
To set the minimum and maximum logical reach of the ONT under port 0/2/0 to 10 km and 15
km respectively, do as follows:
huawei(config-if-gpon-0/2)#port 0 range min-distance 10 max-distance 15
This command will result in the ONT's re-register in the port.
Are you sure to execute this command? (y/n)[n]:y
huawei(config-if-gpon-0/2)#display port info 0
----------------------------------------
F/S/P 0/2/0
Min distance(km) 10
Max distance(km) 15
Left bandwidth(kb) 1240576
Number of T-CONTs 0
Autofind Disable
FEC check Disable
Laser switch On
ONT secret key interval(h) Disable
----------------------------------------
This topic describes the mechanism of upstream link protection and the method of configuring
the upstream link protection on the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
26.1 Overview
This topic describes the service protection mechanism of the uplink on the MA5600T to enhance
the reliability of the service transmission.
26.2 Configuration Example of the Upstream Link Protection
This topic provides an example for configuring the upstream link protection to improve the
service transmission reliability.
26.3 Configuring a Protection Group
This topic describes how to configure a protection group. When the protection group is
configured, if the services are interrupted due to the physical disconnection to the upper layer
device, the MA5600T automatically uses the standby line to transmit the user data.
26.1 Overview
This topic describes the service protection mechanism of the uplink on the MA5600T to enhance
the reliability of the service transmission.
Service Description
l The broadband access service of Internet becomes more and more popular, and users
demand for both high performance and stable network access. As a result, carriers prefer
the broadband access equipment that runs stably and has better automatic protection and
self-healing capability.
l The MA5600T adopts the active/standby mechanism to ensure the normal operation of the
service. In addition, it is designed with the service protection mechanism of the upstream
port. When the MA5600T is disconnected with the upper layer device physically, the
MA5600T uses the standby line to transmit the user services so that the services can recover
quickly.
Service Specification
The MA5600T provides two detection modes of the active/standby switchover to achieve the
service protection of the upstream port.
l Port status detection mode: It means the two ports of a protection group, or the Tx ports of
the two boards are enabled. The port status determines whether to implement switchover.
l Delay detection mode: It means only one Tx port in a protection group is enabled, and the
other one is disabled. If the status of the enabled Tx port is DOWN, disable the port. Then,
enable the other Tx port. If the status of the other Tx port is UP, then switchover is
performed. Otherwise, detection proceeds.
Background Information
Two upstream ports can be in the same upstream board or in different upstream boards, but must
be of the same port type.
Networking
Figure 26-1 shows an example network for configuring the upstream link protection.
Configure the two upstream ports on the MA5600T as a protection group. In general, services
are transmitted on the active line. When the active line is faulty, the MA5600T automatically
switches the services to the standby line.
Figure 26-1 Example network for configuring the upstream link protection
Router
MA5600T
GE0/19/0
G CON
ETH
P ESC GE0/19/1
B
C
SCU GIU
Optical splitter
ONT
PC
Configuration Flowchart
Figure 26-2 shows the flowchart for configuring the upstream link protection.
Start
Create a VLAN
End
Data Plan
Table 26-1 provides the data plan for configuring the upstream link protection.
Table 26-1 Data plan for configuring the upstream link protection
Item Data
VLAN ID 10
Procedure
Step 1 Aggregate the upstream ports.
huawei(config)#link-aggregation 0/9 0 0/19 1 egress-ingress workmode lacp-static
----End
Result
After the configuration, the user can access the Internet.
When the upstream link of upstream port 0/9/0 fails, the system automatically transfers the
service to the upstream link of upstream port 0/9/1. In this case, the user can still access the
Internet.
Background Information
l The two upstream ports in a protection group can be in the same upstream board or in
different upstream boards, but must be of the same port type.
l The two ports in the protection group must be the only two ports in the same aggregation
group.
NOTE
If the IGMP upstream port configurations exist for a protection group, make sure that the configurations are
consistent for the two ports in the protection group.
Procedure
Step 1 Run the protect-group command to configure a protection group.
Step 2 Run the display protect-group command to query the protection group.
----End
Example
To configure a protection group that consists of ports 0/9/0 and 0/9/1, do as follows:
huawei(config-protect)#protect-group first 0/9/0 second 0/9/1 eth workmode
timedelay enable
huawei(config-protect)#display protect-group
---------------------------------------------------------------------------
NO. FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode
---------------------------------------------------------------------------
0 0/9/0 0/9/1 Enable First ETH TimeDelay
---------------------------------------------------------------------------
Total : 1
Related Operations
Table 26-2 lists the related operations for configuring the protection group.
This topic describes the Ethernet technology and how to subtend the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
27.1 Overview
The MA5600T supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This topic describes the application of the MA5600T in a
subtending network.
27.2 Configuration Example of a Subtended Network Through the ETHA Board
This examples shows how to subtend two MA5600T devices through the Ethernet port on the
ETH board.
27.3 Configuring the Physical Attributes of an Ethernet Port
27.4 Enabling the Flow Control on an Ethernet Port
This topic describes how to enable the flow control on an Ethernet port.
27.5 Enabling the Traffic Suppression
This topic describes how to enable the traffic suppression on a port to guarantee the stable
network services.
27.6 Enabling the Ethernet Port Aggregation
This topic describes how to enable Ethernet port aggregation.
27.7 Mirroring an Ethernet Port
This topic describes how to enable the mirroring function of an Ethernet port. This helps analyze
the cause of a faulty port.
27.8 Adding an Ethernet Port to a VLAN
27.1 Overview
The MA5600T supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This topic describes the application of the MA5600T in a
subtending network.
Service Description
The MA5600T supports subtended through the Ethernet port. Multiple DSLAMs at different
tiers can be subtended through the GE/FE port to extend the network coverage and meet the
requirements for a large capacity.
For details on the subtended network, refer to "Subtended Network Configuration" in the
MA5600T Feature Description.
Service Specification
The MA5600T provides Ethernet ports through the SCU, GIU, ETH and OPFA boards. Where:
l The Ethernet ports provided by the SCU or the GIU board are used for upstream service
transmission and subtended network configuration.
l The ETH board functions as an extension of the SCU board to provide Ethernet ports for
upstream service transmission and subtended network configuration.
l The Ethernet ports provided by the OPFA board are used for P2P Ethernet optical service
access.
Networking
Figure 27-1 shows an example network for configuring a subtended network through the ETH
board.
MA5600T_B is subtended to MA5600T_A through port 0/6/0, and MA5600T_A transmits the
services of MA5600T_B to the upper layer network through port 0/9/0.
Figure 27-1 Example network for configuring a subtended network through the ETH board
Router
E CON GE 0/19/0
ETH
T ESC
H
A
SCU MA5600T_A
G CON
ETH GE 0/19/0
P ESC
B
C
SCU MA5600T_B
Optical splitter
ONT
PC
Prerequisites
l The network devices and the lines must be in the normal state.
l All boards of the MA5600T must be in the normal state.
l Ethernet port 0/6/0 on MA5600T_A and Ethernet port 0/9/0 on MA5600T_B are of the
same type, and the port rate and duplex mode is auto negotiation.
l The access user configuration on MA5600T_B is complete and it is not repeated here.
Configuration Flowchart
Figure 27-2 shows the flowchart for configuring a subtended network through the ETH board
Figure 27-2 Flowchart for configuring a subtended network through the ETH board
Start
End
NOTE
The mentioned configuration is performed on MA5600T_A. No subtending port is needed to be configured
on MA5600T_B. For other configurations, they are the same on MA5600T_A and MA5600T_B. For
configurations on MA5600T_B, see "Procedure" in "25.2 Configuration Example of the GPON
Service."
Procedure
Step 1 Create a smart VLAN.
huawei(config)#vlan 10 smart
----End
Result
After the configuration, the subtended devices can be configured with services and users
connected to MA5600T_B can access the Internet.
Background Information
l By default, the auto-negotiation switch of the Ethernet electric port is enabled.
l By default, the auto-negotiation switch of the Ethernet optical port is disabled.
Procedure
Step 1 Run the interface scu command to enter SCU mode.
Step 2 Run the interface giu command to enter SCU mode.
Step 3 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port.
Step 4 Run the display port state command to query the configuration of the Ethernet port.
----End
Example
To disable the auto-negotiation mode of Ethernet port 0/9/1 on the SCU board, do as follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#auto-neg 1 disable
Background Information
l The duplex of an Ethernet port can be full duplex, half duplex, or auto-negotiation. When
setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet port
must be the same as that of the interconnected port on the peer device. This prevents
communication failure.
l When a port is in auto-negotiation mode, to change its duplex mode to full duplex, disable
the auto-negotiation mode of the port first.
l By default:
– The FE electrical port is in auto-negotiation mode.
– The FE optical port is in full duplex mode.
Procedure
Step 1 Run the interface giu command to enter SCU mode.
Step 3 Run the auto-neg command to disable the auto negotiation mode of an Ethernet port.
Step 4 Run the duplex command to set the duplex mode of the Ethernet port.
Step 5 Run the display port state command to query the duplex mode of the port.
----End
Example
To change the auto-negotiation mode of Ethernet port 0/9/1 to full duplex, do as follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#auto-neg 1 disable
huawei(config-if-scu-0/9)#duplex 1 full
huawei(config-if-scu-0/9)#display port state 1
The port is active
Native VLAN ID is 1
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 1000M
Ethernet port does not support flow control
Ethernet port does not support jumbo frame
Line-adaptive function of the ethernet port is auto-negotiation
Ethernet port network-role is uplink
Background Information
When setting the rate of an Ethernet port, make sure that the rate of the Ethernet port must be
the same as that of the interconnected port on the peer device. This prevents communication
failure.
By default:
Procedure
Step 1 Run the interface giu command to enter SCU mode.
Step 3 Run the auto-neg command to set the rate of an Ethernet port.
Step 4 Run the speed command to query the configured rate of the Ethernet port.
----End
Example
To set the rate of a GE electrical port to 100 Mbit/s, do as follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#auto-neg 1 disable
huawei(config-if-scu-0/9)#speed 1 100
huawei(config-if-scu-0/9)#display port state 1
The port is active
Native VLAN ID is 1
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 100M
Ethernet port does not support flow control
Ethernet port does not support jumbo frame
Line-adaptive function of the ethernet port is auto-negotiation
Ethernet port network-role is uplink
Line-adaptive function of the ethernet port is auto-negotiation
Background Information
l The Ethernet electrical port uses a straight-through cable or a crossover cable. To set the
type of the network cable of the Ethernet port, run the mdi command.
Procedure
Step 1 Run the interface giu command to enter SCU mode.
Step 3 Run the mdi command to set the network cable type of an Ethernet port.
Step 4 Run the display port state command to query the configured network cable type.
----End
Example
To set the network cable type of Ethernet electrical port 0/9/1 as straight-through cable, do as
follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#mdi 1 normal
huawei(config-if-scu-0/9)#display port state 1
The port is active
Native VLAN ID is 1
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 100M
Ethernet port does not support flow control
Ethernet port does not support jumbo frame
Line-adaptive function of the ethernet port is normal
Ethernet port network-role is uplink
Line-adaptive function of the ethernet port is normal
Background Information
l When the traffic exceeds a certain level (> 1 Gbit/s for the GE port or > 100 Mbit/s for the
FE port), the MA5600T sends PAUSE frames to inform the remote PC to reduce the traffic
to reduce the packet loss rate. The process involved is called flow control.
l It is required that both the MA5600T and the peer device support the flow control function.
In general, when the peer device supports the flow control function, enable the flow control
function of the MA5600T; when the peer device does not support the flow control function,
disable the flow control function of the MA5600T.
l By default, the flow control on the Ethernet port is disabled.
Procedure
Step 1 Run the interface giu command to enter SCU mode.
Step 3 Run the flow-control command to enable the flow control on an Ethernet port.
Step 4 Run the display port state command to query the flow control information on the port.
----End
Example
To enable the flow control on all ports, do as follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#flow-control all
huawei(config-if-scu-0/9)#display port state all
-----------------------------------------------------------------------------
Port Port Optic Native MDI Speed Duplex Flow- Active Link
Type Status VLAN (Mbps) Ctrl State
-----------------------------------------------------------------------------
0 GE absence 1 - 1000 full on active offline
1 GE absence 1 - 1000 full on active offline
2 GE absence 1 - 1000 full on active offline
3 GE absence 1 - 1000 full on active offline
-----------------------------------------------------------------------------
Related Operation
Table 27-2 lists the related operation for enabling the flow control of an Ethernet port.
Table 27-2 Related operation for enabling the flow control of an Ethernet port
Background Information
There are three traffic suppression modes available:
By default, the level of broadcast storm suppression, unknown unicast suppression, and unknown
multicast suppression is 7. It is suggested to enable broadcast storm suppression according to
network conditions.
When the IGMP proxy or the IGMP snooping is enabled, the unknown multicast packet is not
suppressed. When the IGMP proxy and the IGMP snooping are both disabled, (running the igmp
mode off command), the unknown multicast packet is suppressed.
l When IGMP Proxy or IGMP snooping is enabled, unknown multicast packets are not
suppressed. When IGMP proxy and IGMP snooping are disabled (running the igmp mode
off command), unknown multicast packets are suppressed. By default, the level of unknown
multicast suppression is 7.
l When the multicast service is accessed through the ETH board, to enable the multicast
transparent transmission, you must run the undo traffic-suppress portid multicast
command to disable the broadcast storm suppression for the unknown multicast packets on
the ETH board.
Procedure
Step 1 Run the interface giu command to enter SCU mode.
Step 2 Run the interface giu command to enter GIU mode.
Step 3 Run the traffic-suppress command to enable the traffic suppression on a port.
Step 4 Run the display traffic-suppress command to query the configuration of the traffic suppression.
----End
Examples
To set broadcast storm suppression for all ports on the control board to level 1, do as follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#traffic-suppress all broadcast value 1
huawei(config-if-scu-0/9)#display traffic-suppress all
Traffic suppression ID definition:
---------------------------------------------------------------------
NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
---------------------------------------------------------------------
1 6 145 12
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
----------------------------------------------------------------
Current traffic suppression index of broadcast : 1
Current traffic suppression index of multicast : 7
Current traffic suppression index of unknown unicast : 7
----------------------------------------------------------------
---------------------------------------------------------------------
1 6 145 12
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
----------------------------------------------------------------
Current traffic suppression index of broadcast : 1
Current traffic suppression index of multicast : 7
Current traffic suppression index of unknown unicast : 7
----------------------------------------------------------------
Related Operations
Table 27-3 lists the related operations for enabling traffic suppression.
Background Information
Port aggregation means aggregation of multiple ports together to expand the bandwidth. The
input and output load can be distributed among the member ports.
l The SCU board supports up to 4 port aggregation groups.
l One aggregation group supports up to 8 Ethernet ports.
l Multiple physical ports can be aggregated only if they meet the following conditions:
– All the ports must work in full duplex mode.
– The rates of all the ports must be the same, and the rates of the electrical ports cannot
be configured as auto-negotiation.
– The default VLAN (PVID) and VLAN attributes of all the ports must be the same.
– One port belongs to only one aggregation group.
– No mirror destination port is included.
– The port cannot be in the auto-negotiation state.
– The start port number must be smaller than the end port number.
Procedure
Step 1 Run the link-aggregation command to set the port aggregation.
Step 2 Run the display link-aggregation command to query the related information about the
aggregated ports.
----End
Example
To set the Ethernet port aggregation, do as follows:
huawei(config)#link-aggregation 0/9 0-1 ingress
huawei(config)#display link-aggregation all
Related Operation
Table 27-4 lists the related operation for enabling the Ethernet port aggregation.
Table 27-4 Related operation for enabling the Ethernet port aggregation
Background Information
l You can configure only one mirroring destination port in the system.
l You can mirror multiple ports to one destination port.
l The mirroring destination port cannot be the aggregated port.
Procedure
Step 1 Run the interface scu command to enter SCU mode.
Step 2 Run the interface giu command to enter SCU mode.
Step 3 Run the mirror port command to enable the mirroring function of an Ethernet port.
Step 4 Run the display mirror command to query the configuration of the Ethernet port.
----End
Example
To mirror the transmit and receive packets of port 0 to port 1, do as follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#mirror port 0 1 all
huawei(config-if-scu-0/9)#display mirror
------------------------------------------------
Source port Direction Destination port
------------------------------------------------
0 all 1
------------------------------------------------
Related Operation
Table 27-5 lists the related operation for mirroring an Ethernet port.
Context
The VLAN must have been existed.
Procedure
Step 1 Run the port vlan command to add an Ethernet Port to a VLAN.
Step 2 Run the display port vlan command to query the VLAN of a specified upstream port.
----End
Example
To add Ethernet port 0/9/0 to VLAN 2, do as follows:
huawei(config)#port vlan 2 0/9 0
huawei(config)#display port vlan 0/9/0
---------------------------------------
1 10 20
---------------------------------------
Total: 3 Native VLAN: 1
Related Operation
Table 27-6 lists the related operation for adding an Ethernet Port to a VLAN.
Background Information
l The default Native VLAN of the Ethernet ports is VLAN 1.
l When the Ethernet port is used as the upstream port:
– If the native VLAN of the Ethernet port is the same as the VLAN to which this Ethernet
port belongs, the Ethernet port removes the VLAN Tag of the upstream packets.
– If the native VLAN of the Ethernet port is different from the VLAN to which this
Ethernet port belongs, the Ethernet port keeps the VLAN Tag of the upstream packets.
l Before specifying the native VLAN of an Ethernet port, the VLAN must be included in the
port.
l Whether the native VLAN must be set for the upstream port depends on the upper-layer
equipment connected to the port.
– If the upper-layer equipment supports the packets containing the VLAN tag, the native
VLAN of the upstream port of the MA5600T must be different from the VLAN to which
the upstream port belongs.
– If the upper-layer equipment does not support the packets containing the VLAN tag,
the native VLAN of the upstream port of the MA5600T must be the same as the VLAN
to which the upstream port belongs.
Procedure
Step 1 Run the interface scu command to enter SCU mode.
Step 2 Run the interface giu command to enter SCU mode.
Step 3 Run the native-vlan command to set the native VLAN of an Ethernet port.
Step 4 Run the display port state command to query the configuration of the Native VLAN.
----End
Example
To set the native VLAN of Ethernet port0/9/0 as VLAN 10, do as follows:
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 10
huawei(config-if-scu-0/9)#display port state 0
The port is active
Native VLAN ID is 10
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 1000M
Ethernet port does not support flow control
Ethernet port does not support jumbo frame
Line-adaptive function of the ethernet port is auto-negotiation
Ethernet port network-role is uplink
This topic describes how to configure the VLAN stacking wholesale service supported by the
MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
28.1 Overview
This topic describes how to use the VLAN stacking function to implement the multi-ISP
wholesale access and VLAN ID extension.
28.2 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access
This topic provides an example for configuring VLAN stacking multi-ISP wholesale access so
that the services provisioned by the ISP can be delivered to the specified user group.
28.1 Overview
This topic describes how to use the VLAN stacking function to implement the multi-ISP
wholesale access and VLAN ID extension.
Service Specification
The MA5600T adds two layers of 802.1Q tags to the user packets. With the two layers of VLAN
tags, the packets are transmitted to the L2 switched network, and are forwarded according to the
outer VLAN tag.
l Multi-ISP wholesale access
Multiple internet service providers (ISP) exist in an L2 MAN. To quickly provision services
provided by the ISP to the specified user group, use the outer VLAN tag to identify the ISP
and use the inner VLAN tag to identify the user. With the wholesale service function, users
can be connected to different ISPs in batches based on the outer VLAN tag.
NOTE
In the wholesale service, the upper layer device must work in L2 mode to forward packets based on
the VLAN and the MAC addresses.
l VLAN ID extension
In the application of the VLAN ID extension, the outer and inner VLAN tags are used to
identify the user, or the outer VLAN tag is used to identify the access device and the inner
tag is used to identify the users that access the device. The BRAS identifies the access users
based on the L2 VLAN tag to increase the number of users identified by the VLAN ID,
thus increasing the number of users that access the BRAS.
NOTE
The application of the VLAN ID extension needs support from the BRAS.
For the details of the VLAN Stacking function and related features, refer to "VLAN" in the
MA5600T Feature Description.
Service Description
The MA5600T supports a maximum of 4000 VLAN stacking.
The following VLANs cannot be configured with the stacking attributes.
l Super VLAN
l Sub VLAN
l The VLAN that is configured with the L3 interface
l The default VLAN
l The reserved VLAN
Networking
Figure 28-1 shows an example network for configuring the VLAN stacking multi-ISP wholesale
access.
Users 1 and 2 belong to one ISP, and users 3 and 4 belong to another ISP. Based on the VLAN
stacking feature, the MA5600T adds the outer VLAN tag to differentiate ISPs and the inner
VLAN tag to differentiate users, and forwards the user packets to the L2 network. Then the
switch at the L2 forwards the user packets to the specified ISP BRAS based on the outer VLAN
tag. The BRASs of the user's ISP identifies the users based on the inner VLAN tag and
authenticate the users. After the users pass the authentication, the BRASs terminate the two
VLAN tags and then the users can access the Internet.
Figure 28-1 Example network for configuring the VLAN stacking multi-ISP wholesale access
ISP1 ISP2
BRAS BRAS
MA5600T
G CON G
P ETH
P GE 0/19/0
ESC
B B
C C
SCU
Optical splitter Optical splitter
Data Plan
Table 28-1 provides the data plan for configuring the VLAN stacking multi-ISP wholesale
access.
Table 28-1 Data plan for configuring the VLAN stacking multi-ISP wholesale access
Item Data
User-side VLANs:
l User 1: 21
l User 2: 22
Inner tags
l User 1: 11
l User 2: 12
User-side VLANs:
l User 3: 23
l User 4: 24
Inner tags:
l User 3: 13
l User 4: 14
Configuration Flowchart
Figure 28-2 shows the flowchart for configuring the VLAN stacking multi-ISP wholesale
access.
Figure 28-2 Flowchart for configuring the VLAN stacking multi-ISP wholesale access
Start
Create VLANs
End
NOTE
l For the configuration of the GPON access service, see "25.2 Configuration Example of the GPON
Service."
l For the details on the stacking VLAN feature, refer to "VLAN" in the MA5600T Feature
Description.
Procedure
Step 1 Create the VLAN.
huawei(config)#vlan 60-61 smart
Step 4 Add service ports to the VLAN. The default traffic profile 5 is applied.
huawei(config)#service-port vlan 60 gpon 0/2/1 gemport 131 multi-service user-vlan
21 rx-cttr 5 tx-cttr 5
huawei(config)#service-port vlan 60 gpon 0/2/1 gemport 132 multi-service user-vlan
22 rx-cttr 5 tx-cttr 5
huawei(config)#service-port vlan 61 gpon 0/14/0 gemport 133 multi-service user-vlan
23 rx-cttr 5 tx-cttr 5
huawei(config)#service-port vlan 61 gpon 0/14/0 gemport 134 multi-service user-vlan
24 rx-cttr 5 tx-cttr 5
----End
Result
After the configuration, user 1 and user 2 can access the Internet through ISP 1, and user 3 and
user 4 can access the Internet through ISP 2.
This topic describes how to configure the QinQ VLAN leased line service supported by the
MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
29.1 Overview
This topic describes the application of the QinQ feature to the private line service.
29.2 Configuration Example of the QinQ VLAN
This topic provides an example for configuring the private line service based on the QinQ feature
to provide security channel for data transmission between private networks of the enterprises.
29.3 Configuration Example of the QinQ VLAN Private Line Service
This topic provides an example for configuring the private line service based on the QinQ feature
to provide security channel for data transmission between private networks of the enterprises.
29.4 Enabling the Transparent Transmission of BPDUs
This topic describes how to enable the transparent transmission of Bridge Protocol Data Units
(BPDUs). The MA5600T supports that the BPDUs of private networks are transparently
transmitted based on the QinQ function of the public network.
29.1 Overview
This topic describes the application of the QinQ feature to the private line service.
Service Description
The QinQ feature is applied to the broadband private line service service. It utilizes the public
network resources to provide a transparent and safe data channel for the private networks of a
enterprise that are located at different places.
With the QinQ feature, the MA5600T adds a public network VLAN tag (QinQ VLAN) to the
tagged packet of the local private network. The packet with the private network VLAN tag is
forwarded to the peer MA5600T in the public network based on its outer VLAN tag. The peer
MA5600T removes the VLAN tag and transmits the packet to the peer private network of the
enterprise.
For details of the QinQ feature and related features, refer to "VLAN" in the MA5600T Feature
Description.
Service Specification
l Leased line access mode
The MA5600T adopts xDSL access mode to provide enterprise users with the symmetric
bandwidth of 2 Mbit/s in upstream and downstream.
l BPDU packet transparent transmission
The MA5600T supports the transmission of the BPDU packet of the private network to the
remote private network through the QinQ private line service.
l Leased line connection type
– Single PVC for single service
– Single PVC for multiple services (classified by the encapsulation type)
l QinQ VLAN application limit
The MA5600T supports a maximum of 4000 QinQ VLANs.
The following VLANs cannot be configured with the QinQ VLAN.
– Super VLAN
– Sub VLAN
– The VLAN that is configured with the L3 interface
– The default VLAN
– The reserved VLAN
Prerequisites
l The network devices and lines must be in the normal state.
l The service boards must be in the normal state.
l The upper layer network is in L2 mode, and forwards packets based on the VLAN and the
MAC address.
Networking
Figure 29-1 shows an example network for configuring the private line service.
The two branches of enterprise A are connected to the MAN through the MA5600T. On the
MA5600T, the attribute of the upstream VLAN of user packets is configured as QinQ. In this
way, services and BPDU packets from the private network of the enterprise can be transparently
transmitted to the peer private network.
Figure 29-1 Example network for configuring the private line service
L2/L3
L2/L3
CON CON
S ETH S ETH
H ESC H ESC
L L
B GE 0/9/0
B GE 0/9/0
LSW
LSW
Data Plan
Table 29-1 lists data plan for configuring the private line service.
Table 29-1 Data plan for configuring the private line service
Item Data
Item Data
Configuration Flowchart
Figure 29-2 shows the flowchart for configuring the private line service.
Start
Create a VLAN
Enable transparent
transmission of BPDUs
End
The configurations on both MA5600T_A and MA5600T_B are the same. The following
considers the configuration on MA5600T_A as an example, and describes how to configure the
QinQ VLAN private line service.
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 50 smart
Step 5 Add the service port to the VLAN by adopting the default traffic profile 5.
huawei(config)#service-port vlan 50 shdsl 0/12/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other, and
various services between private networks are implemented.
Networking
Figure 29-3 shows an example network of the QinQ VLAN private line service.
The two branches of enterprise A are connected to the MAN through the MA5600T. On the
MA5600T, the attribute of the upstream VLAN of user packets is configured as QinQ. In this
way, service data and VLAN tags from the private network of the enterprise can be transparently
transmitted to the peer private network.
Figure 29-3 Example network of the QinQ VLAN private line service
L2/L3 L2/L3
G CON G CON
ETH GE 0/19/0 ETH GE 0/19/0
P ESC P ESC
B B
C C
ONT ONT
Data Plan
Table 29-2 lists data plan for the QinQ VLAN private line service.
Table 29-2 Data plan for the QinQ VLAN private line service
Item Data
ONT ID: 11
ONT port: FE port 0
Item Data
ONT ID: 11
ONT port: FE port 0
Configuration Flowchart
NOTE
l The example is based on the configuration of MA5600T_A. The configuration procedure also applies
to MA5600T_B. Here only the configuration of MA5600T_A is described.
l The MA5600T supports the OMCI protocol. That is, the management and configuration data of the
MA5600T is transmitted to the ONT through the OMCI channel. If the ONT does not support the
OMCI protocol, you need to configure the ONT.
l For details on the GPON access, see "25.2 Configuration Example of the GPON Service."
Figure 29-4 shows the flowchart for configuring the private line service.
Start
Enable transparent
transmission of BPDUs
Create a VLAN
Ebd
Procedure
Step 1 Enable transparent transmission of BPDUs.
huawei(config)#bpdu tunnel vlan 10 enable
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other.
Background Information
l The transparent transmission of BPDUs is based on the VLAN, and is valid only to QinQ
VLAN.
l T• The BPDUs of the private network that can be transparently transmitted refer to the
upstream/downstream packets with the destination MAC address ranging from 01-80-
c2-00-00-00 to 01-80-c2-00-00-2f. Especially, the packets with the destination MAC
address of 01-80-c2-00-00-00, 01-80-c2-00-00-08, or 01-80-c2-00-00-11 that is in this
range cannot be transparently transmitted.
l When the transparent transmission of BPDUs is enabled, the L2 BPDUs under the QinQ
VLAN can be transparently transmitted.
l Otherwise, these BPDUs cannot be transparently transmitted.
Procedure
Step 1 Run the bpdu tunnel vlan command to enable the transparent transmission of BPDUs on a
specified VLAN.
Step 2 Run the display bpdu tunnel config command to display the transparent transmission status of
BPDUs.
----End
Example
To enable the transparent transmission of BPDUs on VLAN 20, do as follows:
huawei(config)#bpdu tunnel vlan 20 enable
huawei(config)#display bpdu tunnel config
The VLAN info of enable bpdu tunnel:
----------------------------------------------------------------------------
20, 100,
----------------------------------------------------------------------------
The VLAN number of enable bpdu tunnel: 2
Related Operation
Table 29-3 lists the related operation for enabling the transparent transmission of BPDUs.
Table 29-3 Related operation for enabling the transparent transmission of BPDUs
To… Run the Command…
This topic describes how to configure the multicast service supported by the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
30.1 Overview
This topic describes the multicast service and its application on the MA5600T.
30.2 Configuration Example of the IGMP Proxy Multicast Service
This topic provides an example for realizing the IGMP proxy multicast service.
30.3 Configuration Example of the IGMP Snooping Multicast Service
This topic provides an example for configuring the IGMP snooping multicast service.
30.4 Configuration Example of the IGMP Snooping Multicast Service
This topic provides an example for realizing the IGMP snooping multicast service.
30.5 Configuration Example of the Multicast Service in Subtending Mode
This topic provides an example for configuring the multicast service in subtending mode.
30.6 Configuring the Multicast Service in MSTP Networking
This topic describes how to configure the multicast service in networking.
30.7 Configuration Example of the Multicast Service Through the PIM-SSM Protocol
This topic provides an example for realizing the multicast service through the Protocol
Independent Multicast Source Specific Multicast (PIM-SSM) protocol.
30.8 Setting the IGMP Mode
This topic describes how to set the IGMP mode, including IGMP proxy and IGMP snooping.
30.9 Configuring the IGMP Upstream Port
This topic describes how to add an IGMP upstream port and set its working mode and assigned
bandwidth rate.
30.10 Setting the Multicast Mode of an Upstream Port
This topic describes how to set the mode for an upstream port to interact with the upstream
devices. The modes can be IGMP or PIM-SSM.
30.11 Enabling the Multicast Routing Function
This topic describes how to enable the multicast routing function.
30.12 Specifying a Subtending Port
This topic describes how to specify a subtending port. To subtend the MA5600T to a slave shelf
with multicast service users, you need to define the port connecting to the slave shelf as a
subtending port.
30.13 Configuring a Program for a Static Subtending Port
This topic describes how to add a program for a static subtending port.
30.14 Configuring IGMP Global Parameters
This topic describes how to configure the IGMP global parameters.
30.15 Configuring the IGMP VLAN Parameters
This topic describes how to configure the IGMP VLAN parameters.
30.16 Configuring the PIM-SSM Protocol Parameters
This topic describes how to configure the PIM-SSM protocol parameters.
30.17 Managing Multicast Bandwidth
This topic describes how to manage multicast bandwidth.
30.18 Configuring an Authority Profile
This topic describes how to configure an authority profile.
30.19 Configuring Multicast Users
This topic describes how to configure multicast users.
30.20 Configuring the Preview Function
This topic describes how to configure the preview function.
30.21 Configuring the Logging Function
This topic describes how to configure the logging function.
30.22 Setting the Automatic CDR Reporting
This topic describes how to collect audience statistics by setting the auto call detailed record
(CDR) reporting.
30.1 Overview
This topic describes the multicast service and its application on the MA5600T.
Service Description
With the advent of the streaming medias such as multimedia video and data warehouse in the
IP network, the multicast service is becoming increasingly popular in service applications. It is
widely applied in streaming, remote learning, video conferencing, video on demand (VOD), net
gaming, Internet data center (IDC), and other point-to-multipoint data transmission applications.
For details on the multicast service, refer to "Multicast" in the MA5600T Feature Description.
Service Specification
Designed with the carrier-class multicast operability, the MA5600T supports multicast protocols
and controllable multicast, and a complete set of end-to-end (from the user side to the network
side) protocols. This lays a foundation for provisioning of the value-added broadband multicast
service and management of the multicast service. The MA5600T provides the operable,
manageable, and controllable multicast services by supporting IGMP V2/V3, IGMP proxy, and
IGMP snooping.
The MA5600T supports multicast service access through the ETH board and the SCU board.
l multicast groups
l Up to eight multicast groups for each multicast server
l Program preview, preview in a short time, and configuration of the preview count, preview
duration, and preview interval
l Audience statistics
l Controllable multicast to control users' access to multicast groups and programs
l Authority profile types including watch, preview, forbidden and idle.
Prerequisites
l The network devices and lines must be in the normal state.
l The multicast source is available in the network and its IP address is known.
l The related service boards must be in the normal state.
Background Information
The MA5600T supports the function of delivering the OMCI configuration. That is, the
management and configuration data of the MA5600T is transmitted to the ONT through the
OMCI channel. If the ONT does not support the OMCI function, you need to configure the ONT.
Pay attention to the configuration on the ONT, and make sure that:
l The user-side VLAN must be the same as that of the OLT.
l The GEM port ID must be the same as that of the OLT.
l Alloc ID is 256×(T-CONT ID) + (ONT ID) or can be displayed by running the display ont
info command on the OLT. The Alloc ID of a PON port must be unique.
Networking
Figure 30-1 shows an example network for configuring the IGMP proxy multicast service.
Figure 30-1 Example network for configuring the IGMP proxy multicast service
Multicast source
Router
G CON
ETH
P ESC GE 0/19/1
B
C
MA5600T
Optical splitter
ONT1 ONT2
PC1 PC2
Data Plan
Table 30-1 provides the data plan for configuring the IGMP proxy multicast service.
Table 30-1 Data plan for configuring the IGMP proxy multicast service
Item Data
Traffic profile l Profile index: 6 (the default traffic profile); CIR: no restriction.
l Profile index: 5 (the default traffic profile); CIR: 2 Mbit/s.
Program The multicast server provides three programs. The IP address of the
library program ranges from 224.1.1.1 to 224.1.1.3. The source IP address of the
program is 10.10.10.10. Three programs use the default preview profile of
the system.
User l User 1 (PC1) is an auth user, and is bound with authority profile 0.
l User 2 (PC2) is a non-auth user.
Configuration Flowchart
Figure 30-2 shows the flowchart for configuring the IGMP proxy multicast service.
Figure 30-2 Flowchart for configuring the IGMP proxy multicast service
Add ONTs
Configure the program
library
End
Procedure
Step 1 Create a VLAN and specify the IP address of the interface.
huawei(config)#vlan 100 smart
huawei(config)#interface vlanif 100
huawei(config-if-vlanif100)#ip address 10.0.0.254 255.255.255.0
Step 3 Add an ONT: First add an ONT capability set profile complying with the actual capability of
the HG810. Then add an ONT and bind it with the profile. The default ONT capability set profile
2 is bound.
huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101010 password-auth huawei profile-
id 2
huawei(config-if-gpon-0/2)#ont add 1 1 hwhw-01010101 password-auth huawei profile-
id 2
huawei(config-btv)#igmp user add port 0/11/1 gemport 150 user-vlan 10 auth max-
program 8
huawei(config-btv)#igmp user add port 0/11/1 gemport 151 user-vlan 11 no-auth max-
program 8
huawei(config-btv)#igmp user bind-profile port 0/11/1 gemport 150 profile-name
profile0
huawei(config-btv)#quit
huawei(config)#multicast-vlan 100
huawei(config-mvlan100)#igmp multicast-vlan member port 0/11/1 gemport 150
huawei(config-mvlan100)#igmp multicast-vlan member port 0/11/1 gemport 151
huawei(config-mvlan100)#quit
----End
Result
After the configuration:
l User 1 can watch program1 and program2, but cannot watch program3.
l User 2 can watch all programs.
Prerequisites
l The network devices and lines must be in the normal state.
l The multicast source is available in the network and its IP address is known.
l The related service boards must be in the normal state.
Networking
Figure 30-3 shows an example network for configuring the IGMP snooping multicast service.
Figure 30-3 Example network for configuring the IGMP snooping multicast service
Multicast source
Router
A CON
ETH
D ESC
L
F
GE 0/9/1
SCU MA5600T
Modem Modem
PC PC
Data Plan
Table 30-2 provides the data plan for configuring the IGMP snooping multicast service.
Table 30-2 Data plan for configuring the IGMP snooping multicast service
Item Data
Item Data
Configuration Flowchart
Figure 30-4 shows the flowchart for configuring the IGMP snooping multicast service.
Figure 30-4 Flowchart for configuring the IGMP snooping multicast service
Multicast service configuration
End
Procedure
Step 1 Configure the xDSL port.
In this example, the default ADSL2+ line profile (line profile 1002) is used. Therefore, you do
not have to configure a line profile.
Step 2 Configure a VLAN.
1. Create a VLAN.
huawei(config)#vlan 2 smart
----End
Result
After the configuration:
l User 1 can watch program1 and program2, but cannot watch program3.
l User 2 can watch all programs.
Prerequisites
l The network devices and lines must be in the normal state.
l The multicast source is available in the network and its IP address is known.
l The related service boards must be in the normal state.
Background Information
The MA5600T supports the function of delivering the OMCI configuration. That is, the
management and configuration data of the MA5600T is transmitted to the ONT through the
OMCI channel. If the ONT does not support the OMCI function, you need to configure the ONT
separately.
Pay attention to the configuration of the ONT, and make sure that:
Networking
Figure 30-5 shows an example network for configuring the IGMP snooping multicast service.
Figure 30-5 Example network for configuring the IGMP snooping multicast service
Multicast source
Router
G CON
ETH
P ESC GE 0/19/1
B
C
MA5600T
Optical splitter
ONT1 ONT2
PC1 PC2
Data Plan
Table 30-3 provides the data plan for configuring the IGMP snooping multicast service.
Table 30-3 Data plan for configuring the IGMP snooping multicast service
Item Data
Traffic profile l Index: 6 (the default traffic profile); CIR: with no restriction
l Index: 5 (default profile); CIR: 2 Mbit/s
Program The multicast server provides three programs. The IP address of the
library program ranges from 224.1.1.1 to 224.1.1.3. The source IP address of the
program is 10.10.10.10. Three programs use the default preview profile of
the system.
Item Data
User l User 1 (PC1) is an auth user, and is bound with authority profile 0.
l User 2 (PC2) is a non-auth user.
Configuration Flowchart
Figure 30-6 shows the flowchart for configuring the IGMP snooping multicast service.
Figure 30-6 Flowchart for configuring the IGMP snooping multicast service
Add ONTs
Configure the program
library
End
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 100 smart
Step 3 Add an ONT: First add an ONT capability set profile complying with the actual capability of
the HG810. Then add an ONT and bind it with the profile. The default ONT capability set profile
2 is bound.
----End
Result
After the configuration:
l User 1 (PC1) can watch program1 and program2, but cannot watch program3.
l User 2 (PC2) can watch all programs.
Networking
Figure 30-7 shows an example network for configuring the subtended multicast service.
Figure 30-7 Example network for configuring the subtended multicast service
Multicast source
Router
CON
ETH
ESC
GE 0/9/0
GE 0/9/1
SCU MA5600T_ A
A CON
D ETH
ESC
L
F GE 0/9/0
SCU MA5600T_B
Modem Modem
PC PC
Data Plan
Table 30-4 provides the data plan for configuring the subtended multicast service.
Table 30-4 Data plan for configuring the subtended multicast service
Item Data
VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
Add port 1 on the SCU board to VLAN 100 as the subtending port.
Item Data
The IP address of the port of the upper layer router that is interconnected
with the MA5600T is 10.0.0.254.
MA5600T_B VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
Authority profile
Set profile 0 as the authority profile. Based on this profile, users can watch
program1 (224.1.1.1) and program2 (224.1.1.2) in the program library.
Modem
The VPI/VCI of the modem connected to the ADSL port is 0/35.
Multicast user
l Multicast user 1: The service port is 0/11/0, the VPI/VCI is 0/35, and
the bound authority profile is profile0.
l Multicast user 2: The service port is 0/11/1, the VPI/VCI is 0/35, and
no authentication is required.
Configuration Flowchart
Figure 30-8 and Figure 30-9 show the flowchart for configuring the multicast service in
subtending mode.
Figure 30-8 Flowchart for configuring the multicast service in subtending mode
(MA5600T_A)
Multicast service configuration
End
Figure 30-9 Flowchart for configuring the multicast service in subtending mode
(MA5600T_B)
Multicast service configuration
End
Procedure
l Procedure for configuring MA5600T_A
1. Configure a VLAN.
– Create a VLAN.
huawei(config)#vlan 100 standard
In this example, the ADSL2+ port is bound with the default line profile (profile 1002).
No configuration is needed.
2. Configure a VLAN.
– Create a VLAN.
huawei(config)#vlan 100 smart
huawei(config)#multicast-vlan 100
huawei(config-mvlan100)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
----End
Result
After the configuration:
l User 1 can watch program1 and program2, but cannot watch program3.
l User 2 can watch all programs.
Prerequisite
l The network devices and lines must be in the normal state.
l There exists a multicast source in the network and its IP address is known.
l The related service boards must be in the normal state.
Networking
Figure 30-10 shows the example network of the multicast service in MSTP networking.
Three MA5600T devices (MA5600T_A, MA5600T_B and MA5600T_C) form an ring network.
All services are transmitted upstream to the IP network through MA5600T_A. MA5600T_C
subtends MA5600T_D through the GE port.
Multicast
source
Router
2 3 9
CON
ETH
A A ESC
D D 0
L L 1
F F 2
3
SCU MA5600T_A
2 3 9 2 9
CON
ETH
A A ESC A
D D D
L L 0 L 0
F F 1 F 1
2 2
3 3
2 9
CON
ETH
A ESC
D
L 0
F 1
2
3
SCU MA5600T_D
ADSL2+ ADSL2+
modem modem
PC1 PC2
Data Plan
Table 30-5 provides the data plan for the example network of the multicast service in MSTP
networking.
Table 30-5 Data plan for the example network of the multicast service in MSTP networking
Item Data
VLAN:
Add ports 0/9/0, 0/9/1 and 0/9/2 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
The native VLAN of the port is set to VLAN 100.
VLAN:
l Add the ports 0/9/0 and 0/9/1 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
l The native VLAN of the port is set to 100.
VLAN:
l Add the ports 0/9/0, 0/9/1 and 0/9/2 on the SCU board to VLAN 100, which
are used as the upstream port of the VLAN.
l The native VLAN of the port is set to 100.
Item Data
MA5600T_ VLAN:
D Add the port 0/9/0 on the SCU board to VLAN 100, which is used as the
upstream port of the VLAN.
Authority profile: Users bound with authority profile profile0 can watch
program1 and program2, and preview program3.
Multicast user:
l Multicast user 1: The service port is 0/11/0, VPI/VCI is 0/35, and authority
profile profile0 is bound.
l Multicast user 2: The service port is 0/11/1, VPI/VCI is 0/35, without
authentication.
Configuration Flowchart
Figure 30-11 and Figure 30-12 show the flowchart for configuring the multicast service in
networking mode.
Figure 30-11 Flowchart for configuring the multicast service in MSTP networking on
MA5600T_A, MA5600T_B and MA5600T_C
Multicast service
configuration
Start
Set IGMP mode
VLAN configuration
End
Figure 30-12 Flowchart for configuring the multicast service in MSTP networking on
MA5600T_D
Multicast service
configuration
Configure IGMP
Enable the MSTP function upstream port
End
Procedure
l Configuration of MA5600T_A.
1. Configure the VLAN.
– Create a VLAN.
huawei(config)#vlan 100 standard
sourceip 10.10.10.10
huawei(config-mvlan100)#igmp program add name program3 ip 224.1.1.3
sourceip 10.10.10.10
l Configuration of MA5600T_B.
1. Configure the VLAN.
– Create a VLAN.
huawei(config)#vlan 100 standard
l Configuration of MA5600T_C.
1. Configure the VLAN.
– Create a VLAN.
huawei(config)#vlan 100 standard
l Configuration of MA5600T_D.
1. Configure the xDSL port.
In this example, the ADSL2+ port uses the system default line profile (profile 1002).
2. Configure the VLAN.
– Create a VLAN.
huawei(config)#vlan 100 smart
----End
Result
After the configuration:
l User 1 can watch program1 and program2, and can preview program3.
l User 2 can watch all programs.
Prerequisite
l The network devices and lines must be in the normal state.
l The multicast source must be available in the network and its IP address must be known.
l The related service boards must be in the normal state.
l The IP address and the unicast routing protocol of the routing interface must be configured.
In this way, the L3 intercommunication between the MA5600T and the upper layer router
must be realized, and the dynamic routes are updated based on the unicast routing protocols.
Networking
The MA5600T communicates with the multicast terminals through the IGMP protocol. At the
same time, the MA5600T communicates with the devices on the network side through the PIM-
SSM protocol. The PIM-SSM protocol allows the MA5600T to provide the multicast service in
an L3 network.
Figure 30-13 shows an example network for configuring the multicast service through the PIM-
SSM protocol.
Figure 30-13 Example network for configuring the multicast service through the PIM-SSM
protocol
Multicast
source
Internet
PIM-SSM-supported router
PIM-SSM interaction
CON
G ETH GE 0/19/0
P ESC
B
C
IGMP interaction
MA5600T
Optical splitter
ONT
PC
Data Plan
Table 30-6 provides the data plan for configuring the multicast service through the PIM-SSM
protocol.
Table 30-6 Data plan for configuring the multicast service through the PIM-SSM protocol
Item Data
Authority profile0: It allows the users to watch program1 in the program library
profile
IP address of 10.0.0.254: It should be in the same subnet as the IP address of the upper
the host layer router.
Configuration Flowchart
Figure 30-14 shows the flowchart for configuring the multicast service through the PIM-SSM
protocol.
Figure 30-14 Flowchart for configuring the multicast service through the PIM-SSM protocol
Start PIM-SSM
configuration
Add the service port to the VLAN Enable the IGMP protocol on the
L3 interface of the multicast VLAN
IGMP configuration
Procedure
Step 1 Configure the multicast mode of the upstream port as PIM-SSM.
huawei(config)#multicast upstream-mode pim-ssm
2. (Optional) Configure the IGMP global parameters and the multicast VLAN parameters.
In this example, the default values of the IGMP global parameters and multicast VLAN
parameters are used. To configure these parameters, see "30.14 Configuring IGMP Global
Parameters" and "30.15 Configuring the IGMP VLAN Parameters."
3. Configure the program library.
l Create the L3 interface of the multicast VLAN and configure the interface IP. Make
sure that the IP address of the interface is not limited so that the L3 interface can be up.
huawei(config)#interface vlanif 600
huawei(config-if-vlanif600)#ip address 10.10.10.2 24
4. Configure the L3 interface and enable the PIM-SSM protocol on the interface.
l Create a VLAN.
huawei(config)#vlan 700 smart
----End
Result
The users can watch program1.
Background Information
l The configuration in IGMP snooping is the same as that in IGMP proxy. The difference
only lies in the internal protocol processing.
l In IGMP snooping mode, the host function, prejoin function, unsolicited report function
and static program adding function are not available.
Procedure
Step 1 Run the multicast-vlan command to enter MVLAN mode.
Step 2 Run the igmp mode command to set the IGMP mode.
Step 3 Run the display igmp config vlan command to query the current multicast mode.
----End
Example
To set the IGMP proxy mode, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
huawei(config-mvlan10)#display igmp config vlan 10
--------------------------------------------------------------------
IGMP mode : proxy
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : disable
Leave proxy switch : disable
Unsolicited report interval(s) : 10
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
--------------------------------------------------------------------
Background Information
The working modes of the IGMP upstream port include default mode, MSTP mode and protect
mode. By default, the IGMP upstream port works in default mode.
l Default mode: The IGMP packet are sent through the specified VLAN in the upstream
direction, and the selection of the upstream port for the received multicast stream depends
on the upper layer device.
l MSTP mode: The IGMP upstream port is the root port used by MSTP or the default
upstream port.
l Protect mode: The IGMP upstream port is the activated upstream port in a protection group.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp uplink-port command to configure the IGMP upstream port.
Step 5 Run the igmp uplink-port-mode command to set the working mode of the upstream port.
Step 6 Run the display igmp uplink-port command to query the configuration of the IGMP upstream
port.
----End
Example
To set port 0/9/0 as the IGMP upstream port and to set it to work in MSTP mode, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp uplink-port 0/9/0
huawei(config-mvlan10)#quit
huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode mstp
Are you sure to change the uplink port mode?(y/n)[n]:y
huawei(config-btv)#display igmp uplink-port all
---------------------------------------------
Port | Vlan | IGMP | V2 Router Present
| | version | Timer (s)
---------------------------------------------
0/9/0 2 IGMP V3 0
0/9/1 2 IGMP V3 0
---------------------------------------------
Total: 2
Related Operation
Table 30-7 lists the related operation for configuring the IGMP upstream port.
Table 30-7 Related operation for configuring the IGMP upstream port
Context
CAUTION
When the multicast mode of an upstream port is switched from IGMP to PIM-SSM, the IGMP
global parameters of the port are restored to the default value, but the subtending port and IGMP
user configurations remain the same.
l By default, the IGMP mode is adopted. In this way, the MA5600T interacts with the
upstream devices in the IGMP mode for the multicast service.
l The multicast mode of an upstream port can be switched from PIM-SSM to IGMP only
when the PIM-SSM function is not enabled on any VLAN interface in the MA5600T.
For how to disable the PIM-SSM function, refer to the related operation described in the
last part of this topic.
l The multicast mode of an upstream port can be switched only when all the multicast VLANs
are deleted. For how to delete a multicast VLAN, refer to the related operation described
in the last part of this topic.
Procedure
Step 1 Run the multicast upstream-mode command to set the multicast mode of an upstream port.
Step 2 Run the display multicast upstream-mode command to query the multicast mode of the
upstream port.
----End
Example
To set the multicast mode of the upstream port as PIM-SSM, do as follows:
huawei(config)#multicast upstream-mode pim-ssm
huawei(config)#display multicast upstream-mode
The current interactive mode of the upstream route is: PIM-SSM
Related Operations
Table 30-8 lists the related operations for setting the multicast mode of the upstream port.
Table 30-8 Related operations for setting the multicast mode of the upstream port
To... Run the Command...
Context
To configure the PIM-SSM function on an MA5600T, you must set the multicast mode of the
upstream port as PIM-SSM, enable the multicast routing function, and then enable the PIM-
SSM function on the VLAN L3 interface.
For the detailed configuration procedures, see "30.7 Configuration Example of the Multicast
Service Through the PIM-SSM Protocol."
Procedure
Run the multicast routing-enable command to enable the multicast routing function.
----End
Example
To enable the multicast routing function, do as follows:
huawei(config)#multicast routing-enable
Related Operations
Table 30-9 lists the related operations for enabling the multicast routing function.
Table 30-9 Related operations for enabling the multicast routing function
To... Run the Command...
Background Information
l An upstream port cannot be specified as a subtending port.
l If a subtending port is configured with the static attribute, the MA5600T does not process
any leave packet because the programs added to the port are not subject to aging.
l If a subtending port is configured with the quick leave attribute, when receiving leave
packets, the MA5600T cuts off the video stream, instead of sending specific group queries.
l The priority of the static attribute is higher than that of the quick leave attribute. That is,
when a subtending port is configured with both the static attribute and the quick leave
attribute, the latter is invalid.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp cascade-port command to configure a static subtending port.
Step 3 Run display igmp cascade-port command to query the IGMP subtending port.
----End
Example
To specify a subtending port of port 0/9/1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp cascade-port 0/9/1 static enable
huawei(config-btv)#display igmp cascade-port 0/9/1
-------------------------------------------
Port : 0/9/1
Active program : 0
Static join : enable
Quick leave : disable
Mismatch process : transparent
-------------------------------------------------
Related Operations
Table 30-10 lists the related operations for specifying a subtending port.
Background Information
l Programs can be added or deleted for a subtending port through the command line, provided
that the subtending port is configured with static attributes.
l The subtending port has been added to the multicast VLAN.
l Programs can be added for a subtending port only when the IGMP mode of the multicast
VLAN is IGMP proxy.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp static-join cascade-port command to configure a program for a static subtending
port.
Step 3 Run the display igmp static-join cascade-port command to display the settings of the IGMP
subtending port, as well as the forwarded program list of the port.
----End
Example
To add program 224.1.1.1 to static subtending port 0/9/1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp static-join cascade-port 0/9/1 ip 224.1.1.1 vlan 10
huawei(config-btv)#display igmp static-join cascade-port
-------------------------------
Port VLAN IP
---------------------------------
0/9/1 10 224.1.1.1
---------------------------------
Total: 1
Related Operation
Table 30-11 lists the related operation for configuring a program for a static subtending port.
Table 30-11 Related operation for configuring a program for a static subtending port
To... Run the Command...
Delete a program from the static subtending port undo igmp static-join cascade-port
This topic describes how to set the interval of the general query issued by the querier.
30.14.4 Setting the Maximum Response Time to the General Query
This topic describes how to set the maximum response time to the general query.
30.14.5 Setting the Number of Specific Queries
This topic describes how to set the number of specific queries.
30.14.6 Setting the Group-Specific Query Interval
This topic describes how to set the group-specific query interval.
30.14.7 Setting the Maximum Response Time to the Group-Specific Query
This topic describes how to set the maximum response time to a group-specific query. After the
system issues a group-specific query, the user must respond to the query within the maximum
response time.
30.14.8 Setting the TTL for a V2 Router
This topic describes how to set the time to live (TTL) for a V2 router. After receiving the query
packet of the V2 version from the upper layer router, the MA5600T enables an aging timer of
V2 router to the upstream port. Before the timer expires, the upstream port sends the V2 report
to the upstream.
30.14.9 Setting the Preview Recognition Time
This topic describes how to set the preview recognition time. When the preview recognition time
is set, any preview that is not exceeding this duration is not considered as valid, and is not saved.
The invalid preview is not journalized.
30.14.10 Enabling the User Action Report Function
This topic describes how to enable the user action report function.
30.14.11 Set the Permitted Encapsulation Mode of IGMP Packets
This topic describes how to set the permitted encapsulation mode of IGMP packets.
30.14.12 Enabling the IGMP Echo Function
This topic describes how to enable the IGMP echo function.
Background Information
By default, the IGMP proxy authorization is enabled.
To enable authentication of the "auth" users, you need to enable the IGMP proxy authorization
first.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy authorization enable command to enable the IGMP proxy authorization.
Step 3 Run the display igmp config global command to check whether the IGMP proxy authorization
is enabled.
----End
Example
To enable the IGMP proxy authentication, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy authorization enable
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-12 lists the related operation for enabling the IGMP proxy authorization.
Table 30-12 Related operation for enabling the IGMP proxy authorization
Background Information
l The robustness variable defines the reliability of a system. It determines the aging time of
a member and the packet retransmit count. If a subnet is unstable, and prone to packet loss,
you need to enhance the robustness.
l By default, the variable is 2.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router robustness command to set the robustness variable of the system.
Step 3 Run the display igmp config global command to query the robustness variable.
----End
Example
To set the robustness variable of the system to 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router robustness 5
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 5
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-13 lists the related operation for setting the robustness variable.
Restore the default robustness variable undo igmp proxy router robustness
Background Information
By default, the general query interval is 125s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router gen-query-interval command to set the interval of the general
query issued by the querier.
Step 3 Run the display igmp config global command to display the interval of the general query issued
by the querier.
----End
Example
To set the query interval to 200s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-query-interval 200
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 200
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-14 lists the related operation for setting the general query interval.
Table 30-14 Related operation for setting the general query interval
Restore the default general query interval undo igmp proxy router gen-query-interval
Background Information
l The maximum response time determines the time taken by a multicast user in responding
to a query packet. By increasing the maximum response time, you can reduce the burst of
response packet traffic.
l By default, the maximum response time is 100 in the unit of 0.1s, that is, 10s.
l The maximum response time to the general query must be smaller than the general query
interval.
l You can set the maximum response time to the group-specific query of the IGMP V2 and
V3 versions respectively.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router gen-response-time command to set the maximum response time
to the general query.
Step 3 Run the display igmp config global command to display the maximum response time to the
general query.
----End
Example
To set the maximum response time to 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-response-time v3 200
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 200
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 200
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-15 lists the related operation for setting the maximum response time to the general
query.
Table 30-15 Related operation for setting the maximum response time to the general query
To… Run the Command…
Restore the default maximum response undo igmp proxy router gen-response-time
time for the general query
Background Information
After receiving a leave packet from a user, the MA5600T sends a query packet to the user, as
long as the attribute of such a leave packet is not "fast leave". With the set query number, the
MA5600T considers that the user has left if no response is received after it has queried the user
according to the set group-specific query count and has waited for a period equal to the maximum
response time.
By default, the set group-specific query count is 2.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router sp-query-number command to set the number of specific queries.
Step 3 Run the display igmp config global command to display the number of specific queries.
----End
Example
To set the group-specific query count to 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-number 5
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 200
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 200
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 5
Specific query number : 5
V2 router present timeout(s) : 500
User action report switch : enable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 1
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
Related Operation
Table 30-16 lists the related operation for setting the number of specific queries.
Table 30-16 Related operation for setting the number of specific queries
To… Run the Command…
Restore the default number of specific undo igmp proxy router sp-query-number
queries
Background Information
By default, the group-specific query interval is 10 in the unit of 0.1s, that is, 1s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router sp-query-interval command to set the group-specific query
interval.
Step 3 Run the display igmp config global command to display the group-specific query interval.
----End
Example
To set the group-specific query interval to 2s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-interval 20
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 20
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 05:00:00
Related Operation
Table 30-17 lists the related operation for setting the group-specific query interval.
Table 30-17 Related operation for setting the group-specific query interval
To… Run the Command…
Restore the default group-specific query undo igmp proxy router sp-query-interval
interval
Background Information
l By default, the maximum response time to a group-specific query is 8 in the unit of 0.1s,
that is, 0.8s.
l The maximum response time to a group-specific query must be smaller than the group-
specific query interval.
l You can set the maximum response time to the group-specific query of the IGMP V2 and
V3 versions respectively.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router sp-response-time command to set the maximum response time to
a group-specific query.
Step 3 Run the display igmp config global command to display the maximum response time to a group-
specific query.
----End
Example
To set the maximum response time for a group-specific query to 5 (0.5s), do as follows:
huawei(config)#btv
Related Operation
Table 30-18 lists the related operation for setting the maximum response time for the group-
specific query.
Table 30-18 Related operation for setting the maximum response time for the group-specific
query
Restore the default maximum response undo igmp proxy router sp-response-time
time for the group-specific query
Background Information
l The TTL for a V2 router refers to the period between the time of receiving a V2 query and
sending an IGMP V2 report by the router.
l By default, the TTL for a V2 router is 400s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router timeout command to set the TTL for a V2 router.
Step 3 Run the display igmp config global command to query the TTL for the V2 router.
----End
Example
To set the TTL of the V2 router to 200s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router timeout v2 200
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 200
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 05:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operations
Table 30-19 lists the related operations for setting the TTL for a V2 router.
Table 30-19 Related operations for setting the TTL for a V2 router
Restore the default TTL for a V2 router undo igmp proxy router timeout
Background Information
By default, the recognition time is 30s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy recognition-time command to preview recognition time.
Step 3 Run the display igmp config global command to display the preview recognition time.
----End
Example
To set the preview recognition time to 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy recognition-time 20
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 200
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 200
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 5
Specific query number : 5
V2 router present timeout(s) : 500
User action report switch : enable
Preview switch : enable
Recognition time(s) : 20
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 1
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-20 lists the related operation for setting the preview recognition time.
Table 30-20 Related operation for setting the preview recognition time
Background Information
By default, the action report function for the BTV user is disabled.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user-action-report enable command to set the user action report function.
Step 3 Run the display igmp config global command to display the status of the user action report
function.
----End
Example
To enable the BTV user action report function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user-action-report enable
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 200
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 200
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 5
Specific query number : 5
V2 router present timeout(s) : 500
User action report switch : enable
Preview switch : enable
Recognition time(s) : 20
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 1
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-21 lists the related operation for enabling the user action report function.
Table 30-21 Related operation for enabling the user action report function
Background Information
l By default, the default encapsulation mode of IGMP packets is all, that is, the permitted
encapsulation modes of user-side packets are: PPPoE, IPoA and IPoE.
l When the permitted encapsulation mode of IGMP packets is PPP, the permitted
encapsulation mode of user-side packets is PPPoE.
l When the permitted encapsulation mode of IGMP packets is IP, the permitted encapsulation
mode of user-side packets is IPoA and IPoE.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp encapsulation command to set the permitted encapsulation mode of IGMP
packets.
Step 3 Run the display igmp config global command to query the permitted encapsulation mode of
IGMP packets.
----End
Example
To set the permitted encapsulation mode of IGMP packets as ppp, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp encapsulation ppp
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 05:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : ppp
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Background Information
l By default, the IGMP echo function is disabled.
l The IGMP echo function takes effect only in snooping mode.
– When the IGMP echo is enabled, the system sends IGMP over PPP message and IGMP
over IP message to the upper layer device.
– When the IGMP echo is disabled, the system sends only IGMP over PPP message to
the upper layer device.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp echo command to enable the IGMP echo function.
Step 3 Run the display igmp config global command to query the state of the IGMP echo function.
----End
Example
To enable the IGMP echo function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp echo enable
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 05:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : enable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
This topic describes how to configure the version of the IGMP protocol that runs on the multicast
VLAN. The MA5600T supports IGMP V2 and IGMP V3.
30.15.3 Configuring the Multicast Program
This topic describes how to add one or more programs to the program library.
30.15.4 Setting the Unsolicited Report Interval
This topic describes how to set the unsolicited report interval. When the IGMP proxy works in
unsolicited report mode, the report packet is sent to the upper layer router at the set interval.
30.15.5 Enabling the Proxy of the IGMP Leave Packet
This topic describes how to enable the proxy of the IGMP leave packet.
30.15.6 Enabling the Proxy of the IGMP Report Packet
This topic describes how to enable the proxy of the IGMP report packets.
30.15.7 Enabling the Function of Sending the Global-leave Packet
This topic describes how to send the global-leave packet.
30.15.8 Setting the Priority of the IGMP Packet
This topic describes how to set the priority of the IGMP packet.
30.15.9 Configuring the Multicast VLAN Member
This topic describes how to configure the multicast VLAN member.
30.15.10 Enabling the Logging Function
This topic describes how to enable the logging function of the multicast VLAN.
30.15.11 Setting the IP Address Range of the Multicast VLAN to Generate the Program Group
Dynamically
This topic describes how to set the address range of the multicast VLAN to generate the program
group dynamically.
30.15.12 Enabling the Program Matching Mode of the Multicast VLAN
This operations enables the program matching mode of the multicast VLAN.
30.15.13 Configuring the Virtual Upstream Port
This topic describes how to configure the virtual upstream port of the multicast VLAN.
Background Information
l The configuration in IGMP snooping mode is the same as the configuration in IGMP proxy
mode. The difference, however, lies in the internal protocol processing.
l In IGMP snooping mode, the host function, prejoin function, unsolicited report function,
and the function of adding a program statically are not available.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp mode command to set the IGMP mode.
Step 3 Run the display igmp config vlan command to query the current IGMP mode.
----End
Example
To set the IGMP mode as IGMP proxy, do as follows:
huawei(config)#multicast-vlan 30
huawei(config-mvlan30)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
huawei(config-mvlan30)#display igmp config vlan
{ all<K>|vlanid<U><1,4093> }:30
Command:
display igmp config vlan 30
------------------------------------------------------------
IGMP mode : proxy
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : disable
Leave proxy switch : disable
Unsolicited report interval(s) : 10
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operation
Table 30-22 lists the related operation for configuring the IGMP mode.
Background Information
By default, the multicast VLAN runs in IGMP V3version. The procedure for configuring the
IGMP version is as follows:
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp version command to configure the IGMP version.
Step 3 Run the display igmp config vlan command to query the IGMP version information about the
multicast VLAN.
----End
Example
To configure the IGMP version of multicast VLAN 30 as V2, do as follows:
huawei(config)#multicast-vlan 30
huawei(config-mvlan30)#igmp version v2
huawei(config-mvlan30)#display igmp config vlan
{ all<K>|vlanid<U><1,4093> }:30
Command:
display igmp config vlan 30
------------------------------------------------------------
IGMP mode : proxy
IGMP version : IGMP V2
Log switch : enable
Default uplink port : -
Report proxy switch : disable
Leave proxy switch : disable
Unsolicited report interval(s) : 10
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operation
Table 30-23 lists the related operation for configuring the IGMP version.
Background Information
l When adding a program, configure the attributes of the program. The configurable
attributes include the program name, the multicast IP address, the bandwidth and the index
of a program, the index of the program preview profile, and the program source IP address.
l A program name contains up to 16 characters.
l The multicast IP address segment has the addresses ranging from 224.0.0.1 to 224.0.0.255.
These private addresses are used for transmitting the local protocol packets. The IP address
in this segment cannot be assigned to the multicast programs.
l The last 23 bits of the multicast IP address cannot be the same for different multicast
programs. Otherwise, a conflict of the mapping MAC addresses of the IP addresses occurs.
NOTE
l If the IGMP version of the multicast VLAN is V2, the program source information need not be entered when
you add a program in this VLAN.
l If the IGMP version of the multicast VLAN is V3, the program source information must entered when you
add a program in this VLAN.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp program add command to add the multicast program.
Step 3 Run the display igmp program command to query the multicast program information.
----End
Examples
Assume the following:
l Program name: BTV
l IP address of the program: 224.1.1.1
l Source IP address: 20.20.20.20
l Bandwidth of the program: 4 M
l Priority: 6
l Preview profile number: 2
l Other parameters: default settings
Related Operations
Table 30-24 lists the related operations for configuring the multicast program.
Modify the igmp program modify l You can modify only one
program program attribute at a time.
attributes l Batch modification of the
program name and the
modification of the program IP
address are not allowed.
l Modifying the priority and the
preview profile of a program
causes the associated user to go
offline.
Background Information
By default, the unsolicited report interval is 10s.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp unsolicited-report interval command to set the unsolicited report interval.
Step 3 Run the display igmp config vlan command to query the value of the unsolicited report interval.
----End
Example
To set the unsolicited report interval of multicast VLAN 10 to 100s, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp unsolicited-report interval 100
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : off
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : disable
Leave proxy switch : disable
Unsolicited report interval(s) : 100
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operations
Table 30-25 lists the related operations for setting the unsolicited report interval.
Table 30-25 Related operations for setting the unsolicited report interval
To... Run the Command...
Background Information
By default, the proxy of the IGMP leave packet in the multicast VLAN is disabled.
l When the proxy is enabled, the MA5600T reconstructs and forwards the IPoE leave packets
of the BTV user.
l When the proxy is disabled, the MA5600T forwards all the IPoE packets of the BTV user.
NOTE
l The proxy of the IGMP leave packet has no effect on the PPPoE packets.
l The proxy of the IGMP leave packet takes effect only in IGMP snooping mode.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp leave-proxy enable command to enable the proxy of the IGMP leave packet.
Step 3 Run the display igmp config vlan command to query the proxy status of the IGMP leave packet.
----End
Example
To enable the proxy of the IGMP leave packet in multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp leave-proxy enable
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : off
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : disable
Leave proxy switch : enable
Unsolicited report interval(s) : 100
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operations
Table 30-26 lists the related operations for enabling the proxy of the IGMP leave packet.
Table 30-26 Related operations for Enabling the proxy of the IGMP leave packet
To... Run the Command...
Background Information
l By default, the proxy of the IGMP report packet is disabled. With the proxy of the IGMP
report packet enabled, when the report packet of the user is sent, the system checks whether
this user is the first to order the program.
– If yes, the packet is forwarded to the upstream direction.
– If no, the packet is dropped.
l When the proxy is enabled, the proxy substitutes the user to create the IGMP report packet
in response to the upstream query packet, and only forwards the packet of adding the first
user.
l When the proxy is disabled, all the legal user's IGMP report packets are forwarded to the
upstream direction.
NOTE
l The proxy of the IGMP report packet takes effect only in IGMP snooping mode.
l The proxy can create and forward only the IPoE IGMP report packet.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp report-proxy enable command to enable the proxy of the IGMP report packet.
Step 3 Run the display igmp config vlan command to query the proxy status of the IGMP report packet.
----End
Example
To enable the proxy of the IGMP report packet in multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp report-proxy enable
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : snooping
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : enable
Leave proxy switch : enable
Unsolicited report interval(s) : 100
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operations
Table 30-27 lists the related operations for enabling the proxy of the IGMP report packet.
Table 30-27 Related operations for enabling the proxy of the IGMP report packet
Background Information
By default, the function of sending the global-leave packet is enabled.
l With this function enabled, when the MA5600T detects that the network topology changes,
the system sends the global-leave packet to the new upstream port.
l When this function is enabled and the multicast VLAN works in IGMP V2 version, if the
MA5600T detects that the network topology changes, the system sends the global-leave
packet to the new upstream port.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp send global-leave enable command to enable the function of sending the global-
leave packet.
Step 3 Run the display igmp config vlan command to query the status of the function of sending the
global-leave packet.
----End
Example
To enable the function of sending the global-leave packet on multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp send global-leave enable
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : off
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : enable
Leave proxy switch : enable
Unsolicited report interval(s) : 100
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operations
Table 30-28 lists the related operations for enabling the function of sending the global-leave
packet.
Table 30-28 Related operations for enabling the function of sending the global-leave packet
Background Information
The priority range of the IGMP packet in the multicast VLAN is from 0 to 7. The greater the
value of the priority, the higher the priority level. By default, the priority of the IGMP packet in
the multicast VLAN is 6.
NOTE
Only in IGMP proxy mode, the IGMP packet sent to the network by the MA5600T is processed based on the
IGMP packet priority in the multicast VLAN. When the IGMP mode is IGMP snooping, the priority of the
IGMP packet forwarded to the network by the MA5600T adopts that of the IGMP service flow.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp priority command to set the priority of the IGMP packet.
Step 3 Run the display igmp config vlan command to query the priority of the IGMP packet.
----End
Example
To set the priority of the IGMP packet in multicast VLAN 10 to 2, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp priority 2
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : off
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : enable
Leave proxy switch : enable
Unsolicited report interval(s) : 100
IGMP priority : 2
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operation
Table 30-29 lists the related operation for setting the priority of the IGMP packet.
Table 30-29 Related operation for setting the priority of the IGMP packet
Background Information
You can add a member to the multicast VLAN, only if the VLAN exists, and the user accessing
the member port is a BTV user. You can delete a BTV user, only if the user is a multicast VLAN
member.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp multicast-vlan member command to add the multicast VLAN member.
Step 3 Run the display igmp multicast-vlan member command to query the information about the
multicast VLAN member.
----End
Example
To add BTV user 0/2/0 (GEM Port ID: 130) as the member of multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp multicast-vlan member port 0/2/0 gemport 130
huawei(config-mvlan10)#display igmp multicast-vlan member vlan 10
BTV user(s) join the multicast vlan :
------------------------------------------------------------------------
0/2/0/130
------------------------------------------------------------------------
Total: 1
Related Operations
Table 30-30 lists the related operations for configuring the multicast VLAN member.
Table 30-30 Related operations for configuring the multicast VLAN member
Background Information
This function involves recording the online and offline information of the multicast user in the
multicast VLAN. By default, the logging function is enabled.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp log enable command to enable the logging function.
Step 3 Run the display igmp config vlan command to query the status of the logging function on the
multicast VLAN.
----End
Example
To enable the logging function on multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp log enable
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : off
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : enable
Leave proxy switch : enable
Unsolicited report interval(s) : 100
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
------------------------------------------------------------
Related Operation
Table 30-31 lists the related operation for enabling the logging function.
Background Information
After the IP address range of the multicast VLAN is configured to generate the program group
dynamically, only the multicast programs in this range can be generated dynamically when the
dynamic program generation mode is enabled.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp match group command to set the IP address range of the multicast VLAN to
generate the program group dynamically.
Step 3 Run the display igmp config vlan command to query the IP address range of the multicast
VLAN to generate the program group dynamically.
----End
Example
To set the IP address range of multicast VLAN 10 to generate the program group dynamically
from 224.20.20.20 to 224.20.20.29, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp match group ip 224.20.20.20 to-ip 224.20.20.29
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : off
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : enable
Leave proxy switch : enable
Unsolicited report interval(s) : 100
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : 224.20.20.20 ~ 224.20.20.29
------------------------------------------------------------
Related Operations
Table 30-32 lists the related operations for setting the IP address range of the multicast VLAN
to generate the program group dynamically.
Table 30-32 Related operations for setting the IP address range of the multicast VLAN to
generate the program group dynamically
Background Information
l The programs must be pre-configured when the program matching mode of the multicast
VLAN is enabled.
l The programs need not be pre-configured when the program matching mode of the
multicast VLAN is disabled. The programs are generated automatically once the user orders
them.
NOTE
When the program matching mode of the multicast VLAN switches, all program data in the multicast VLAN
are deleted. If a BTV user is online at that time, the user is forced to go offline.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp match mode command to enable the program matching mode of the multicast
VLAN.
Step 3 Run the display igmp config vlan command to query the status of the program matching mode
of the multicast VLAN.
----End
Example
To enable the program matching mode on multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp match mode enable
huawei(config-mvlan10)#display igmp config vlan 10
------------------------------------------------------------
IGMP mode : off
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : enable
Leave proxy switch : enable
Unsolicited report interval(s) : 100
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : 224.20.20.20 ~ 224.20.20.29
------------------------------------------------------------
Related Operation
Table 30-33 lists the related operation for enabling the program matching mode of the multicast
VLAN.
Table 30-33 Related operation for enabling the program matching mode of the multicast VLAN
Background Information
The multicast upstream port can belong to different multicast VLANs, and a multicast VLAN
can be configured with multiple virtual upstream ports.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp uplink-port command to configure the virtual upstream port of the multicast
VLAN.
Step 3 Run the display igmp uplink-port command to query the information about the virtual upstream
port of the multicast VLAN.
----End
Example
To configure port 0/9/0 as the virtual upstream port of multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10
huawei(config-mvlan10)#igmp uplink-port 0/9/0
huawei(config-mvlan10)#display igmp uplink-port all
---------------------------------------------
Port | Vlan | IGMP | V2 Router Present
| | version | Timer (s)
---------------------------------------------
0/9/0 10 IGMP V3 0
0/9/1 10 IGMP V3 0
---------------------------------------------
Total: 2
Note: # The port ID is beyond number of board port.
Related Operations
Table 30-34 lists the related operations for configuring the virtual upstream port.
Table 30-34 Related operations for configuring the virtual upstream port
To... Run the Command... Remarks
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
By default, the PIM-SSM function is disabled on the MA5600T. The following describes the
PIM-SSM function and its relationship with the PIM-SM function.
l Protocol Independent Multicast-Source Specific Multicast (PIM-SSM) applies to the
scenario where multiple multicast users share one multicast source, and the multicast users
know the source IP address of the multicast source in advance.
The designated router (DR) on the user side applies to the upper layer multicast router
through the protocols such as IGMP V3 for joining the specified multicast group towards,
and finally establishes the multicast distribution tree, namely the shortest path tree (SPT).
l PIM-SSM is implemented based on the Protocol Independent Multicast-Sparse Mode
(PIM-SM). PIM-SM is a multicast routing protocol in the sparse mode, and applies to the
large-scale network where the distribution of group members is sparse.
l PIM-SSM adopts only part of the PIM-SM technologies. It does not need to maintain the
rendezvous point (RP), establish the rendezvous point tree (RPT), or register the multicast
source. For PIM-SSM, the SPT can be directly established between the multicast sources
and the receivers.
The MA5600T supports the PIM-SSM protocol, but it does not support the PIM-SM
protocol.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the pim sm command to enable the PIM-SSM function on the VLAN L3 interface.
----End
Example
To enable the PIM-SSM function on VLAN interface 100, do as follows:
huawei(config)#interface vlanif 100
huawei(config-if-vlanif100)#pim sm
Related Operation
Table 30-35 lists the related operation for enabling the PIM-SSM function.
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l According to the PIM-SSM protocol, a DR must be elected from the shared-media LAN
to manage the registration of local multicast sources and joining of receivers.
A DR is elected based on the priority and the IP address. The routers mutually send Hello
messages carrying the priority parameter for electing a DR. The router with the highest
priority is elected as the DR. If the DR priority is the same, the router with the largest IP
address is elected as the DR.
l For a PIM router, the larger the DR priority value, the higher the priority. The DR priority
value is in the range of 0–4294967295. By default, it is 1.
l The command used for configuring the priority of a router for DR election in PIM mode
functions in the same way as the command used in VLAN interface mode. The difference
is that the MA5600T prefers the DR priority set in VLAN interface mode.
When the DR priority set in interface mode does not exist, the MA5600T uses the DR
priority set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the hello-option dr-priority command to set the DR priority of a PIM router in
PIM mode.
3. Run the quit command to exit PIM mode.
4. Run the display pim interface command to query the PIM information on the
interface.
l In VLAN interface mode, do as follows:
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the pim hello-option dr-priority command to set the DR priority of a PIM router
on a specified interface.
3. Run the quit command to exit VLAN interface mode.
4. Run the display pim interface command to query the PIM information on the
interface.
----End
Examples
To set the DR priority of a PIM router to 3 in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#hello-option dr-priority 3
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
PIM DR Priority (configured): 3
PIM neighbor count: 0
PIM hello interval: 30 s
PIM LAN delay (negotiated): 500 ms
PIM LAN delay (configured): 500 ms
PIM hello override interval (negotiated): 2500 ms
PIM hello override interval (configured): 2500 ms
PIM neighbor tracking (configured): disabled
PIM neighbor tracking (negotiated): disabled
PIM generation ID: 0X212532C8
PIM hello hold interval: 105 s
PIM hello assert interval: 454545 s
PIM triggered hello delay: 5 s
PIM J/P interval: 60 s
PIM J/P hold interval: 210 s
PIM BSR domain border: disabled
Number of routers on network not using DR priority: 0
Number of routers on network not using LAN delay: 0
Number of routers on network not using neighbor tracking: 1
Related Operations
Table 30-36 lists the related operations for setting the DR priority of a PIM router.
Table 30-36 Related operations for setting the DR priority of a PIM router
30.16.3 Setting the Interval for a PIM Router to Send Hello Messages
This topic describes how to set the interval for a PIM router to send Hello messages in PIM
mode or VLAN interface mode.
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The interval for a PIM router to send Hello messages must be less than the Hello holdtime
which is transmitted with the Hello messages sent by the router. For how to set the holdtime
for the PIM router to wait for the Hello messages, see "30.16.4 Setting the Holdtime for
Receiving the Hello Messages."
l The interval is in the range of 1–21474836s. By default, it is 30s.
l The command used for setting the interval for a PIM router to send Hello messages in PIM
mode functions in the same way as the command used in VLAN interface mode. The
difference is that the MA5600T prefers the interval set in VLAN interface mode.
When the interval set in VLAN interface mode does not exist, the MA5600T uses the
interval set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the timer hello command to set the interval for a PIM router to send Hello
messages in PIM mode.
3. Run the quit command to exit PIM mode.
4. Run the display pim interface command to query the PIM information on the
interface.
l In VLAN interface mode, do as follows:
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the pim timer hello command to set the interval for a PIM router to send Hello
messages in PIM mode.
3. Run the quit command to exit VLAN interface mode.
4. Run the display pim interface command to query the PIM information on the
interface.
----End
Examples
To set the interval for a PIM router to send Hello messages to 50s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#timer hello 50
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
To set the interval for a PIM router to send Hello messages to 80s on VLAN interface 500, do
as follows:
huawei(config)#interface vlanif 500
huawei(config-if-vlanif500)#pim timer hello 80
huawei(config-if-vlanif500)#quit
huawei(config)#display pim interface verbose
Related Operations
Table 30-37 lists the related operations for setting the interval for a PIM router to send Hello
messages.
Table 30-37 Related operations for setting the interval for a PIM router to send Hello messages
To... Run the Command...
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The holdtime for receiving the Hello messages refers to the valid time for a PIM router to
receive the Hello messages sent from a PIM neighbor. If no Hello messages are received
before the holdtime times out, the PIM router considers that the neighbor fails or is
unreachable. Note that the holdtime must be greater than the interval for a PIM router to
send Hello messages.
For how to set the interval for a PIM router to send Hello messages, see "30.16.3 Setting
the Interval for a PIM Router to Send Hello Messages."
l The holdtime is in the range of 1–65535s. By default, it is 105s.
l The command used for setting the holdtime of the Hello messages sent from a PIM neighbor
in PIM mode functions in the same way as the command used in VLAN interface mode.
The difference is that the MA5600T prefers the holdtime set in VLAN interface mode.
When the holdtime set in VLAN interface mode does not exist, the MA5600T uses the
holdtime set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the hello-option holdtime command to set the holdtime for receiving the Hello
messages.
Examples
To set the holdtime for receiving the Hello messages to 160s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#hello-option holdtime 160
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
To set the holdtime for receiving the Hello messages to 240s on VLAN interface 500, do as
follows:
huawei(config)#interface vlanif 500
huawei(config-if-vlanif500)#pim hello-option holdtime 240
huawei(config-if-vlanif500)#quit
huawei(config)#display pim interface verbose
Related Operations
Table 30-38 lists the related operations for setting the holdtime for receiving the Hello messages.
Table 30-38 Related operations for setting the holdtime for receiving the Hello messages
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The longest delay is used to prevent multiple PIM routers from concurrently sending Hello
messages when they are powered on simultaneously. After the longest delay is set, the
MA5600T selects a random value less than the set value to delay the transmission of Hello
messages. After the delay, the MA5600T sends the Hello message.
For example, if the longest delay is N seconds (s), the MA5600T selects a random value
between 0–Ns as the delay, and sends the Hello message to the neighbor after this delay.
l The longest delay is in the range of 1–5s. By default, it is 5s.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the pim triggered-hello-delay command to set the longest delay for triggering the
transmission of the Hello message.
Step 3 Run the quit command to exit VLAN interface mode.
Step 4 Run the display pim interface command to query the PIM information on the interface.
----End
Examples
To set the longest delay for triggering the transmission of the Hello message to 4s on VLAN
interface 500, do as follows:
huawei(config)#interface vlanif 500
huawei(config-if-vlanif500)#pim triggered-hello-delay 4
huawei(config-if-vlanif500)#quit
huawei(config)#display pim interface verbose
Related Operation
Table 30-39 lists the related operation for setting the longest delay for triggering the transmission
of the Hello message.
Table 30-39 Related operation for setting the longest delay for triggering the transmission of
the Hello message
To... Run the Command...
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The length of the Join/Prune messages is in the range of 100–1500 bytes. By default, it is
1500 bytes.
l The number of (S, G) entries contained in the Join/Prune messages sent every second is in
the range of 1–4096. By default, it is 1020.
Procedure
l Set the length of the Join/Prune messages to be sent.
1. Run the pim command to enter PIM mode.
2. Run the jp-pkt-size command to set the size of the Join/Prune messages to be sent.
l Set the number of (S, G) entries contained in the packets sent every second.
1. Run the pim command to enter PIM mode.
2. Run the jp-queue-size command to set the number of (S, G) entries contained in the
packets sent every second.
----End
Examples
To set the size of the Join/Prune messages to be sent to 1100 bytes, do as follows:
huawei(config)#pim
huawei(config-pim)#jp-pkt-size 1100
To set the number of (S, G) entries contained in the packets sent every second to 1000, do as
follows:
huawei(config)#pim
huawei(config-pim)#jp-queue-size 1000
Related Operations
Table 30-40 lists the related operations for setting the specifications of the Join/Prune messages.
Table 30-40 Related operations for setting the specifications of the Join/Prune messages
To... Run the Command...
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The interval is in the range of 1–2147483647s. By default, it is 60s.
l The command used for setting the interval for sending the Join/Prune messages in PIM
mode functions in the same way as the command used in VLAN interface mode. The
difference is that the MA5600T prefers the interval set in VLAN interface mode.
When the interval set in VLAN interface mode does not exist, the MA5600T uses the
interval set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the timer join-prune command to set the interval for sending the Join/Prune
messages in PIM mode.
3. Run the quit command to exit PIM mode.
4. Run the display pim interface command to query the PIM information on the
interface.
l In VLAN interface mode, do as follows:
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the pim timer join-prune command to set the interval for sending the Join/Prune
messages in VLAN interface mode.
3. Run the quit command to exit VLAN interface mode.
4. Run the display pim interface command to query the PIM information on the
interface.
----End
Examples
To set the interval for sending the Join/Prune messages to 100s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#timer join-prune 100
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
To set the interval for sending the Join/Prune messages to 120s on VLAN interface 500, do as
follows:
huawei(config)#interface vlanif 500
huawei(config-if-vlanif500)#pim timer join-prune 120
huawei(config-if-vlanif500)#quit
huawei(config)#display pim interface verbose
Related Operations
Table 30-41 lists the related operations for setting the interval for sending the Join/Prune
messages.
Table 30-41 Related operations for setting the interval for sending the Join/Prune messages
To... Run the Command...
Restore the interval for sending the undo pim timer join-prune
Join/Prune messages to the default
value in VLAN interface mode
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The Hello messages sent by a PIM router carry the lan-delay (message transmission delay)
parameter and the override-interval (prune override interval) parameter. The lan-delay
parameter indicates the delay for message transmission in a LAN. If the lan-delay values
of all the routers along a link are different, the routers negotiate to select a maximum value.
l lan-delay + override-interval = PPT, where PPT indicates the delay for a current router to
perform pruning after it receives the Prune message from a downstream router. Pruning
suppresses the downstream interface forwarding. If the downstream Prune override
message is received during the PPT, the router cancels the pruning.
For how to configure the override-interval, see "30.16.9 Setting the Interval for a PIM
Router to Override Pruning."
l The delay is in the range of 1–32767 ms. By default, it is 500 ms.
l The command used for setting the delay for a PIM router to perform pruning in PIM mode
functions in the same way as the command used in VLAN interface mode. The difference
is that the MA5600T prefers the delay set in VLAN interface mode.
When the delay set in VLAN interface mode does not exist, the MA5600T uses the delay
set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the hello-option lan-delay command to set the delay for a PIM router to perform
pruning in PIM mode.
3. Run the quit command to exit PIM mode.
4. Run the display pim interface command to query the PIM information on the
interface.
l In VLAN interface mode, do as follows:
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the pim hello-option lan-delay command to set the delay for a PIM router to
perform pruning on a specified interface.
3. Run the quit command to exit VLAN interface mode.
4. Run the display pim interface command to query the PIM information on the
interface.
----End
Examples
To set the delay for a PIM router to perform pruning to 600 ms in PIM mode, do as follows:
NOTE
The delay set in this operation is the PIM LAN delay (configured) displayed in the response to the display
pim interface command. The value is carried in the Hello messages for negotiation.
After the routers along a link complete the negotiation, a negotiated value is obtained, which is the PIM
LAN delay (negotiated) displayed in the response to the display pim interface command. This negotiated
value is the lan-delay that takes effect. The rule for negotiation is to choose the maximum value among the
delay values of all the PIM routers.
huawei(config)#pim
huawei(config-pim)#hello-option lan-delay 600
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
To set the delay for a PIM router to perform pruning to 700 ms on VLAN interface 500, do as
follows:
huawei(config)#interface vlanif 500
huawei(config-if-vlanif500)#pim hello-option lan-delay 700
huawei(config-if-vlanif500)#quit
huawei(config)#display pim interface verbose
Related Operations
Table 30-42 lists the related operations for setting the delay for a PIM router to perform pruning.
Table 30-42 Related operations for setting the delay for a PIM router to perform pruning
Restore the delay for a PIM router undo pim hello-option lan-delay
to perform pruning to the default
value in VLAN interface mode
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The Hello messages sent by a PIM router carry the message transmission delay (lan-delay)
and the prune override interval (override-interval). The lan-delay parameter indicates the
delay for message transmission in a LAN.
The override-interval parameter indicates the interval for a downstream router to override
pruning. If the override-interval values of all the routers along a link are different, the routers
negotiate to select a maximum value.
l lan-delay + override-interval = PPT, where PPT indicates the delay for a current router to
perform pruning after it receives the Prune message from a downstream router. Pruning
suppresses the downstream interface forwarding. If the downstream Prune override
message is received during the PPT, the router cancels the pruning.
For how to configure the lan-delay, see "30.16.8 Setting the Delay for a PIM Router to
Perform Pruning."
l When a router receives a Prune message on the upstream interface, it indicates that other
downstream routers exist in this LAN. If this router still needs to receive the multicast data,
it must send the Prune override message to the upstream router during the override-interval.
l The interval is in the range of 1–65535 ms. By default, it is 2500 ms.
l The command used for setting the delay for a PIM router to override pruning in PIM mode
functions in the same way as the command used in VLAN interface mode. The difference
is that the MA5600T prefers the interval set in VLAN interface mode.
When the interval set in VLAN interface mode does not exist, the MA5600T uses the
interval set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the hello-option override-interval command to set the delay for a PIM router
to override pruning in PIM mode.
3. Run the quit command to exit PIM mode.
4. Run the display pim interface command to query the PIM information on the
interface.
l In VLAN interface mode, do as follows:
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the pim hello-option override-interval command to set the interval for a PIM
router to override pruning on a specified interface.
3. Run the quit command to exit VLAN interface mode.
4. Run the display pim interface command to query the PIM information on the
interface.
----End
Examples
To set the interval for a PIM router to override pruning to 2800 ms in PIM mode, do as follows:
NOTE
The interval set in this operation is presented as the PIM hello override interval (configured) in the display
pim interface command. The value is carried in the Hello messages for negotiation. After the routers along
a link complete the negotiation, a negotiated value is obtained, which is presented as the PIM hello override
interval (negotiated) in the display pim interface command. This negotiated value is the override-interval
that takes effect. The rule for negotiation is to choose the maximum value among the interval values of all
the PIM routers.
huawei(config)#pim
huawei(config-pim)#hello-option override-interval 2800
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
To set the interval for a PIM router to override pruning to 3000 ms on VLAN interface 500, do
as follows:
huawei(config)#interface vlanif 500
huawei(config-if-vlanif500)#pim hello-option override-interval 3000
huawei(config-if-vlanif500)#quit
huawei(config)#display pim interface verbose
Related Operations
Table 30-43 lists the related operations for setting the delay for a PIM router to override pruning.
Table 30-43 Related operations for setting the delay for a PIM router to override pruning
Restore the delay for a PIM router undo pim hello-option override-interval
to override pruning to the default
value in VLAN interface mode
30.16.10 Setting the Holdtime for a PIM Router to Maintain the Join
Status of a Downstream Interface
This topic describes how to set the holdtime for a PIM router to maintain the join status of a
downstream interface in PIM mode or VLAN interface mode.
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l The Join/Prune messages carry the holdtime. If a receiving router does not receive any Join
messages within the holdtime, it deletes the downstream interfaces. In general, the holdtime
is 3.5 times greater than the interval for sending the Join/Prune messages.
For how to configure the interval for sending the Join/Prune messages, see "30.16.7 Setting
the Interval for Sending the Join/Prune Messages."
l The holdtime is in the range of 1–65535s. By default, it is 210s.
l The command used for setting the holdtime for a PIM router to maintain the join status of
a downstream interface in PIM mode functions in the same way as the command used in
VLAN interface mode. The difference is that the MA5600T prefers the holdtime set in
VLAN interface mode.
When the holdtime set in VLAN interface mode does not exist, the MA5600T uses the
holdtime set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the holdtime join-prune command to set the holdtime for a PIM router to
maintain the joinf status of a downstream interface in PIM mode.
3. Run the quit command to exit PIM mode.
4. Run the display pim interface command to query the PIM information on the
interface.
l In VLAN interface mode, do as follows:
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the pim holdtime join-prune command to set the holdtime for a PIM router to
maintain the join status of a downstream interface in VLAN interface mode.
3. Run the quit command to exit VLAN interface mode.
4. Run the display pim interface command to query the PIM information on the
interface.
----End
Examples
To set the holdtime for a PIM router to maintain the join status of a downstream interface to
220s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#holdtime join-prune 220
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
To set the holdtime for a PIM router to maintain the join status of a downstream interface to
215s on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500
huawei(config-if-vlanif500)#holdtime join-prune 215
huawei(config-if-vlanif500)#quit
Related Operations
Table 30-44 lists the related operations for setting the holdtime for a PIM router to maintain the
join status of a downstream interface.
Table 30-44 Related operations for setting the holdtime for a PIM router to maintain the join
status of a downstream interface
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.
Context
l Perform this operation to specify the range of the PIM-SSM multicast addresses. All the
interfaces enabled with the PIM-SSM protocol consider that the multicast groups within
the range adopt the PIM-SSM mode.
l By default, the range of the PIM-SSM multicast addresses is 232.0.0.0/8.
Procedure
Step 1 Run the acl command to enter acl-basic mode.
NOTE
The ACL must be a basic ACL, which is in the range of 2000–2999.
Step 2 Run the rule permit source command to configure the ACL rule to define the permitted source
IP addresses as the PIM-SSM multicast addresses.
Step 3 Run the quit command to exit acl-basic mode.
Step 5 Run the ssm-policy command to apply the configured ACL rule to specify the range of the PIM-
SSM multicast addresses.
----End
Example
To set the range of the PIM-SSM multicast addresses as 232.1.0.0/16, do as follows:
huawei(config)#acl 2000
huawei(config-acl-basic-2000)#rule permit source 232.1.0.0 0.0.255.255
huawei(config-acl-basic-2000)#quit
huawei(config)#pim
huawei(config-pim)#ssm-policy 2000
Related Operation
Table 30-45 lists the related operation for setting the range of the PIM-SSM multicast addresses.
Table 30-45 Related operation for setting the range of the PIM-SSM multicast addresses
Background Information
l Only when the bandwidth management function is enabled that the bandwidth can be
managed.
l If the used bandwidth exceeds the allocated one, the system checks as follows.
– If the number of the programs being watched exceeds the maximum value, the system
delivers the group-specific query message to all the programs being watched. If there
are some programs which are not being watched (while the MA5600T has regarded
them being watched), the system deletes them from the user program list. In this case,
the number of programs being watched can be released.
– If the user's residual bandwidth is not enough, the system delivers the group-specific
query message to all the programs being watched. If there are some programs which
are not being watched while the MA5600T has regarded them being watched for some
reason, the system deletes them from the user program list. In this case, some occupied
bandwidth can be released.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp bandwidthCAC command to enable the bandwidth management function.
Step 3 Run the display igmp config global command to display the bandwidth management function.
----End
Example
To enable bandwidth management of IGMP proxy, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp bandwidthcac enable
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 05:00:00
Auto create log interval(h) : 2
Related Operation
Table 30-46 lists the related operation for enabling the bandwidth management function.
Table 30-46 Related operation for enabling the bandwidth management function
To… Run the Command…
Background Information
l By default, the system names the 2000 profiles as profile 1, profile 2, …, and profile N.
l The program authority can only be any one of watch, preview, forbidden and idle.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp profile command to add the authority to watch program “BTV-1” to profile 1.
Step 3 Run the display igmp profile command to display the configuration of the authority profile.
----End
Example
To add program “BTV-1” with authority of watch to profile 1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp profile profile-name profile1 program-name BTV-1 watch
huawei(config-btv)#display igmp profile profile-name profile1
Profile index : 1
Profile name : Profile1
Program number : 1
User Reference Number : 0
-----------------------------------------------
Program name IP address Right
-----------------------------------------------
BTV-1 224.1.1.1 watch
-----------------------------------------------
Total:1
Related Operation
Table 30-47 lists the related operation for modifying an authority profile.
Background Information
l The new authority profile name cannot be identical to an existing one.
l The authority profile name is not case sensitive.
Procedure
Step 1 Run the igmp profile rename command to rename an authority profile.
Step 2 Run the display igmp profile command to display the authority profile.
----End
Example
To rename profile 1 as "VIP-channel", do as follows:
huawei(config-btv)#igmp profile rename profile1 VIP-channel
huawei(config-btv)#display igmp profile all
----------------------------------------------------------------------
index Profile name Program number User Reference Number
----------------------------------------------------------------------
0 Profile0 1 0
1 VIP-channel 0 0
2 Profile2 0 0
3 Profile3 0 0
4 Profile4 0 0
5 Profile5 0 0
6 Profile6 0 0
7 Profile7 0 0
8 Profile8 0 0
9 Profile9 0 0
10 Profile10 0 0
11 Profile11 0 0
12 Profile12 0 0
13 Profile13 0 0
14 Profile14 0 0
15 Profile15 0 0
16 Profile16 0 0
17 Profile17 0 0
18 Profile18 0 0
19 Profile19 0 0
---- More ( Press 'Q' to break ) ----
Background Information
l When adding a BTV user, you must specify a PVC for carrying IGMP packets for this user.
l Each BTV user can watch up to eight programs at the same time. By default, a BTV user
can watch eight programs at the same time.
l An authentication (auth) user must be bound with some authority profiles to watch the
programs. The user who does not need authentication (no-auth) can watch all programs in
the multicast server. In this case, no authority needs to be configured for the user.
l You can add a user only when both the PVC for carrying IGMP packets and the PVC for
carrying the program stream exist.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user add command to add a BTV user.
Step 3 Run the display igmp user command to display the BTV user.
----End
Example
To add a user under port 0/11/0 as a BTV user (no-auth user), do as follows:
To add a user (GEM Port ID: 150) under port 0/11/0 as a BTV user (no-auth user), with quick
leave function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user add port 0/11/0 no-auth
huawei(config-btv)#igmp user add port 0/11/0 gemport 150 user-vlan 10 no-auth
quickleave enable
huawei(config-btv)#display igmp user port 0/11/0 gemport 150
{ <cr>|grant-program-list<K> }:
Command:
display igmp user port 0/11/0 gemport 150
User : 0/11/0
State : offline
Authentication : no-auth
Quick leave : enable
IGMP Interface : 150
IGMP flow Type : vlan
IGMP flow Parameter : 10
Video Interface :
Video flow Type : -
Video flow Parameter : -
Log switch : enable
Bind profiles : -
IGMP version : -
Available programs : 1
Mode : snooping
Process After Auth Fail : forward
Used bandwidth(kbps) : 0
The percentage of used
bandwidth to port rate(%) : 0
Gpon Max-bandwidth(kbps) : 10240
quick leave time(0.1s) : 0
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operations
Table 30-48 lists the related operations for adding a BTV user.
Background Information
The user attributes include authorization, quick leave, log switch, and maximum number of
channel programs to be watched.
You can modify only one attribute of a user at a time.
Procedure
Step 1 Run the btv to enter BTV mode.
Step 2 Run the igmp user modify command to modify the attributes of a user.
Step 3 Run the display igmp user command to query the multicast user information.
----End
Example
To modify user 0/2/0 as a user who needs authorization, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user modify port 0/11/0 auth
Are you sure to modify user by port?(y/n)[n]:y
Operation is running, please waiting...
huawei(config-btv)#display igmp user all
Operation is running, please waiting...
----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Log Available
profiles leave Interface switch programs
----------------------------------------------------------------------------
0/11/0 0 offline auth enable auto enable 8
----------------------------------------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID.
huawei(config-btv)#display igmp user all
Operation is running, please waiting...
-----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Video Log Available
profiles leave Interface Interface switch programs
-----------------------------------------------------------------------------
0/2/0/0 0 block auth enable 150 enable 1
0/2/1/0 1 offline auth enable 150 enable no-limit
-----------------------------------------------------------------------------
Total: 2
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operations
Table 30-49 lists the related operations for modifying the attributes of a user.
Background Information
After a BTV user is blocked, the user is disconnected from the program that the user is watching.
l If the IP address or index of the program being watched is not specified, the system blocks
the user port. In addition, the user's access requests for any program after the user goes
offline are denied until the user is unblocked.
l If the IP address or index of the program being watched is specified, the system only blocks
the specified program. After the user gets offline, the user still can demand any program
except the blocked one.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user block command to block a BTV user.
Step 3 Run the display igmp user command to display the information on the BTV user.
----End
Example
To block user 0/11/0, do as follows:
To block a user (GEM Port ID: 150) under port 0/11/0, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user block port 0/11/0
huawei(config)#btv
huawei(config-btv)#igmp user block port 0/2/0 gemport 150
Are you sure to block user by port?(y/n)[n]:y
huawei(config-btv)#display igmp user port 0/11/0 gemport 150
{ <cr>|grant-program-list<K> }:
Command:
display igmp user port 0/11/0 gemport 150
User : 0/11/0/0
State : block
Authentication : no-auth
Quick leave : enable
IGMP Interface : 150
IGMP flow Type : vlan
IGMP flow Parameter : 10
Video Interface :
Related Operation
Table 30-50 lists the related operation for blocking a BTV user.
Background Information
l A user port can be bound with multiple profiles. However, "no-auth" user cannot be bound
with any profile.
l Up to 128 profiles can be bound to a user.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user bind-profile command to bind an authority profile.
Step 3 Run the display igmp user command to display the authority profile bound with the user.
----End
Example
To bind user 0/11/0 with "profile0", do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user bind-profile port 0/11/0 profile-name profile0
huawei(config)#btv
huawei(config-btv)#igmp user bind-profile port 0/11/0 gemport 150 profile-name
profile0
Command:
display igmp user port 0/11/0 gemport 150
User : 0/11/0/0
State : offline
Authentication : auth
Quick leave : enable
IGMP Interface : 150
IGMP flow Type : vlan
IGMP flow Parameter : 10
Video Interface :
Video flow Type : -
Video flow Parameter : -
Log switch : enable
Bind profiles : 1
IGMP version : -
Available programs : no-limit
Mode : snooping
Process After Auth Fail : forward
Used bandwidth(kbps) : 0
The percentage of used
bandwidth to port rate(%) : 0
Gpon Max-bandwidth(kbps) : 10240
quick leave time(0.1s) : 0
Bind profile list
---------------------------------------------
index Profile name Program number
---------------------------------------------
0 Profile0 1
---------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operation
Table 30-51 lists the related operation for binding a user with an authority profile.
Table 30-51 Related operation for binding a user with an authority profile
Background Information
Before enabling the switch of monitoring the BTV user, you must perform the following
operations:
l Run the terminal debugging command to enable the debugging information output switch.
l Run the debugging igmp all command to enable all the debugging switches in the system.
Procedure
Run the debugging igmp command to enable the switch of monitoring the BTV user.
----End
Example
To enable the switch of monitoring BTV user port 0/11/0, do as follows:
huawei(config)#debugging igmp port 0/11/0 gemport 150
Related Operation
Table 30-52 lists the related operation for enabling the switch of monitoring BTV users.
Table 30-52 Related operation for enabling the switch of monitoring BTV users
Background Information
All parameters of the default preview profile with the index of 0 adopts the default settings:
l The maximum preview time is 120s.
l The maximum preview count is 8.
l The minimum preview interval is 120s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp preview-profile add command to configure the multicast preview profile.
Step 3 Run the display igmp preview-profile command to query the multicast preview profile.
----End
Example
To add preview profile with the index of 2, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview-profile add index 2 interval 60 duration 200 times
8
huawei(config-btv)#display igmp preview-profile index 2
Preview profile Index: 2
Preview duration(s): 200
Preview interval(s): 60
Preview count: 8
Program reference number: 3
Related Operations
Table 30-53 lists the related operation for configuring the preview profile.
Background Information
With the preview function disabled, users with preview authority cannot view any program.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp preview enable command to enable the IGMP preview function.
Step 3 Run the display igmp config global command to check whether the preview function is enabled.
----End
Example
To enable the IGMP preview function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview enable
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-54 lists the related operation for enabling the preview function.
Background Information
By default, the preview auto reset time is 04:00:00 am each day.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp preview auto-reset-time command to set the preview auto reset time.
Step 3 Run the display igmp config global command to display the display the preview auto reset time.
----End
Example
To set the preview auto reset time as 05:00:00 am each day, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview auto-reset-time 05:00:00
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 05:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operations
Table 30-55 lists the related operations for setting the preview auto reset time.
Table 30-55 Related operations for setting the preview auto reset time
Restore the default preview auto reset undo igmp preview auto-reset-time
time
Reset the record of the preview logout igmp preview reset record
time manually
Reset the record of the preview logout igmp preview reset count
count manually
Background Information
The system records the previous preview logout time automatically. If a user previews a program
at an interval smaller than the value preset by running the igmp preview program command,
the user is not allowed to preview the program again.
Procedure
l Reset the record of the preview logout time manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset record command to clear all the records of the preview
logout time manually.
l Reset the record of the preview logout count manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset count command to clear all the records of the preview
logout count manually.
----End
Examples
To clear all the records of the preview logout time manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
To clear all the records of the preview logout count manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
Related Operation
Table 30-56 lists the related operation for resetting the preview record.
This topic describes how to set the automatic log generation interval for a long-time online user.
30.21.3 Configuring the Log Reporting
This topic describes how to configure the log reporting function.
30.21.4 Collecting the Log Statistics
This topic describes how to collect the statistics on user logs for audience statistics.
Background Information
By default, the logging function is enabled.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp log enable command to enable the logging function on the multicast VLAN.
Step 3 Run the display igmp config vlan command to display the logging status on the multicast
VLAN.
----End
Example
To enable the IGMP proxy logging function on multicast VLAN 1, do as follows:
huawei(config)#multicast-vlan 1
huawei(config-mvlan1)#igmp log enable
huawei(config-btv)#display igmp config vlan
{ all<K>|vlanid<U><1,4093> }:1
--------------------------------------------------------------------
IGMP mode : snooping
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : disable
Leave proxy switch : disable
Unsolicited report interval(s) : 10
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
--------------------------------------------------------------------
Related Operations
Table 30-57 lists the related operations for enabling the logging function on the multicast
VLAN.
Table 30-57 Related operations for enabling the logging function on the multicast VLAN
To… Run the Command…
Disable the IGMP proxy logging function igmp proxy log disable
Background Information
The MA5600T can record the logs automatically. When a user watches a program for a long
time, and the time exceeds the time interval for generating the log, the system generates a log
automatically. This log can be used for billing in case that no log is generated when a user gets
offline abnormally after watching a program for a long time.
By default, the logging interval for the user is online of long duration is two hours.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy log-interval command to set the logging interval.
Step 3 Run the display igmp config global command to display the set logging interval.
----End
Example
To set the log generation interval as one hour, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy log-interval 1
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 05:00:00
Auto create log interval(h) : 1
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
Related Operation
Table 30-58 lists the related operation for setting the logging interval.
Background Information
The logs are reported based on the combination of port, program IP address, and time range.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp log report command to configure the log report function.
----End
Example
To report the logs of program 225.1.1.1 under VLAN 1 generated during the period from
2006-1-10 9:00:00 to 2006-1-10 18:30:00, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp log report ip 225.1.1.1 vlan 1 time 2006-1-10 9:00:00 end
2006-1-10 18:30:00
Reporting log has finished
Reported log number: 50
Related Operations
Table 30-59 lists the related operations for configuring the log reporting.
Stopping the log igmp log stop-report If the system is reporting the
reporting user log, the command stops
the log reporting. If not, the
system prompts errors.
Background Information
The log statistics mainly include the programs ordered and related time parameters, can be
regarded as the dynamic on-demand information.
You can collect the statistics based on a pot, an IP address, or all users.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the display igmp log command to display the logs.
----End
Example
To collect the statistics on all user logs, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp log all
------------------------------------------------------------------------------
Port Program-IP Vlan Mode Join-time Leave-time
------------------------------------------------------------------------------
0/14/0 224.1.1.1 - N 2007-04-10 21:11:06 2007-04-10 21:11:06
0/14/0 224.1.1.1 - N 2007-04-10 21:10:54 2007-04-10 21:10:54
0/14/0 239.255.255.250 20 W 2007-04-10 10:57:38 2007-04-10 11:13:26
0/14/0 224.1.1.1 20 W 2007-04-10 11:06:45 2007-04-10 11:13:24
0/14/0 224.1.1.1 20 W 2007-04-10 11:05:25 2007-04-10 11:06:35
0/14/0 224.1.1.1 20 W 2007-04-10 10:57:38 2007-04-10 11:04:18
------------------------------------------------------------------------------
Total: 6
Note: P(Mode) indicates preview, W(Mode) indicates watch,
N(Mode) indicates no authority
Background Information
The system can keep up to 10,240 multicast CDRs.
When configuring the servers, configure the primary server first. Make sure that the IP addresses
of the primary and secondary servers are different.
Automatic CDR reporting is enabled when either of the following conditions is met:
l No CDR is reported during the set time period (60–3600s), and there are some CDRs in
the system which need to be reported.
l The number of the CDRs in the system reaches the reporting threshold (100–200).
Procedure
Step 1 Run the backup-server cdr primary command to configure the primary server.
Step 2 Run the backup-server cdr secondary command to configure the secondary server.
Step 3 Run the btv command to enter BTV mode.
Step 4 Run the igmp cdr-interval command to set the interval threshold for automatic CDR reporting.
Step 5 Run the igmp cdr-number command to set the quantity threshold for automatic CDR reporting.
Step 6 Run the display igmp config global command to display the thresholds for automatic CDR
reporting.
----End
Example
Assume the following:
l The IP address of the primary server: 10.10.10.1
l The IP address of the secondary server: 10.10.10.2
l The user name: user1
l The password: no password 321
l The interval threshold for automatic CDR reporting: 500s
l The quantity threshold for auto CDR reporting: 140
To enable the automatic CDR reporting function, do as follows:
huawei(config)#backup-server cdr primary 10.10.10.1 ftp user1 nopassword
huawei(config)#backup-server cdr secondary 10.10.10.2 ftp user1 nopassword
huawei(config)#btv
huawei(config-btv)#igmp cdr-interval 500
huawei(config-btv)#igmp cdr-number 140
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 200
V2 General query response time(0.1s) : 100
V3 General query response time(0.1s) : 200
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
V3 Specific query response time(0.1s) : 5
Specific query number : 5
V2 router present timeout(s) : 500
User action report switch : enable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 1
Uplink port mode : default
Bandwidth management switch : enable
Related Operations
Table 30-60 lists the related operations for setting the automatic CDR reporting.
Table 30-60 Related operations for setting the automatic CDR reporting
To… Run the Command… Remarks
Restore the default undo igmp cdr-number By default, the quantity is 200.
quantity threshold for
automatic CDR reporting
Restore the default undo igmp cdr-interval By default, the interval is 600s.
interval threshold for
automatic CDR reporting
This topic describes how to configure the triple play service supported by the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
31.1 Overview
This topic describes the description and specifications of the triple play service.
31.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services
This topic provides an example for configuring the triple play service - multiple PVCs for
multiple services. Users connects to multiple terminals through the home gateway to implement
multiple services, such as Internet, VoIP and IPTV services.
31.3 Configuration Example of Triple Play -
This topic provides an example for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN). Users connects to multiple terminals through the home
gateway to implement multiple services, such as Internet, VoIP and IPTV services.
31.4 Configuration Example of Triple Play - Based on 802.1p
This operation shows how to configure the triple play - single PVC for multiple services (based
on 802.1p). Users connects to multiple terminals through the home gateway to implement
multiple services, such as Internet, VoIP and IPTV services.
31.5 Configuration Example of Triple Play - Based on the Service Encapsulation Type
This operation shows how to configure the triple play service - single PVC for multiple services
(based on service encapsulation type). Users connects to multiple terminals through the home
gateway to implement multiple services, such as Internet, VoIP and IPTV services.
31.6 Configuration Example of Triple Play
This topic describes how to configure the triple play service. Users connects to multiple terminals
through the home gateway to implement multiple services, such as Internet, VoIP and IPTV
services.
31.1 Overview
This topic describes the description and specifications of the triple play service.
Service Description
With the rapid development of the broadband services, more and more users demand high
bandwidth for abundant services such as video service, voice service, and data service.
For details on the triple play service, refer to "Triple Play" in the MA5600T Feature
Description.
Service Specification
The MA5600T can support the triple play service.
In the triple play application, the VoIP, IPTV, and Internet services are transmitted over one
cable to the MA5600T through the home gateway or the optical access modem in a centralized
manner.
l The VoIP and IPTV services adopt DHCP method. The DHCP option60 domain is used to
identify different terminals. The MA5600T can identify different DHCP option60 domains,
and transmit packets of different terminals to different DHCP servers. In this way, the
terminals can obtain IP addresses from the corresponding DHCP servers.
l Point-to-Point over Ethernet (PPPoE) is used for Internet service access.
Table 31-1 shows the modes supported by the MA5600T to provide the triple player service.
Mode Description
Single PVC for multiple It is unnecessary to configure the existing modem. The PVC
services resources are saved.
l When it differentiates the service traffic based on user-side
VLAN:
Prerequisites
l The network devices and lines must be in the normal state.
l All kinds of boards of the device run in the normal state.
Networking
Figure 31-1 shows an example network for configuring the triple play service - multiple PVCs
for multiple services.
Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking.
Internet, VoIP and IPTV services are borne on one PVC of the service port respectively. Internet
service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP address
in DHCP standard mode from the DHCP server. After different service streams access to the
MA5600T, the device provides different QoS guarantee for service streams based on the traffic
priority in the PVC.
Figure 31-1 Example network for configuring the triple play service - multiple PVCs for
multiple services
Muticast source
OSS & RADIUS Server/RADIUS Proxy
NMS
GW
IPTV DHCP Server
L L
F F
GE 0/9/0
SCU MA5600T
Home gateway 1 Home gateway 2
STB STB
Ephone PC TV Ephone PC TV
Data Plan
Table 31-2 provides the data plan for configuring the triple play service - multiple PVCs for
multiple services.
Table 31-2 Data plan for configuring the triple play service
Item Data
ADLF board Downstream ports 0/11/0 and 0/12/0. The ports use the default line
profile.
VoIP: 1 Mbit/s
Item Data
IPTV: no restriction
Program library
IGMP user User 1 connected to port 0/11/0 can watch all programs.
Configuration Flowchart
Figure 31-2 shows the flowchart for configuring the triple play service-multiple PVCs for
multiple services.
Figure 31-2 Flowchart for configuring the triple play service-multiple PVCs for multiple
services
Start
Internet IPTV
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and its upstream port.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/9 0
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
Add the service port to the VLAN and use traffic profile 9.
huawei(config)#service-port 100 vlan 4 adsl 0/11/0 vpi 0 vci 35 rx-cttr 9
tx-cttr 9
huawei(config)#service-port 101 vlan 4 adsl 0/12/0 vpi 0 vci 35 rx-cttr 9
tx-cttr 9
huawei(config)#interface vlanif 4
huawei(config-if-vlanif4)#ip address 10.2.2.1 24
huawei(config-if-vlanif4)#dhcp-server 2
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can realize dial-up access to the Internet in the PPPoE mode.
l The VoIP user can make VoIP phones.
l IPTV user: The user connected to port 0/11/0 can watch all programs, and the user
connected to port 0/12/0 can watch program BTV-1 only.
Prerequisites
l The network devices and lines must be in the normal state.
l All kinds of boards of the device run in the normal state.
Networking
Figure 31-3 shows an example network for configuring the triple play service - single PVC for
multiple services (based on the user-side VLAN).
Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking.
Internet, VoIP and IPTV service streams are borne on one PVC together. After different service
streams access to the MA5600T, the services are classified based on the user-side VLAN ID,
and the MA5600T provides different QoS guarantee for service streams based on the traffic
priority in the PVC. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP
mode and obtain IP addresses in DHCP standard mode from the DHCP server.
Figure 31-3 Example network for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN)
Muticast source
OSS & RADIUS Server/RADIUS Proxy
NMS
GW
IPTV DHCP Server
L L
F F
GE 0/9/0
SCU MA5600T
Home gateway 1 Home gateway 2
STB STB
Ephone PC TV Ephone PC TV
Data Plan
Table 31-3 provides the data plan for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN).
Table 31-3 Data plan for configuring the triple play service - single PVC for multiple services
(based on the user-side VLAN)
Item Data
ADLF board Service ports 0/11/0 and 0/12/0. The ports use the default line
profile.
VPI/VCI: 0/35
Item Data
Program library
Authority profile Sets profile 0 with the authority to watch program BTV-1.
IGMP user User 1 connected to port 0/11/0 can watch all programs.
Configuration Flowchart
Figure 31-4 shows the flowchart for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN).
Figure 31-4 Flowchart for configuring the triple play service - single PVC for multiple services
(based on the user-side VLAN)
Start
Internet IPTV
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and its upstream port.
huawei(config)#vlan 102 smart
huawei(config)#port vlan 102 0/9 0
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can realize dial-up access to the Internet in PPPoE mode.
l The VoIP user can make VoIP phones.
l IPTV user: The user connected to port 0/11/0 can watch all programs, and the user
connected to port 0/12/0 can watch program BTV-1 only.
Prerequisites
l The network devices and the lines must be in the normal state.
l All boards must be in the normal state.
Networking
Figure 31-5 shows an example network for configuring the triple play service by means of single
PVC for multiple services.
Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking.
Internet, VoIP and IPTV service streams are borne on one PVC together. After different service
streams access to the MA5600T, the services are classified based on 802.1p, and the
MA5600T provides different QoS guarantee for service streams based on 802.1p. Internet
service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP addresses
in DHCP standard mode from the DHCP server.
Figure 31-5 Example network for configuring the triple play service - single PVC for multiple
services (based on 802.1p)
Muticast source
OSS & RADIUS Server/RADIUS Proxy
NMS
GW
IPTV DHCP Server
L L
F F
GE 0/9/0
SCU MA5600T
Home gateway 1 Home gateway 2
STB STB
Ephone PC TV Ephone PC TV
Data Plan
Table 31-4 provides the data plan for configuring the triple play service - single PVC for multiple
services (based on 802.1p).
Table 31-4 Data plan for configuring the triple play service - single PVC for multiple services
(based on 802.1p)
Item Data
ADLF Service ports 0/11/0 and 0/12/0 apply the default line profile.
VPI/VCI: 0/35
Item Data
Program library
Authority profile Sets profile 0 with the authority to watch program BTV-1.
IGMP user User 1 connected to port 0/11/0 can watch all programs.
Configuration Flowchart
Figure 31-6 shows the flowchart for configuring the triple play service - single PVC for multiple
services (based on 802.1p).
Figure 31-6 Flowchart for configuring the triple play service - single PVC for multiple services
(based on 802.1p)
Start
Internet IPTV
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and its upstream port.
huawei(config)#vlan 102 smart
huawei(config)#port vlan 102 0/9 0
In this example, set the traffic profile index as 8 and the priority of the VoIP service
as 6.
huawei(config)#traffic table ip index 8 cir 1024 priority 6 priority-
policy local-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 103 adsl 0/11/0 vpi 0 vci 35 multi-
service user-8021p 3 rx-cttr 8 tx-cttr 8
huawei(config)#service-port vlan 103 adsl 0/12/0 vpi 0 vci 35 multi-
service user-8021p 3 rx-cttr 8 tx-cttr 8
In this example, set the traffic profile index as 9 and the priority of the VoIP service
as 5.
huawei(config)#traffic table ip index 9 cir off priority 5 priority-policy
local-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
huawei(config)#service-port 100 vlan 104 adsl 0/11/0 vpi 0 vci 35 multi-
service user-8021p 4 rx-cttr 9 tx-cttr 9
huawei(config)#service-port 101 vlan 104 adsl 0/12/0 vpi 0 vci 35 multi-
service user-8021p 4 rx-cttr 9 tx-cttr 9
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
----End
Result
After the configuration, the triple play service (Internet, VoIP, and IPTV) is available.
l Internet users can access the Internet through PPPoE dial-up.
l VoIP users can set conversation to each other.
l IPTV users: The user connected on port 0/11/0 can watch all the programs, and the user
connected on port 0/12/0 can watch program BTV-1 only.
Prerequisite
l The network devices and lines must be in the normal state.
l All kinds of boards of the device run in the normal state.
Networking
Figure 31-7 shows an example network for configuring the triple play service - single PVC for
multiple services (based on service encapsulation type).
Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking.
Internet, VoIP and IPTV service streams are borne on one PVC together. After different service
streams access to the MA5600T, the services are classified based on service encapsulation type,
and the MA5600T provides different QoS guarantee for service streams based on the traffic
priority in the PVC. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP
mode and obtain IP addresses in DHCP option60 mode from the DHCP server.
Figure 31-7 Example network for configuring the triple play service - single PVC for multiple
services (based on service encapsulation type)
Muticast source
OSS & RADIUS Server/RADIUS Proxy
NMS
GW
IPTV DHCP Server
L L
F F
GE 0/9/0
SCU MA5600T
Home gateway 1 Home gateway 2
STB STB
Ephone PC TV Ephone PC TV
Data Plan
Table 31-5 shows a data plan for configuring the triple play service - single PVC for multiple
services (based on service encapsulation type).
Table 31-5 Data plan for configuring the triple play service - single PVC for multiple services
(based on service encapsulation type)
Item Data
ADLF Service ports 0/11/0 and 0/12/0 apply the default line profile.
VPI/VCI: 0/35
Upstream 0/9/0
port
Item Data
DHCP VoIP:
DHCP option60 domain: voice
Gateway: 10.1.1.1
IP address of DHCP server group 1: 20.1.1.2 and 20.1.1.3
IPTV:
DHCP option60 domain for STB: video
Gateway: 10.2.2.1
IP address of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program
library
IGMP user User 1 connected to port 0/11/0 can watch all programs.
User 2 connected to port 0/12/0 can watch program BTV-1 only.
Configuration Flowchart
Figure 31-8 shows a flowchart for configuring the triple play service - single PVC for multiple
services (based on service encapsulation type).
Figure 31-8 Flowchart for configuring the triple play service - single PVC for multiple services
(based on service encapsulation type)
Start
Internet IPTV
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and its upstream port.
huawei(config)#vlan 102 smart
huawei(config)#port vlan 102 0/9 0
In this example, set the traffic profile index as 8 and the priority of the VoIP service
as 6.
huawei(config)#traffic table ip index 8 cir 1024 priority 6 priority-
policy local-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 104 adsl 0/11/0 vpi 0 vci 35 multi-
service user-encp ipoe rx-cttr 8 tx-cttr 8
huawei(config)#service-port vlan 104 adsl 0/12/0 vpi 0 vci 35 multi-
service user-encp ipoe 3 rx-cttr 8 tx-cttr 8
The voice and the video services adopt DHCP access mode, and use the DHCP
option60 domain to classify different service types. In this example, set the DHCP
domain of the VoIP service as voice.
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3
huawei(config)#dhcp domain voice
huawei(config-dhcp-domain-voice)#dhcp-server 1
huawei(config-dhcp-domain-voice)#quit
huawei(config)#interface vlanif 104
huawei(config-if-vlanif104)#ip address 10.1.1.1 24
huawei(config-if-vlanif104)#dhcp domain voice gateway 10.1.1.1
huawei(config-if-vlanif104)#quit
In this example, set the traffic profile index as 9 and the priority of the VoIP service
as 5.
huawei(config)#traffic table ip index 9 cir off priority 5 priority-policy
local-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
huawei(config)#service-port 100 vlan 104 adsl 0/11/0 vpi 0 vci 35 multi-
service user-encp ipoe rx-cttr 9 tx-cttr 9
huawei(config)#service-port 101 vlan 104 adsl 0/12/0 vpi 0 vci 35 multi-
service user-encp ipoe rx-cttr 9 tx-cttr 9
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
Set the DHCP relay data of the video service and set the DHCP option60 domain as
video.
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3
huawei(config)#dhcp domain video
huawei(config-dhcp-domain-video)# dhcp-server 2
huawei(config)#interface vlanif 104
huawei(config-if-vlanif104)#ip address 10.2.2.1 24
huawei(config-if-vlanif104)#dhcp domain video gateway 10.2.2.1
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
Prerequisites
l The network devices and lines must be in the normal state.
l The service boards and the upstream board of the device are added correctly.
Networking
Figure 31-9 shows an example network for configuring the triple play service.
The ONT accesses the Internet, VoIP and IPTV services through the FE port. Traffic of different
services is transmitted to the MA5600T and then the MA5600T provides different QoS guarantee
to the traffic based on the service types. The priority of the VoIP service is the highest (with the
priority of 6), that of the IPTV service is the second highest (with the priority of 5), and that of
the Internet service is the lowest (with the priority of 0).
Figure 31-9 Example network for configuring the triple play service
NMS
SCU MA5600T
Optical splitter
ONT
Ephone PC TV
Data Plan
Table 31-6 provides the data plan for configuring the triple play service.
Table 31-6 Data plan for configuring the triple play service
Item Data
Item Data
VoIP:
Index: 0 (default profile)
CIR: 1 Mbit/s
Priority: 6
IPTV:
Downstream:
Index: 8
CIR: no restriction
Priority: 5
Upstream:
Index: 9
CIR: 2 Mbit/s
Priority: 5
DHCP VoIP:
DHCP option60 domain: voice
Gateway: 10.1.1.1
IP address of DHCP server group 1: 20.1.1.2 and 20.1.1.3
Item Data
IPTV:
DHCP option60 domain for STB: video
Gateway: 10.2.2.1
IP address of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program BTV-2:
Multicast address: 224.1.1.2
Program source IP address: 10.10.10.10
Authority profile Sets profile 0 with the authority to watch program 1 (224.1.1.1)
and program 2 (224.1.1.2).
Background Information
l DHCP option60 domain value of the Set Top Box (STB) and Ethernet Phone (Ephone)
varies with the terminals. In the actual application, refer to the user guides of the STB and
the Ephone.
l Run the dhcp domain command to set the DHCP domain name. The configured domain
name is a character string containing no space.
Configuration Flowchart
NOTE
The MA5600T supports the delivery of the OMCI configuration. The configuration and management
information on the MA5600T can be delivered to the ONT through OMCI. If the ONT does not support
OMCI function, you need to configure the ONT.
Figure 31-10 shows the flowchart for configuring the triple play service.
Start
Internet IPTV
VoIP
Configure traffic
Configure traffic profiles
Add an ONT
profiles
Bind the T-CONT
Bind the T-CONT Bind the T-CONT profile
profile profile
Specify VLANs for
Specify VLANs for ONT
Specify VLANs for
ONT ONT
Configure a GEM
port
Configure a GEM Configure a GEM
port port
Bind the GEM port
with ONT T-CONT
Bind the GEM port Bind the GEM port
with ONT T-CONT with ONT T-CONT
Map the GEM port to
Map the GEM port to the service stream
Map the GEM port to
the service stream
the service stream
Add the service port
Add the service port
Add the service port
Configure the DHCP
relay
Configure the DHCP
relay
Configure the IGMP
proxy
End
Procedure
Step 1 Configuring Internet service.
1. Create a VLAN.
huawei(config)#vlan 100 smart
3. Add an ONT.
huawei(config)#interface gpon 0/2
huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101010 password-auth huawei
profile-id 2
8. Map the GEM port to the service stream on the ONT port.
huawei(config-if-gpon-0/2)#ont gemport mapping 1 0 150 vlan 10
7. Map the GEM port to the service stream on the ONT port.
huawei(config-if-gpon-0/2)#ont gemport mapping 1 0 151 vlan 11
huawei(config-dhcp-domain-voice)#dhcp-server 1
huawei(config-dhcp-domain-voice)#quit
huawei(config)#interface vlanif 101
huawei(config-if-vlanif101)#ip address 10.1.1.1 24
huawei(config-if-vlanif101)#dhcp domain voice gateway 10.1.1.1
8. Map the GEM port to the service stream on the ONT port.
huawei(config-if-gpon-0/2)#ont gemport mapping 1 0 152 vlan 12
huawei(config-btv)#igmp user add port 0/2/0 gemport 152 user-vlan 10 auth max-
program 8
huawei(config-btv)#igmp user bind-profile port 0/2/0 gemport 152 profile-name
profile0
huawei(config-btv)#quit
huawei(config)#multicast-vlan 102
huawei(config-mvlan102)#igmp multicast-vlan member port 0/2/0 gemport 152
huawei(config-mvlan102)#quit
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can access Internet in PPPoE dial-up mode.
l The VoIP user can make and receive a phone call.
l The IPTV user can watch programs BTV-1 and BTV-2.
32 ONT Management
This topic describes how to configure and manage GPON ONTs through the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
32.1 Overview
This topic describes how to manage and configure an ONT on the MA5600T side.
32.2 Configuration Example of the GPON ONT
This topic provides an example for performing the basic configuration on the ONT on the
MA5600T side. The configuration information can be delivered to the ONT through OMCI.
32.3 Configuring an GPON ONT Capability Set Profile
This topic describes how to configure an ONT capability set profile to specify the capability of
the ONT.
32.4 Configuring the Attributes of a GPON ONT Port
This topic describes how to configure the attributes of an ONT port.
32.5 Binding an ONT T-CONT with GEM Ports
This topic describes how to bind an ONT T-CONT with GEM ports on the OLT side.
32.6 Configuring the Mapping Between ONT Services and GEM Ports
This topic describes how to map the ONT services to GEM ports, so that the ONT services is
borne on the specified GEM port and then goes upstream.
32.7 Configuring a VLAN for a GPON ONT Port
This topic describes how to configure the Ethernet port on the ONT, specify the port to the
specified VLAN and configure the native VLAN for the port.
32.8 Managing the IP Address of a GPON ONT
This topic describes how to configure the IP address of an ONT. The IP address of an ONT can
be a static one or you can configure the device to obtain the IP address dynamically through the
DHCP protocol.
32.1 Overview
This topic describes how to manage and configure an ONT on the MA5600T side.
Service Description
The MA5600T supports the ONT management to control the network and provision services.
The ONT Management and Control Interface (OMCI) protocol is applied to the OLT to support
the ONT management.
OMCI is a configuration and transmission channel that is defined in the GPON standard. It
establishes dedicated GEM ports between the OLT and ONTs to transmit the OMCI messages.
The OMCI channel is established after the ONT completes the process of registration. The OLT
controls the connected ONTs through the OMCI channel.
OMCI supports ONT configuration offline and the ONT configuration need not be saved in the
local server. Therefore, the service provisioning gets easier.
For details on the GPON terminal management, refer to "GPON Terminal Management" in
the MA5600T Feature Description.
Service Specification
Figure 32-1 shows the ONT management architecture of the MA5600T. The configuration
commands are delivered to CLI/NMS, the SCU ONT management module, the OMCI module
on the GPB board, the OMCI module on the ONT and finally to the ONT. In this way, the
configuration on the ONT is complete. The ONT status and alarm information is reported to the
MA5600T in the reverse direction.
OMCI
ONT
module
Prerequisites
l The network devices and the lines must be in the normal state.
l Boards of the MA5600T must have been added correctly.
Networking
Figure 32-2 shows an example network for configuring an ONT.
The GPON port (0/2/1) on the MA5600T is connected to 64 ONTs through a 2-level splitter.
On the MA5600T, you can configure ONTs at different locations in a centralized way. Here,
the basic configuration of one ONT (with ONT ID as 0) is taken as example.
Router
MA5600T SCU
G CON GE 0/19/0
ETH
P
ESC
B
C
Optical
splitter
Level-1 split ratio 1:2
ONT
Level-2 split ratio
1:32
PC
Data Plan
Table 32-1 provides the data plan for configuring an ONT.
Item Data
DBA Index: 12
Item Data
Configuration Flowchart
Figure 32-3 shows the flowchart for configuring an ONT.
Start
Add an ONT
Is there a right No
End
alarm profile?
Configure an alarm
Yes profile
Procedure
Step 1 Configure an ONT capability set profile.
The profile configuration must be compatible with the hardware capacity of the ONT that is to
be bound.
huawei(config)#ont-profile add gpon profile-id 20
{ <cr>|profile-name<K> }:
Command:
ont-profile add gpon profile-id 20
Press 'Q' or 'q' to quit input
> Number of uplink PON ports<1-2> [1]:
> IP config mode<0-Nonsupport, 1-Support, 2-DHCP only, 3-Static only> [1]:
> The type of MAC bridge<1-Single,2-Multi> [1]:
> Number of GEM ports<1-32> [32]:32
> Is UNI configuration concerned?<1-not concern, 2-concern> [2]:
> Number of POTS ports<0-16> [0]:1
> Number of FE ports<0-32> [0]:4
> Number of GE ports<0-8> [0]:1
> TDM port type<1-E1,2-T1> [1]:
> TDM service type<1-TDMoGEM> [1]:
> Number of TDM ports<0-8> [0]:
> Number of MOCA ports<0-8> [0]:
> Number of CATV ANI ports<0-2> [0]:
> Number of CATV UNI ports<0-16> [0]:
> Mapping mode<1-VLANID, 2-802_1pPRI, 3-VLANID_802_1pPRI> [1]:
> Number of T-CONTs<1-8> [1]:8
> The type of flow control<1-PQ,2-CAR> [1]:
> Number of PQs in T-CONT 0<1-8> [4]:
> Number of PQs in T-CONT 1<1-8> [4]:
> Number of PQs in T-CONT 2<1-8> [4]:
> Number of PQs in T-CONT 3<1-8> [4]:
> Number of PQs in T-CONT 4<1-8> [4]:
> Number of PQs in T-CONT 5<1-8> [4]:
> Number of PQs in T-CONT 6<1-8> [4]:
> Number of PQs in T-CONT 7<1-8> [4]:
Adding an ONT profile succeeded
Profile-ID : 20
Profile-Name : ont-profile_20
Command:
gpon alarm-profile add profile-id 30
> GEM port loss of packets threshold (0~100)[0]: 30
> GEM port misinserted packets threshold (0~100)[0]: 30
> GEM port impaired blocks threshold (0~100)0[0]: 30
> Ethernet FCS errors threshold (0~100)[0]: 30
> Ethernet excessive collision count threshold (0~100)[0]: 30
> Ethernet late collision count threshold (0~100)[0]: 30
> Too long Ethernet frames threshold (0~100)[0]: 30
> Ethernet buffer (Rx) overflows threshold (0~100)[0]: 30
> Ethernet buffer (Tx) overflows threshold (0~100)[0]: 30
> Ethernet single collision frame count threshold (0~100)[0]: 30
> Ethernet multiple collisions frame count threshold (0~100)[0]: 30
Step 4 Add an ONT and bind the ONT with capability set profile 20.
huawei(config)#interface gpon 0/2
huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101000 password-auth huawei profile-
id 20
----End
Background Information
l All ONTs must be bound with a capability set profile and the bound profile is specified in
the case of adding the ONT offline or confirming the auto discovery.
l By default, the system supports up to 16 capability set profiles. The profiles can be MDU
type, ONT type or others. The profile index ranges from 1 to 16.
l Currently, seven default ONT profiles are built and fixed in the system.
l The contents of the capability set profile restrict the port number that is referenced in
commands for GEM port mapping, T-CONT/PQ mapping and the ONT VLAN
management.
To add an ONT capability profile, you should configure the capability attributes of the ONT.
The attributes include:
l Number of uplink PON ports
l IP config mode
l The type of MAC bridge
l Number of GEM ports
l Is UNI configuration concerned?
l Number of POTS ports
l Number of FE ports
l Number of GE ports
l TDM port type
l TDM service type
l Number of TDM ports
l Number of MOCA ports
l Number of CATV ANI ports
l Number of CATV UNI ports
l Mapping mode
l Number of T-CONTs
l The type of flow control
l Number of PQs in T-CONT
For details, see Table 32-2.
The type of MAC bridge Options are: Single and Multi. By default, it is Single. The
mapping of service stream to GEM ports varies with the
bridge modes.
Attribute Description
Attribute Description
The type of flow control The type of the ONT flow control. Options are:
l PQ
l CAR
Number of PQs in T-CONT It indicates the number of priority queues (PQs) that are
supported by a T-CONT. It ranges from 1 to 8. By default,
it is 4. It is a hardware capacity. When multiple T-CONTs
exist, you can configure each T-CONT separately.
Procedure
Step 1 Run the ont-profile add command to configure an ONT capability set profile.
Step 2 Run the display ont-profile command to query the ONT capability set profile.
----End
Example
To configure a certain type of ONT capability set profile with the profile index as 20, do as
follows:
huawei(config)#ont-profile add profile-id 20
{ <cr>|profile-name<K> }:
Command:
ont-profile add profile-id 20
Press 'Q' or 'q' to quit input
> Number of uplink PON ports<1-2> [1]:
> IP config mode<0-Nonsupport, 1-Support, 2-DHCP only, 3-Static only> [1]:1
> The type of MAC bridge<1-Single,2-Multi> [1]:
> Number of GEM ports<1-32> [32]:
> Is UNI configuration concerned?<1-not concern, 2-concern> [2]:
> Number of POTS ports<0-16> [0]:2
> Number of FE ports<0-32> [0]:4
> Number of GE ports<0-8> [0]:1
> TDM port type<1-E1,2-T1> [1]:
> TDM service type<1-TDMoGEM> [1]:
> Number of TDM ports<0-8> [0]:
> Number of MOCA ports<0-8> [0]:1
> Number of CATV ANI ports<0-2> [0]:1
> Number of CATV UNI ports<0-16> [0]:1
> Mapping mode<1-VLANID, 2-802_1pPRI, 3-VLANID_802_1pPRI> [1]:3
> Number of T-CONTs<1-8> [1]:2
> The type of flow control<1-PQ,2-CAR> [1]:
> Number of PQs in T-CONT 0<1-8> [4]:3
> Number of PQs in T-CONT 1<1-8> [4]:3
Adding an ONT profile succeeded
Profile-ID : 20
Profile-Name : ont-profile_20
Related Operations
Table 32-3 lists the related operations for configuring an ONT capability set profile.
Table 32-3 Related operations for configuring an ONT capability set profile
Query the capability of an display ont capability You can query the ONT capability
ONT only when the ONT is online.
Modify an ONT capability ont-profile modify An ONT capability set profile that
set profile is bound with others cannot be
deleted.
Background Information
l By default, the coding mode of an E1 port is HDB3, and the status of a CATV port is on.
l The attributes of an ONT port can be configured only when the capability set profile bound
with the ONT has been configured with E1 or CATV ports.
Procedure
Step 1 Run the interface gpon command to enter GPON mode.
Step 2 Run the ont port attribute command to configure the attributes of the ONT port.
Step 3 Run the display ont port attribute command to query the attributes of the ONT port.
----End
Example
To configure the attributes of E1 port 0 on ONT 0 which is connected to GPON port0/2/0, do
as follows:
huawei(config)#interface gpon 0/2/0
huawei(config-if-gpon-0/2/0)#ont port attribute 0 0 e1 0 AMI
huawei(config-if-gpon-0/2/0)#
Setting E1 port attribute succeeded
huawei(config-if-gpon-0/2/0)#display ont port attribute 0 0 e1 0
------------------------------------------------------
ont-portid code
0 AMI
------------------------------------------------------
Background Information
l If the T-CONT is set to SP scheduling mode, the PQ serial number stands for the SP priority
in ascending order with 0 as the lowest priority.
l Before the configuration, the ONT must have been added and the T-CONT has been bound
with a capability set profile.
l The MA5600T supports the rate limitation of the GEM port on the ONT side, provided that
the ONT supports this function and the bound ONT capability set profile is configured.
Procedure
Step 1 Run the ont gemport bind command to bind the GEM port and the T-CONT.
Step 2 Run the display ont gemport command to query the binding of the ONT GEM port.
----End
Examples
To bind T-CONT 1 on ONT 0 of port 0/11/0 with GEM ports 151 and 152, and set the priority-
queue to 0, do as follows:
huawei(config-if-gpon-0/2)#ont gemport bind 0 0 151,152 1 priority-queue 0
huawei(config-if-gpon-0/2)#display ont gemport 0 ontid 0
{ <cr>|tcont-id<K> }:
Command:
display ont gemport 0 ontid 0
----------------------------------------------------------------------------
F/S/P GEM port ONT T-CONT Service Encrypt Prio Average Max band
ID ID ID type queue band(kpbs) (kpbs)
----------------------------------------------------------------------------
0/11/0 151 0 1 ETHERNET off 0 - -
0/11/0 152 0 1 ETHERNET off 0 - -
----------------------------------------------------------------------------
The number of GEM ports is: 2
To bind T-CONT 1 on ONT 1 of port 0/11/0 with GEM port 130, and set the average and the
maximum bandwidth to 1 Mbit/s and 2 Mbit/s respectively, do as follows:
huawei(config-if-gpon-0/2)#ont gemport bind 0 1 130 1 car 1024 2048
The GEM port(s) bind the T-CONT successfully
Command:
display ont gemport 0 ontid 1
----------------------------------------------------------------------------
F/S/P GEM port ONT T-CONT Service Encrypt Prio Average Max band
ID ID ID type queue band(kpbs) (kpbs)
----------------------------------------------------------------------------
0/11/0 130 1 1 ETHERNET off - 1024 2048
----------------------------------------------------------------------------
The number of GEM ports is: 1
Related Operations
Table 32-4 lists the related operations for binding an ONT T-CONT with GEM ports.
Table 32-4 Related operations for binding an ONT T-CONT with GEM ports
Cancel the binding between an ONT T-CONT undo ont gemport bind
and GEM ports
Background Information
l Before the configuration, the binding between the GEM ports and the ONT T-CONT must
have been established.
l To map the TDM E1 port to a specified GEM port, the GEM port attribute must be TDM.
The exact mapping rule is related to the hardware capacity of the ONT. The MA5600T supports
four types of mapping rules:
Procedure
Step 1 Run the ont gemport mapping command to configure the mapping between ONT services and
GEM ports.
Step 2 Run the display ont gemport mapping command to query the GEM port mapping of the ONT.
----End
Example
To map the service stream with VLAN ID 1 to GEM port 150 on ONT 0 that is connected to
port 0/11/0, do as follows:
huawei(config-if-gpon-0/2)#ont gemport mapping 0 0 150 vlan 1
huawei(config-if-gpon-0/2)#display ont gemport mapping 0 ontid 0
----------------------------------------------------------------------------
F/S/P GEM port-ID ONT-ID ONT port-type ONT Port-ID Vlan-ID Vlan-Priority
----------------------------------------------------------------------------
0/11/0 150 0 - - 1 -
----------------------------------------------------------------------------
The number of mappings: 1
Related Operations
Table 32-5 lists the related operations for configuring the mapping between ONT services and
GEM ports.
Table 32-5 Related operations for configuring the mapping between ONT services and GEM
ports
Background Information
l Currently, the MA5600T supports the configuration of VLANs on the FE, GE, MoCA and
VoIP ports.
l Before configuring the Native VLAN, the port must have been added to the VLAN.
l If you configure the Native VLAN repeatedly, the configuration of the last time takes effect.
l When the native VLAN of an ONT port is configured, if the ingress data packets do not
have the VLAN tag, the ONT adds the VLAN tag to the untag packets; if the egress data
packets have the native VLAN tag, the ONT extracts the VLAN tag from the packets.
l If a VLAN added with ports is configured as the Native VLAN, the VLAN cannot be
deleted.
Procedure
Step 1 Run the ont port vlan command to add a VLAN to an ONT port.
Step 2 Run the ont port native-vlan command to configure the Native VLAN for the ONT port.
Step 3 Run the display ont port vlan command to query the configuration information on the ONT
port.
----End
Example
To add VLAN 100 to FE ports 1 and 2 on ONT 0 that is connected to port 0/11/0, and specify
the Native VLAN 100 for port 1, do as follows:
huawei(config-if-gpon-0/2)#ont port vlan 0 0 fe 100 1,2
huawei(config-if-gpon-0/2)#ont port native-vlan 0 0 fe 1 vlan 100
huawei(config-if-gpon-0/2)#display ont port vlan 0 0 byport fe 1
------------------------------------------------------
port-type: FE
ont-portid: 1
vlan-list: 1,100
native-vlan: 100
priority: 0
------------------------------------------------------
Related Operation
Table 32-6 lists the related operation for configuring a VLAN on a GPON ONT port.
Table 32-6 Related operation for configuring a VLAN on a GPON ONT port
Background Information
l You can configure the static IP address, mask, gateway, and IP addresses of primary and
secondary DNS servers.
l It is recommended that you configure the device to obtain the IP address dynamically
through the DHCP protocol to save the IP address resource.
Procedure
Step 1 Run the ont ipconfig command to configure the IP address of an ONT.
Step 2 Run the display ont ipconfig command to query the IP address of the ONT.
----End
Example
To configure the ONT 0 that is connected to port 0/11/0 to obtain IP address dynamically through
the DHCP protocol, do as follows:
huawei(config-if-gpon-0/2)#ont ipconfig 0 0 dhcp
huawei(config-if-gpon-0/2)#display ont ipconfig 0 0
ONT 0 IP query result
ONT config type : DHCP
This topic describes the Ethernet OAM technology and the method of configuring the Ethernet
OAM feature on the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
33.1 Overview
This topic describes Ethernet Operation Administration & Maintenance (OAM) and its
application on the MA5600T.
33.2 Configuration Example of Ethernet OAM
This topic provides an example for configuring the Ethernet OAM on the MA5600T.
33.3 Creating an MD
This topic describes how to create an Maintenance Domain (MD).
33.4 Creating an MA
This topic describes how to create a Maintenance Association (MA).
33.5 Creating an MEP
This topic describes how to create an Maintenance association End Point (MEP).
33.6 Creating an RMEP
This topic describes how to create a Remote Maintenance association End Point (RMEP).
33.7 Enabling the CFM Globally
This topic describes how to enable the Connectivity Fault Management (CFM) globally.
33.8 Enabling the CFM Alarm Globally
This topic describes how to enable the CFM alarm globally.
33.1 Overview
This topic describes Ethernet Operation Administration & Maintenance (OAM) and its
application on the MA5600T.
Service Description
OAM is a significant method for reducing the cost of network maintenance. The Ethernet OAM
technology provides end-to-end methods for monitoring, diagnosing and locating the faults on
the Ethernet links. The OAM management packets are initiated or terminated on the upstream
port of the MA5600T. When any Ethernet link fault is detected, an alarm is generated. You can
locate the fault based on the alarm information. You can also perform OAM configuration
management through the NMS. The NMS maintains the network based on the reported
information on OAM status and alarms.
For details on the Ethernet OAM protocol, refer to "Ethernet OAM" in the MA5600T Feature
Description.
Service Specification
IEEE P802.1ag CFM provides an end-to-end fault detection method.
CFM defines the process for diagnosing a fault in an Ethernet domain. CFM is a multipoint-to-
multipoint application scenario and it provides end-to-end fault detection and diagnosis for the
entire Ethernet network.
The MA5600T supports the Ethernet OAM mechanism of CFM protocol, including fault
detection and diagnosis methods, including connectivity check, loop detection and link trace.
Networking
Figure 33-1 shows an example network for configuring Ethernet OAM.
In this example network, the Ethernet OAM mechanism is adopted for the link between
MA5600T_A and MA5600T_B for detecting link faults. The local MEP and remote MEP are
configured on both MA5600T_A and MA5600T_B. The ID of the local MEP on MA5600T_B
is the same as the ID of the remote MEP on MA5600T_A, and the ID of the remote MEP on
MA5600T_B is the same as the ID of the local MEP on MA5600T_A.
Router
0 / 19 / 0 0 / 19 / 1
MA5600T_A MA5600T_B
Data Plan
Table 33-1 provides the data plan for configuring Ethernet OAM.
Item Data
Background Information
Before configuring the Ethernet OAM, make sure that:
Configuration Flowchart
Figure 33-2 shows the flowchart for configuring Ethernet OAM.
Start
Configure an MD
Configure an MA
Configure an MEP
Configure an RMEP
End
Procedure
Step 1 Create and configure a VLAN.
huawei(config)#vlan 100 smart
huawei(config)#port vlan 100 0/9 0
NOTE
Configuration on MA5600T_B is the same as that on MA5600T_A and it is not repeated here.
----End
Result
After the configuration, run the display cfm statistics mep command on MA5600T_A or
MA5600T_B and you can find packet statistics. Of the statistics, neither "CCM Sent Pkt Num"
nor "CCM Received Pkt Num" values zero.
33.3 Creating an MD
This topic describes how to create an Maintenance Domain (MD).
Background Information
l Ethernet CFM provides a fault diagnosis process in an Ethernet domain. It divides the
network into up to eight levels. Multiple levels can exist on a bridge simultaneously to
manage different MDs.
l Up to three MDs can be created in the system.
l The administration domain of CFM comprises bridges while the maintenance domain is
combined by bridges and maintenance levels.
TIP
It is recommended to classify the administrator domain into three levels: customer domain (levels 7–5),
provider domain (levels 4–3), and operator domain (levels 2–0).
Procedure
Step 1 Run the cfm md command to create an MD.
Step 2 Run the display cfm md command to query the configuration state of the MD.
----End
Example
Assume the following:
l MD index: 2
l Name type: string
l Name: huawei
l Level: 3
To create the MD, do as follows:
huawei(config)#cfm md 2 name-format string huawei level 3
huawei(config)#display cfm md
{ <cr>|mdindex<U><0,2> }:
Command:
display cfm md
-----------------------------------------------------------------------
MD MD MD MD
Index NameType Name Level
-----------------------------------------------------------------------
0 dns 1 7
1 dns feifei 6
2 string huawei 3
-----------------------------------------------------------------------
Total: 3
Related Operation
Table 33-2 lists the related operation for creating an MD.
33.4 Creating an MA
This topic describes how to create a Maintenance Association (MA).
Background Information
l The created MA must belong to an existing MD and associate with an existing VLAN. The
VLAN must not associate with any other MA.
l By default, the interval for sending the Continuity Check (CC) protocol packets is one
minute.
l By default, the remote MEP detection of an MA is enabled, and the global remote MEP
detection is disabled.
l The MA5600T supports up to 48 MAs, and each MD can be configured with up to 48 MAs.
Procedure
Step 1 Run the cfm ma command to create an MA.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
Assume the following:
l MA index: 2/47
l MA name type: string
l MA name: huawei-ma-10
l MA VLAN ID: 20
To create the MA, do as follows:
huawei(config)#cfm ma 2/10 name-format string huawei-ma-10 vlan 20
huawei(config)#display cfm ma 2/10
MA Index : 2/10
MA NameType : string
MA Name : huawei-ma-10
MA VlanID : 20
MA CC Interval : 1m
MA Remote-mep-detect : enable
Related Operations
Table 33-3 lists the related operations for creating an MA.
Configure the interval cfm ma cc-interval You can configure only the
for an MA to send CCMs created MA.
Background Information
l MA consists of Maintenance Points (MPs) and MP is defined to be on bridge ports.
Therefore, MP is a combination of bridge port, VLAN and maintenance level.
l MP can be an MEP or an MIP. MEP initiates and responds to CFM messages while MIP
does not initiate CFM messages but transparently transmits or responds to CFM messages.
l Currently, ports on the MA5600T can function only as MEP.
l Only one MEP can be created within an MA. By default, the administrative state of MEP
is enabled, the priority of CFM message is 7 and the transmission of CCMs is enabled.
Procedure
Step 1 Run the cfm mep command to create an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
Assume the following:
l MEP index: 2/4/0
l MEP ID: 100
l MEP direction: outward
l MEP port: 0/15/0
l MEP priority: 5
To create the MEP, do as follows:
huawei(config)#cfm mep 2/4/0 mepid 100 direction outward port 0/9/0 priority 5
huawei(config)#display cfm mep 2/4/0
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/9/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 5
MEP Alarm Status : -
Related Operation
Table 33-4 lists the related operation for creating an MEP.
Background Information
l Unique MEP IDs must exist in an MA.
Procedure
Step 1 Run the cfm remote-mep command to create an RMEP.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
To create RMEP 2/4/5 with remote-mepid of 200 for local MEP 2/4/0, do as follows:
huawei(config)#cfm remote-mep 2/4/5 remote-mepid 200
huawei(config)#display cfm ma 2/4
MA Index : 2/4
MA NameType : string
MA Name : huawei-ma-4
MA VlanID : 50
MA CC Interval : 1m
MA Remote-mep-detect : enable
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/9/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-5 lists the related operation for creating an RMEP.
Background Information
l When the CFM is enabled, the CFM packets are to be captured and the functions of
Continuity Check, loop detection and link trace are enabled.
l When the CFM is disabled, the CFM packets should not be captured and the functions of
Continuity Check, loop detection and link trace are enabled.
l By default, the CFM is disabled.
Procedure
Step 1 Run the cfm enable command to enable the CFM globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End
Example
To enable the CFM globally, do as follows:
huawei(config)#cfm enable
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-6 lists the related operation for enabling the CFM globally.
Background Information
l When the CFM alarm is enabled, alarms detected by the CFM are reported.
l When the CFM is disabled, alarms detected by the CFM are not reported.
l By default, the CFM alarm is disabled globally.
Procedure
Step 1 Run the cfm alarm enable command to enable the CFM alarm globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End
Example
To enable the CFM alarm globally, do as follows:
huawei(config)#cfm alarm enable
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-7 lists the related operation for enabling CFM alarm globally
Background Information
l MEP administrative state identifies the availability of MEP function. When the
administrative function of an MEP is disabled, the MEP is unable to send and receive
CCMS. The loop detection and link trace functions are not permitted.
l By default, the administration function of an MEP is enabled.
Procedure
Step 1 Run the cfm mep enable command to enable the administration function of an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
To enable the administration function of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 enable
huawei(config)#display cfm mep 2/4/0
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/9/0
Related Operation
Table 33-8 lists the related operation for enabling the administration function of an MEP.
Table 33-8 Related operation for enabling the administration function of an MEP
Background Information
By default, the CC transmission of an MEP is enabled.
Procedure
Step 1 Run the cfm mep cc enable command to enable the CC transmission of an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
To enable the CC transmission of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 cc enable
huawei(config)#display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/9/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 5
MEP Alarm Status : -
Related Operation
Table 33-9 lists the related operation for enabling the CC transmission of an MEP.
Background Information
l The global detection function of an RMEP is used to prevent unnecessary alarm at the
period of network CFM configuration, due to that the CFM function is enabled on each
node at different times.
l By default, the global detection function of an RMEP is disabled.
l The system detects the RMEP configured in the MA of the MEP, and generates alarm on
the CC packet loss and RDI, when the following four conditions are met:
– CFM is enabled globally.
– The global detection function of the RMEP is enabled.
– MEP of each administrative state is enabled.
– The detection function of the remote MEP of the MA corresponding to each
administrative state is enabled.
Procedure
Step 1 Run the cfm remote-mep-detect enable command to enable the global detection function of
an RMEP.
Step 2 Run the display cfm command to query the configuration of the CFM.
----End
Example
To enable the global detection function of an RMEP, do as follows:
huawei(config)#cfm remote-mep-detect enable
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : disable
Remote-mep-detect Status : enable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-10 lists the related operation for enabling the global detection function of an RMEP.
Table 33-10 Related operation for enabling the global detection function of an RMEP
Background Information
l When the detection function of the RMEP is enabled, the RMEP configured in the MA is
detected. Alarms are generated when the CC loss or RDI error occurs.
l When the detection function of the RMEP is disabled, the RMEP configured in the MA is
not detected.
l By default, the detection function of the RMEP is enabled.
Procedure
Step 1 Run the cfm ma remote-mep-detect enable command to enable the detection function of the
RMEP.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
To enable the detection function of MA 2/4, do as follows:
huawei(config)#cfm ma 2/4 remote-mep-detect enable
huawei(config)#display cfm ma 2/4
MA Index : 2/4
MA NameType : string
MA Name : huawei-ma-4
MA VlanID : 50
MA CC Interval : 1m
MA Remote-mep-detect : enable
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/9/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-11 lists the related operation for enabling the detection function of the RMEP.
Table 33-11 Related operation for enabling the detection function of the RMEP
To... Run the Command...
Background Information
The priority for transmitting CCMs/LTMs of an MEP ranges 0-7. The smaller the priority value,
the higher priority. By default, the priority for transmitting CCMs/LTMs of an MEP is 7.
Procedure
Step 1 Run the cfm mep priority command to configure the priorities for transmitting CCMS/LTMs
of an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
To set the priorities for transmitting CCMs/LTMs of MEP 2/4/0 to 3, do as follows:
huawei(config)#cfm mep 2/4/0 priority 3
huawei(config)#display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/9/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 3
MEP Alarm Status : -
Related Operation
Table 33-12 lists the related operation for configuring the priorities for transmitting CCMs/
LTMs of an MEP.
Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of
an MEP
Prerequisite
Before you configure the interval, the CC transmission state of MEPs in the MA must be disabled.
Background Information
l By default, the interval for an MA management entity to transmit a CC is 1 minute.
l At present, the MA5600T supports intervals of 1 minute and 10 minutes.
Procedure
Step 1 Run the cfm ma cc-interval command to configure the interval for an MA to transmit a CC.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
To set the interval for an MA to send a CC to 10 minutes, do as follows:
huawei(config)#cfm ma 2/4 cc-interval 10m
huawei(config)#display cfm ma 2/4
MA Index : 2/4
MA NameType : string
MA Name : huawei-ma-4
MA VlanID : 50
MA CC Interval : 10m
MA Remote-mep-detect : enable
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/9/0 enable disable 3 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-13 lists the related operation for configuring the interval for an MA to transmit a CC.
Table 33-13 Related operation for configuring the interval for an MA to transmit a CC
To... Run the Command...
Background Information
l By default, the base multicast destination MAC address is 0180-C200-0000.
l Currently, the format of the base MAC address is 0180-C2XX-XXX0. The part of 0180-
C2 is specified in the protocol and the "X"s in the part of C2XX-XX cannot be all 0s.
NOTE
The base address of multicast destination MAC addresses refers to the addresses of MEPs in different MDs. The
multicast addresses used for sending the CCMs/LTMs are derived from the base multicast destination MAC
address by changing the last digit of it. The last digit of the multicast address used by MEP to send CCMs should
be consistent with the MD level (0–7)to which it belongs, while that used by the MEP to LTMS match the MD
level plus 8 (8–F).
Procedure
Step 1 Run the cfm base-mac-address command to configure the base multicast destination MAC
address.
Step 2 Run the display cfm command to query the configuration status of the CFM.
----End
Example
To configure the base multicast destination MAC address as 0180-C211-1110, do as follows:
huawei(config)#cfm base-mac-address 0180-C211-1110
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c211-1110
Prerequisite
Before enabling the MEP loop detection function, you must enable the CFM function globally
and enable the administrative state of the corresponding MEP.
Background Information
l LBM is a unicast message and the unicast MAC address is the address of MEP or MIP
discovered by CC or link trace (LT). The MEP at the source end generates an LBM and
the index of destination MEP is added into the LBM. By generating an LBM, the MEP
activates the timer to calculate the time. When the destination MEP receives the LBM, it
sends a Loopback Reply (LBR) to the source MEP. The loopback is successful.
l By default, the count of LBMs to be sent is 4; the interval for sending LBMs is 1 x 100 ms;
the priority of LBM is the same as that of CCM.
Procedure
Step 1 Run the cfm loopback command to configure the loop detection function.
Step 2 Run the display cfm statistics command to query the statistics of CFM.
----End
Example
Assume the following:
l Count of LBMs: 5
l Interval: 1000 ms
l Priority: 6
To configure that LBM from MEP 2/4/0 is sent to the equipment with the MAC address
0000-0000-0009, do as follows:
huawei(config)#cfm loopback mep 2/4/0 dst-mac-address 0000-0000-0009 count 5
interval 10 priority 6
LBR Lost : Sequence-Num = 1
LBR Lost : Sequence-Num = 2
LBR Lost : Sequence-Num = 3
LBR Lost : Sequence-Num = 4
LB Operation: LBM-Sent = 4 , LBR-Received = 0 , LBR-Lost = 4
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0
Related Operations
Table 33-14 lists the related operations for configuring the loop detection function.
Table 33-14 Related operations for configuring the loop detection function
To... Run the Command...
Prerequisite
Before enabling the loop detection of an MEP, you must enable the CFM function globally and
enable the administration of the corresponding MEP.
Background Information
l An LTM is the message with a known multicast address. But LTM is not multicasted and
additional information on the message indicates the destination MAC address of the MEP.
When the LTM is forwarded by MPs to the destination MEP in a unicast way, each MP
along the path responds an LTR to the source MEP. In this way, the source MEP obtains
the information on MPs along the transmission path and records the MAC addresses of
these MPs.
l By default, the priority of an LTM is the same as that of a CCM.
Procedure
Step 1 Run the cfm link-trace command to configure the Link trace function.
Step 2 Run the display cfm statistics command to query the statistics of CFM packets.
----End
Example
To set that LT packet from MEP 0/2/4 is sent to the equipment with MAC address
0000-0000-0001 and the priority is 6, do as follows:
huawei(config)#cfm link-trace mep 2/4/0 dst-mac-address 0000-0000-0001 priority
6
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0
LBM DstMac Mismatch Drop Num : 0
LBR Sent Pkt Num : 0
LBR Received Pkt Num : 0
LBR Out of Order Num : 0
LBR Wrong Pattern Drop Num : 0
LBR Not Work Drop Num : 0
LBR DstMAC Mismatch Drop Num : 0
LBR SrcMAC Mismatch Drop Num : 0
LBR Wrong TransID Drop Num : 0
LBR Level Mismatch Drop Num : 0
LTM Sent Pkt Num : 1
LTM Received Pkt Num : 0
---- More ( Press 'Q' to break ) ----
Related Operations
Table 33-15 lists the related operations for configuring the Link trace function.
Table 33-15 Related operations for configuring the Link trace function
To... Run the Command…
This topic describes how to configure the environment monitoring units (EMUs) supported by
the MA5600T.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
34.1 Overview
This topic describes environment monitoring application on the MA5600T.
34.2 Configuration Example of the H801ESC
The example shows how to configure the built-in analog parameters and digital parameters of
the H801ESC.
34.3 Configuration Example of FAN
The example shows how to configure a FAN.
34.4 Adding an EMU
This topic describes how to add an EMU.
34.5 Configuring a POWER4845 EMU
This topic describes how to configure the environment and the power environment parameters
of a POWER4845 EMU.
34.6 Configuring the H801ESC Analog Parameters
This topic describes how to configure the extended analog parameters or modify the default
analog parameters.
34.7 Configuring H801ESC Digital Parameters
This topic describes how to configure the extended digital parameters or modify the default
digital parameters.
34.1 Overview
This topic describes environment monitoring application on the MA5600T.
Service Description
The MA5600T provides an environment monitor serial port to connect the serial port on a
monitored device. By running master-slave node protocol or access network protocol between
the two serial ports, you can monitor the environment of the device from a remote end.
The environment parameters such as temperature, humidity, and power supply can be monitored
to guarantee that the MA5600T can work reliably in a suitable environment.
Service Specification
Monitoring the environment of a device involves two aspects:
l Environment parameters:
Environment parameters refer to factors that may cause failure or even damage to the
device. The parameters include: temperature, humidity, door-status switch, smoke, water,
MDF, and door status sensor.
l Power supply status:
Power supply status covers the status of the mains input, the DC distribution, the rectifier
module, and the battery.
The environment monitor module of the MA5600T comprises multiple EMUs, such as:
Before the delivery, the EMU has been connected to the shelf. Do not change the connection. To install
the EMU into other shelves or to connect EMU again, refer to the following description.
Figure 34-1 shows the connection between the H801ESC and the shelf.
The H801ESC connects to the environment monitoring serial port (ESC) on the board through
its COM2. The environmental information collected by the H801ESC is reported to the control
board through the CITA board.
COM1
COM2
CON
ETH
ESC
SCU MA5600T
CAUTION
The H801ESC and the MA5600T shelf communicate with each other in master/salve node mode.
The slave node setting must be the same as the DIP switch setting of the EMU. The slave node
is numbered 0–31 but cannot be 30. By default, the slave node is numbered 15.
Table 34-1 depicts the correspondence between the H801ESC DIP switch and the slave node
number. ON means 0 and OFF means 1.
Table 34-1 Correspondence between the H801ESC DIP switch and the slave node number
DIP Switch Setting Meaning
ON ON ON ON ON 0
ON ON ON ON OFF 1
ON ON ON OFF ON 2
…… …… …… …… …… ……
Before the delivery, the EMU has been connected to the shelf. Do not change the connection. To install
the EMU into other shelves or to connect EMU again, refer to the following description.
The FAN connects to the backplane through the RS-485 interface on the rear panel and
communicates with the control board through the backplane.
CAUTION
The FAN and the MA5600T shelf communicate with each other in master/salve node mode. The
slave node setting must be the same as the DIP switch setting of the EMU. The slave node is
numbered 0-7.
Table 34-2 depicts the correspondence between the FAN DIP switch and the slave node number.
On means 0 and OFF means 1.
Table 34-2 Correspondence between the FAN DIP switch and the slave node number
ON ON ON 0
ON ON OFF 1
ON OFF ON 2
ON OFF OFF 3
OFF ON ON 4
OFF ON OFF 5
OFF OFF ON 6
Before the delivery, the EMU has been connected to the shelf. Do not change the connection. To install
the EMU into other shelves or to connect EMU again, refer to the following description.
Figure 34-2 shows the connection between the POWER4845 and the shelf. The COM port of
the POWER4845 is connected to the ESC port of the board. The environmental information
collected by the POWER4845 is reported to the control board.
COM
POWER4845
CON
ETH
ESC
SCU MA5600T
CAUTION
The POWER4845 and the shelf communicate with each other in master/salve node mode. The
setting of the slave node must be the same as that of the DIP switch of the EMU. The slave node
ranges from 0 to 31. By default, the slave node is numbered 0.
Table 34-3 depicts the correspondence between the POWER4845 DIP switch and the slave node
number. On means 1 and OFF means 0.
Table 34-3 Correspondence between the POWER4845 and the slave node number
…… …… …… …… ……
ON ON ON ON 15
Prerequisites
l The ESC board communicates with the host through an RS485 serial port cable.
l The setting of the H801ESC DIP switch is consistent with that of the slave node of EMU.
The baud rate is set as 19200 bit/s.
Data Plan
Table 34-4 provides the data plan for configuring the H801ESC.
Serial number: 0 -
Configuration Flowchart
Figure 34-3 shows the flowchart for configuring the H801ESC.
Start
End
Procedure
Step 1 Add an EMU.
Add an EMU with the type of H801ESC.
huawei(config)#emu add 0 h801esc 0 15
----End
Result
After the configuration, the H801ESC works in the normal state.
Prerequisite
The DIP switch setting of FAN is consistent with that of the slave node of EMU. The baud rate
is set as 19200 bit/s.
Data Plan
Table 34-5 provides the data plan for configuring the FAN.
Serial number: 1 -
Name: test -
Configuration Flowchart
Figure 34-4 shows the flowchart for configuring the FAN.
Start
Automatic
Set the FAN speed
adjustment mode
Manual
Set the fan speed
End
Procedure
Step 1 Add a FAN EMU.
huawei(config)#emu add 1 fan 0 6 test
----End
Result
After the configuration, the Fan EMU can work in the normal state.
Background Information
There are several types of EMUs, such as H801ESC and FAN.
Procedure
Step 1 Run the emu add command to add an EMU.
Step 2 Run the display emu command to query the EMU state.
----End
Example
To add an H801ESC, do as follows:
huawei(config)#emu add 0 h801esc 0 15 test
huawei(config)#display emu 0
EMU ID: 0
--------------------------------------------------------
EMU name : test
EMU type : H801ESC
Used or not : Used
EMU state : Normal
Frame ID : 0
Subnode : 15
--------------------------------------------------------
NOTE
If the EMU state is fault, follow the steps to check the configuration:
l Make sure that the EMU is normal.
l Make sure that the physical connection is correct.
l Make sure that the EMU type, frame ID, slave node and the serial port are correct.
Related Operation
Table 34-6 lists the related operation for adding an EMU.
Background Information
Table 34-7 lists the commands for configuring a POWER4845 EMU.
Set the POWER4845 power battery parameter This command is used to set the
battery parameters battery charging current-limit
coefficient, equalized-charging
time, the number of the battery
group and the battery capacity.
Set the POWER4845 power environment This command is used to set the
environment parameters upper/lower alarm thresholds and
upper/lower test limits for the
environment humidity or
temperature, to ensure the power
to generate an alarm when it
works in an environment that
does not match the set conditions.
Set the POWER4845 power module-parameter This command is used to set the
module parameters switch-on and switch-off control
of the POWER4845 module. By
default, the power modules are
switched on, which means the
modules supply power for the
system.
Set the extended digital power outside-digital This command is used to set such
parameters of the extended digital parameters as
POWER4845 valid level, name to identify the
digit and self-defined alarm to
monitor the device digits timely.
Set the battery charging power charge This command is used to set the
parameters charging mode and charging
voltage for batteries connected to
POWER4845.
Set the POWER4845 power battery-test This command is used to set the
test parameters battery auto-test period
parameters and the discharging
end-voltage to implement the
battery auto-discharging test.
Set the high temperature power temperature-off This command is used to set the
power-off parameter load or battery high temperature
power-off parameters and then to
protect the load or battery.
l DC overvoltage > battery even charging voltage > battery float charging voltage > DC
undervoltage > loading power-off voltage > battery power-off voltage.
l DC overvoltage > (float charging voltage + 2 V).
l Float charging voltage > (DC undervoltage + 2 V).
NOTE
l Run the power temperature-off command to set the battery power-off voltage or the battery group
power-off voltage.
Procedure
Step 1 Run the interface emu command to enter POWER4845 mode.
Step 2 Run the commands listed in Table 34-7 to configure a POWER4845 EMU.
----End
Example
To run the power battery parameter command to set the battery charging current-limit
coefficient as 0.2, the equalized-charging time as 60d, the number of the battery group as 1, and
the battery capacity as 130 AH, do as follows:
huawei(config)#interface emu 3
huawei(config-if-power4845-3)#power battery parameter 0.2 60 1 130
Related Operations
Table 34-8 lists the related operations for configuring a POWER4845 EMU.
Background Information
The MA5600T is installed with the internal analog sensor to monitor the temperature and the
power. The analog parameters related to the internal analog sensor are the default configurations
in the system and they do not need to be configured. The analog parameters need modification
only when they do not meet the requirements.
The MA5600T provides the extended analog monitoring port for connecting the analog sensor
externally if users have special requirements for monitoring. The analog parameters related to
the external sensor must be configured by the user.
When you set the extended analog parameters, you must get the information about the hardware
relationship between the extended monitoring port and the sensor related to the analog
parameters. Because one extended analog parameter ID corresponds to one monitoring port that
the sensor is connected to.
Prerequisite
The H801ESC EMU is in the position and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter H801ESC mode.
Step 2 Run the esc analog command to configure the extended analog parameters of the H801ESC or
modify the default analog parameters of the H801ESC.
Step 3 Run the display esc system parameter command to query the ESC parameters settings.
----End
Examples
To set the temperature thresholds of the default analog parameter (with analog ID as 0) to
55℃ (upper limit) and 5℃ (lower limit), do as follows:
huawei(config)#interface emu 0
huawei(config-if-h801esc-0)#esc analog 0 alarm-upper-limit 55 alarm-lower-limit 5
huawei(config-if-h801esc-0)#display esc system parameter
Assume that the analog parameter name is Power, the upper limit threshold is 72 V, the lower
limit threshold is 38 V and the (voltage) alarm index is 3. To configure an extended analog
parameter (with the analog ID as 5) to monitor the power supply, do as follows:
huawei(config)#interface emu 0
huawei(config-if-h801esc-0)#esc analog 5 alarm-upper-limit 72 alarm-lower-limit 38
analog-alarm 3 name power
huawei(config-if-h801esc-0)#display esc system parameter
16 SW_B1 0 | 17 SW_B2 0
18 SW_C1 0 | 19 SW_C2 0
20 SW_D1 0 | 21 SW_D2 0
22 Outer Sensor Power 0
----------------------------------------------------------------------------
Related Operations
Table 34-9 shows the related operations for configuring H801ESC analog parameters.
Background Information
The MA5600T is installed with the internal digital sensor to monitor the door status sensor and
water penetration. The digital parameters related to the internal digital sensor are the default
configurations in the system and they do not need to configured. The digital parameters need
modification only when they do not meet the requirements.
The MA5600T provides the extended digital monitoring port to connect the external digital
sensor if users have special requirements for monitoring. The digital parameters related to the
external sensor must be configured by the user.
When you set the extended digital parameters, you must get the information about the hardware
relationship between the extended monitoring port and the sensor related to the digital
parameters. Because one extended digital parameter ID corresponds to one monitoring port that
the sensor is connected to.
Prerequisite
The H801ESC EMU is in the position and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter H801ESC mode.
Step 2 Run the esc digital command to configure the extended digital parameters or modify the default
digital parameters.
Step 3 Run the display esc system parameter command to query the ESC parameter settings.
----End
Example
Assume the following:
l Digital parameter ID: 2
l Digital parameter name: room_door
l Valid level: high level
l Alarm index: 9 (door status sensor in the equipment room)
To set such an extended digital parameter for monitoring the door status sensor, do as follows:
huawei(config)#interface emu 0
huawei(config-if-h801esc-0)#esc digital 2 available-level high-level digital-alarm
9 name room_door
huawei(config-if-h801esc-0)#display esc system parameter
EMU ID: 0 ESC system parameter
--------------------------------------------------------------------------------
AnalogID Name AlmUpper AlmLower TestUpper TestLower Unit Type
0 Temperature 35 5 127 -128 C Voltage
1 Input_-48V_0 57 38 127 -128 Volt Voltage
2 Input_-48V_1 57 38 127 -128 Volt Voltage
3 Input_-48V_1 57 38 127 -128 Volt Voltage
4 Input_-48V_2 57 38 127 -128 Volt Voltage
5 - 127 -128 127 -128 - Voltage
6 - 127 -128 127 -128 - Voltage
7 - 127 -128 127 -128 - Voltage
8 - 127 -128 127 -128 - Voltage
--------------------------------------------------------------------------------
DigitalID Name Level |DigitalID Name Level
0 Wiring 1 | 1 Door0 0
2 room_door 1 | 3 - 1
4 - 1 | 5 - 1
6 - 1 | 7 - 1
8 - 1 | 9 Water_Alarm 1
10 Arrester 0 0 | 11 Arrester 1 0
12 Arrester 2 0 | 13 Arrester 3 0
14 SW_A1 0 | 15 SW_A2 0
16 SW_B1 0 | 17 SW_B2 0
18 SW_C1 0 | 19 SW_C2 0
20 SW_D1 0 | 21 SW_D2 0
22 Outer Sensor Power 0
--------------------------------------------------------------------------------
Related Operations
Table 34-10 lists the related operations for configuring H801ESC digital parameters.
Prerequisite
The FAN EMU has existed and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan alarmset command to configure the FAN alarm report.
Step 3 Run the display fan system parameter command to query information about FAN alarm.
----End
Example
To disable the report of FAN block alarm, do as follows:
huawei(config)#interface emu 1
huawei(config-if-fan-1)#fan alarmset block forbid
huawei(config-if-fan-1)#display fan system parameter
EMU ID: 0
FAN configration parameter:
--------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 4
--------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Forbid
Temperature high Permit
Power fault Permit
--------------------------------------------------------
Related Operations
Table 34-11 lists the related operations for configuring the FAN alarm report.
Table 34-11 Related operations for configuring the FAN alarm report
To... Run the Command... Remarks
Query the running information display fan environment FAN environment monitor
about the fans info mode
Query the alarm information display fan alarm FAN environment monitor
about the fans mode
Prerequisite
The FAN EMU is in the position and works in the normal state.
Background Information
There are two fan speed adjustment modes:
l Automatic
l Manual
By default, the mode is manual with the fan speed level of 5. It is recommended that you change
the mode to automatic.
If the mode is not set to automatic, a large amount of redundant air is generated at low or normal
temperature.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan speed command to set the fan speed adjustment mode.
Step 3 Run the display fan system parameter command to query the parameter setting.
----End
Example
To set the fan speed adjustment mode as automatic, do as follows:
huawei(config)#interface emu 0
huawei(config-if-fan-0)#fan speed mode automatic
huawei(config-if-fan-0)#display fan system parameter
EMU ID: 0
FAN configration parameter:
----------------------------------------------------------------
FAN timing mode: Auto timing
----------------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Permit
Related Operations
Table 34-12 lists the related operations for setting the fan speed adjustment mode.
Table 34-12 Related operations for setting the fan speed adjustment mode
Set the fan speed fan speed adjust Set the fan speed in manual
mode, use this command.
Prerequisite
The FAN EMU has existed and works in the normal state.
Background Information
FAN speed level ranges from 0 to 5. Level 0 refers to the lowest and level 5 refers to the highest
fan speed level.
l The nominated fan speed is enough for heat dissipation when the system works in the
permitted highest temperature.
l Low-speed running of fans can prolong the lifetime of the fans.
l When abnormality occurs or one of the fans fails, other fans can run at high speed to
compensate the air flow.
l Low-speed running of fans can reduce dust concentration in the air filter.
l Set the fan speed in manual mode.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan speed command to configure the FAN speed level.
Step 3 Run the display fan system parameter command to query the setting of the FAN speed.
----End
Example
To set the FAN speed level as 3, do as follows:
huawei(config)#interface emu 0
huawei(config-if-fan-0)#fan speed adjust 3
huawei(config-if-fan-0)#display fan system parameter
EMU ID: 0
FAN configration parameter:
--------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 3
--------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Forbid
Temperature high Permit
Power fault Permit
-------------------------------------------------------
Related Operations
Table 34-13 lists the related operations for setting the FAN speed level.
Table 34-13 Related operations for setting the FAN speed level
To... Run the Command...
A
AAA Authentication, Authorization and Accounting
ABR Area Border Router
ACL Access Control List
ADSL Asymmetrical Digital Subscriber Line
AES Advanced Encryption Standard
AG Access Gateway
ARP Address Resolution Protocol
AS Autonomous System
ASBR Autonomous System Border Router
ATM Asynchronous Transfer Mode
B
BDR Backup Designated Router
BGP Border Gateway Protocol
BMS HUAWEI iManager N2000 broadband integrated
network management system
BPDU Bridge Protocol Data Unit
BRAS Broadband Remote Access Server
BTV Broadcast TV
C
CAR Committed Access Rate
CBS Committed Burst Size
CC Connection Confirm
CFM Connectivity Fault Management
CIDR Classless Inter-Domain Routing
CIR Committed Information Rate
CIST Common and Internal Spanning Tree
CLI Command Line Interface
CoS Class of Service
CPE Customer Premises Equipment
CRC Cyclic Redundancy Code
D
DES Data Encryption Standard
DHCP Dynamic Host Configuration Protocol
DHCP option82 DHCP relay agent option 82
DNS Domain Name Server
DoD Downstream on Demand
DoS Denial of Service
DR Designated Router
DSLAM Digital Subscriber Line Access Multiplexer
DSP Digital Signal Processor
DTMF Dual-Tone Multifrequency
DU Downstream Unsolicited
D-V Distance Vector Routing Algorithm
E
EMU Environment Monitoring Unit
ES End System
F
FE Fast Ethernet
FEC Forward Error Correction
FoIP Fax over IP
FSK Frequency Shift Keying
FTP File Transfer Protocol
G
GE Gigabit Ethernet
GEM GPON Encapsulation Method
GPON Gigabit-capable Passive Optical Networks
I
Internet Control Message Protocol Label
ICMP
Distribution Protocol
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPoA Internet Protocol Over ATM
IPoE IP over Ethernet
IS Intermediate System
IS-IS Intermediate System-to-Intermediate System
ISP Internet Service Provider
IST Internal Spanning Tree
L
LAN Local Area Network
LDP Label Distribution Protocol
LSA Link State Advertisement
LSDB Link State Database
LSP Label Switched Path
M
MA Maintenance Association
MAC Medium Access Control
MBS Maximum Burst Size
MD Maintenance Domain
MD5 Message-Digest Algorithm 5
MDU Multi-dwelling unit
MED Multi-Exit-Disc
N
NAS Network Access Server
NBMA Non Broadcast MultiAccess
NGN Next Generation Network
NHLFE Next Hop Label Forwarding Entry
NIC Network Information Center
NPDU Network Protocol Data Unit
NMS Network Management System
NSAP Network Service Access Point
O
OAM Operation And Maintenance
OLT Optical Line Terminal
ONT Optical Network Terminal
ONU Optical Network Unit
OMCI ONT Management and Control Interface
OSPF Open Shortest Path First
P
PBS Peek Burst Size
PIR Peek Information Rate
PITP Policy Information Transfer Protocol
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RARP Reverse Address Resolution Protocol
RD Routing Domain
RFC Remote Feature Control
RIP Routing Information Protocol
RMON Remote Network Monitoring
RSVP Resource Reservation Protocol
RTP Real Time Protocol
RTCP Real Time Control Protocol
S
SHDSL Single-pair High-speed Digital Subscriber Line
SNMP Simple Network Management Protocol
SSH Secure Shell
STB Set Top Box
STP Spanning Tree Protocol
T
T-CONT Transmission Container
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP Trivial File Transfer Protocol
TOS Type of Service
TTL Time To Live
U
UDP User Datagram Protocol
V
VAG Virtual Access Gateway
VDSL Very High Speed DSL
VLAN Virtual LAN
VOD Video On Demand
VoIP Voice over IP
VT Virtual Terminal
VTP VLAN Trunk Protocol
VTY Virtual Type Terminal
W
WRR Weighted Round Robin
X
xDSL x Digital Subscriber Line