MA5600T Configuration Guide V800R005C06 02

SmartAX MA5600T Multi-service Access Module
V800R005C06
Configuration Guide
Issue 02
Date 2008-04-25
Part Number 00367766
Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Copyright © Huawei Technologies Co., Ltd. 2008. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Proprietary and Confidential

SmartAX MA5600T Multi-service Access Module Contents
Contents
About This Document.....................................................................................................................1

1 Maintenance Terminal Configuration...................................................................................1-1
1.1 Overview.........................................................................................................................................................1-2
1.2 Configuring the Terminal Through the Local Serial Port...............................................................................1-3
1.3 Configuring the Terminal Through the Remote Serial Port............................................................................1-7
1.4 Configuring the Terminal Through the Outband Management Channel .....................................................1-12
1.5 Configuring the Terminal Through the Inband Management Channel.........................................................1-16
1.6 Configuring the Terminal Through SSH.......................................................................................................1-20
2 Getting Started With CLI..........................................................................................................2-1

2.1 Overview.........................................................................................................................................................2-2
2.2 CLI Characteristics..........................................................................................................................................2-2
2.2.1 Command Modes...................................................................................................................................2-3
2.2.2 Intelligent Matching...............................................................................................................................2-5
2.2.3 Edit Characteristics................................................................................................................................2-6
2.2.4 Interaction Function...............................................................................................................................2-7
2.2.5 Parameter Prompt...................................................................................................................................2-7
2.2.6 Display Characteristics...........................................................................................................................2-8
2.2.7 Saving and Querying History Commands..............................................................................................2-9
2.2.8 CLI Error Prompts................................................................................................................................2-10
2.3 Basic Operations Through CLI.....................................................................................................................2-10
2.3.1 Obtaining the Online Help Information...............................................................................................2-11
2.3.2 Enabling the Interactive Command Execution Mode..........................................................................2-13
2.3.3 Enabling the CLI Trap Reporting.........................................................................................................2-14
2.3.4 Searching for a Keyword......................................................................................................................2-15
2.3.5 Switching the Terminal Language.......................................................................................................2-15
2.3.6 Setting the System Time......................................................................................................................2-16
2.3.7 Setting the System Name.....................................................................................................................2-17
2.3.8 Setting the Terminal Type....................................................................................................................2-17
2.3.9 Setting the Timeout Exit Time.............................................................................................................2-18
2.3.10 Locking the Terminal.........................................................................................................................2-18
2.3.11 Clearing the Terminal Screen.............................................................................................................2-19
2.3.12 Querying the Version.........................................................................................................................2-19
Issue 02 (2008-04-25) Huawei Proprietary and Confidential i

Contents SmartAX MA5600T Multi-service Access Module
2.3.13 Querying the CPU Usage...................................................................................................................2-20

2.3.14 Querying the Memory Usage.............................................................................................................2-21
2.3.15 Testing the Network State..................................................................................................................2-21
3 Network Management Configuration....................................................................................3-1

3.1 Overview.........................................................................................................................................................3-3
3.2 Basic Concepts................................................................................................................................................3-3
3.3 Configuration Example of an Outband NMS..................................................................................................3-4
3.4 Configuration Example of an Inband NMS....................................................................................................3-7
3.5 SNMP Agent Configuration..........................................................................................................................3-10
3.5.1 Setting the SNMP Version...................................................................................................................3-11
3.5.2 Adding a Community Name and Setting Its Read/Write Authorities..................................................3-12
3.5.3 Enabling the Trap Sending...................................................................................................................3-13
3.5.4 Setting the IP address of a Destination Host for Receiving Traps.......................................................3-13
3.5.5 Setting the Source Interface for Sending Traps....................................................................................3-14
3.5.6 Setting the System Contact Information..............................................................................................3-15
3.5.7 Setting the System Location Information.............................................................................................3-16
3.5.8 Configuring an SNMP V3 User...........................................................................................................3-16
3.5.9 Configuring an SNMP V3 Group.........................................................................................................3-17
3.5.10 Configuring an SNMP MIB View.....................................................................................................3-18
3.5.11 Configuring the Local SNMP Engine ID...........................................................................................3-19
3.5.12 Enabling the Timely Handshake Function between the MA5600T and the N2000..........................3-20
3.5.13 Setting the Handshake Interval..........................................................................................................3-21
3.6 Configuring the IP Address of the Outband NMS Interface.........................................................................3-22
3.7 Configuring an NMS Route..........................................................................................................................3-23
3.8 Configuring the IP Address of the Inband NMS Interface............................................................................3-24
4 Log Host Configuration............................................................................................................4-1

4.1 Overview.........................................................................................................................................................4-2
4.2 Configuration Example of a Log Host............................................................................................................4-2
4.3 Configuring a Log Host...................................................................................................................................4-4
4.4 Deleting a Log Host........................................................................................................................................4-5
4.5 Deactivating a Log Host..................................................................................................................................4-6
4.6 Querying Logs.................................................................................................................................................4-7
5 User Management...................................................................................................................... 5-1

5.1 Overview.........................................................................................................................................................5-2
5.2 Adding a User Profile......................................................................................................................................5-2
5.3 Adding a User..................................................................................................................................................5-5
5.4 Modifying the User Attributes........................................................................................................................5-7
5.4.1 Modifying the Profile Bound with a User..............................................................................................5-7
5.4.2 Modifying the User Login Mode...........................................................................................................5-8
5.4.3 Modifying a User Level.......................................................................................................................5-10
5.4.4 Changing a User Password...................................................................................................................5-11
ii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

5.4.5 Modifying the Permitted Number of Reenters.....................................................................................5-12

5.4.6 Modifying the Appended Information.................................................................................................5-13
5.5 Disconnecting an Online User.......................................................................................................................5-14
5.6 Deleting a User..............................................................................................................................................5-14
6 Device Management..................................................................................................................6-1
6.1 Overview.........................................................................................................................................................6-2
6.2 Setting the Description of a Shelf...................................................................................................................6-3
6.3 Resetting the Control Boards..........................................................................................................................6-3
6.4 Adding a Service Board Offline......................................................................................................................6-5
6.5 Confirming a Service Board............................................................................................................................6-6
6.6 Deleting a Service Board.................................................................................................................................6-6
6.7 Resetting a Service Board...............................................................................................................................6-7
6.8 Prohibiting a Service Board............................................................................................................................6-8
7 Remote User Authentication Configuration.........................................................................7-1

7.1 Overview.........................................................................................................................................................7-3
7.2 Related Concepts.............................................................................................................................................7-3
7.2.1 Introduction to AAA..............................................................................................................................7-3
7.2.2 Introduction to RADIUS........................................................................................................................7-4
7.2.3 Introduction to SSH................................................................................................................................7-4
7.2.4 Introduction to 802.1x............................................................................................................................7-5
7.3 Configuration Example of Remote User Authentication................................................................................7-6
7.4 Configuring the RADIUS..............................................................................................................................7-10
7.4.1 Overview..............................................................................................................................................7-11
7.4.2 Creating a RADIUS Server Template..................................................................................................7-11
7.4.3 Setting the IP Address and Port Number of a RADIUS Server...........................................................7-12
7.4.4 Setting the Shared Key of the RADIUS Server...................................................................................7-14
7.4.5 Setting the Response Timeout Interval of a RADIUS Server..............................................................7-14
7.4.6 Setting the Maximum Number of Transmissions for the RADIUS Request Packets..........................7-16
7.4.7 Setting the Format of the User Name Sent to a RADIUS Server........................................................7-17
7.5 Configuring 802.1x.......................................................................................................................................7-18
7.5.1 Configuring an 802.1x Template.........................................................................................................7-19
7.5.2 Enabling the 802.1x Authentication on a Port.....................................................................................7-21
7.5.3 Configuring the Control Mode of a Port..............................................................................................7-22
7.5.4 Enabling the 802.1x Authentication Globally......................................................................................7-23
7.5.5 Enabling the DHCP-Triggered Authentication....................................................................................7-24
7.6 Configuring AAA..........................................................................................................................................7-25
7.6.1 Configuring an Authentication Scheme...............................................................................................7-26
7.6.2 Configuring an Accounting Scheme....................................................................................................7-27
7.6.3 Configure an Accounting Mode...........................................................................................................7-28
7.6.4 Configuring the Interval for the Real-time Accounting.......................................................................7-29
7.6.5 Creating a Domain...............................................................................................................................7-31
7.6.6 Binding a RADIUS Server Template...................................................................................................7-32
Issue 02 (2008-04-25) Huawei Proprietary and Confidential iii

7.6.7 Specifying an Authentication Scheme.................................................................................................7-33

7.6.8 Specifying an Accounting Scheme......................................................................................................7-34
7.6.9 Referencing an 802.1x Template..........................................................................................................7-35
7.7 Configuring SSH...........................................................................................................................................7-36
7.7.1 Creating the Local RSA Key Pair........................................................................................................7-36
7.7.2 Configuring the SSH User Public Key.................................................................................................7-37
7.7.3 Configuring an SSH User.....................................................................................................................7-39
8 VLAN Configuration.................................................................................................................8-1
8.1 Overview.........................................................................................................................................................8-3
8.2 Configuration Example of a VLAN................................................................................................................8-5
8.3 Configuration Example of a MUX VLAN......................................................................................................8-7
8.4 Creating a VLAN..........................................................................................................................................8-10
8.5 Configuring the VLAN Attribute..................................................................................................................8-12
8.6 Setting the Inner and Outer Ethernet Protocols Type of a VLAN Stacking.................................................8-13
8.7 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN..................................................8-14
8.8 Adding an Upstream Port to a VLAN...........................................................................................................8-14
8.9 Adding a Service Port to a VLANAdding Service Port(s) to a VLAN.........................................................8-15
8.10 Adding Service Ports in Batches.................................................................................................................8-17
8.11 Configuring the Description of a Service Port............................................................................................8-18
9 DHCP Relay Configuration.....................................................................................................9-1

9.1 Overview.........................................................................................................................................................9-4
9.2 Configuration Example of DHCP Standard Mode..........................................................................................9-5
9.3 Configuration Example of DHCP Option60 Mode.........................................................................................9-8
9.4 Configuration Example of DHCP MAC Address Segment Mode................................................................9-11
9.5 Enabling the DHCP Proxy Function.............................................................................................................9-14
9.6 Creating a DHCP Server Group....................................................................................................................9-15
9.7 Setting the Working Mode of a DHCP Server..............................................................................................9-16
9.8 Setting the DHCP Relay Mode.....................................................................................................................9-17
9.9 Binding a DHCP Server Group with a VLAN Interface...............................................................................9-18
9.10 Creating an Option60 Domain....................................................................................................................9-19
9.11 Binding a DHCP Server Group with a DHCP Option60 Domain..............................................................9-20
9.12 Configuring the Gateway of a DHCP Option60 Domain...........................................................................9-21
9.13 Creating a DHCP MAC Address Segment.................................................................................................9-22
9.14 Setting the Range of a DHCP MAC Address Segment..............................................................................9-23
9.15 Binding a DHCP Server Group with a DHCP MAC Address Segment.....................................................9-24
9.16 Configuring the Gateway of a DHCP MAC Address Segment..................................................................9-25
9.17 Setting the DHCP Proxy Lease-Time.........................................................................................................9-26
9.18 Kicking Off a DHCP User..........................................................................................................................9-27
10 ARP & ARP Proxy Configuration.......................................................................................10-1

10.1 Overview.....................................................................................................................................................10-2
10.2 ARP Proxy Configuration Example............................................................................................................10-2
iv Huawei Proprietary and Confidential Issue 02 (2008-04-25)

10.3 Adding a Static ARP Entry.........................................................................................................................10-5

10.4 Enabling the ARP Proxy.............................................................................................................................10-6
11 RIP Routing Protocol Configuration..................................................................................11-1

11.1 Overview.....................................................................................................................................................11-3
11.2 Configuration Example of the Static Route................................................................................................11-3
11.3 Configuration Example of RIP....................................................................................................................11-6
11.4 Configuration Example of a Routing Policy...............................................................................................11-9
11.5 Adding a Static Route...............................................................................................................................11-12
11.6 Configuring RIP........................................................................................................................................11-14
11.6.1 Enabling the RIP Process.................................................................................................................11-14
11.6.2 Setting the RIP Version....................................................................................................................11-15
11.6.3 Enabling an Interface to Receive/Transmit RIP Packets..................................................................11-16
11.7 Controlling the RIP Routing Information.................................................................................................11-17
11.7.1 Setting the Cost of the Default Route...............................................................................................11-18
11.7.2 Specifying the Default Routing Metric............................................................................................11-19
11.7.3 Setting the Additional Metric of a Route.........................................................................................11-20
11.7.4 Enabling the Route Summarization..................................................................................................11-20
11.7.5 Configuring a Summary Route IP Address......................................................................................11-21
11.7.6 Disabling Receiving Host Routes....................................................................................................11-22
11.7.7 Configuring the RIP Preference.......................................................................................................11-23
11.7.8 Importing the Routes of Other Protocols.........................................................................................11-24
11.7.9 Configuring the Route Filtering Policy............................................................................................11-25
11.7.10 Verifying the Source IP Address of a RIP Route Update..............................................................11-26
11.8 Adjusting and Optimizing RIP..................................................................................................................11-27
11.8.1 Configuring the RIP Timer..............................................................................................................11-27
11.8.2 Configuring the Zero Field Check for RIP-I Packets.......................................................................11-28
11.8.3 Configuring the RIP-2 Authentication Mode...................................................................................11-30
11.8.4 Enabling the Split Horizon Function................................................................................................11-30
11.8.5 Enabling the Poison Reverse Function.............................................................................................11-31
11.9 Configuring a Routing Policy...................................................................................................................11-32
11.9.1 Defining a Routing Policy................................................................................................................11-32
11.9.2 Defining the If-match Clause of a Route Policy..............................................................................11-34
11.9.3 Defining the Apply Clause of a Route Policy..................................................................................11-34
11.10 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN.....................11-36
12 OSPF Routing Protocol Configuration..............................................................................12-1

12.1 Overview.....................................................................................................................................................12-2
12.2 Configuration Example of OSPF................................................................................................................12-2
12.3 Configuring OSPF.......................................................................................................................................12-6
12.3.1 Enabling the OSPF Process................................................................................................................12-7
12.3.2 Configuring the DR Priority...............................................................................................................12-8
12.3.3 Setting an OSPF Router ID................................................................................................................12-8
12.3.4 Disabling the OSPF Packet Transmission on an Interface.................................................................12-9
Issue 02 (2008-04-25) Huawei Proprietary and Confidential v

12.3.5 Entering OSPF Area Config Mode..................................................................................................12-10

12.3.6 Configuring the Subnets for an Area................................................................................................12-11
12.3.7 Configuring the OSPF Stub Area.....................................................................................................12-11
12.3.8 Configuring an NBMA Adjacent Router.........................................................................................12-12
12.3.9 Enabling the OSPF Logging Function.............................................................................................12-13
12.3.10 Configuring the Network Type on an OSPF Interface...................................................................12-13
12.3.11 Configuring the MTU of the DD Packet........................................................................................12-15
12.4 Controlling the OSPF Routing Information..............................................................................................12-15
12.4.1 Setting the OSPF Preference............................................................................................................12-16
12.4.2 Configuring the Maximum OSPF Route Count...............................................................................12-17
12.4.3 Configuring the OSPF Packet Authentication.................................................................................12-18
12.4.4 Configuring the OSPF Cost..............................................................................................................12-18
12.4.5 Configuring the Route Summarization Between Areas...................................................................12-19
12.4.6 Configuring the Aggregation of Routes Imported by OSPF............................................................12-20
12.4.7 Importing Routes from Other Protocols into OSPF.........................................................................12-21
12.4.8 Setting the Default Parameters of OSPF Imported Routes..............................................................12-21
12.5 Adjusting and Optimizing OSPF...............................................................................................................12-22
12.5.1 Setting the Interval for Sending the Hello Packets..........................................................................12-23
12.5.2 Setting the Dead Time Between Adjacent Routers..........................................................................12-24
12.5.3 Setting the Hello Packet Poll Interval..............................................................................................12-24
12.5.4 Setting the LSA Transmit Delay......................................................................................................12-25
12.5.5 Setting the LSA Retransmit Interval between Adjacent Routers.....................................................12-26
12.5.6 Setting the SPF Calculation Interval for OSPF................................................................................12-27
13 IS-IS Routing Protocol Configuration...............................................................................13-1

13.1 Overview.....................................................................................................................................................13-2
13.2 Configuration Example of IS-IS.................................................................................................................13-3
13.3 Configuring IS-IS........................................................................................................................................13-6
13.3.1 Enabling the IS-IS Process.................................................................................................................13-6
13.3.2 Configuring the Network Entity Title................................................................................................13-7
13.3.3 Configuring the Router Level............................................................................................................13-9
13.3.4 Enabling the IS-IS Function on an Interface....................................................................................13-10
13.4 Controlling the IS-IS Routing Information...............................................................................................13-11
13.4.1 Configuring the IS-IS Priority..........................................................................................................13-12
13.4.2 Configuring the Cost of an IS-IS Interface......................................................................................13-13
13.4.3 Configuring IS-IS Route Aggregation.............................................................................................13-16
13.4.4 Generating IS-IS Default Routes......................................................................................................13-16
13.4.5 Configuring IS-IS to Filter the Received or Advertised Routing Information.................................13-17
13.4.6 Setting the State of IS-IS Interface to Suppressed...........................................................................13-18
13.4.7 Configuring IS-IS to Import External Routes..................................................................................13-19
13.4.8 Configuring the IS-IS Route Leaking..............................................................................................13-20
13.5 Adjusting and Optimizing IS-IS................................................................................................................13-21
13.5.1 Configuring Network Type of an IS-IS Interface............................................................................13-22
vi Huawei Proprietary and Confidential Issue 02 (2008-04-25)

13.5.2 Configuring the Level of an IS-IS Interface.....................................................................................13-22

13.5.3 Configuring DIS Priority of an IS-IS Interface................................................................................13-23
13.5.4 Configuring IS-IS for Not Checking IP Addresses of Received Hello Packets...............................13-24
13.5.5 Configuring the IS-IS Packet Timer.................................................................................................13-25
13.5.6 Configuring LSP Parameters............................................................................................................13-27
13.5.7 Enabling LSP Fast Flooding............................................................................................................13-30
13.5.8 Configuring SPF Parameters............................................................................................................13-30
13.5.9 Configuring IS-IS Host Name Mapping..........................................................................................13-31
13.5.10 Configuring IS-IS Authentication..................................................................................................13-33
13.5.11 Configuring LSDB Overload Flag Bit...........................................................................................13-35
13.5.12 Enabling Output of the Adjacency State........................................................................................13-35
14 BGP Routing Protocol Configuration................................................................................14-1

14.1 Overview ....................................................................................................................................................14-2
14.2 Configuration Example of BGP..................................................................................................................14-2
14.3 Configuring Basic BGP Functions..............................................................................................................14-6
14.3.1 Configuring BGP Basic Description..................................................................................................14-6
14.3.2 Configuring BGP to Advertise the Local Routes...............................................................................14-7
14.3.3 Configuring the Local Interface Used for a BGP Connection...........................................................14-8
14.3.4 Configuring the Maximum Number of Hops in an EBGP Connection...........................................14-10
14.4 Configuring BGP Route Attributes...........................................................................................................14-11
14.4.1 Configuring the BGP Route Preference...........................................................................................14-11
14.4.2 Configuring the Default Local_Pref Attribute.................................................................................14-12
14.4.3 Configuring the MED Attribute.......................................................................................................14-12
14.4.4 Configuring the Next_Hop Attribute...............................................................................................14-13
14.4.5 Configuring the AS-Path Attribute..................................................................................................14-14
14.5 Controlling the BGP Routing Information................................................................................................14-15
14.5.1 Configuring BGP to Import Routes.................................................................................................14-16
14.5.2 Filtering the Routes Imported by BGP.............................................................................................14-17
14.5.3 Configuring BGP Route Aggregation..............................................................................................14-17
14.5.4 Configuring a Router to Advertise the Default Route to Its Peer....................................................14-18
14.5.5 Configuring BGP Access List..........................................................................................................14-19
14.5.6 Configuring a BGP Routing Policy..................................................................................................14-20
14.5.7 Configuring the Policy for Advertising the BGP Routing Information...........................................14-22
14.5.8 Configuring the Policy for Receiving the BGP Routing Information..............................................14-24
14.6 Adjusting and Optimizing BGP................................................................................................................14-26
14.6.1 Configuring the BGP Timers...........................................................................................................14-27
14.6.2 Configuring the Interval for Sending the Update Messages............................................................14-28
14.6.3 Configuring BGP Soft Reset............................................................................................................14-29
14.6.4 Enabling Quick Reset of an EBGP Connection...............................................................................14-30
14.6.5 Configuring MD5 Authentication....................................................................................................14-31
14.6.6 Configuring the Maximum Number of Equal-Cost Routes.............................................................14-32
14.6.7 Configuring EBGP Neighbor Split Horizon....................................................................................14-33
Issue 02 (2008-04-25) Huawei Proprietary and Confidential vii

15 MSTP Configuration.............................................................................................................15-1
15.1 Overview.....................................................................................................................................................15-3
15.2 Enabling the MSTP Function......................................................................................................................15-3
15.3 Setting the Working Mode of MSTP..........................................................................................................15-5
15.4 Setting the MST Region Parameters...........................................................................................................15-6
15.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region............15-7
15.4.2 Configuring the MST Region Name..................................................................................................15-8
15.4.3 Mapping the Specified VLAN to the Specified MSTP Instance........................................................15-9
15.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic............................................15-10
15.4.5 Setting the MSTP Revision Level....................................................................................................15-12
15.4.6 Restoring the Default Settings for All Parameters of the MST Region...........................................15-13
15.5 Activating the Configuration of the MST Region.....................................................................................15-13
15.6 Specifying the Device as a Root Bridge or a Backup Root Bridge...........................................................15-14
15.7 Setting the Priority of the Device in the Specified Spanning Tree Instance.............................................15-16
15.8 Setting the Maximum Number of Hops of the MST Region....................................................................15-17
15.9 Setting the Diameter of the Switching Fabric...........................................................................................15-18
15.10 Setting the Calculation Standard for the Path Cost.................................................................................15-19
15.11 Setting the Time Parameters of the Specified Network Bridge..............................................................15-20
15.11.1 Setting the Forward Delay of the Specified Network Bridge........................................................15-21
15.11.2 Setting the Hello Time of the Specified Network Bridge..............................................................15-22
15.11.3 Setting the Max Age of the Specified Network Bridge..................................................................15-23
15.11.4 Setting the Timeout Time Factor of the Specified Network Bridge..............................................15-25
15.12 Setting the Parameters of the Specified Port...........................................................................................15-26
15.12.1 Setting the Maximum Transmission Rate of the Specified Port....................................................15-26
15.12.2 Setting the Specified Port as an Edge Port.....................................................................................15-28
15.12.3 Setting the Path Cost of a Specified Port.......................................................................................15-29
15.12.4 Setting the Priority of the Specified Port.......................................................................................15-30
15.12.5 Setting the Point-to-Point Link Connection of the Specified Port.................................................15-31
15.13 Setting the mCheck Variable...................................................................................................................15-32
15.14 Configuring the Device Protection Function..........................................................................................15-33
15.14.1 Enabling the BPDU Protection Function of the Device.................................................................15-33
15.14.2 Enabling the Loop Protection Function of the Device...................................................................15-34
15.14.3 Enabling the Root Protection Function of the Device....................................................................15-36
15.15 Clear the MSTP Protocol Statistics.........................................................................................................15-37
16 NTP Configuration................................................................................................................16-1
16.1 Overview.....................................................................................................................................................16-3
16.2 Configuration Example of NTP Broadcast Mode.......................................................................................16-3
16.3 Configuration Example of NTP Multicast Mode........................................................................................16-7
16.4 Configuration Example of NTP Server/Client Mode................................................................................16-10
16.5 Configuration Example of NTP Peer Mode..............................................................................................16-13
16.6 Configuring the NTP ID Authentication...................................................................................................16-17
16.7 Configuring the NTP Master Clock..........................................................................................................16-19
viii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

16.8 Configuring the NTP Broadcast Mode......................................................................................................16-20

16.8.1 Configuring the NTP Broadcast Server Mode.................................................................................16-20
16.8.2 Configuring the NTP Broadcast Client Mode..................................................................................16-21
16.9 Configuring the NTP Multicast Mode......................................................................................................16-22
16.10 Configuring the NTP Server/Client Mode..............................................................................................16-24
16.11 Configuring the NTP Peer Mode............................................................................................................16-25
16.12 Configuring the Authority of Access to an NTP Service of a Local Device..........................................16-26
16.13 Configuring an Interface for Transmitting/Receiving NTP Packets.......................................................16-27
17 System Clock Configuration................................................................................................17-1

17.1 Overview.....................................................................................................................................................17-2
17.2 Configuration Example of the System Clock..............................................................................................17-3
17.3 Configuring a Clock Source........................................................................................................................17-5
17.4 Setting the Priority of a Clock Source.........................................................................................................17-6
18 MAC Address Management.................................................................................................18-1

18.1 Overview.....................................................................................................................................................18-2
18.2 Adding a Static MAC Address....................................................................................................................18-2
18.3 Setting the Maximum MAC Address Number Learned by a Service Port.................................................18-3
18.4 Configuring the Aging Time of a Dynamic MAC Address........................................................................18-4
18.5 Binding the MAC Address..........................................................................................................................18-5
18.6 Configuring the MAC Address Filtering....................................................................................................18-6
18.7 Configuring the MAC Address Pool...........................................................................................................18-7
19 TCP/IP Connection Configuration......................................................................................19-1

19.1 Overview.....................................................................................................................................................19-2
19.2 Basic Concepts............................................................................................................................................19-2
19.3 Configuring the Synwait Timer...................................................................................................................19-2
19.4 Configuring the Finwait Timer...................................................................................................................19-3
19.5 Configuring the Socket Buffer....................................................................................................................19-4
19.6 Enabling the TCP Debugging.....................................................................................................................19-4
19.7 Enabling the IP Packets Debugging............................................................................................................19-5
20 ACL Configuration................................................................................................................20-1
20.1 Overview.....................................................................................................................................................20-3
20.2 Configuring the Basic ACL.........................................................................................................................20-5
20.3 Configuring the Advanced ACL.................................................................................................................20-7
20.4 Configuring the L2 ACL.............................................................................................................................20-8
20.5 Configuration Example of the User-Defined ACL...................................................................................20-11
20.6 Creating an ACL.......................................................................................................................................20-12
20.7 Configuring a Time Range........................................................................................................................20-14
20.8 Setting the Step..........................................................................................................................................20-15
20.9 Creating a Basic ACL Rule.......................................................................................................................20-15
20.10 Creating an Advanced ACL Rule............................................................................................................20-16
20.11 Creating an L2 ACL Rule.......................................................................................................................20-17
Issue 02 (2008-04-25) Huawei Proprietary and Confidential ix

20.12 Creating a Customized ACL Rule...........................................................................................................20-18

20.13 Activating an ACL..................................................................................................................................20-20
21 QoS Configuration.................................................................................................................21-1
21.1 Overview.....................................................................................................................................................21-3
21.2 Configuration Example of Queue Scheduling............................................................................................21-3
21.3 Configuration Example of Traffic Management Based on service streams................................................21-6
21.4 Configuration Example of Traffic Management Based on ACL rules.......................................................21-9
21.5 Configuring the Traffic Management Based on service streams..............................................................21-11
21.5.1 Configure the IP Traffic Profile.......................................................................................................21-12
21.5.2 Configure the ATM Traffic Profile..................................................................................................21-14
21.6 Configuring the Traffic Management Based on Port + CoS.....................................................................21-17
21.7 Configuring Queue Scheduling ................................................................................................................21-18
21.7.1 Configuring the Queue Scheduling Mode........................................................................................21-19
21.7.2 Mapping the 802.1p Priority to Queues...........................................................................................21-21
21.7.3 Configuring the Queue Buffer of a Service Board...........................................................................21-22
21.8 Configuring Traffic Management Based on ACL rules............................................................................21-24
21.8.1 Enabling Traffic Limit.....................................................................................................................21-24
21.8.2 Adding a Priority Tag to Packets.....................................................................................................21-25
21.8.3 Enabling the Traffic Statistics..........................................................................................................21-26
21.8.4 Enabling the Traffic Mirroring.........................................................................................................21-27
21.8.5 Enabling the Traffic Redirection......................................................................................................21-28
21.9 Enabling the Line Rate Limit on an Upstream Port..................................................................................21-29
22 User Security Configuration................................................................................................22-1

22.1 Overview.....................................................................................................................................................22-3
22.2 Enabling PITP.............................................................................................................................................22-3
22.3 Setting the RAIO Working Mode...............................................................................................................22-4
22.4 Setting the Ethernet Encapsulation Type....................................................................................................22-5
22.5 Enabling the DHCP Option82 Function......................................................................................................22-6
22.6 Setting the Maximum Length of DHCP Packets........................................................................................22-7
22.7 Binding the IP Address...............................................................................................................................22-8
22.8 Binding the MAC Address..........................................................................................................................22-9
22.9 Enabling the Anti MAC Spoofing.............................................................................................................22-10
22.10 Enabling the Anti IP Spoofing................................................................................................................22-11
23 System Security Configuration...........................................................................................23-1

23.1 Overview.....................................................................................................................................................23-3
23.2 Enabling the Anti DoS Attack.....................................................................................................................23-3
23.3 Enabling the Anti IP Attack........................................................................................................................23-4
23.4 Enabling Anti ICMP Attack........................................................................................................................23-5
23.5 Enabling the Source Route Filtering...........................................................................................................23-5
23.6 Configuring the MAC Address Filtering....................................................................................................23-6
23.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE Users..............................................23-7
x Huawei Proprietary and Confidential Issue 02 (2008-04-25)

23.8 Configuring the Black List..........................................................................................................................23-8

23.9 Configuring the Firewall Function..............................................................................................................23-9
23.10 Configuring an Accessible Address Segment.........................................................................................23-11
23.11 Configuring the Inaccessible Address Segment......................................................................................23-12
24 P2P Fiber Access Service Configuration............................................................................24-1

24.1 Overview.....................................................................................................................................................24-2
24.2 Configuration Example of Fiber Access Service-Single Port for Single Service.......................................24-2
24.3 Configuration Example of Fiber Access Service-Single Port for Multi-service.........................................24-4
24.4 Setting the Port Auto-negotiation Mode...................................................................................................24-10
24.5 Setting the Port Duplex Mode...................................................................................................................24-10
24.6 Setting the Port Rate..................................................................................................................................24-11
25 GPON Service Configuration..............................................................................................25-1

25.1 Overview.....................................................................................................................................................25-3
25.2 Configuration Example of the GPON Service............................................................................................25-3
25.3 Adding a DBA Profile.................................................................................................................................25-8
25.4 Binding a DBA Profile..............................................................................................................................25-10
25.5 Adding an Alarm Profile...........................................................................................................................25-11
25.6 Adding a GEM Port...................................................................................................................................25-13
25.7 Configuring a GPON Port.........................................................................................................................25-14
25.7.1 Enabling the FEC Function on a PON Port......................................................................................25-14
25.7.2 Disabling the Laser on a PON Port..................................................................................................25-15
25.8 Configuring a GPON ONT.......................................................................................................................25-16
25.8.1 Adding a GPON ONT......................................................................................................................25-16
25.8.2 Activating a GPON ONT.................................................................................................................25-17
25.8.3 Enabling the ONT Auto-find Function of a GPON Port..................................................................25-18
25.8.4 Setting the Aging Time of the ONT Auto-find Function.................................................................25-19
25.8.5 Confirming an Automatically Found ONT......................................................................................25-20
25.8.6 Setting the Minimum and Maximum Logical Reach.......................................................................25-22
26 Protection Configuration for Upstream Link...................................................................26-1

26.1 Overview.....................................................................................................................................................26-2
26.2 Configuration Example of the Upstream Link Protection...........................................................................26-2
26.3 Configuring a Protection Group..................................................................................................................26-5
27 Device Subtending Configuration......................................................................................27-1

27.1 Overview.....................................................................................................................................................27-3
27.2 Configuration Example of a Subtended Network Through the ETHA Board............................................27-4
27.3 Configuring the Physical Attributes of an Ethernet Port.............................................................................27-6
27.3.1 Setting the Auto-negotiation Mode of an Ethernet Port.....................................................................27-6
27.3.2 Setting the Duplex Mode of an Ethernet Port....................................................................................27-7
27.3.3 Setting the Rate of an Ethernet Port...................................................................................................27-8
27.3.4 Setting the Network Cable Type of an Ethernet Port.........................................................................27-8
27.4 Enabling the Flow Control on an Ethernet Port..........................................................................................27-9
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xi

27.5 Enabling the Traffic Suppression..............................................................................................................27-10

27.6 Enabling the Ethernet Port Aggregation...................................................................................................27-13
27.7 Mirroring an Ethernet Port........................................................................................................................27-14
27.8 Adding an Ethernet Port to a VLAN.........................................................................................................27-14
27.9 Setting the Native VLAN for an Ethernet Port.........................................................................................27-15
28 VLAN Stacking Wholesale Service Configuration......................................................... 28-1

28.1 Overview.....................................................................................................................................................28-2
28.2 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access ................................................28-2
29 QinQ VLAN Private Line Service Configuration............................................................29-1

29.1 Overview.....................................................................................................................................................29-2
29.2 Configuration Example of the QinQ VLAN...............................................................................................29-2
29.3 Configuration Example of the QinQ VLAN Private Line Service.............................................................29-5
29.4 Enabling the Transparent Transmission of BPDUs....................................................................................29-8
30 Multicast Service Configuration.........................................................................................30-1

30.1 Overview.....................................................................................................................................................30-3
30.2 Configuration Example of the IGMP Proxy Multicast Service..................................................................30-3
30.3 Configuration Example of the IGMP Snooping Multicast Service.............................................................30-8
30.4 Configuration Example of the IGMP Snooping Multicast Service ..........................................................30-11
30.5 Configuration Example of the Multicast Service in Subtending Mode....................................................30-16
30.6 Configuring the Multicast Service in MSTP Networking.........................................................................30-21
30.7 Configuration Example of the Multicast Service Through the PIM-SSM Protocol.................................30-28
30.8 Setting the IGMP Mode............................................................................................................................30-33
30.9 Configuring the IGMP Upstream Port......................................................................................................30-33
30.10 Setting the Multicast Mode of an Upstream Port....................................................................................30-35
30.11 Enabling the Multicast Routing Function...............................................................................................30-36
30.12 Specifying a Subtending Port..................................................................................................................30-36
30.13 Configuring a Program for a Static Subtending Port..............................................................................30-37
30.14 Configuring IGMP Global Parameters....................................................................................................30-38
30.14.1 Enabling the IGMP Proxy Authorization.......................................................................................30-39
30.14.2 Setting the Robustness Variable.....................................................................................................30-40
30.14.3 Setting the General Query Interval.................................................................................................30-41
30.14.4 Setting the Maximum Response Time to the General Query.........................................................30-42
30.14.5 Setting the Number of Specific Queries.........................................................................................30-44
30.14.6 Setting the Group-Specific Query Interval.....................................................................................30-45
30.14.7 Setting the Maximum Response Time to the Group-Specific Query.............................................30-46
30.14.8 Setting the TTL for a V2 Router....................................................................................................30-47
30.14.9 Setting the Preview Recognition Time...........................................................................................30-48
30.14.10 Enabling the User Action Report Function..................................................................................30-49
30.14.11 Set the Permitted Encapsulation Mode of IGMP Packets............................................................30-51
30.14.12 Enabling the IGMP Echo Function..............................................................................................30-51
30.15 Configuring the IGMP VLAN Parameters..............................................................................................30-52
xii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

30.15.1 Setting the IGMP Mode.................................................................................................................30-53

30.15.2 Configuring the IGMP Version......................................................................................................30-54
30.15.3 Configuring the Multicast Program................................................................................................30-55
30.15.4 Setting the Unsolicited Report Interval .........................................................................................30-58
30.15.5 Enabling the Proxy of the IGMP Leave Packet.............................................................................30-59
30.15.6 Enabling the Proxy of the IGMP Report Packet............................................................................30-60
30.15.7 Enabling the Function of Sending the Global-leave Packet...........................................................30-61
30.15.8 Setting the Priority of the IGMP Packet.........................................................................................30-62
30.15.9 Configuring the Multicast VLAN Member....................................................................................30-63
30.15.10 Enabling the Logging Function ...................................................................................................30-64
30.15.11 Setting the IP Address Range of the Multicast VLAN to Generate the Program Group Dynamically
.....................................................................................................................................................................30-65
30.15.12 Enabling the Program Matching Mode of the Multicast VLAN .................................................30-66
30.15.13 Configuring the Virtual Upstream Port........................................................................................30-67
30.16 Configuring the PIM-SSM Protocol Parameters.....................................................................................30-69
30.16.1 Enabling the PIM-SSM Function...................................................................................................30-69
30.16.2 Setting the DR Priority of a PIM Router........................................................................................30-70
30.16.3 Setting the Interval for a PIM Router to Send Hello Messages.....................................................30-73
30.16.4 Setting the Holdtime for Receiving the Hello Messages...............................................................30-75
30.16.5 Setting the Longest Delay for Triggering the Transmission of the Hello Message.......................30-77
30.16.6 Setting the Specifications of the Join/Prune Messages..................................................................30-79
30.16.7 Setting the Interval for Sending the Join/Prune Messages.............................................................30-80
30.16.8 Setting the Delay for a PIM Router to Perform Pruning................................................................30-82
30.16.9 Setting the Interval for a PIM Router to Override Pruning............................................................30-84
30.16.10 Setting the Holdtime for a PIM Router to Maintain the Join Status of a Downstream Interface
.....................................................................................................................................................................30-87
30.16.11 Setting the Range of the PIM-SSM Multicast Addresses............................................................30-89
30.17 Managing Multicast Bandwidth..............................................................................................................30-90
30.17.1 Enabling the Bandwidth Management Function............................................................................30-91
30.17.2 Setting the Program Bandwidth.....................................................................................................30-92
30.18 Configuring an Authority Profile............................................................................................................30-92
30.18.1 Modifying an Authority Profile......................................................................................................30-92
30.18.2 Renaming an Authority Profile......................................................................................................30-93
30.19 Configuring Multicast Users...................................................................................................................30-94
30.19.1 Adding a BTV User........................................................................................................................30-94
30.19.2 Modifying the Attributes of a User................................................................................................30-96
30.19.3 Blocking a BTV User.....................................................................................................................30-97
30.19.4 Binding a User with an Authority Profile......................................................................................30-98
30.19.5 Enabling the Switch of Monitoring the BTV User........................................................................30-99
30.20 Configuring the Preview Function........................................................................................................30-100
30.20.1 Configuring the Preview Profile .................................................................................................30-100
30.20.2 Enabling the Preview Function....................................................................................................30-101
30.20.3 Setting the Preview Auto Reset Time..........................................................................................30-102
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xiii

30.20.4 Clearing the Preview Records Manually......................................................................................30-103

30.21 Configuring the Logging Function........................................................................................................30-104
30.21.1 Enabling the Logging Function on the Multicast VLAN.............................................................30-105
30.21.2 Setting the Logging Interval.........................................................................................................30-106
30.21.3 Configuring the Log Reporting....................................................................................................30-107
30.21.4 Collecting the Log Statistics........................................................................................................30-108
30.22 Setting the Automatic CDR Reporting..................................................................................................30-108
31 Triple Play Service Configuration......................................................................................31-1

31.1 Overview.....................................................................................................................................................31-3
31.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services..........................................31-4
31.3 Configuration Example of Triple Play - .....................................................................................................31-9
31.4 Configuration Example of Triple Play - Based on 802.1p........................................................................31-14
31.5 Configuration Example of Triple Play - Based on the Service Encapsulation Type................................31-19
31.6 Configuration Example of Triple Play......................................................................................................31-24
32 ONT Management.................................................................................................................32-1
32.1 Overview.....................................................................................................................................................32-3
32.2 Configuration Example of the GPON ONT................................................................................................32-3
32.3 Configuring an GPON ONT Capability Set Profile....................................................................................32-7
32.4 Configuring the Attributes of a GPON ONT Port.....................................................................................32-11
32.5 Binding an ONT T-CONT with GEM Ports.............................................................................................32-12
32.6 Configuring the Mapping Between ONT Services and GEM Ports.........................................................32-13
32.7 Configuring a VLAN for a GPON ONT Port...........................................................................................32-14
32.8 Managing the IP Address of a GPON ONT..............................................................................................32-15
33 Ethernet OAM Configuration..............................................................................................33-1

33.1 Overview.....................................................................................................................................................33-3
33.2 Configuration Example of Ethernet OAM..................................................................................................33-3
33.3 Creating an MD...........................................................................................................................................33-6
33.4 Creating an MA...........................................................................................................................................33-7
33.5 Creating an MEP.........................................................................................................................................33-8
33.6 Creating an RMEP...................................................................................................................................... 33-9
33.7 Enabling the CFM Globally......................................................................................................................33-10
33.8 Enabling the CFM Alarm Globally...........................................................................................................33-11
33.9 Enabling the Administration Function of an MEP....................................................................................33-12
33.10 Enabling the CC Transmission of an MEP.............................................................................................33-13
33.11 Enabling the Global Detection Function of an RMEP............................................................................33-14
33.12 Enabling the RMEP Detection Function.................................................................................................33-15
33.13 Configuring Priorities for Transmitting CCMs/LTMs ...........................................................................33-16
33.14 Configuring the Interval for an MA to Transmit a CC...........................................................................33-17
33.15 Configuring the Base Address of Multicast Destination MAC Addresses of CCMs/LTMs..................33-18
33.16 Configuring the Loop Detection Function..............................................................................................33-19
33.17 Configuring the Link Trace Function......................................................................................................33-20
xiv Huawei Proprietary and Confidential Issue 02 (2008-04-25)

34 Environment Monitoring Configuration ..........................................................................34-1

34.1 Overview.....................................................................................................................................................34-3
34.2 Configuration Example of the H801ESC....................................................................................................34-6
34.3 Configuration Example of FAN..................................................................................................................34-9
34.4 Adding an EMU........................................................................................................................................34-11
34.5 Configuring a POWER4845 EMU............................................................................................................34-12
34.6 Configuring the H801ESC Analog Parameters.........................................................................................34-15
34.7 Configuring H801ESC Digital Parameters...............................................................................................34-17
34.8 Configuring the FAN Alarm Report ........................................................................................................34-19
34.9 Setting the FAN Speed Adjustment Mode................................................................................................34-20
34.10 Configuring the FAN Speed Level..........................................................................................................34-21
35 Acronyms and Abbreviations..............................................................................................35-1
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xv

SmartAX MA5600T Multi-service Access Module Figures
Figures
Figure 1-1 Example network for configuring the MA5600T through the local serial port..................................1-3
Figure 1-2 Flowchart for configuring the MA5600T through the local serial port..............................................1-4
Figure 1-3 Setting parameters of the terminal......................................................................................................1-5
Figure 1-4 Setting the terminal emulation type....................................................................................................1-6
Figure 1-5 Setting ASCII Code............................................................................................................................1-7
Figure 1-6 Example network for configuring the MA5600T through the remote serial port..............................1-8
Figure 1-7 Flowchart for configuring the MA5600T through the remote serial port..........................................1-9
Figure 1-8 Setting the parameters of the HyperTerminal...................................................................................1-11
Figure 1-9 Example network for configuring the outband management in a LAN by Telnet...........................1-13
Figure 1-10 Example network for configuring the outband management in a WAN by Telnet........................1-14
Figure 1-11 Flowchart for configuring the outband management in a WAN by Telnet....................................1-15
Figure 1-12 Running the telnet application........................................................................................................1-16
Figure 1-13 Example network for maintenance through the GE port in a LAN................................................1-17
Figure 1-14 Example network for maintenance through the GE port in a WAN...............................................1-17
Figure 1-15 Flowchart for configuring the MA5600T through the inband management channel.....................1-18
Figure 1-16 Running the telnet application........................................................................................................1-19
Figure 1-17 Setting up the SSH configuration environment in the LAN outband mode...................................1-20
Figure 1-18 Setting up the SSH configuration environment in the WAN outband mode..................................1-21
Figure 1-19 Setting up the SSH configuration environment in the LAN inband mode.....................................1-22
Figure 1-20 Setting up the SSH configuration environment in the WAN inband mode....................................1-23
Figure 1-21 Flowchart for configuring in the SSH mode..................................................................................1-24
Figure 1-22 Interface of the key generator.........................................................................................................1-26
Figure 1-23 Generating the client key................................................................................................................1-27
Figure 1-24 Interface of converting the client public key into the RSA public key..........................................1-28
Figure 1-25 Interface of the SSH client software...............................................................................................1-29
Figure 1-26 Interface for connecting to the system............................................................................................1-30
Figure 1-27 Interface for logging in to the SSH client.......................................................................................1-30
Figure 2-1 Switching between the command modes............................................................................................2-4
Figure 3-1 Example network for configuring the outband NMS.........................................................................3-5
Figure 3-2 Flowchart for configuring the outband NMS.....................................................................................3-6
Figure 3-3 Example network for configuring the inband NMS...........................................................................3-7
Figure 3-4 Flowchart for configuring the inband NMS.......................................................................................3-9
Figure 4-1 Example network for configuring a log host......................................................................................4-2
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xvii

Figures SmartAX MA5600T Multi-service Access Module
Figure 4-2 Flowchart for configuring a log host..................................................................................................4-3

Figure 7-1 Example network for configuring the remote user authentication ....................................................7-7
Figure 7-2 Flowchart for configuring the remote user authentication.................................................................7-9
Figure 7-3 Flowchart for configuring the SSH user public key.........................................................................7-38
Figure 8-1 Example network for configuring a MUX VLAN.............................................................................8-6
Figure 8-2 Flowchart for configuring a MUX VLAN.........................................................................................8-7
Figure 8-3 Example network for configuring a MUX VLAN.............................................................................8-8
Figure 8-4 Flowchart for configuring a MUX VLAN.........................................................................................8-9
Figure 9-1 MA5600T DHCP relay.......................................................................................................................9-4
Figure 9-2 Example network for configuring DHCP standard mode...................................................................9-5
Figure 9-3 Flowchart for configuring DHCP standard mode...............................................................................9-7
Figure 9-4 Example network for configuring DHCP option60 mode..................................................................9-8
Figure 9-5 Flowchart for configuring DHCP option60 mode............................................................................9-10
Figure 9-6 Example network for configuring MAC address segment mode.....................................................9-12
Figure 9-7 Flowchart for configuring MAC address segment mode.................................................................9-13
Figure 10-1 Example network for configuring the ARP proxy..........................................................................10-3
Figure 10-2 Flowchart for configuring the ARP proxy......................................................................................10-4
Figure 11-1 Example network for configuring the static route..........................................................................11-3
Figure 11-2 Flowchart for configuring the static route......................................................................................11-5
Figure 11-3 Example network for configuring RIP...........................................................................................11-6
Figure 11-4 Flowchart for configuring RIP.......................................................................................................11-8
Figure 11-5 Example network for configuring the routing policy...................................................................11-10
Figure 11-6 Flowchart for configuring the routing policy...............................................................................11-11
Figure 12-1 Example network for configuring OSPF........................................................................................12-2
Figure 12-2 Flowchart for configuring OSPF....................................................................................................12-4
Figure 13-1 IS-IS network topology..................................................................................................................13-2
Figure 13-2 Example network for configuring IS-IS.........................................................................................13-3
Figure 13-3 Flowchart for configuring IS-IS.....................................................................................................13-5
Figure 13-4 IS-IS network topology..................................................................................................................13-7
Figure 14-1 Example network for configuring the BGP....................................................................................14-2
Figure 14-2 Flowchart for configuring the BGP................................................................................................14-4
Figure 16-1 Example network for configuring the NTP broadcast mode..........................................................16-4
Figure 16-2 Flowchart for configuring the NTP broadcast mode......................................................................16-5
Figure 16-3 Example network for configuring the NTP multicast mode...........................................................16-7
Figure 16-4 Flowchart for configuring the NTP multicast mode.......................................................................16-8
Figure 16-5 Example network for configuring NTP server/client mode ........................................................16-10
Figure 16-6 Flowchart for configuring the NTP server/client mode................................................................16-11
Figure 16-7 Example network for configuring the NTP peer mode................................................................16-13
Figure 16-8 Flowchart for configuring the NTP peer mode.............................................................................16-15
Figure 16-9 Flowchart for configuring the NTP server/client mode with ID authentication...........................16-17
Figure 17-1 Example network for configuring the system clock.......................................................................17-3
Figure 17-2 Flowchart for configuring the system clock...................................................................................17-4
xviii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

SmartAX MA5600T Multi-service Access Module Figures
Figure 20-1 Flowchart for configuring a basic ACL..........................................................................................20-6

Figure 20-2 Flowchart for configuring an advanced ACL.................................................................................20-8
Figure 20-3 Flowchart for configuring an L2 ACL.........................................................................................20-10
Figure 20-4 Flowchart for configuring a user-defined ACL............................................................................20-12
Figure 20-5 First 64 bytes of an IP frame........................................................................................................20-19
Figure 21-1 Example network for configuring queue scheduling......................................................................21-4
Figure 21-2 Flowchart for configuring queue scheduling..................................................................................21-5
Figure 21-3 Example network for configuring the traffic management based on service streams....................21-7
Figure 21-4 Flowchart for configuring the traffic management based on service streams................................21-8
Figure 21-5 Example network for configuring the traffic management based on ACL rules..........................21-10
Figure 21-6 Flowchart for configuring the traffic management based on ACL rules......................................21-11
Figure 23-1 Flowchart for configuring the firewall function...........................................................................23-10
Figure 24-1 Example network for the fiber access service-single port for single service................................. 24-3
Figure 24-2 Flowchart for configuring the fiber access service-single port for single service..........................24-4
Figure 24-3 Example network for the fiber access service-single port for multi-service..................................24-5
Figure 24-4 Flowchart for configuring the fiber access service-single port for multi-service...........................24-7
Figure 25-1 Example network for configuring the GPON service.....................................................................25-5
Figure 25-2 Flowchart for configuring the GPON service.................................................................................25-6
Figure 26-1 Example network for configuring the upstream link protection.....................................................26-3
Figure 26-2 Flowchart for configuring the upstream link protection.................................................................26-4
Figure 27-1 Example network for configuring a subtended network through the ETH board.......................... 27-4
Figure 27-2 Flowchart for configuring a subtended network through the ETH board...................................... 27-5
Figure 28-1 Example network for configuring the VLAN stacking multi-ISP wholesale access......................28-3
Figure 28-2 Flowchart for configuring the VLAN stacking multi-ISP wholesale access..................................28-5
Figure 29-1 Example network for configuring the private line service............................................................. 29-3
Figure 29-2 Flowchart for configuring the private line service......................................................................... 29-4
Figure 29-3 Example network of the QinQ VLAN private line service............................................................ 29-6
Figure 29-4 Flowchart for configuring the private line service......................................................................... 29-7
Figure 30-1 Example network for configuring the IGMP proxy multicast service........................................... 30-4
Figure 30-2 Flowchart for configuring the IGMP proxy multicast service........................................................30-6
Figure 30-3 Example network for configuring the IGMP snooping multicast service......................................30-9
Figure 30-4 Flowchart for configuring the IGMP snooping multicast service................................................30-10
Figure 30-5 Example network for configuring the IGMP snooping multicast service....................................30-12
Figure 30-6 Flowchart for configuring the IGMP snooping multicast service................................................30-14
Figure 30-7 Example network for configuring the subtended multicast service..............................................30-17
Figure 30-8 Flowchart for configuring the multicast service in subtending mode (MA5600T_A).................30-19
Figure 30-9 Flowchart for configuring the multicast service in subtending mode (MA5600T_B).................30-19
Figure 30-10 Example network of the multicast service in MSTP networking...............................................30-22
Figure 30-11 Flowchart for configuring the multicast service in MSTP networking on MA5600T_A,
MA5600T_B and MA5600T_C........................................................................................................................30-24
Figure 30-12 Flowchart for configuring the multicast service in MSTP networking on MA5600T_D..........30-25
Figure 30-13 Example network for configuring the multicast service through the PIM-SSM protocol..........30-29
Figure 30-14 Flowchart for configuring the multicast service through the PIM-SSM protocol......................30-31
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xix

Figures SmartAX MA5600T Multi-service Access Module
Figure 31-1 Example network for configuring the triple play service - multiple PVCs for multiple services
.............................................................................................................................................................................31-5
Figure 31-2 Flowchart for configuring the triple play service-multiple PVCs for multiple services................31-7
Figure 31-3 Example network for configuring the triple play service - single PVC for multiple services (based on
the user-side VLAN).........................................................................................................................................31-10
Figure 31-4 Flowchart for configuring the triple play service - single PVC for multiple services (based on the user-
side VLAN).......................................................................................................................................................31-12
802.1p)...............................................................................................................................................................31-15
Figure 31-6 Flowchart for configuring the triple play service - single PVC for multiple services (based on 802.1p)
...........................................................................................................................................................................31-17
service encapsulation type) ..............................................................................................................................31-20
Figure 31-8 Flowchart for configuring the triple play service - single PVC for multiple services (based on service
encapsulation type) ...........................................................................................................................................31-22
Figure 31-9 Example network for configuring the triple play service.............................................................31-25
Figure 31-10 Flowchart for configuring the triple play service.......................................................................31-28
Figure 32-1 ONT management architecture.......................................................................................................32-3
Figure 32-2 Example network for configuring an ONT.....................................................................................32-4
Figure 32-3 Flowchart for configuring an ONT.................................................................................................32-5
Figure 33-1 Example network for configuring Ethernet OAM..........................................................................33-4
Figure 33-2 Flowchart for configuring Ethernet OAM......................................................................................33-5
Figure 34-1 Connection between the H801ESC and the shelf...........................................................................34-4
Figure 34-2 Connection between the POWER4845 and the shelf.....................................................................34-6
Figure 34-3 Flowchart for configuring the H801ESC........................................................................................34-8
Figure 34-4 Flowchart for configuring a FAN.................................................................................................34-10
xx Huawei Proprietary and Confidential Issue 02 (2008-04-25)

SmartAX MA5600T Multi-service Access Module Tables
Tables
Table 1-1 Features of the maintenance modes.....................................................................................................1-2

Table 1-2 Data plan for configuring the outband management in a LAN by Telnet..........................................1-13
Table 1-3 Data plan for configuring the outband management in a WAN by Telnet........................................1-14
Table 1-4 Data plan for the network...................................................................................................................1-17
Table 1-9 Data plan for the network ..................................................................................................................1-23
Table 2-1 Features of the interface config modes................................................................................................2-4
Table 2-2 Edit functions.......................................................................................................................................2-6
Table 2-3 Meaning of the CLI characters supported by the MA5600T...............................................................2-8
Table 2-4 Options for viewing the information displayed on multiple screens...................................................2-9
Table 2-5 Common CLI error prompts...............................................................................................................2-10
Table 2-6 Related operation for obtaining the online help information.............................................................2-13
Table 2-7 Related operation for enabling or disabling the interactive command execution mode....................2-14
Table 2-8 Related operation for enabling or disabling the CLI trap reporting...................................................2-15
Table 2-9 Related operation for switching the terminal language......................................................................2-16
Table 2-10 Related operation for setting the timeout exit time..........................................................................2-18
Table 2-11 Related operation for locking the terminal.......................................................................................2-19
Table 3-1 Data plan for configuring the outband NMS........................................................................................3-5
Table 3-2 Data plan for configuring the inband NMS..........................................................................................3-8
Table 3-3 Related operation for setting the SNMP version................................................................................3-12
Table 3-4 Related operation for adding a community and setting its read/write authorities..............................3-12
Table 3-5 Related operation for enabling the traps sending...............................................................................3-13
Table 3-6 Related operation for setting the IP address of a destination host for receiving traps.......................3-14
Table 3-7 Related operation for setting the source interface for sending traps..................................................3-15
Table 3-8 Related operation for setting the system contact information............................................................3-15
Table 3-9 Related operation for setting the system location information.......................................................... 3-16
Table 3-10 Related operation for configuring an SNMP V3 user......................................................................3-17
Table 3-11 Related operation for configuring an SNMP V3 group...................................................................3-18
Table 3-12 Related operation for configuring an SNMP MIB view..................................................................3-19
Table 3-13 Related operations for configuring the local SNMP engine ID.......................................................3-20
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xxi

Tables SmartAX MA5600T Multi-service Access Module
Table 3-14 Related operations for enabling the timely handshake function between the MA5600T and the N2000
.............................................................................................................................................................................3-21
Table 3-15 Related operation for setting the handshake interval.......................................................................3-22
Table 3-16 Related operation for configuring the IP address of the outband NMS interface............................3-23
Table 3-17 Related operation for configuring an NMS route.............................................................................3-24
Table 3-18 Related operation for configuring the IP address of the inband NMS interface..............................3-25
Table 4-1 Data plan for configuring a log host....................................................................................................4-3
Table 4-2 Related operations for configuring a log host......................................................................................4-5
Table 4-3 Related operations for deleting a log host............................................................................................4-6
Table 4-4 Related operations for deactivating a log host.....................................................................................4-6
Table 5-1 User authorities....................................................................................................................................5-2
Table 5-2 Parameters of a user profile..................................................................................................................5-3
Table 5-3 Related operations for adding a user profile........................................................................................5-5
Table 5-4 User attributes......................................................................................................................................5-5
Table 5-5 Related operations for adding a user....................................................................................................5-7
Table 5-6 Related operations for modifying the profile bound with a user..........................................................5-8
Table 5-7 Related operations for modifying the user login mode........................................................................5-9
Table 5-8 Related operations for modifying a user level...................................................................................5-10
Table 5-9 Related operations for changing a user password..............................................................................5-11
Table 5-10 Related operations for modifying the permitted number of reenters...............................................5-12
Table 5-11 Related operations for modifying the appended information...........................................................5-13
Table 5-12 Related operation for disconnection an online user.........................................................................5-14
Table 5-13 Related operations for deleting a user..............................................................................................5-15
Table 6-1 Service board status..............................................................................................................................6-2
Table 6-2 Related operation for setting the description of a shelf........................................................................6-3
Table 6-3 Related operations for resetting the control boards..............................................................................6-4
Table 6-4 Related operation for adding a service board offline...........................................................................6-6
Table 6-5 Related operation for confirming a service board................................................................................6-6
Table 6-6 Related operation for deleting a service board.....................................................................................6-7
Table 6-7 Related operation for prohibiting a service board................................................................................6-8
Table 7-1 Data plan for configuring the remote user authentication ...................................................................7-7
Table 7-2 Related operation for creating a RADIUS server template................................................................7-12
Table 7-3 Related operation for setting the IP address and port number of a RADIUS server..........................7-14
Table 7-4 Related operation for setting the response timeout interval of a RADIUS server.............................7-15
Table 7-5 Related operation for setting the maximum number of transmissions for the RADIUS request packets
.............................................................................................................................................................................7-17
Table 7-6 Related operations for configuring an 802.1x template ....................................................................7-20
Table 7-7 Related operations for enabling the 802.1x authentication on a port. ...............................................7-22
Table 7-8 Related operations for configuring the control mode of a port..........................................................7-23
Table 7-9 Related operations for enabling the 802.1x authentication globally .................................................7-24
Table 7-10 Related operations for enabling the DHCP-triggered 802.1x authentication...................................7-25
Table 7-11 Related operations for configuring an authentication scheme.........................................................7-27
Table 7-12 Related operations for configuring an accounting scheme..............................................................7-28
xxii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

Table 7-13 Related operations for configuring an accounting mode.................................................................7-29

Table 7-14 Related operations for configuring the interval for the real-time accounting. ................................7-30
Table 7-15 Related operations for creating a domain.........................................................................................7-31
Table 7-16 Related operation for binding the RADIUS server template...........................................................7-33
Table 7-17 Related operations for specifying the authentication scheme..........................................................7-34
Table 7-18 Related operations for specifying an accounting scheme................................................................7-35
Table 7-19 Related operation for referencing an 802.1x template.....................................................................7-36
Table 7-20 Related operation for creating a local RSA key pair........................................................................7-37
Table 7-21 Related operations for configuring an SSH user..............................................................................7-40
Table 8-1 VLAN types and applications..............................................................................................................8-3
Table 8-2 VLAN attributes...................................................................................................................................8-5
Table 8-3 Data plan for configuring a MUX VLAN............................................................................................8-6
Table 8-4 Data plan for configuring a MUX VLAN............................................................................................8-8
Table 8-5 Related operations for creating a VLAN............................................................................................8-12
Table 8-6 Related operation for configuring the VLAN attribute......................................................................8-13
Table 8-7 Related operation for adding an upstream port to a VLAN...............................................................8-15
Table 8-8 Related operations for adding a service port to a VLAN...................................................................8-17
Table 8-9 Related operations for adding service ports in batches......................................................................8-18
Table 8-10 Related operation for configuring the description of a service port.................................................8-19
Table 9-1 Data plan for configuring DHCP standard mode.................................................................................9-5
Table 9-2 Data plan for configuring DHCP option60 mode................................................................................9-9
Table 9-3 Data plan for configuring MAC address segment mode....................................................................9-12
Table 9-4 Related operation for enabling the DHCP proxy function.................................................................9-15
Table 9-5 Related operation for creating a DHCP server group........................................................................9-16
Table 9-6 Related operations for setting the working mode of a DHCP server.................................................9-17
Table 9-7 Related operations for binding a DHCP server group with a VLAN interface..................................9-19
Table 9-8 Related operation for creating a DHCP option60 domain.................................................................9-20
Table 9-9 Related operations for binding a DHCP server group with a DHCP option60 domain.....................9-21
Table 9-10 Related operation for configuring the gateway of a DHCP option60 domain.................................9-22
Table 9-11 Related operation for creating a DHCP MAC address segment......................................................9-23
Table 9-12 Related operation for setting the range of a DHCP MAC address segment....................................9-24
Table 9-13 Related operation for binding a DHCP server group with a DHCP MAC address segment...........9-25
Table 9-14 Related operations for configuring the gateway of a DHCP MAC address segment......................9-26
Table 9-15 Related operation for setting the DHCP proxy lease-time...............................................................9-27
Table 10-1 Data plan for configuring the ARP proxy........................................................................................10-3
Table 10-2 Related operations for adding a static ARP entry............................................................................10-6
Table 10-3 Data plan of the ARP proxy.............................................................................................................10-7
Table 10-4 Related operation for enabling the ARP proxy................................................................................10-8
Table 11-1 Data plan for configuring the static route on the user side...............................................................11-4
Table 11-2 Data plan for configuring RIP..........................................................................................................11-7
Table 11-3 Data plan for configuring the routing policy..................................................................................11-10
Table 11-4 Related operation for adding a static route.....................................................................................11-13
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xxiii

Table 11-5 Related operation for enabling the RIP process.............................................................................11-15

Table 11-6 Related operation for setting the RIP version................................................................................11-16
Table 11-7 Related operations for enabling an interface to receive and transmit RIP packets........................11-17
Table 11-8 Related operation for setting the cost of the default route............................................................. 11-18
Table 11-9 Related operation for specifying the default routing metric.......................................................... 11-19
Table 11-10 Related operations for setting the additional metric of a route....................................................11-20
Table 11-11 Related operation for enabling the route summarization.............................................................11-21
Table 11-12 Related operation for configuring a summary route IP address...................................................11-22
Table 11-13 Related operation for disabling receiving host routes..................................................................11-23
Table 11-14 Related operation for configuring the RIP preference.................................................................11-24
Table 11-15 Related operation for importing the routes of other protocols.....................................................11-25
Table 11-16 Related operation for configuring the route filtering policy........................................................11-26
Table 11-17 Related operation for verifying the source IP address of a RIP route update..............................11-27
Table 11-18 Related operation for configuring the RIP timer..........................................................................11-28
Table 11-19 Related operation for configuring the zero field check for RIP-1 packets...................................11-29
Table 11-20 Related operation for configuring the RIP-2 authentication mode..............................................11-30
Table 11-21 Related operation for enabling the split horizon function............................................................11-31
Table 11-22 Related operation for enabling the poison reverse function.........................................................11-32
Table 11-23 Parameters for defining a routing policy......................................................................................11-33
Table 11-24 Related operation for configuring a routing policy......................................................................11-33
Table 11-25 Related operation for defining the route policy matching rule.................................................... 11-34
Table 11-26 Related operation for modifying the attributes of the filtered route............................................ 11-35
Table 12-1 Data plan for configuring OSPF......................................................................................................12-3
Table 12-2 Related operation for enabling the OSPF process............................................................................12-7
Table 12-3 Related operation for setting an OSPF router ID.............................................................................12-9
Table 12-4 Related operation for prohibiting an interface from transmitting OSPF packets...........................12-10
Table 12-5 Related operation for entering OSPF area config mode................................................................ 12-11
Table 12-6 Related operation for configuring the subnets for an area.............................................................12-11
Table 12-7 Related operations for configuring a Stub area..............................................................................12-12
Table 12-8 Related operation for configuring an NBMA adjacent router........................................................12-13
Table 12-9 Related operation for enabling the OSPF logging function...........................................................12-13
Table 12-10 Description of the network types................................................................................................. 12-14
Table 12-11 Related operation for configuring the network type on an OSPF interface.................................12-14
Table 12-12 Related operation for configuring the MTU of the DD packet....................................................12-15
Table 12-13 Related operation for setting the OSPF preference......................................................................12-17
Table 12-14 Related operation for configuring the maximum OSPF route count........................................... 12-17
Table 12-15 Related operation for configuring the OSPF packet authentication.............................................12-18
Table 12-16 Related operation for configuring the OSPF cost........................................................................12-19
Table 12-17 Related operation for configuring the route summarization between areas.................................12-20
Table 12-18 Related operation for configuring the aggregation of routes imported by OSPF........................ 12-20
Table 12-19 Related operation for importing routes from other protocols into OSPF.....................................12-21
Table 12-20 Related operations for setting parameters for OSPF to import external routes........................... 12-22
xxiv Huawei Proprietary and Confidential Issue 02 (2008-04-25)

Table 12-21 Related operation for setting the interval for sending Hello packets...........................................12-24
Table 12-22 Related operation for setting the dead time between adjacent routers.........................................12-24
Table 12-23 Related operation for setting the Hello packet poll interval.........................................................12-25
Table 12-24 Related operation for setting the LSA transmit delay..................................................................12-26
Table 12-25 Related operation for setting LSA retransmit interval between adjacent routers........................12-27
Table 12-26 Related operation for setting the SPF calculation interval for OSPF...........................................12-27
Table 13-1 Data plan for configuring IS-IS........................................................................................................13-3
Table 13-2 Related operation for enabling the IS-IS process.............................................................................13-7
Table 13-3 Related operation for configuring an NET.......................................................................................13-9
Table 13-4 Related operation for configuring the router level.........................................................................13-10
Table 13-5 Related operations for enabling the IS-IS function on an interface...............................................13-11
Table 13-6 Related operations for configuring the IS-IS priority....................................................................13-13
Table 13-7 Relationship between the interface cost and the bandwidth..........................................................13-14
Table 13-8 Related operations for configuring the IS-IS interface cost...........................................................13-15
Table 13-9 Related operations for configuring the IS-IS route aggregation....................................................13-16
Table 13-10 Related operations for configuring the IS-IS to generate default routes......................................13-17
Table 13-11 Related operations for filtering the received or advertised routing information..........................13-18
Table 13-12 Related operations for configuring the suppression function.......................................................13-19
Table 13-13 Related operations for configuring the IS-IS to import external routes.......................................13-20
Table 13-14 Related operations for configuring the IS-IS route leaking.........................................................13-21
Table 13-15 Related operation for configuring the network type of an IS-IS interface...................................13-22
Table 13-16 Related operations for configuring the IS-IS interface level........................................................13-23
Table 13-17 Related operations for configuring the DIS priority of an IS-IS interface...................................13-24
Table 13-18 Related operations for configuring the IS-IS for not checking the IP addresses of the received Hello
packets...............................................................................................................................................................13-25
Table 13-19 Related operations for configuring the IS-IS packet timer..........................................................13-27
Table 13-20 Related operations for configuring the LSP parameters..............................................................13-29
Table 13-21 Related operation for configuring the LSP fast flooding.............................................................13-30
Table 13-22 Related operations for configuring the SPF parameters...............................................................13-31
Table 13-23 Related operations for configuring host name mapping..............................................................13-32
Table 13-24 Related operations for configuring the IS-IS authentication........................................................13-34
Table 13-25 Related operation for configuring the LSDB overload flag bit....................................................13-35
Table 13-26 Related operation for enabling the output of the adjacency state................................................13-36
Table 14-1 Data plan for configuring the BGP..................................................................................................14-3
Table 14-2 Related operation for configuring the BGP basic description..........................................................14-7
Table 14-3 Related operations for advertising the BGP local routes.................................................................14-8
Table 14-4 Related operation for configuring the local interface used for a BGP connection........................14-10
Table 14-5 Related operation for configuring the maximum number of hops in an EBGP connection..........14-11
Table 14-6 Related operation for configuring the Next_Hop attribute............................................................14-14
Table 14-7 Related operation for configuring the AS_Path attribute...............................................................14-15
Table 14-8 Related operations for configuring the BGP to import routes.......................................................14-16
Table 14-9 Related operation for filtering the routes imported by BGP..........................................................14-17
Table 14-10 Related operations for configuring the BGP route aggregation...................................................14-18
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xxv

Table 14-11 Related operations for configuring the MA5600T to advertise the default routes to its peer......14-19
Table 14-12 Related operations for configuring the BGP access list...............................................................14-20
Table 14-13 Parameters for configuring a routing policy................................................................................ 14-21
Table 14-14 Related operations for configuring a routing policy.................................................................... 14-21
Table 14-15 Related operations for configuring the policy for advertising the BGP routing information......14-24
Table 14-16 Related operations for configuring the policy for receiving the BGP routing information.........14-26
Table 14-17 Related operations for configuring the BGP timer...................................................................... 14-28
Table 14-18 Related operations for configuring the interval for sending the update messages.......................14-29
Table 14-19 Related operations for configuring the BGP soft reset................................................................ 14-30
Table 14-20 Related operation for enabling the quick reset function of the EBGP connection...................... 14-31
Table 14-21 Related operation for configuring the MD5 authentication.........................................................14-32
Table 14-22 Related operation for configuring the maximum number of equal-cost routes........................... 14-33
Table 14-23 Related operations for configuring the split horizon function among the EBGP neighbors........14-34
Table 15-1 Related operations for enabling the MSTP function........................................................................15-4
Table 15-2 Related operation for setting the working mode of MSTP..............................................................15-6
Table 15-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm configured on the MST
region...................................................................................................................................................................15-8
Table 15-4 Related operations for configuring the MST region name...............................................................15-9
Table 15-5 Related operations for mapping the specified VLAN to the specified MSTP instance.................15-10
Table 15-6 Related operations for mapping all VLANs to the MSTP instances............................................. 15-11
Table 15-7 Related operations for setting the MSTP revision level of the device...........................................15-13
Table 15-8 Related operation for activating the configuration of the MST region..........................................15-14
Table 15-9 Related operation for specifying the device as a root bridge or a backup root bridge...................15-15
Table 15-10 Related operations for setting the priority of the device in the specified spanning tree instance
...........................................................................................................................................................................15-17
Table 15-11 Related operation for setting the maximum number of hops of the MST region........................ 15-18
Table 15-12 Related operation for setting the diameter of the switching fabric..............................................15-19
Table 15-13 Related operation for setting the calculation standard for the path cost...................................... 15-20
Table 15-14 Related operations for setting the Forward Delay of the specified network bridge.....................15-22
Table 15-15 Related operations for setting the Hello Time of the specified network bridge.......................... 15-23
Table 15-16 Related operations for setting the Max Age of the specified network bridge..............................15-25
Table 15-17 Related operation for setting the timeout time factor of the specified network bridge................15-26
Table 15-18 Related operation for setting the maximum transmission rate of the specified port....................15-27
Table 15-19 Related operation for setting the specified port as an edge port.................................................. 15-29
Table 15-20 Related operation for setting the path cost of a specified port.....................................................15-30
Table 15-21 Related operation for setting the priority of the specified port....................................................15-31
Table 15-22 Related operation for setting the point-to-point link connection of the specified port................15-32
Table 15-23 Related operation for enabling the BPDU protection function of the device.............................. 15-34
Table 15-24 Related operations for enabling the loop protection function of the device................................ 15-35
Table 15-25 Related operations for enabling the root protection function of the device.................................15-37
Table 16-1 Data plan for configuring the NTP broadcast mode........................................................................16-4
Table 16-2 Data plan for configuring the NTP multicast mode.........................................................................16-7
Table 16-3 Data plan for configuring NTP server/client mode........................................................................16-11
xxvi Huawei Proprietary and Confidential Issue 02 (2008-04-25)

Table 16-4 Data plan for configuring the NTP peer mode...............................................................................16-14
Table 16-5 Related operations for configuring the NTP ID authentication.....................................................16-18
Table 16-6 Related operation for configuring the NTP master clock..............................................................16-20
Table 16-7 Related operations for configuring the NTP broadcast server mode.............................................16-21
Table 16-8 Related operations for configuring the NTP broadcast client mode..............................................16-22
Table 16-9 Related operations for configuring the NTP multicast mode.........................................................16-23
Table 16-10 Related operations for configuring the NTP server/client mode..................................................16-24
Table 16-11 Related operation for configuring the NTP peer mode................................................................16-25
Table 16-12 Related operations for configuring the authority of access to an NTP service of a local device
...........................................................................................................................................................................16-27
Table 16-13 Related operations for configuring an interface for transmitting or receiving NTP packets.......16-28
Table 17-1 Clock synchronization description...................................................................................................17-2
Table 17-2 Data plan for configuring the system clock.....................................................................................17-4
Table 17-3 Related operations for configuring the system clock.......................................................................17-6
Table 17-4 Related operations for setting the priority of a clock source............................................................17-7
Table 18-1 Related operation for adding a static MAC address.........................................................................18-3
Table 18-2 Related operation for configuring the MAC address filtering.........................................................18-7
Table 19-1 Related operation for configuring the synwait timer.......................................................................19-3
Table 19-2 Related operation for configuring the finwait timer.........................................................................19-4
Table 19-3 Related operation for configuring the socket buffer........................................................................19-4
Table 19-4 Related operations for enabling the IP packets debugging..............................................................19-5
Table 19-5 Related operations for enabling the IP packets debugging..............................................................19-6
Table 20-1 ACL types........................................................................................................................................20-3
Table 20-2 Data plan for configuring the basic ACL.........................................................................................20-6
Table 20-3 Data plan for configuring the advanced ACL..................................................................................20-7
Table 20-4 Data plan for configuring the L2 ACL.............................................................................................20-9
Table 20-5 Data plan for configuring the user-defined ACL...........................................................................20-11
Table 20-6 ACL number range.........................................................................................................................20-13
Table 20-7 Related operations for creating an ACL.........................................................................................20-13
Table 20-8 Related operation for setting the step.............................................................................................20-15
Table 20-9 Related operation for creating a basic ACL rule............................................................................20-16
Table 20-10 Related operation for creating an advanced ACL rule.................................................................20-17
Table 20-11 Related operation for creating an L2 ACL rule............................................................................20-18
Table 20-12 Description of letters and their offset values................................................................................20-19
Table 20-13 Related operation for creating a used defined ACL rule..............................................................20-20
Table 20-14 Related operation for activating the ACL of a port......................................................................20-21
Table 21-1 Data plan for configuring queue scheduling....................................................................................21-4
Table 21-2 Data plan for configuring the traffic management based on service streams..................................21-7
Table 21-3 Data plan for configuring the traffic management based on ACL rules........................................21-10
Table 21-4 Traffic parameters defined in the IP traffic profile........................................................................21-12
Table 21-5 Related operations for configuring the traffic entry ......................................................................21-14
Table 21-6 Relations between the service type, traffic description, and traffic parameters. ...........................21-14
Table 21-7 Application scenario of the ATM services ....................................................................................21-15
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xxvii

Table 21-8 Related operation for configuring the traffic entry .......................................................................21-17
Table 21-9 Mapping between the queue weight and the actual queue.............................................................21-19
Table 21-10 Related operations for configuring the queue scheduling mode..................................................21-20
Table 21-11 Mapping between the 802.1p priority and queue.........................................................................21-21
Table 21-12 Related operations for mapping the 802.1p priority to the queue of a service board..................21-22
Table 21-13 Default buffer size........................................................................................................................21-22
Table 21-14 Related operations for configuring the queue buffer of a service board .....................................21-23
Table 21-15 Related operation for enabling traffic limit of packets matching an ACL on a specified port
...........................................................................................................................................................................21-25
Table 21-16 Related operation for adding a priority tag to packets matching an ACL on a specified port
...........................................................................................................................................................................21-26
Table 21-17 Related operations for enabling the traffic statistics for packets matching an ACL on a port
...........................................................................................................................................................................21-27
Table 21-18 Related operation for enabling the traffic mirroring of packets matching an ACL rule on a specified
port....................................................................................................................................................................21-28
Table 21-19 Related operation for redirecting traffic matching an ACL on a port..........................................21-29
Table 21-20 Related operation for enabling the line rate limit on an upstream port........................................21-30
Table 22-1 Related operation for setting the Ethernet encapsulation type.........................................................22-6
Table 22-2 Related operations for enabling the DHCP option82.......................................................................22-7
Table 22-3 Related operation for binding the IP address...................................................................................22-9
Table 22-4 Related operations for enabling the anti MAC spoofing function.................................................22-11
Table 22-5 Related operations for enabling the anti MAC spoofing function.................................................22-12
Table 23-1 Related operations for enabling the anti DoS attack........................................................................23-4
Table 23-2 Related operation for enabling the anti IP attack function...............................................................23-4
Table 23-3 Related operation for enabling the anti ICMP attack function.........................................................23-5
Table 23-4 Related operation for enabling the function of source route filtering..............................................23-6
Table 23-5 Related operation for configuring the MAC address filtering.........................................................23-7
Table 23-6 Related operations for configuring the firewall black list function.................................................23-9
Table 23-7 Related operation for configuring the firewall function.................................................................23-11
Table 23-8 Related operations for configuring an accessible address segment...............................................23-11
Table 23-9 Related operations for configuring the inaccessible address segment...........................................23-12
Table 24-1 Data plan for configuring the fiber access service-single port for single service............................24-3
Table 24-2 Data plan for configuring the fiber access service-single port for multi-service.............................24-6
Table 25-1 Configurations of the GPON service in different application scenarios..........................................25-4
Table 25-2 Data plan for configuring the GPON service...................................................................................25-6
Table 25-3 Related operations for adding a DBA profile...................................................................................25-9
Table 25-4 Related operation for binding a DBA profile.................................................................................25-11
Table 25-5 Related operations for adding an alarm profile..............................................................................25-12
Table 25-6 Related operations for adding a GEM port....................................................................................25-14
Table 25-7 Related operations for adding a GPON ONT................................................................................25-17
Table 25-8 Related operation for activating a GPON ONT.............................................................................25-18
Table 25-9 Related operations for enabling the ONT auto-find function of a GPON port..............................25-19
Table 25-10 Related operations for setting the aging time of the ONT auto-find function.............................25-20
xxviii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

Table 25-11 Related operations for confirming an automatically found ONT................................................25-21

Table 26-1 Data plan for configuring the upstream link protection...................................................................26-4
Table 26-2 Related operations for configuring the protection group.................................................................26-6
Table 27-1 Ethernet ports of the MA5600T.......................................................................................................27-3
Table 27-2 Related operation for enabling the flow control of an Ethernet port............................................. 27-10
Table 27-3 Related operations for enabling traffic suppression.......................................................................27-12
Table 27-4 Related operation for enabling the Ethernet port aggregation....................................................... 27-13
Table 27-5 Related operation for mirroring an Ethernet port...........................................................................27-14
Table 27-6 Related operation for adding an Ethernet Port to a VLAN............................................................27-15
Table 28-1 Data plan for configuring the VLAN stacking multi-ISP wholesale access....................................28-4
Table 29-1 Data plan for configuring the private line service............................................................................29-3
Table 29-2 Data plan for the QinQ VLAN private line service.........................................................................29-6
Table 29-3 Related operation for enabling the transparent transmission of BPDUs..........................................29-9
Table 30-1 Data plan for configuring the IGMP proxy multicast service..........................................................30-5
Table 30-2 Data plan for configuring the IGMP snooping multicast service.....................................................30-9
Table 30-3 Data plan for configuring the IGMP snooping multicast service...................................................30-13
Table 30-4 Data plan for configuring the subtended multicast service............................................................30-17
Table 30-5 Data plan for the example network of the multicast service in MSTP networking.......................30-23
Table 30-6 Data plan for configuring the multicast service through the PIM-SSM protocol..........................30-30
Table 30-7 Related operation for configuring the IGMP upstream port..........................................................30-34
Table 30-8 Related operations for setting the multicast mode of the upstream port........................................30-35
Table 30-9 Related operations for enabling the multicast routing function.....................................................30-36
Table 30-10 Related operations for configuring a subtending port..................................................................30-37
Table 30-11 Related operation for configuring a program for a static subtending port...................................30-38
Table 30-12 Related operation for enabling the IGMP proxy authorization....................................................30-40
Table 30-13 Related operation for setting the robustness variable...................................................................30-41
Table 30-14 Related operation for setting the general query interval..............................................................30-42
Table 30-15 Related operation for setting the maximum response time to the general query.........................30-44
Table 30-16 Related operation for setting the number of specific queries.......................................................30-45
Table 30-17 Related operation for setting the group-specific query interval...................................................30-46
Table 30-18 Related operation for setting the maximum response time for the group-specific query............30-47
Table 30-19 Related operations for setting the TTL for a V2 router................................................................30-48
Table 30-20 Related operation for setting the preview recognition time.........................................................30-49
Table 30-21 Related operation for enabling the user action report function....................................................30-50
Table 30-22 Related operation for configuring the IGMP mode..................................................................... 30-54
Table 30-23 Related operation for configuring the IGMP version...................................................................30-55
Table 30-24 Related operations for configuring the multicast program...........................................................30-57
Table 30-25 Related operations for setting the unsolicited report interval...................................................... 30-59
Table 30-26 Related operations for Enabling the proxy of the IGMP leave packet.........................................30-60
Table 30-27 Related operations for enabling the proxy of the IGMP report packet........................................30-61
Table 30-28 Related operations for enabling the function of sending the global-leave packet....................... 30-62
Table 30-29 Related operation for setting the priority of the IGMP packet.....................................................30-63
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xxix

Table 30-30 Related operations for configuring the multicast VLAN member...............................................30-64
Table 30-31 Related operation for enabling the logging function....................................................................30-65
Table 30-32 Related operations for setting the IP address range of the multicast VLAN to generate the program
group dynamically.............................................................................................................................................30-66
Table 30-33 Related operation for enabling the program matching mode of the multicast VLAN.................30-67
Table 30-34 Related operations for configuring the virtual upstream port......................................................30-68
Table 30-35 Related operation for enabling the PIM-SSM function...............................................................30-70
Table 30-36 Related operations for setting the DR priority of a PIM router...................................................30-72
Table 30-37 Related operations for setting the interval for a PIM router to send Hello messages..................30-75
Table 30-38 Related operations for setting the holdtime for receiving the Hello messages............................30-77
Table 30-39 Related operation for setting the longest delay for triggering the transmission of the Hello message
...........................................................................................................................................................................30-78
Table 30-40 Related operations for setting the specifications of the Join/Prune messages.............................30-80
Table 30-41 Related operations for setting the interval for sending the Join/Prune messages........................30-82
Table 30-42 Related operations for setting the delay for a PIM router to perform pruning.............................30-84
Table 30-43 Related operations for setting the delay for a PIM router to override pruning............................30-87
Table 30-44 Related operations for setting the holdtime for a PIM router to maintain the join status of a downstream
interface.............................................................................................................................................................30-89
Table 30-45 Related operation for setting the range of the PIM-SSM multicast addresses.............................30-90
Table 30-46 Related operation for enabling the bandwidth management function..........................................30-92
Table 30-47 Related operation for modifying an authority profile..................................................................30-93
Table 30-48 Related operations for adding a BTV user...................................................................................30-95
Table 30-49 Related operations for modifying the attributes of a user............................................................30-97
Table 30-50 Related operation for blocking a BTV user.................................................................................30-98
Table 30-51 Related operation for binding a user with an authority profile....................................................30-99
Table 30-52 Related operation for enabling the switch of monitoring BTV users........................................30-100
Table 30-53 Related operation for configuring the preview profile...............................................................30-101
Table 30-54 Related operation for enabling the preview function.................................................................30-102
Table 30-55 Related operations for setting the preview auto reset time........................................................30-103
Table 30-56 Related operation for resetting the preview record....................................................................30-104
Table 30-57 Related operations for enabling the logging function on the multicast VLAN.........................30-106
Table 30-58 Related operation for setting the logging interval......................................................................30-107
Table 30-59 Related operations for configuring the log reporting.................................................................30-107
Table 30-60 Related operations for setting the automatic CDR reporting.....................................................30-110
Table 31-1 Modes to provide the triple play service..........................................................................................31-3
Table 31-2 Data plan for configuring the triple play service..............................................................................31-5
Table 31-3 Data plan for configuring the triple play service - single PVC for multiple services (based on the user-
side VLAN).......................................................................................................................................................31-10
Table 31-4 Data plan for configuring the triple play service - single PVC for multiple services (based on 802.1p)
...........................................................................................................................................................................31-15
Table 31-5 Data plan for configuring the triple play service - single PVC for multiple services (based on service
encapsulation type) ...........................................................................................................................................31-20
Table 31-6 Data plan for configuring the triple play service............................................................................31-25
Table 32-1 Data plan for configuring an ONT...................................................................................................32-4
xxx Huawei Proprietary and Confidential Issue 02 (2008-04-25)

Table 32-2 Attributes of an ONT capability set profile......................................................................................32-8

Table 32-3 Related operations for configuring an ONT capability set profile.................................................32-11
Table 32-4 Related operations for binding an ONT T-CONT with GEM ports.............................................. 32-13
Table 32-5 Related operations for configuring the mapping between ONT services and GEM ports ............32-14
Table 32-6 Related operation for configuring a VLAN on a GPON ONT port...............................................32-15
Table 33-1 Data plan for configuring Ethernet OAM........................................................................................33-4
Table 33-2 Related operation for creating an MD..............................................................................................33-7
Table 33-3 Related operations for creating an MA............................................................................................33-8
Table 33-4 Related operation for creating an MEP............................................................................................33-9
Table 33-5 Related operation for creating an RMEP.......................................................................................33-10
Table 33-6 Related operation for enabling the CFM globally..........................................................................33-11
Table 33-7 Related operation for enabling CFM alarm globally..................................................................... 33-12
Table 33-8 Related operation for enabling the administration function of an MEP........................................ 33-13
Table 33-9 Related operation for enabling the CC transmission of an MEP...................................................33-14
Table 33-10 Related operation for enabling the global detection function of an RMEP.................................33-15
Table 33-11 Related operation for enabling the detection function of the RMEP...........................................33-16
Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of an MEP........33-17
Table 33-13 Related operation for configuring the interval for an MA to transmit a CC................................33-18
Table 33-14 Related operations for configuring the loop detection function...................................................33-20
Table 33-15 Related operations for configuring the Link trace function.........................................................33-21
Table 34-1 Correspondence between the H801ESC DIP switch and the slave node number............................34-4
Table 34-2 Correspondence between the FAN DIP switch and the slave node number....................................34-5
Table 34-3 Correspondence between the POWER4845 and the slave node number.........................................34-6
Table 34-4 Data plan for configuring the H801ESC..........................................................................................34-7
Table 34-5 Data plan for configuring the FAN..................................................................................................34-9
Table 34-6 Related operation for adding an EMU...........................................................................................34-12
Table 34-7 Commands for configuring a POWER4845 EMU.........................................................................34-12
Table 34-8 Related operations for configuring a POWER4845 EMU.............................................................34-15
Table 34-9 Related operations for configuring H801ESC analog parameters.................................................34-17
Table 34-10 Related operations for configuring H801ESC digital parameters................................................34-19
Table 34-11 Related operations for configuring the FAN alarm report...........................................................34-20
Table 34-12 Related operations for setting the fan speed adjustment mode....................................................34-21
Table 34-13 Related operations for setting the FAN speed level.....................................................................34-22
Issue 02 (2008-04-25) Huawei Proprietary and Confidential xxxi

SmartAX MA5600T Multi-service Access Module About This Document
About This Document
Purpose
This document describes the configuration of various services supported by the MA5600T. The
description covers the following topics:
l Purpose
l Networking
l Data plan
l Prerequisite(s)
l Note
l Configuration flowchart
l Operation procedure
l Result
This document helps users to know the configuration of various services on the MA5600T.
Related Versions
The following table lists the product versions related to this document.
Product Name Version
MA5600T V800R005
N2000 BMS V200R011
Intended Audience
The intended audience of this document is:
l Installation and commissioning engineers

l System maintenance engineers
l Data configuration engineers
Issue 02 (2008-04-25) Huawei Proprietary and Confidential 1

About This Document SmartAX MA5600T Multi-service Access Module
Organization
This document describes the configuration on the MA5600T. Each chapter gives an overview
to the configuration first, then describes the configuration flow and the configuration example
(some chapters not) and finally describes the basic operations in detail.
For the readers that know the product well, it is recommended to read the configuration example
(s) directly; For the readers that do not know the product well, it is recommended to read the
basic operations first.
This document consists of the following chapters and is organized as follows.
Chapter… Describes…
1 Maintenance Terminal How to configure the maintenance terminal

Configuration
2 Getting Started With CLI The basic CLI operations on the MA5600T
3 Network Management How to configure the network management system on the

Configuration MA5600T
4 Log Host Configuration How to configure the log host
5 User Management User levels and user management operations
6 Device Management How to manage the shelf and boards of the MA5600T
7 Remote User How to configure the remote users authentication

Authentication
Configuration
8 VLAN Configuration How to configure various VLANs, including standard

VLAN, smart VLAN, MUX VLAN and super VLAN
9 DHCP Relay How to configure DHCP relay to obtain IP addresses

Configuration dynamically
10 ARP & ARP Proxy How to configure ARP and ARP proxy
Configuration
11 RIP Routing Protocol How to configure the RIP routing protocols supported by the
12 OSPF Routing Protocol How to configure the OSPF routing protocols supported by
Configuration the MA5600T
13 IS-IS Routing Protocol How to configure the IS-IS routing protocols supported by
14 BGP Routing Protocol How to configure the BGP routing protocols supported by
15 MSTP Configuration How to configure MSTP
16 NTP Configuration How to configure the four NTP modes
2 Huawei Proprietary and Confidential Issue 02 (2008-04-25)

17 System Clock How to configure the system clock on the MA5600T

Configuration
18 MAC Address How to configure MAC addresses and the MAC address pool
Management
19 TCP/IP Connection How to configure TCP and IP connections

Configuration
20 ACL Configuration ACL and the method of configuring ACL on the MA5600T
21 QoS Configuration QoS and the method of configuring QoS on the MA5600T
22 User Security How to configure user security on the MA5600T

Configuration
23 System Security How to configure system security on the MA5600T

Configuration
SHDSL Service The SHDSL technology and the method of configuring the
Configuration SHDSL service on the MA5600T
VDSL2 Service The VDSL2 technology and the method of configuring the
Configuration VDSL2 service on the MA5600T
25 GPON Service The GPON technology and the method of configuring the
Configuration GPON service on the MA5600T
26 Protection Configuration The service protection on the upstream port of the MA5600T
for Upstream Link
27 Device Subtending The Ethernet technology and how to subtend MA5600T

Configuration devices
ATM-DSLAM Access How to configure the ATM-DSLAM access service on the

28 VLAN Stacking How to configure the wholesale service on the MA5600T

Wholesale Service
Configuration
29 QinQ VLAN Private How to configure the private line service on the MA5600T
Line Service Configuration
30 Multicast Service How to configure the multicast service on the MA5600T

Configuration
31 Triple Play Service How to configure the triple play service on the MA5600T
Configuration
CPE Management How to log on and configure the CPE terminal through the
MA5600T
32 ONT Management How to configure the ONT on the MA5600T side

33 Ethernet OAM Applications of Ethernet OAM to the MA5600T

Configuration
34 Environment The EMUs supported by the MA5600T and the method of

Monitoring Configuration configuring them
RSTP Networking Example The configuration example of MSTP networking
Subtending Networking The configuration example of subtending networking

Example
35 Acronyms and Acronyms and abbreviations used in the document

Abbreviations
Differences Between the ETSI Service Shelf and the 19-inch Service Shelf
The MA5600T supports both the ETSI service shelf and the 19-inch service shelf. The following
table lists the differences between the two shelves.
Shelf Type Slots Slots for the Slots for Slots for
Control Board Service Boards Upstream
Interface Boards
ETSI shelf 20 9, 10 1-8, 11-18 19, 20
19-inch shelf 18 7, 8 1-6, 9-16 17, 18
This document uses the ETSI service shelf as an example because the two shelves support the
same software functions, although their hardware are different.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk which, if not

avoided, could result in death or serious injury.
DANGER
Indicates a hazard with a medium or low level of risk which,

if not avoided, could result in minor or moderate injury.
WARNING

Symbol Description
Indicates a potentially hazardous situation that, if not avoided,

could cause equipment damage, data loss, and performance
CAUTION
degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save time.
NOTE Provides additional information to emphasize or supplement

important points of the main text.
General Conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Boldface Names of files, directories, folders, and users are in boldface.

For example, log in as user root.
Italic Book titles are in italics.

Courier New Terminal display is in Courier New.
Command Conventions
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italic.
[] Items (keywords or arguments) in square brackets [ ] are

optional.
{ x | y | ... } Alternative items are grouped in braces and separated by

vertical bars. One is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets and

separated by vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] * Optional alternative items are grouped in square brackets and

separated by vertical bars. Many or none can be selected.

GUI Conventions
Boldface Buttons, menus, parameters, tabs, window, and dialog titles are
in Boldface. For example, click OK.
> Multi-level menus are in boldface and separated by the “>”

signs. For example, choose File > Create > Folder.
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt
+A means the three keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means the
two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Double-click Press the primary mouse button twice continuously and quickly
without moving the pointer.
Drag Press and hold the primary mouse button and move the pointer
to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in Issue 02 (2008-04-25)

This release has updated the following sections:
l Sections "Overview", "Configuration Example of the User-Defined ACL", "Creating
a Customized ACL Rule" of the chapter "ACL Configuration"
l Section "Adding a Static ARP Entry" of the chapter "ARP & ARP Proxy Configuration"

Updates in Issue 01 (2007-10-30)

This is the first release.

SmartAX MA5600T Multi-service Access Module 1 Maintenance Terminal Configuration
1 Maintenance Terminal Configuration
About This Chapter
This topic describes the different maintenance modes of theMA5600T through the maintenance
terminal.
1.1 Overview
This topic describes the different maintenance modes of the MA5600T through the maintenance
terminal and describes the features of the maintenance modes.
1.2 Configuring the Terminal Through the Local Serial Port
This topic describes how to log in to the MA5600T and configure the MA5600T by using the
HyperTerminal of the Windows operating system.
1.3 Configuring the Terminal Through the Remote Serial Port
This topic describes how to log in to the MA5600T and configure the MA5600T through the
remote serial port.
1.4 Configuring the Terminal Through the Outband Management Channel
This topic describes how to connect the maintenance terminal to the MA5600T over a local area
network (LAN) or a wide area network (WAN), and configure the MA5600T through the
outband management channel.
1.5 Configuring the Terminal Through the Inband Management Channel
This topic describes how to configure the MA5600T through the inband management channel.
1.6 Configuring the Terminal Through SSH
This topic describes how to connect the maintenance terminal to the MA5600T through SSH.
Then, you can log in to the MA5600T through SSH for maintenance. This helps to protect the
MA5600T from network attacks.
Issue 02 (2008-04-25) Huawei Proprietary and Confidential 1-1

1 Maintenance Terminal Configuration SmartAX MA5600T Multi-service Access Module
1.1 Overview
This topic describes the different maintenance modes of the MA5600T through the maintenance
terminal and describes the features of the maintenance modes.
You can maintain the SmartAX MA5600T Multi-service Access Module Optical Access
Equipment (the MA5600T for short) through a maintenance terminal in the command line
interface (CLI) mode. The configuration of a maintenance terminal involves the following:
l 1.2 Configuring the Terminal Through the Local Serial Port

l 1.3 Configuring the Terminal Through the Remote Serial Port
l 1.4 Configuring the Terminal Through the Outband Management Channel
l 1.5 Configuring the Terminal Through the Inband Management Channel
l 1.6 Configuring the Terminal Through SSH
Table 1-1 lists the features of the maintenance modes.
Table 1-1 Features of the maintenance modes
Maintenance mode Description Feature
Local serial port Uses the HyperTerminal of No network management software

the operating system for is required.
configuration.
Remote serial port Uses the HyperTerminal of It connects modems on the

the operating system for MA5600T side and the
configuration. maintenance terminal side.
Inband management Uses the service channel of l Advantages: It adopts flexible

channel the MA5600T to manage networking, and does not
the network device. require additional networking
device, thus saving networking
cost.
l Disadvantages: The
maintenance work cannot be
performed if the service
channel fails.
Outband management Uses the maintenance l Advantages: It provides reliable

channel network port (ETH) of the device management channel.
control board (SCU) of the The fault can be located in time
MA5600T to manage the even if the managed device
system. fails.
l Disadvantage: An additional
network device is required for
setting up a maintenance
channel that is unrelated to the
service channel.
1-2 Huawei Proprietary and Confidential Issue 02 (2008-04-25)

Maintenance mode Description Feature
SSH mode Uses the service channel of Secure Shell (SSH) ensures
the MA5600T, or the network security through the
maintenance network port authentication, encryption, and
of the SCU board to identification functions. When a
manage the system. user telnets to the MA5600T from
an insecure network, SSH protects
the MA5600T from malicious
attacks such as IP address spoofing
and clear text password
interception.
1.2 Configuring the Terminal Through the Local Serial Port

This topic describes how to log in to the MA5600T and configure the MA5600T by using the
HyperTerminal of the Windows operating system.
Networking
Figure 1-1 shows an example network for configuring the MA5600T through the local serial
port.
Figure 1-1 Example network for configuring the MA5600T through the local serial port
RS-232 serial port cable

CON
ETH
ESC
Serial port SCU MA5600T

PC
Configuration Flowchart
Figure 1-2 shows the flowchart for configuring the MA5600T through the local serial port.

Figure 1-2 Flowchart for configuring the MA5600T through the local serial port
Start
Connect the serial port cable
Run the HyperTerminal
Set the parameters of the terminal
Define the terminal emulation type
Set ASCII code
Log in to the system
End
Procedure
Step 1 Connect the serial port cable.
Use a RS-232 serial port cable to connect the serial port of the PC to the CON port of the SCU
board, as shown in Figure 1-1.
Step 2 Start the HyperTerminal.

1. Set up a connection.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and set up a serial port connection. Enter the connection name, and
click OK.
2. Configure the serial port.
Select the standard character terminal or the PC terminal serial port that is connected to the
MA5600T. (Assume that the serial port is serial COM2.) Click OK.
Step 3 Set the parameters of the terminal.
In step 2, click OK. Then, set the serial port parameters in the dialog box as shown in Figure
1-3. The parameters are set as follows:
l Bits per second: 9600

l Data bits: 8
l Parity: None

l Stop bits: 1
l Flow control: None
NOTE
l When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with the
baud rate of the serial port in the MA5600T. By default, the baud rate of the serial port is 9600 bit/s.
l There may be illegible characters in the input information after you log in to the system. This is because
the baud rate between the HyperTerminal and the MA5600T is inconsistent. In such cases, use a
different baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/
s, 38400 bit/s, 57600 bit/s, and 115200 bit/s.
Figure 1-3 Setting parameters of the terminal
Click OK.
Step 4 Define the terminal emulation type.
Choose File > Properties on the HyperTerminal interface. Click the Settings tab. Select
VT100 or Auto Detection as the type of terminal emulation, as shown in Figure 1-4.

Figure 1-4 Setting the terminal emulation type
Step 5 Set ASCII code.

Click ASCII Setup. Set the line delay and the character delay as 200 ms, as shown in Figure
1-5.
NOTE
When you paste text to the HyperTerminal, character delay controls the character transmit speed, and the
line delay controls the interval of sending every line. If a delay is very short, it leads to loss of characters.
When the pasted text is displayed abnormally, modify the setting.

Figure 1-5 Setting ASCII Code
----End
Result
In the HyperTerminal interface, press Enter. The system displays a message requesting you to
enter the user name. Enter the user name and password for user registration (by default, the super
user name is root and the password is admin), and wait until the command line prompt
(MA5600T) appears.
If the login fails, click the Hang-up icon first, and then click the Dial icon. If you still cannot
log in, return to step 1 to check the parameter settings and the physical connections, and then
try again.
1.3 Configuring the Terminal Through the Remote Serial

Port
This topic describes how to log in to the MA5600T and configure the MA5600T through the
remote serial port.
Prerequisite
Connect a PSTN modem on the MA5600T side and PC side before using a serial port for remote
maintenance. In this way, you can set up a remote connection between the PC and the
MA5600T through modem dialup.
The PSTN modem on the MA5600T side is referred to as the called PSTN modem. The PSTN
modem on the PC side is referred to as the calling PSTN modem. The PSTN modems must meet
the following requirements:
l Both the calling and called PSTN modems must be the standard modems, and must support
the AT command set.

l The called PSTN modem must be an external modem.

l The calling PSTN modem can be either a built-in modem or an external modem. For better
compatibility and to facilitate monitoring of status, it is recommended that you use the
calling and called PSTN modems made by the same vendor.
l The following configuration is based on one type of modem. In actual applications, you
can configure the modem by referring to the related AT command set.
Networking
Figure 1-6 shows an example network for configuring the MA5600T through the remote serial
port.
Figure 1-6 Example network for configuring the MA5600T through the remote serial port
CON
Serial port ETH
Telephone line cable ESC
Modem
Telephone line Serial port MA5600T

SCU
cable
Modem PC
Figure 1-7 shows the flowchart for configuring the MA5600T through the remote serial port.

Figure 1-7 Flowchart for configuring the MA5600T through the remote serial port
Start
Set the called modem parameters
Set the calling modem parameters
Set up the configuration environment
Start the HyperTerminal
Set the HyperTerminal parameter
Dial up on the HyperTerminal
End
Procedure
Step 1 Set the called modem parameters.
Only three signal lines, namely SD, RD, and SG, are used for connecting the MA5600T and the
modem. Therefore, before connecting the modem to the MA5600T, shield the handshake signals
and the flow control signals of the modem.
The configuration of a modem requires an intelligent terminal. The following modem

configuration is based on the HyperTerminal operating in Windows.
1. Connect the serial port of the modem to the serial port of the maintenance terminal by using
the dedicated cable for the modem, and then power on the system. You need not install a
driver during this operation.
2. Assume that the modem is connected to COM2 port. Start the HyperTerminal, and select
Direct to COM2 in the Connect using column in the dialog box that appears. Set the serial
port parameters as follows: 9600 bit/s for baud rate, 8 for data bits, 1 for stop bits, None
for parity, and None for data traffic control.
NOTE
After the connection, the terminal may not display anything. This is because the display function of
the modem was disabled at the previous configuration operation. To enable the terminal to display
the input information and the output information, run the AT&F command to restore the default
settings and press Enter.
3. Check the modem.
In the HyperTerminal, enter the AT&F command to restore the default settings of the
modem. Check whether the screen displays "OK". If it displays "OK", the modem is normal.
If it does not display "OK", the modem is faulty and it must be replaced with a new modem.
4. In the HyperTerminal, run the following commands:

ATS0=1 //Enable the auto replay function (ringing sound).

AT&D //Ignore DTR signals.
AT&K0 //Disable the flow control function.
AT&R1 //Ignore the RTS signals.

AT&S0 //Set DSR as high level.
ATEQ1&W //Disable the modem’s response to the command while
executing the command and saving the configurations.
NOTE
After the last command is executed, running the AT command disables the echo function of the
terminal and prevents the display of the execution results.
l Due to the limitation of the bit rate of the modem, you can run the baudrate command to modify
the baud rate of the serial port of the MA5600T to 9600 bit/s or 19200 bit/s.
l To prevent an extremely high bit rate on the line between the two modems, you can set AT
$MB=9600 (or another value) before running the ATEQ1&W command.

Step 2 Set the calling modem parameters.
After the power-on, the calling modem can function in the normal state without any
configuration. However, if you connect the maintenance terminal to the modem by using a
standard cable, shield the handshake signals and the flow control signals of the modem before
the connection. For more information on the shield operation, refer to the settings of the called
modem parameters.
Step 3 Set up the configuration environment.
Figure 1-6 shows the configuration environment.
1. Connect the called modem.
Plug the telephone line into the LINE port of the called modem. Connect the serial port of
the called modem to the maintenance port CON of SCU board on the MA5600T by using
the dedicated serial port cable for the MA5600T, and then power on the modem.
2. Connect the calling modem.
For an external modem, plug the telephone line into the LINE port of the calling modem,
connect the serial port of the calling modem to the serial port of the maintenance terminal
by using the dedicated cable for the modem, and then power on the modem.
For a built-in modem, you only need to plug the telephone line into the LINE port of the
calling modem.
Step 4 Start the HyperTerminal.

1. Set up a new connection.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and enter the name. Click OK.
2. Configure the serial port.
Select the standard character terminal or the PC terminal serial port that is connected to the
MA5600T. (Assume that the serial port is serial COM2.) Click OK.
Step 5 Set the parameters of the HyperTerminal.
In the preceding substep 2, click OK. Then, set the serial port parameters in the dialog box as
shown in Figure 1-8. The parameters are set as follows:

l Baud rate: 9600 bit/s

l Data bits: 8
l Parity: None
l Stop bits: 1
l Flow control: None
NOTE
l When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with the
baud rate of the serial port. By default, the baud rate of the serial port is 9600 bit/s.
l There may be illegible characters in the input information after you log in to the system. This is because
the baud rate between the HyperTerminal and the system is inconsistent. In such cases, use another
baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400
bit/s, 57600 bit/s, and 115200 bit/s.
Figure 1-8 Setting the parameters of the HyperTerminal
Click OK and the HyperTerminal interface appears.
Step 6 Dial up on the HyperTerminal.

1. In the case of an external modem, perform the following operations:
In the case of an external modem, select a serial port instead of a modem from the Connect
using drop-down list in the HyperTerminal to set up the connection to the modem.
In the HyperTerminal interface, you can enter the AT command such as

ATDTXXXXXXXX for dialup. XXXXXXXX indicates the telephone number used by the
line of the remote modem connected to the host.
For details of the dialup commands, refer to the AT command set. ATDT0 W
020XXXXXXXX indicates that you should dial "0" for connection by using the external

line. Wait for the dialing tone from the switch, and then dial the telephone number
020XXXXXXXX.
2. In the case of a built-in modem, perform the following operations:
Run the HyperTerminal. Set the called number. Select the modem from the Connect
using drop-down list. Click Configure in the properties setting interface to set the modem
properties. Select Bring up terminal window after dialing in the Options tab of the
properties setting interface. Click OK to confirm the setting. Click Dial to continue the
dialing. You need not use any ATDT commands for dialing.
----End
Result
After the dialup, the "OH" and "RI" LEDs on the modem that connects to the PC turn on. The
modem generates a sound, which indicates that the connection is in-progress. After the
connection is set up, the two modem CD LEDs (for carrier detection) turn on, and the
HyperTerminal interface displays "CONNECT9600 (or 19200)". This indicates that the inter-
modem connection is set up successfully.
If "NO CARRIER" is displayed, the connection fails. Check the hardware connections and the
telephone line. Press Enter until the login interface appears.
After configuring the MA5600T, run the hang-up command of the HyperTerminal to break the
connection.
WARNING
l When the modem connection setup is in progress, pressing any key on the keyboard interrupts
the ongoing call.
l After a remote maintenance operation, you need to disconnect the line, instead of directly
shutting down the HyperTerminal. Otherwise, modems of certain models may remain online
all the time, resulting in failure during the next dialup connection.
1.4 Configuring the Terminal Through the Outband

Management Channel
This topic describes how to connect the maintenance terminal to the MA5600T over a local area
network (LAN) or a wide area network (WAN), and configure the MA5600T through the
outband management channel.
Networking-LAN
Figure 1-9 shows an example network for configuring the outband management in a LAN by
Telnet.

Figure 1-9 Example network for configuring the outband management in a LAN by Telnet
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Use a straight through cable to connect the MA5600T to the LAN. Make sure that the IP address
of the maintenance network port of the control board and the IP address of the PC used for
maintaining the MA5600T are located in the same subnet.
NOTE
You can also use a crossover cable to connect the network port of the maintenance terminal to the
maintenance network port of the control board to maintain the MA5600T.
Data Plan-LAN
Table 1-2 provides the data plan for configuring the outband management in a LAN by Telnet.
Table 1-2 Data plan for configuring the outband management in a LAN by Telnet
Item Data
Maintenance network port of the IP address: 10.10.20.1/24

MA5600T
PC used for maintaining the MA5600T IP address: 10.10.20.3/24
Networking-WAN
Figure 1-10 shows an example network for configuring the outband management in a WAN by
Telnet.

Figure 1-10 Example network for configuring the outband management in a WAN by Telnet
PC
LAN CON
ETH
ESC
Router
PC PC
SCU MA5600T
Data Plan-WAN
Table 1-3 provides the data plan for configuring the outband management in a WAN by Telnet.
Table 1-3 Data plan for configuring the outband management in a WAN by Telnet
Item Data
Maintenance network port of the IP address: 10.10.20.1/24

MA5600T
Router port connecting to the IP address: 10.10.20.254/24

MA5600T
Figure 1-11 shows the flowchart for configuring the outband management in a WAN by Telnet.

Figure 1-11 Flowchart for configuring the outband management in a WAN by Telnet
Start
Set up the configuration environment
Set the IP address of the maintenance

network port
No
WAN environment or not?
Yes
Add a route for the NMS
Run the telent application
End
Procedure
Figure 1-9 and Figure 1-10 show the example networks for configuring the MA5600T through
the outband management channel. You can set up the environment according to the requirements.
Step 2 Set the IP address of the maintenance network port.

huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.20.1 24
Step 3 Add a route for the network management system (NMS).

l If setting up the WAN configuration environment as shown in Figure 1-9, you need not add
a route.
l If setting up the WAN configuration environment as shown in Figure 1-10, you need to add
a next hop route to the NMS.
huawei(config-if-meth0)#quit
huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 4 Run the telnet application.
Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the
maintenance network port of the MA5600T in the Open field. Click OK to run the telnet
application （Windows XP OS is considered as an example), as shown in Figure 1-12.

Figure 1-12 Running the telnet application
Step 5 Log in to the system.

By default, the super user uses root as the user name and admin as the password.
Huawei Integrated Access Software.
Copyright(C) Huawei Technologies Co., Ltd. 1998-2007. All rights reserved.
>>User name:root
>>User password:
----End
Result
After logging in to the system, you can perform the configuration successfully.
1.5 Configuring the Terminal Through the Inband

Management Channel
This topic describes how to configure the MA5600T through the inband management channel.
Networking-LAN
Figure 1-13 shows an example network for maintenance through the GE port in a LAN.

Figure 1-13 Example network for maintenance through the GE port in a LAN
GE 0/19/0
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Data Plan-LAN
Table 1-4 provides the data plan for the network.
Table 1-4 Data plan for the network

Item Data
Inband management interface of the IP address: 10.10.20.1/24

MA5600T
Networking-WAN
Figure 1-14 shows an example network for maintenance through the GE port in a WAN.
Figure 1-14 Example network for maintenance through the GE port in a WAN
Router
PC
CON GE 0/19/0
ETH
ESC
SCU MA5600T

Data Plan-WAN

Item Data
GE port of the MA5600T IP address: 10.10.20.1/24
PC used for maintaining the IP address: 10.10.21.1/24

MA5600T
Router port connecting to the IP address: 10.10.20.254/24

MA5600T
VLAN ID 30
Upstream port 0
Figure 1-15 shows the flowchart for configuring the MA5600T through the inband management
channel.
Figure 1-15 Flowchart for configuring the MA5600T through the inband management channel
Start
Set up the configuration

environment
Create an NMS VLAN and

add the upstream port to it
Set the IP address of the

VLAN layer 3 interface
No
WAN environment or
not?
Yes
Set inband NMS route
Run the telnet application
End

Procedure
Figure 1-13 and Figure 1-14 show the example network for configuring the MA5600T through
the inband management channel. You can set up the environment based on the requirements.
Step 2 Create an NMS VLAN and add the upstream port to it.
1. Run the vlan command to create an NMS VLAN.
huawei(config)#vlan 30 standard
huawei(config)#port vlan 30 0/9 0
2. Run the native-vlan command to configure the native VLAN of the upstream port.
huawei(config)#interface scu 0/9
huawei(config-if-scu-0/9)#native-vlan 0 vlan 30
Step 3 Set the IP address of the VLAN L3 interface.
Run the ip address command to set the IP address and subnet mask of the MA5600T VLAN
L3 interface.
huawei(config-if-scu-0/9)#quit
huawei(config)#interface vlanif 30
huawei(config-if-vlanif30)#ip address 10.10.20.1 255.255.255.0
Step 4 Set inband NMS route.
If the configuration environment is set up as shown in Figure 1-13, you need not configure a
route.
If the configuration environment is set up as shown in Figure 1-14, you need to add the route
of next hop.
huawei(config-if-vlanif30)#quit
Step 5 Run the telnet application.
Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the
maintenance network port of the SCU board in the Open field. Click OK to run the telnet
application as shown in Figure 1-16.
Figure 1-16 Running the telnet application
By default, the super user uses root and admin as the user name and password. When you log
in, the system prompts the following.

Huawei Integrated Access Software.

Copyright(C) Huawei Technologies Co., Ltd. 1998-2007. All rights reserved.
>>User name:root
>>User password:
----End
Result
After logging in to the system, you can configure the terminal for maintenance.
1.6 Configuring the Terminal Through SSH

This topic describes how to connect the maintenance terminal to the MA5600T through SSH.
Then, you can log in to the MA5600T through SSH for maintenance. This helps to protect the
MA5600T from network attacks.
Networking-LAN
Figure 1-17 shows the connection for setting up the SSH configuration environment in the LAN
outband mode.
Figure 1-17 Setting up the SSH configuration environment in the LAN outband mode
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Data Plan-LAN

Item Data
MA5600T IP address of the maintenance network port: 10.10.20.2/24

Username: huawei
User authentication mode: RSA public key authentication

MA5600T Client software: PuTTY
Password conversion tools: PuTTY.exe, PuTTYGen.exe,
sshkey.exe
Networking-WAN
Figure 1-18 shows the connection for setting up the SSH configuration environment in the WAN
outband mode.
Figure 1-18 Setting up the SSH configuration environment in the WAN outband mode
PC
LAN CON
ETH
ESC
Router
PC PC
SCU MA5600T
Data Plan-WAN
Item Data
MA5600T IP address of the maintenance network port: 10.10.20.2/24

Username: huawei

sshkey.exe

Item Data
Router port connecting to IP address: 10.10.20.254/24

the MA5600T
Networking-LAN
Figure 1-19 shows the connection for setting up the SSH configuration environment in the LAN
inband mode.
Figure 1-19 Setting up the SSH configuration environment in the LAN inband mode
GE 0/19/0
CON
ETH
ESC
SCU MA5600T
LAN
PC PC PC
Data Plan-LAN
Item Data
MA5600T IP address of the VLAN L3 interface: 10.10.20.2/24

Username: huawei

sshkey.exe

Networking-WAN
Figure 1-20 shows the connection for setting up the SSH configuration environment in the WAN
inband mode.
Figure 1-20 Setting up the SSH configuration environment in the WAN inband mode
Router
PC
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan-WAN

Item Data
MA5600T IP address of VLAN L3 interface: 10.10.20.2/24

Username: huawei
User authentication mode: RSA public key
authentication

Client software: PuTTY
Password conversion tools: PuTTY.exe,
PuTTYGen.exe, sshkey.exe
Router port connecting to the MA5600T IP address: 10.10.20.254/24
Figure 1-21 shows the flowchart for configuring the SSH environment. For details of the
configuration, see "7.7 Configuring SSH."

Figure 1-21 Flowchart for configuring in the SSH mode
Start
Set the IP address of the maintenance

network port/VLAN layer 3 interface
WAN environment or No
not?
Yes
Add a route for the NMS
Create an SSH user
Create the key pair for the SSH server
Set SSH user Password

authentication mode
rsa, all, password-

publickey
Generate the RSA public key
Generate the public key for SSH user
Authorize the public key to the SSH

user
End

Procedure
You can set up the configuration environment as shown in Figure 1-17, Figure 1-18, Figure
1-19, and Figure 1-20.
Step 2 Set the IP address of the maintenance network port/VLAN L3 interface.
l To set the IP address of the maintenance network port, do as follows:
huawei(config-if-meth0)#ip address 10.10.20.2 255.255.255.0
l To set the IP address of the VLAN L3 interface, do as follows:

Step 3 Add a route for the NMS.

To set up a LAN configuration environment based on Figure 1-17 or Figure 1-19, you need not
add a route for the NMS.
To set up a WAN configuration environment based on Figure 1-18 or Figure 1-20, you must
add a route of next hop for the NMS, as follows:
Step 4 Create a user.

To create a user with the following parameters, do as follows:
l Bound user profile: root (default)
l Level: Operator
l User name: huawei
l Password: huawei123
l Login attempts: 4
huawei(config)#terminal user name
User profile name(<=15 chars)[root]:
User Name(<=15 chars):huawei
User Password(<=15 chars):huawei123 //The password is not displayed on the CLI.
Confirm Password(<=15 chars):huawei123 //The password is not displayed on the
CLI.
User's Level:
1. Common User 2. Operator 3. Administrator:2
Permitted Reenter Number(0--4):4
User's Appended Info(<=30 chars):
This user has been added
Repeat this operation? (y/n)[n]:n
Step 5 Create the local key pair for the SSH server.
CAUTION
After logging in to the SSH successfully, configure and create the local RSA key pair. Make
sure that you complete the "rsa local-key-pair create" operation and create the local key pair
before further SSH configurations.

huawei(config)#rsa local-key-pair create

The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.++++++++++++
..++++++++++++
............++++++++
...............................++++++++
Step 6 Set the authentication mode for the SSH user.
Select the RSA authentication mode.

huawei(config)#ssh user huawei authentication-type rsa
%Authentication type set, and will be in effect next time.
Step 7 Generate the RSA public key.

1. Run the key generator PUTTYGEN.EXE
Open the key generator PUTTYGEN.EXE, as shown in Figure 1-22.
Figure 1-22 Interface of the key generator
2. Generate the client key.
Select SSH-2 RSA as the key type under Parameters. Click Generate. Move the cursor
over the blank area to generate the client key, as shown in Figure 1-23.

Figure 1-23 Generating the client key
After generating the client key, save the public key and private key.
3. Generate the RSA public key.
To convert the client public key into the RSA public key, run the client software for
converting keys, namely the sshkey.exe, as shown in Figure 1-24.

Figure 1-24 Interface of converting the client public key into the RSA public key
Step 8 Generate the public key for the SSH user.
To generate the public key for the SSH user, copy the RSA public key to the server in the config-
rsa-key-code command line mode.
huawei(config)#rsa peer-public-key key
Enter "RSA public key" view, return system view with "peer-public-key end".
huawei(config-rsa-public-key)#public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
huawei(config-rsa-key-code)#30818602 81805A01 625279EF 5E4CD503 916C9DB5 0233CF58
huawei(config-rsa-key-code)#C901D4CA 207C77D3 4EF25B04 9897BD24 997BF61B DFB9A73C
huawei(config-rsa-key-code)#F82B6F06 55ACCDB9 F7DC1474 9E6518EE B1A543FF 9147150B
huawei(config-rsa-key-code)#111BD11C 683A023B A4295550 DA13F6BE 3190A2A8 3BFCB158
huawei(config-rsa-key-code)#4FBAA365 F6E796A0 B02CB6F9 8491A373 9B4A0876 4B3189B4
huawei(config-rsa-key-code)#BBA2C7BA E1974104 AD165E98 18CF0201 25
huawei(config-rsa-key-code)#public-key-code end
huawei(config-rsa-public-key)#peer-public-key end
Step 9 Authorize the public key to the SSH user.
In the global config mode, to authorize the public key to the SSH user huawei, do as follows:
huawei(config)#ssh user huawei assign rsa-key key

1. Run the client software.
Run the SSH client software PUTTY.EXE. Click Auth in the directory tree and assign a
file for the RSA private key, as shown in Figure 1-25. Click Browse. Select the file for the
private key and click OK.

Figure 1-25 Interface of the SSH client software
2. Log in to the system.

Click Session in the directory tree. Type the IP address of the MA5600T in the Host Name
(or IP address) text box. Click Open to log in to the system.

Figure 1-26 Interface for connecting to the system.
Because the user authentication mode is RSA, the system prompts a message, as shown in
Figure 1-27.
Figure 1-27 Interface for logging in to the SSH client
Enter the correct username to log in to the system according to the prompt.
----End

Result
After logging in to the system, you can perform the configuration successfully.

SmartAX MA5600T Multi-service Access Module 2 Getting Started With CLI
2 Getting Started With CLI
About This Chapter
This topic describes the basic CLI operations on the MA5600T.
2.1 Overview
This topic describes the CLI operation mode and the method of applying it for maintaining the
MA5600T.
2.2 CLI Characteristics
This topic describes the CLI characteristics of the MA5600T.
2.3 Basic Operations Through CLI
This topic describes how to perform the basic operations on the MA5600T through the CLI.

2 Getting Started With CLI SmartAX MA5600T Multi-service Access Module
2.1 Overview
This topic describes the CLI operation mode and the method of applying it for maintaining the
MA5600T.
Service Description
You can maintain the MA5600T through the CLI or the NMS.
l The NMS provides a graphical user interface (GUI) and the CLI provides the command
line interface to facilitate operations.
l The networking for maintaining the MA5600T through the CLI is simple. You can run the
HyperTerminal or the telnet program of the Windows operating system to log in to the
MA5600T to maintain it through the CLI.
Service Specification
This topic describes certain basic CLI operations that can help you to perform the basic
configurations for the MA5600T through the CLI.
2.2 CLI Characteristics

This topic describes the CLI characteristics of the MA5600T.
2.2.1 Command Modes
This topic describes the CLI command mode, the feature, and the switchover between command
modes.
2.2.2 Intelligent Matching
This topic describes the intelligent matching feature of the CLI. That is, when you type in an
incomplete keyword and press the space bar, the matching key words are displayed
automatically.
2.2.3 Edit Characteristics
This topic describes the edit characteristics of the CLI. That is, the keys that you can use when
inputting the command key words and parameters.
2.2.4 Interaction Function
This topic describes the interaction function of the CLI. That is, the CLI system prompts certain
keywords that can be input and the parameter type of the keyword.
2.2.5 Parameter Prompt
This topic describes the parameter prompt function of the CLI.
2.2.6 Display Characteristics
This topic describes the display characteristics of the CLI. That is, the CLI system supports the
function of pausing the displayed information when there is a lot of information to be displayed.
2.2.7 Saving and Querying History Commands
The CLI provides a function, such as Doskey, to save history commands automatically. With
this function, you can retrieve the history commands that are saved in the CLI and run them
repeatedly.
2.2.8 CLI Error Prompts

This topic describes the CLI error prompts.
2.2.1 Command Modes

This topic describes the CLI command mode, the feature, and the switchover between command
modes.
Classification
The MA5600T provides various modes to realize hierarchical protection and to prevent
unauthorized access.
The MA5600T provides the following command modes:
l User mode
l Privilege mode
l Global config mode
l Interface config Mode
l RIP mode
l OSPF mode
l BTV mode
Features
l Downward compatibility
– All commands in the user mode can be run in the privilege mode.
– All commands in the user mode and privilege mode can be run in the global config
mode.
l Hierarchical protection
Based on different command modes, the system can prevent unauthorized access. For users
at different levels, the command modes involved are different, and the commands that can
be executed for these users are also different even though they can enter the same mode.
Mode Switching
Figure 2-1 shows how to switch between the command modes.

Figure 2-1 Switching between the command modes
ospf OSPF mode

quit huawei (config-ospf-...)#
rip RIP mode

quit huawei (config-rip-...)#
Login User mode enable Privilege config Global config mode

huawei> huawei# huawei (config)#
quit disable quit
interface Interface config mode

quit huawei (config-if-...)#
btv BTV mode

quit huawei (config-btv)#
-
Table 2-1 lists the features of the interface config modes.
Table 2-1 Features of the interface config modes
Command Function Prompt Entry

Mode
SCU Configures the huawei(config-if-scu-0/9) huawei(config)

control board. # #interface scu
GIU Configures huawei(config-if- huawei(config)

upstream board giu-0/19)# #interface giu
parameters.
GPON Configures GPON huawei(config-if- huawei(config)

port parameters. gpon-0/11)# #interface gpon
ETH Configures huawei(config-if-eth-0/5) huawei(config)

maintenance # #interface eth
network port
parameters.
ADSL Configures ADSL huawei(config-if- huawei(config)

port parameters. adsl-0/11)# #interface adsl
SHDSL Configures SHDSL huawei(config-if- huawei(config)

port parameters. shl-0/12)# #interface shl
VDSL Configures VDSL huawei(config-if- huawei(config)

port parameters. vdsl-0/13)# #interface vdsl
OPF Configures OPF port huawei(config-if-opf-0/2) huawei(config)

parameters. # #interface opf

Command Function Prompt Entry

Mode
MEth Configures the huawei(config-if-meth0) huawei(config)

parameters of the # #interface meth 0
maintenance
network port.
Loopback Configures the huawei(config-if- huawei(config)

interface parameters of the loopback0)# #interface loopback
loopback interface. 0
EMU Configures EMU huawei(config-if- huawei(config)

port parameters. power4845/h801esc/ #interface emu
fan-0)#
NULL Configures NULL huawei(config-if-null0)# huawei(config)

interface #interface null
parameters.
VLANIF Configures VLAN huawei(config-if-vlanif2) huawei(config)

parameters. # #interface vlanif
MVLAN Configures huawei(config-mvlan10) huawei(config)

multicast VLAN # #multicast-vlan
parameters.
NOTE
l To exit a command mode, run the quit command.

l To exit the current mode to the privilege mode, run the return command.
l To exit the privilege mode to the user mode, run the disable command.
l By default, the command line prompt uses MA5600MA5680" as its prefix. You can modify the
prompt by running the sysname command. The information in the bracket describes the current mode.
2.2.2 Intelligent Matching

This topic describes the intelligent matching feature of the CLI. That is, when you type in an
incomplete keyword and press the space bar, the matching key words are displayed
automatically.
Function
To facilitate the operation, you can type in an incomplete keyword, and then press the space bar.
The CLI interface automatically displays the matching keywords.
For example, for the command enable, type en or ena (in the common user mode).
Note
After pressing the space bar, if the system does not return the commands, it indicates the
following:

l You have entered a wrong command. In this case, check the command and enter the correct
command.
For example, when you enter dip (for display) in the privilege mode, entering a space
character does not display the commands.
l Two or more commands match the entered keyword.
For example, when you enter dis in the privilege mode, the system cannot find a matched
keyword for it. This is because there are two commands that start with dis: disable and
display.
2.2.3 Edit Characteristics

This topic describes the edit characteristics of the CLI. That is, the keys that you can use when
inputting the command key words and parameters.
Function
The CLI provides basic command edit functions. It allows multi-line editing, with up to 255
bytes for each command.
Specification
Table 2-2 lists the edit functions.
Table 2-2 Edit functions

Key Function
Common key If the edit buffer is not full, pressing such a key moves the cursor
to the right from its current position.
<Backspace> Pressing this key deletes the character before the cursor and
moves the cursor backwards. The cursor stops when it reaches
the beginning of the line.
Left arrow key <←> or Moves the cursor one character to the left.
<Ctrl+A>
Right arrow key <→> or Moves the cursor one character to the right.
<Ctrl+D>
Up/Down arrow key <↑ Displays history commands. For certain terminals, which do not
><↓> support up/down arrow keys, you can use <Ctrl+P> to select the
previous history command.
<Ctrl+U> Deletes the characters before the current cursor and moves the
cursor to the beginning of the line.
<Ctrl+K> Deletes the characters after the current cursor and moves the
cursor to the end of the line.
<Ctrl+F> Searches a string.
<Ctrl+B> Moves the cursor to the end of the line.
<ESC> Pressing this key twice deletes the current entry.

NOTE
Common keys refer to letter keys, number keys, and mark keys.
2.2.4 Interaction Function

This topic describes the interaction function of the CLI. That is, the CLI system prompts certain
keywords that can be input and the parameter type of the keyword.
Function
In the interactive mode, if you type an incomplete command and press Enter, the system prompts
the following keywords that can be input and the parameter type of the keyword. When you
input "?", the system prompts the help information of the command.
Examples
To run the load program command in the interactive mode, do as follows:
huawei#load program
{ xmodem<K>|tftp<K>|ftp<K> }:tftp
huawei#load program
{ emu<K>|ont<K>|xmodem<K>|tftp<K>|ftp<K>|sftp<K> }:tftp
When the interactive mode is disabled, if you type an incomplete command and press Enter,
the system prompts an error.
To run the load program command when the interactive mode is disabled, do as follows:
huawei#undo smart
huawei#load program tftp
^
% Incomplete command, the error locates at '^'
To display the help information provided by the command after you input the keyword
switch, and then "?", do as follows:
huawei#switch ?
---------------------------------------------
Command of user Mode:
---------------------------------------------
language-mode Set language parameter
2.2.5 Parameter Prompt

This topic describes the parameter prompt function of the CLI.
Function
In the interactive mode, the CLI characters such as <K> and are used to express the parameter
types of a keyword.
Specification
Table 2-3 lists the meaning of the CLI characters supported by the MA5600T.

Table 2-3 Meaning of the CLI characters supported by the MA5600T
Character Meaning
<K> Keyword
<E> Enumeration: Items following it are the available options.
 ULONG: Information following it is the range of the value to be

entered.
<L> LONG: Information following it is the range of the value to be

entered.
<S> Character string: Information following it is the range of the

character string to be entered.
 IP address
<M> MASK, such as the mask of an IP address.
 MAC address
<H> Hexadecimal number. That is, the "Ox" can be input. The default
setting is decimal number.
<D><yy-mm-dd> Date
<T><hh:mm:ss> Time
NOTE
The hexadecimal number can be input in the CLI. If you, however, do not type "0x" when entering a
hexadecimal number, the system considers the number that is entered as a decimal.
2.2.6 Display Characteristics

This topic describes the display characteristics of the CLI. That is, the CLI system supports the
function of pausing the displayed information when there is a lot of information to be displayed.
Function
When you query the information, the CLI may fail to display the information on one screen. In
such a case, use the pause function to view the information displayed on multiple screens.
l By default, the screen displayed by the HyperTerminal software of a PC contains 24 lines.

l The system supports the automatic screen scroll in the upward direction, that is, the
information is displayed on the screen without a pause. Run the scroll command to enable
the auto-scroll function, and run the undo scroll command to disable the auto-scroll
function. By default, the auto-scroll function is disabled.
Specification
Table 2-4 lists the options for viewing the information displayed on multiple screens.

Table 2-4 Options for viewing the information displayed on multiple screens
Key Function
Press Q or Ctrl+C Ends the display and the execution of the commands.
when the display is
frozen.
Press Space when the Continues to display the information on the next screen.
display is frozen
Press Enter when the Continues to display the information on the next line.
display is frozen
2.2.7 Saving and Querying History Commands

The CLI provides a function, such as Doskey, to save history commands automatically. With
this function, you can retrieve the history commands that are saved in the CLI and run them
repeatedly.
Background Information
By default, up to 10 history commands can be saved for every user in the CLI, and up to 10
history commands can be queried.
The display history-command command displays only the commands run by the current user.
After re-login, the history commands are cleared.
Procedure
Step 1 Run the history-command max-size command to set the number of history commands that can
be saved in the command buffer.
Step 2 Run the display history-command command to query history commands.
----End
Example
To set the number of history commands that can be saved in the command buffer to 20, do as
follows:
huawei(config)#history-command max-size 20
huawei(config)#display history-command
--------------------------------------------------
No. Command
--------------------------------------------------
10 interface ?
9 history-command max-size
8 mac-pool ?
7 display current-configuration
6 ?
5 quit
4 quit
3 radius-server ?
2 ?

1 ?
--------------------------------------------------
2.2.8 CLI Error Prompts

This topic describes the CLI error prompts.
Function
The system checks the syntax of each command you type, and executes the command if it passes
the check. If the command fails to pass the check, the system prompts an error message.
Specification
Table 2-5 shows the common CLI error prompts.
Table 2-5 Common CLI error prompts
Error Prompt Cause
Unknown command l The command cannot be found.

l The keyword cannot be found.
l The parameter type is incorrect.
l The parameter value exceeds the threshold.
Incomplete command The command entered is incomplete.
Too many parameters The parameters entered are too many.
Ambiguous command The command entered is ambiguous.
Parameter error The parameter is incorrect and the cursor indicates the error
location.
2.3 Basic Operations Through CLI

This topic describes how to perform the basic operations on the MA5600T through the CLI.
2.3.1 Obtaining the Online Help Information

This topic describes how to obtain the online help information. If you need to query the current
command or the help information of the command in the current mode, perform this operation.
If no help information is found, the help list is empty.
2.3.2 Enabling the Interactive Command Execution Mode
This topic describes how to enable the interactive command execution mode.
2.3.3 Enabling the CLI Trap Reporting
This topic describes how to enable the CLI trap reporting when displaying the alarm or when
the progress information is required during the execution of a command.
2.3.4 Searching for a Keyword
This topic describes how to search for a command keyword.

2.3.5 Switching the Terminal Language

This topic describes how to select a preferred language as the terminal display language.
2.3.6 Setting the System Time
This topic describes how to set the system time.
2.3.7 Setting the System Name
This topic describes how to enable an administrator to set the system name to differentiate various
MA5600Ts.
2.3.8 Setting the Terminal Type
This topic describes how to set the terminal type of the CLI system according to the type of the
terminal in use to ensure correct command line editing.
2.3.9 Setting the Timeout Exit Time
This topic describes how to set the timeout exit time. During this time, if the user fails to type
any information on the terminal, the system allows the user to exit the system.
2.3.10 Locking the Terminal
This topic describes how to lock the terminal to prevent unauthorized users from accessing the
terminal by using the current user name.
2.3.11 Clearing the Terminal Screen
This topic describes how to clear the contents currently displayed on the terminal screen when
you need to highlight the information to be input and output. After this operation is executed
successfully, the prompt character is displayed on the upper left of the screen.
2.3.12 Querying the Version
This topic describes how to query the system or board version.
2.3.13 Querying the CPU Usage
This topic describes how to query the CPU usage of a board. By querying the CPU usage of the
control board or the service board, you can obtain the information about the system running state
to facilitate guiding other operations.
2.3.14 Querying the Memory Usage
This topic describes how to query the memory usage. By querying the memory usage of the
control board, you can obtain the information about the service running state to facilitate guiding
other operations.
2.3.15 Testing the Network State
This topic describes how to check the connectivity of a network and whether the host is reachable,
and check all gateways passed by data packets sent from a host to the destination. In addition,
this operation enables you to locate network faults.
2.3.1 Obtaining the Online Help Information

This topic describes how to obtain the online help information. If you need to query the current
command or the help information of the command in the current mode, perform this operation.
If no help information is found, the help list is empty.
The CLI provides the following two methods for obtaining online help:
l Full help

– When you type ? following the prompt, you can obtain the help information about the
current available commands.
– When you type ? following a complete keyword, you can obtain the brief help
information about all commands matching that keyword and the parameters of these
commands.
l Partial help
When you type ? following an incomplete keyword, you can obtain the help information
about the commands matching that incomplete keyword.
Examples
To obtain the help information about all available commands in the global config mode, do as
follows:
huawei(config)#?
---------------------------------------------
Command of config Mode:
---------------------------------------------
aaa AAA(Authentication,Authorization,Accounting) view
acl Specify ACL configuration information
adsl <Group> adsl command group
arp <Group> ARP command group
auto-backup Auto backup
bandwidth Modify bandwidth or convergence
bind <Group> bind command group
---- More ( Press 'Q' to break ) ----
To obtain the help information about the commands that match with the incomplete keyword
display, do as follows:
huawei(config)#display ?
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
acl ACL status and configuration information
adsl <Group> adsl command group
alarm Display alarm related information
arp <Group> arp command group
auto Display AUTO users
auto-backup Auto backup
To obtain the help information about the commands that match with the incomplete d, do as
follows:
huawei(config)#d?
---------------------------------------------
Command of config Mode:
---------------------------------------------
DBA-profile <Group>DBA-profile configuration command group
debugging Enable system debugging functions
default Configure default MAC pool
defaultvlan Configure default VLAN type
device-template Device template command
dhcp <Group> dhcp command group
dhcp-option82 DHCP option82
dhcp-server Add DHCP server IP addresses
dns Specify domain name system
dot1x 802.1x
dot1x-template 802.1x template
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
debugging <Group> debugging command group

diagnose Change into diagnose mode

disable Turn off privileged mode commands
display Display information
duplicate <Group> duplicate command group
---------------------------------------------
Command of user Mode:
---------------------------------------------
display Display information
Related Operation
Table 2-6 lists the related operation for obtaining the online help information.
Table 2-6 Related operation for obtaining the online help information
To… Run the Command...
Obtain the system help information help
2.3.2 Enabling the Interactive Command Execution Mode

This topic describes how to enable the interactive command execution mode.
l When the interactive command execution mode is enabled, and if you type a complete
command and press Enter, the system displays the interactive prompts for the command
execution. This helps to prevent maloperations.
For example, if you type the reboot system command, and then press Enter, the system
prompts the following:
Please check whether data has saved, the unsaved data will lose if reboot system, are you
sure to reboot system? (y/n)[n]:
l If the interactive command execution mode is disabled, and you type a command and press
Enter, the system executes the command directly.
l By default, the interactive command execution mode is enabled.
Procedure
Step 1 Run the interactive command to enable the interactive command execution mode.
Step 2 Run the display interactive command to query the status of the interactive command execution
mode.
----End
Example
To enable the interactive command execution mode, do as follows:
huawei>interactive
Interactive function is enabled
huawei>display interactive
Command confirmed function is enabled

Related Operation
Table 2-7 lists the related operation for enabling or disabling the interactive command execution
mode.
Table 2-7 Related operation for enabling or disabling the interactive command execution mode
To… Run the Command…
Disable the interactive command execution undo interactive

mode
2.3.3 Enabling the CLI Trap Reporting

This topic describes how to enable the CLI trap reporting when displaying the alarm or when
the progress information is required during the execution of a command.
By default, the CLI trap reporting is enabled.
Procedure
Step 1 Run the info-center enable command to enable the CLI trap reporting.
Step 2 Run the display info-center command and the CLI trap reporting is enabled.
----End
Example
To enable the CLI trap reporting, do as follows:
huawei(config)#info-center enable
huawei(config)#display info-center
Information Center:enabled
Log host:
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 1024, current buffer size 512,
current messages 36, channel number : 4, channel name : logbuffer
dropped messages 0, overwrote messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 0, channel number:3, channel name:trapbuffer
dropped messages 0, overwrote messages 0
Information timestamp setting:
log - date, trap - date, debug - boot
Sent messages = 37, Received messages = 37
IO Reg messages = 0 IO Sent messages = 0

Related Operation
Table 2-8 lists the related operation for enabling or disabling the CLI trap reporting.
Table 2-8 Related operation for enabling or disabling the CLI trap reporting
Disable the CLI trap reporting undo info-center enable
2.3.4 Searching for a Keyword

This topic describes how to search for a command keyword.
This operation has the following functions:
l Searches for the matching keyword based on the specified string.

l Specifies which command mode to search in.
l Searches for the command including the matching keyword based on the specified string:
when the parameter detail is selected, the operation involves searching for the command
including the matching keyword based on the specified string.
Procedure
Run the search keyword command to search for the keyword.
----End
Example
To search for the keyword including the string "alarm" in the user mode, do as follows:
huawei(config)#search keyword alarm templet common-exec
{ <cr>|mode<E><key,detailed> }:
Command:
search keyword alarm templet common-exec
---------------------------------------------
Command Templet: common-exec
---------------------------------------------
alarm
alarmsn
alarmid
alarmlevel
alarmtype
alarmclass
alarmtime
alarmparameter
2.3.5 Switching the Terminal Language

This topic describes how to select a preferred language as the terminal display language.

The MA5600T supports the general language and the local language. Currently, English and
Chinese are supported. English is the default language.
Procedure
Run the switch language-mode command to switch from one language to the other language.
----End
Example
To switch from one language to the other language, do as follows:
huawei(config)#switch language-mode
Related Operation
Table 2-9 lists the related operation for switching the terminal language.
Table 2-9 Related operation for switching the terminal language

To… Run the Command… Remarks
Display the terminal language display language This command is

not available for the
common user.
2.3.6 Setting the System Time

This topic describes how to set the system time.
l The time format is hh:mm:ss yyyy-mm-dd, that is, hour: minute: second year-month-day.
l The setting takes effect immediately.
l During the setting, the system checks the validity of the time. Special attention should be
paid to the settings of leap year and leap month.
Procedure
Step 1 Run the time command to set the system time.
Step 2 Run the display time command to query the current system time.
----End
Example
To set the current time of the system to 09:00:00 2007-05-08, do as follows:
huawei#time 09:00:00 2007-05-08
huawei#display time

{ <cr>|dst<K>|time-stamp<K> }:
Command:
display time
2007-05-08 20:00:26+08:00
2.3.7 Setting the System Name

This topic describes how to enable an administrator to set the system name to differentiate various
MA5600Ts.
l By default, the device name is MA5600MA5680.
l The new system name takes effect immediately after it is set.
l After the system name is changed, the command line prompt changes to the new name
accordingly.
Procedure
Run the sysname command to set the system name.
----End
Example
To name the first MA5600T at the New York office in U.S.A as NY_MA5600T_A, do as
follows:
huawei(config)#sysname NY_MA5600T_A
NY_MA5600T_A(config)#
2.3.8 Setting the Terminal Type

This topic describes how to set the terminal type of the CLI system according to the type of the
terminal in use to ensure correct command line editing.
l Different terminals feature different edit characteristics. To ensure that most terminals are
mutually compatible, the system divides terminals into the following two types:
– Standard terminals (ANSI)
– VT series terminals
l The default terminal type is ANSI.
l Certain terminal tools, such as HyperTerminal, Telnet, and Neterm, allow you to set the
terminal types. You can use the associated menu to set the terminal emulation type so that
the type of the terminal tool is consistent with the type of the terminal in the system.
Procedure
Step 1 Run the terminal type command to set the terminal type.
Step 2 Run the display terminal type command to query the terminal type.
----End

Example
To set the terminal type as VT 100, do as follows:
huawei#terminal type vt100
huawei>display terminal type
The terminal type: VT100
2.3.9 Setting the Timeout Exit Time

This topic describes how to set the timeout exit time. During this time, if the user fails to type
any information on the terminal, the system allows the user to exit the system.
By default, the system allows the user to exit the system when the user fails to type any
information on the terminal within 5 minutes.
Procedure
Step 1 Run the idle-timeout command to set the timeout exit time.
Step 2 Run the display idle-timeout command and the timeout exit time is set correctly.
----End
Example
To set the timeout exit time to 23 minutes, do as follows:
huawei>idle-timeout 23
huawei>display idle-timeout
The timeout value is set to 23 minutes currently. If there is no input from
terminal during this time, the user will be disconnected
Related Operation
Table 2-10 lists the related operation for setting the timeout exit time.
Table 2-10 Related operation for setting the timeout exit time
To set the timeout exit time to the undo idle-timeout

default 120 minutes
2.3.10 Locking the Terminal

This topic describes how to lock the terminal to prevent unauthorized users from accessing the
terminal by using the current user name.
When a terminal is locked, and if you press any button on the terminal, the system prompts you
to enter the password. After entering the correct password, you can operate the terminal.

Procedure
Run the terminal hold command to lock the terminal.
----End
Example
To lock, and then unlock the current CLI terminal, do as follows:
huawei(config)#terminal hold
Hold Password(<=1523 chars):
Confirm Password(<=1523 chars):
The user terminal has been held
Hold Password(<=1523 chars)://Press any key and the system will prompt you to
enter
the unblocking password.
huawei(config)# //Input the correct password.
Related Operation
Table 2-11 lists the related operation for locking the terminal.
Table 2-11 Related operation for locking the terminal
Unlock the terminal undo terminal hold
2.3.11 Clearing the Terminal Screen

This topic describes how to clear the contents currently displayed on the terminal screen when
you need to highlight the information to be input and output. After this operation is executed
successfully, the prompt character is displayed on the upper left of the screen.
This command clears only what is displayed on the screen and not the contents in the buffer.
Procedure
Run the cls command to clear the contents displayed on the terminal screen.
----End
Example
To clear the contents of a terminal screen, do as follows:
huawei>cls
2.3.12 Querying the Version

This topic describes how to query the system or board version.

The command cannot show the version of a faulty board.
Procedure
Run the display version command to display the system or board version.
----End
Examples
To display the information about the version on the system, do as follows:
huawei>display version
{ <cr>|frameid/slotid<S><1,15>|backplane<K>}:
Command:
display version
MA5600TV800R005 RELEASE SOFTWARE

Copyright (c) by Huawei Technologies Co., Ltd.
Uptime is 0 day(s), 17 hour(s), 21 minute(s), 57 second(s)
huawei>display version
{ <cr>|frameid/slotid<S><1,15>|backplane<K> }:
Command:
display version
MA5600V800R005 RELEASE SOFTWARE

PRODUCT MA5600T
Copyright (c) Huawei Technologies Co., Ltd. 1998-2007 All rights reserved
Uptime is 5 day(s), 0 hour(s), 15 minute(s), 17 second(s)
To display the version information on the control board, do as follows:

huawei(config)#display version 0/9
Main Board: H801SCUL
---------------------------------------
PCB Version: H801SCUL VER B
Base BIOS Version: 100
Extended BIOS Version: 100
Software Version: MA5600V800R005
Logic Version: (U27)100(U15)101(U16)102(U100)107
MAB Version: 0001
VOIPSubBoard:
PCB Version: VER A
CPLD Version: (U3)255
2.3.13 Querying the CPU Usage

This topic describes how to query the CPU usage of a board. By querying the CPU usage of the
control board or the service board, you can obtain the information about the system running state
to facilitate guiding other operations.
Procedure
Run the display cpu command to query the CPU usage of a board.
----End

Example
To query the CPU usage of the control board, do as follows:
huawei>display cpu 0/9
CPU occupancy: 12%
2.3.14 Querying the Memory Usage

This topic describes how to query the memory usage. By querying the memory usage of the
control board, you can obtain the information about the service running state to facilitate guiding
other operations.
You can query the following:
l The memory usage of the control board
l The average memory usage of the system in the last ten minutes
l The threshold of the memory overload
NOTE
When the memory usage exceeds the threshold of the memory overload, the system reports an alarm. You can
run the resource threshold mem command to set the threshold of the memory overload.
Procedure
Step 1 Run the display mem command to query the memory usage of the control board.
Step 2 Run the display resource occupancy mem command to query the average memory usage of
the system in the last ten minutes.
Step 3 Run the display resource threshold mem command to query the threshold of the memory
overload.
----End
Examples
To query the memory usage of the control board, do as follows:
huawei(config)#display mem 0/9
Memory occupancy: 47%
To query the average memory usage of the system in the last ten minutes, do as follows:
huawei(config)#display resource occupancy mem
Average usage rate of system memory in 10 minutes: 64%
To query the threshold of the memory overload, do as follows:

huawei(config)#display resource threshold mem
System memory overload threshold: 80
2.3.15 Testing the Network State

This topic describes how to check the connectivity of a network and whether the host is reachable,
and check all gateways passed by data packets sent from a host to the destination. In addition,
this operation enables you to locate network faults.

The commands used to test the network state include ping and tracert.
l ping
To check the network connectivity and the host reachability, run the ping command.
l tracert
To send test packets from the transmit host to the destination host, run the tracert command.
With this command, you can check the connectivity of a network and locate faults in the
network.
The following section describes the execution process of the tracert command:
1. The host sends a packet with the Time to Live (TTL) of 1 to the destination.
2. During the first hop, the system returns an Internet Control Message Protocol (ICMP)
packet to indicate the failure in sending the packet due to TTL timeout.
3. The host sends a packet with the TTL of 2. The system also returns TTL timeout during
the second hop.
The process continues in this manner until the packet reaches the destination.
In this way, the system can record the source address of each ICMP TTL timeout message,
and provide a path along which an IP packet reaches the destination.
Procedure
l Run the ping command to test the network state.
l Run the tracert command to test the network state.
----End
Examples
To test the connectivity of a network by using the ping command, do as follows:
huawei(config)#ping 10.11.52.240
PING 10.11.52.240: 56 data bytes, press CTRL_C to break
Reply from 10.11.52.240: bytes=56 Sequence=0 ttl=64 time = 10 ms
--- 10.11.52.240 Ping statistics ---
5 packets transmitted
5 packets received
0.00% packet loss
round-trip min/avg/max = 10/10/13 ms
To test the connectivity of a network by using the tracert command, do as follows:

huawei#tracert 10.11.106.133
traceroute to 10.11.106.133 max hops 30 ,packet 40 bytes
press CTRL_C to break
1 253 ms 476 ms 508 ms 10.11.120.62
2 * * * Request timed out.
3 * * * Request timed out.
4 4 ms 4 ms 5 ms 10.11.106.133

SmartAX MA5600T Multi-service Access Module 3 Network Management Configuration
3 Network Management Configuration
About This Chapter
This topic describes how to manage the MA5600T through the N2000, and the related
configuration operations.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service
configuration, describes the configuration flow with one or more configuration examples, and then provides a
detailed description of the basic operations that can be performed on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example
(s) directly.
For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations
first.
3.1 Overview
This topic describes the network management protocols, and the NMS that the MA5600T
supports.
3.2 Basic Concepts
This topic describes the concepts in the network configuration.
3.3 Configuration Example of an Outband NMS
This topic describes how to connect the MA5600T to the N2000 through the maintenance
network port. Then, you can maintain and manage the MA5600T through an outband
management channel. In the outband NMS mode, the non-service channel is used to transmit
the management information. In this case, the management channel is separated from the service
channel, and a more reliable device management channel is provided compared with the inband
NMS mode. Thus, when the MA5600T is faulty, the information about the device in the network
can be located in time, and the real-time monitoring can be performed.
3.4 Configuration Example of an Inband NMS
This topic describes how to connect the MA5600T to the N2000 through the GE port. You can
then maintain and manage the MA5600T through an inband management channel. In the inband
NMS mode, the NMS interactive information is transmitted through the service channel of the
device. For the flexible networking of the inband NMS mode, no additional device is required.
Thus, it saves cost, however, it is not easy to maintain.

3 Network Management Configuration SmartAX MA5600T Multi-service Access Module
3.5 SNMP Agent Configuration

This topic describes how to configure an SNMP agent when you need to maintain the
MA5600T through the manager.
3.6 Configuring the IP Address of the Outband NMS Interface
This topic describes how to configure the IP address of the outband NMS interface (maintenance
network port).
3.7 Configuring an NMS Route
This topic describes how to create a static route between the MA5600T and the manager.
3.8 Configuring the IP Address of the Inband NMS Interface
This topic describes how to configure the IP address of the inband NMS interface.

3.1 Overview
This topic describes the network management protocols, and the NMS that the MA5600T
supports.
Service Description
Based on the Simple Network Management Protocol (SNMP), the MA5600T communicates
with the NMS through its network management interface. Here, the iManager N2000 Fixed
Network Integrated Management System (N2000) is used as the NMS.
The N2000 can manage and maintain the MA5600T through the network port of the
MA5600T. The MA5600T uses traps to send the status information to the N2000 to report
configuration changes or emergency events.
This topic describes the network configuration performed on the MA5600T to realize normal
communication between the MA5600T and the N2000, including outband NMS configuration
and inband NMS configuration.
NOTE
To realize normal communication between the MA5600T and the N2000, you must also configure on the
N2000. For more information, refer to the MA5600T Commissioning Guide.
3.2 Basic Concepts

This topic describes the concepts in the network configuration.
SNMP
The SNMP is an existing network management protocol. It includes the following two parts:
l Network management workstation
l Agent
The SNMP ensures normal transmission of administrative message between any two points. It
facilitates the following administrative operations on any node of the network:
l Retrieving information
l Modifying information
l Locating a fault
l Diagnosing a fault
l Planning the capacity
l Generating a report
Network Management Workstation

A network management workstation is to run the network management server software.

The network management workstation can send GetRequest, GetNextRequest, and SetRequest
messages to the agent.
Agent
An agent is the server software running on a network device.
When receiving request messages from the manager, the agent performs the following:
l Reads or writes the management variables based on the message type.
l Generates and sends the response messages to the manager.
Alternatively, when a cold start or warm start is performed on the device and during failure and
fault recovery, the agent sends traps to report such events to the manager.
Trap
Traps refer to the unsolicited messages sent from a managed device to the manager to report
configuration changes or emergency events.
3.3 Configuration Example of an Outband NMS

This topic describes how to connect the MA5600T to the N2000 through the maintenance
network port. Then, you can maintain and manage the MA5600T through an outband
management channel. In the outband NMS mode, the non-service channel is used to transmit
the management information. In this case, the management channel is separated from the service
channel, and a more reliable device management channel is provided compared with the inband
NMS mode. Thus, when the MA5600T is faulty, the information about the device in the network
can be located in time, and the real-time monitoring can be performed.
Networking
Figure 3-1 shows an example network for configuring the outband NMS.
The NMS maintains and manages the MA5600T through the maintenance network port in the
outband NMS mode. The primary NMS and the secondary NMS exist in the network. Add a
static route to the NMS on the MA5600T, and configure the parameters related to SNMP V1.

Figure 3-1 Example network for configuring the outband NMS

10.10.21.2/24
Secondary NMS
10.10.21.1/24
Primary NMS
Router
10.10.20.254/24
CON
ETH
ESC
SCU MA5600T
Data Plan
Table 3-1 provides the data plan for configuring the outband NMS.
Table 3-1 Data plan for configuring the outband NMS

Item Data
Maintenance network port (ETH) of the IP address: 10.10.20.1/24

MA5600T
NMS (Primary) IP address: 10.10.21.1/24

(Secondary) IP address: 10.10.21.2/24
SNMP version V1
Figure 3-2 shows the flowchart for configuring the outband NMS.

Figure 3-2 Flowchart for configuring the outband NMS
Start
Set the IP address of the

maintenance network port
Add a route for the outband NMS
Set the SNMP parameters
Enable trap sending
Set the IP address of the target host

for traps
Set the source address for traps

sending
Save the data
End
NOTE
l This topic describes how to configure only the MA5600T. To set up the network connection, you also need
to configure the router.
l If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband
Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the maintenance network port.
Step 2 Add a route for the outband NMS.

Step 3 Set the SNMP parameters:

l Create the community name
huawei(config)#snmp-agent community read public
huawei(config)#snmp-agent community write private
l Set the administrator ID and contact

huawei(config)#snmp-agent sys-info contact HW-075528780808
l Set the system location

huawei(config)#snmp-agent sys-info location Shenzhen_China

l Set the SNMP version
NOTE
The setting of the MA5600T should match with the settings in the N2000.
huawei(config)#snmp-agent sys-info version v1
Step 4 Enable trap sending.

huawei(config)#snmp-agent trap enable standard
Step 5 Set the IP address of the target host for traps.

huawei(config)#snmp-agent target-host trap address 10.10.21.1 securityname private
Step 6 Set the IP address of the maintenance network port as the source address for traps sending.
huawei(config)#snmp-agent trap source meth 0
Step 7 Save the data.

huawei(config)#save
----End
Result
After the configuration, you can manage the MA5600T through the N2000.
3.4 Configuration Example of an Inband NMS

This topic describes how to connect the MA5600T to the N2000 through the GE port. You can
then maintain and manage the MA5600T through an inband management channel. In the inband
NMS mode, the NMS interactive information is transmitted through the service channel of the
device. For the flexible networking of the inband NMS mode, no additional device is required.
Thus, it saves cost, however, it is not easy to maintain.
Networking
Figure 3-3 shows an example network for configuring the inband NMS.
The NMS maintains and manages the MA5600T through the upstream port in the inband NMS
mode. The primary NMS and the secondary NMS exist in the network. Add a static route to the
NMS on the MA5600T, and configure the parameters related to SSMPV3.
Figure 3-3 Example network for configuring the inband NMS

Router
PC
CON GE 0/19/0
ETH
ESC
SCU MA5600T

Data Plan
Table 3-2 provides the data plan for configuring the inband NMS.
Table 3-2 Data plan for configuring the inband NMS

Item Data
Inband NMS port of the MA5600T IP address: 10.10.20.1/24
NMS IP address of the primary NMS:

10.10.21.1/24
IP address of the secondary NMS:
10.10.21.2/24
SNMP Agent Version: V3

User name: user1
Group name: group1
View name: hardy
Figure 3-4 shows the flowchart for configuring the inband NMS.

Figure 3-4 Flowchart for configuring the inband NMS
Start
Set the IP address of the inband NMS

port
Add a route for the inband NMS
Set the SNMP parameters
Enable traps sending
Set the IP address of the target host

for traps
Set the source address for traps

sending
Save the data
End
NOTE
l This topic describes how to configure only the MA5600T. To set up the network connection, you also
need to configure the router.
l If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband
Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the inband NMS port.
l Create an NMS VLAN
l Add the upstream port to the VLAN

l Enter the VLAN interface mode

l Set the IP address of the VLAN interface

Step 2 Add a route for the inband NMS.


Step 3 Set the SNMP parameters.

l Set the SNMP version
NOTE
The setting of the MA5600T should match with the settings. Assume that the N2000 adopts SNMP
V3.
huawei(config)#snmp-agent sys-info version v3
l Set the SNMP user

huawei(config)#snmp-agent usm-user v3 user1 group1 authentication-mode md5
authkey privacy-mode des56 prikey
l Set the SNMP group

huawei(config)#snmp-agent group v3 group1 privacy read-view hardy write-view
hardy
l Set the SNMP view

huawei(config)#snmp-agent mib-view hardy include ip
l Set the system contact

l Set the system location

huawei(config)#snmp-agent sys-info location Shenzhen China
Step 4 Enable the traps sending.

Step 5 Set the IP address of the target host for traps.

Step 6 Set the IP address of the VLAN interface as the source address for traps sending.
huawei(config)#snmp-agent trap source vlanif 1000

huawei(config)#save
----End
Result
After the configuration, you can manage the MA5600T successfully through the N2000.
3.5 SNMP Agent Configuration

This topic describes how to configure an SNMP agent when you need to maintain the
MA5600T through the manager.
3.5.1 Setting the SNMP Version
This topic describes how to set the version of the SNMP running in the system.
3.5.2 Adding a Community Name and Setting Its Read/Write Authorities
This topic describes how to add a community name and set its read/write authorities.
3.5.3 Enabling the Trap Sending
This topic describes how to enable the MA5600T to send traps to the N2000.
3.5.4 Setting the IP address of a Destination Host for Receiving Traps
This topic describes how to set the IP address of a destination host for receiving traps.
3.5.5 Setting the Source Interface for Sending Traps

This topic describes how to set the source interface for sending traps.
3.5.6 Setting the System Contact Information
This topic describes how to set the system contact information.
3.5.7 Setting the System Location Information
This topic describes how to set the system location information.
3.5.8 Configuring an SNMP V3 User
This topic describes how to add or modify an SNMP V3 user.
3.5.9 Configuring an SNMP V3 Group
This topic describes how to configure an SNMP V3 group. After a group is configured, you can
control the access authorities of all the users in that group.
3.5.10 Configuring an SNMP MIB View
This topic describes how to configure an SNMP MIB view.
3.5.11 Configuring the Local SNMP Engine ID
This topic describes how to configure an engine ID that uniquely identifies an SNMP entity.
3.5.12 Enabling the Timely Handshake Function between the MA5600T and the N2000
This topic describes how to enable the timely handshake function between the MA5600T and
the N2000.
3.5.13 Setting the Handshake Interval
This topic describes how to set the handshake interval.
3.5.1 Setting the SNMP Version

This topic describes how to set the version of the SNMP running in the system.
Procedure
Step 1 Run the snmp-agent sys-info version command to set the SNMP version.
Step 2 Run the display snmp-agent sys-info version command to query the version of the SNMP
configured in the system.
----End
Example
To set the SNMP version as V1 and V2C, do as follows:
huawei(config)#snmp-agent sys-info version v1 v2c
huawei(config)#display snmp-agent sys-info version
{ <cr>|contact<K>|location<K> }:
Command:
display snmp-agent sys-info version
SNMP version running in the system:
SNMPv1 SNMPv2c
Related Operation
Table 3-3 lists the related operation for setting the SNMP version.

Table 3-3 Related operation for setting the SNMP version
Delete the set SNMP version information undo snmp-agent sys-info version
3.5.2 Adding a Community Name and Setting Its Read/Write

Authorities
This topic describes how to add a community name and set its read/write authorities.
l The default read-only community name in the Huawei iManager N2000 BMS is public,
and the read-write community name in the N2000 is private.
l The MA5600T supports up to 10 community names.
l The read and write community names set in the MA5600T should match with the read and
write community names set in the manager.
Procedure
Step 1 Run the snmp-agent community command to add a community name and set its read/write
authorities.
Step 2 Run the display snmp-agent community command to query a community name.
----End
Example
To add a read-only community named public, do as follows:
huawei(config)#snmp-agent community read public
huawei(config)#display snmp-agent community read
Community name: public
Storage type: nonVolatile
View name: ViewDefault
Total number is 1
Related Operation
Table 3-4 lists the related operation for adding a community and setting its read/write authorities.
Table 3-4 Related operation for adding a community and setting its read/write authorities
Delete a community name undo snmp-agent community

3.5.3 Enabling the Trap Sending

This topic describes how to enable the MA5600T to send traps to the N2000.
By default, the MA5600T is disabled in sending traps to the N2000.
Procedure
Step 1 Run the snmp-agent trap enable standard command to enable the traps sending.
Step 2 Run the display snmp-agent trap enable command to check whether traps sending is enabled.
----End
Example
To enable the MA5600T to send traps to the N2000, do as follows:
huawei(config)#display snmp-agent trap enable
Trap is enabled
Related Operation
Table 3-5 lists the related operation for enabling the traps sending.
Table 3-5 Related operation for enabling the traps sending

Disable the traps sending undo snmp-agent trap enable standard
3.5.4 Setting the IP address of a Destination Host for Receiving

Traps
This topic describes how to set the IP address of a destination host for receiving traps.
The N2000 can receive traps only when the IP address of a destination host for receiving traps
is set correctly. The system supports up to 20 destination hosts.
Procedure
Step 1 Run the snmp-agent target-host trap command to set the IP address of a destination host for
receiving traps.
Step 2 Run the display snmp-agent target-host command to query the destination host for receiving
traps.
----End

Example
To set the IP address of the destination host for receiving traps as 10.71.53.108, and to run the
community name "private", do as follows:
huawei(config)#snmp-agent target-host trap address 10.71.53.108 securityname
private v3
huawei(config)#display snmp-agent target-host
Traphost list:
Traphost address: 10.71.53.108
Traphost portnumber: 162
Traphost securityname: private
Traphost trapversion: v3
Total number is 1
Related Operation
Table 3-6 lists the related operation for setting the IP address of a destination host for receiving
traps.
Table 3-6 Related operation for setting the IP address of a destination host for receiving traps
Delete the IP address of the destination undo snmp-agent target-host

host for receiving traps
3.5.5 Setting the Source Interface for Sending Traps

This topic describes how to set the source interface for sending traps.
Prerequisite
The L3 interface that functions as the source interface must exist.
The IP address of the interface for sending traps is the source IP address of the traps.
Procedure
Step 1 Run the snmp-agent trap source command to set the source interface for sending traps.
Step 2 Run the display snmp-agent trap-source command to query the source interface for sending
traps.
----End
Example
To set the source interface for sending traps as the L3 interface of VLAN 1000, do as follows:
huawei(config)#snmp-agent trap source vlanif 1000
huawei(config)#display snmp-agent trap-source
Trap source interface name: vlanif1000

Related Operation
Table 3-7 lists the related operation for setting the source interface for sending traps.
Table 3-7 Related operation for setting the source interface for sending traps
Delete the source interface for sending undo snmp-agent trap source
traps
3.5.6 Setting the System Contact Information

This topic describes how to set the system contact information.
By default, the system contact information is "R&D Shenzhen, Huawei Technologies Co., Ltd.".
Procedure
Step 1 Run the snmp-agent sys-info contact command to set the system contact information.
Step 2 Run the display snmp-agent sys-info contact command to query the system contact
information.
----End
Example
To set the system contact information as HW-075528780808, do as follows:
huawei(config)#display snmp-agent sys-info contact
{ <cr>|location<K>|version<K> }:
Command:
display snmp-agent sys-info contact
The contact person for this managed node:
HW-075528780808
Related Operation
Table 3-8 lists the related operation for setting the system contact information.
Table 3-8 Related operation for setting the system contact information
Restore the default system contact undo snmp-agent sys-info contact

information

3.5.7 Setting the System Location Information

This topic describes how to set the system location information.
By default, the system location information is "Shenzhen_China".
Procedure
Step 1 Run the snmp-agent sys-info location command to set the system location information.
Step 2 Run the display snmp-agent sys-info location command to display the system location
information.
----End
Example
To set the system location information as Shanghai China, do as follows:
huawei(config)#snmp-agent sys-info location Shanghai_China
huawei(config)#display snmp-agent sys-info location
{ <cr>|contact<K>|version<K> }:
Command:
display snmp-agent sys-info location
The physical location of this node:
Shanghai_China
Related Operation
Table 3-9 lists the related operation for setting the system location information.
Table 3-9 Related operation for setting the system location information
Restore the default system location undo snmp-agent sys-info location

information
3.5.8 Configuring an SNMP V3 User

This topic describes how to add or modify an SNMP V3 user.
l The MA5600T supports up to 20 SNMP V3 users.
l If the user name that is entered is an existing one, the system updates the configuration of
the user.
l If you do not enter the user authentication and the encryption modes, the user can access
the equipment without an authentication or encryption.

Procedure
Step 1 Run the snmp-agent usm-user command to configure an SNMP V3 user.
Step 2 Run the display snmp-agent usm-user command to query the SNMP V3 user.
----End
Example
To add an SNMP V3 user named user, belonging to a group named group, with the authentication
mode as md5, the authentication password as 1, the encryption mode as des56, and the encryption
password as 2, do as follows:
huawei(config)#snmp-agent usm-user v3 user group authentication-mode md5 1 privacy-
mode des56 2
huawei(config)#display snmp-agent usm-user user
User name: user
Engine ID: 800007DB0300E0FC995050
Group name: group
Authentication mode: md5, Privacy mode: des56
User status: active
Related Operation
Table 3-10 lists the related operation for configuring an SNMP V3 user.
Table 3-10 Related operation for configuring an SNMP V3 user

Delete an SNMP V3 user undo snmp-agent usm-user v3
3.5.9 Configuring an SNMP V3 Group

This topic describes how to configure an SNMP V3 group. After a group is configured, you can
control the access authorities of all the users in that group.
l The MA5600T supports up to 20 SNMP V3 groups.
l By default, the system has a read view named viewDefault with the range of internet sub-
tree; the write view and the notify view are blank.
l If the group name that is entered is an existing name, the system updates the configuration
of the group.
l A specified view can be a non-existing view. In this case, the users in the group fail to
access.
l A user can access views in the following three modes:
– With authentication and encryption
– With authentication but no encryption
– With no authentication or encryption

l If the access mode level is lower than the security level of the configured group, the user
fails to access. If the corresponding groups have multiple security levels, the user can select
the group with the highest security level, and then access the view corresponding to that
group.
Procedure
Step 1 Run the snmp-agent group v3 command to configure an SNMP V3 group.
Step 2 Run the display snmp-agent group command to query the SNMP V3 group.
----End
Example
To configure a group named group, with authentication but no encryption, with the read view
of internet, and with blank write and notify views, do as follows:
huawei(config)#snmp-agent group v3 group authentication read-view internet
huawei(config)#display snmp-agent group group
Group name: group
Security model: v3 AuthnoPriv
Readview: internet
Writeview: <no specified>
Notifyview: <no specified>
Storage type: nonvolatile
Related Operation
Table 3-11 lists the related operation for configuring an SNMP V3 group.
Table 3-11 Related operation for configuring an SNMP V3 group
Delete an SNMP V3 group undo snmp-agent group v3
3.5.10 Configuring an SNMP MIB View

This topic describes how to configure an SNMP MIB view.
l The number of sub-trees of all the views cannot exceed 20.
l By default, the system has a read view named ViewDefault, with the range of internet sub-
tree view.
l The view named ViewDefault cannot be deleted or updated.
NOTE
For SNMP V3, the access control is a type of control over the user access to the management information. The
MIB view-based access control is realized by associating users with MIB views. An MIB view defines the
management information both included in the view and excluded from the view.

Procedure
Step 1 Run the snmp-agent mib-view command to configure an SNMP MIB view.
Step 2 Run the display snmp-agent mib-view command to query the SNMP MIB view.
----End
Example
To configure a view named view1, including ip sub-tree, do as follows:
huawei(config)#snmp-agent mib-view view1 include ip
huawei(config)#display snmp-agent mib-view view1
View name: view1
MIB subtree: ip
Subtree mask:
View type: include
View status: active
Related Operation
Table 3-12 lists the related operation for configuring an SNMP MIB view.
Table 3-12 Related operation for configuring an SNMP MIB view

Delete an SNMP MIB view undo snmp-agent mib-view
3.5.11 Configuring the Local SNMP Engine ID

This topic describes how to configure an engine ID that uniquely identifies an SNMP entity.
With no ID is configured manually, the MA5600T automatically initializes one ID at startup.
Procedure
Step 1 Run the snmp-agent local-engineid command to configure the local SNMP engine ID.
Step 2 Run the display snmp-agent local-engineid command to query the local SNMP engine ID.
----End
Example
To configure the engine ID of the local SNMP entity as 800007DB0300E0FC113333, do as
follows:
huawei(config)#snmp-agent local-engineid 800007DB0300E0FC113333
Info: Modify the local-engineid will disable the configured SNMPv3 user, all
of user local-engineid changes to the modified one after system reset, proceed?[
Y/N]:y

huawei(config)#display snmp-agent local-engineid

SNMP local EngineID: 800007DB0300E0FC113333
Related Operations
Table 3-13 lists the related operations for configuring the local SNMP engine ID.
Table 3-13 Related operations for configuring the local SNMP engine ID
Restore the default local SNMP engine undo snmp-agent local-engineid

ID
Display the remote SNMP engine ID display snmp-agent remote-engineid

information
3.5.12 Enabling the Timely Handshake Function between the

MA5600T and the N2000
This topic describes how to enable the timely handshake function between the MA5600T and
the N2000.
By default, the timely handshake function between the MA5600T and the N2000 is disabled.
Procedure
Step 1 Run the system handshake enable command to enable the timely handshake function between
the MA5600T and the N2000.
Step 2 Run the display system handshake command to query the timely handshake function between
the MA5600T and the N2000.
----End
Example
To enable the timely handshake function between the MA5600T and the N2000, do as follows:
huawei(config)#system handshake enable
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 300s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------

Related Operations
Table 3-14 lists the related operations for enabling the timely handshake function between the
MA5600T and the N2000.
Table 3-14 Related operations for enabling the timely handshake function between the
MA5600T and the N2000
Disable the timely handshake function system handshake disable

between the MA5600T and the N2000
Set the handshake interval system handshake interval
3.5.13 Setting the Handshake Interval

This topic describes how to set the handshake interval.
l By default, the handshake interval between the MA5600T and the N2000 is 300s.
l The handshake interval between the MA5600T and the N2000 determines the handshake
frequency.
– When the interval is short, and the number of network elements under the N2000 is
large, the N2000 is over-tasked to handle increasing handshake packets.
– When the interval is long, and the MA5600T and the N2000 are disconnected, the N2000
fails to locate the fault in time.
l You can set an appropriate handshake interval according to the actual conditions.
Procedure
Step 1 Run the system handshake interval command to set the handshake interval.
Step 2 Run the display system handshake command to query the handshake interval.
----End
Example
To set the handshake interval to 10 seconds, do as follows:
huawei(config)#system handshake interval 10
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 10s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------

Related Operation
Table 3-15 lists the related operation for setting the handshake interval.
Table 3-15 Related operation for setting the handshake interval

Configure the handshake function system handshake

between the MA5600T and the N2000
3.6 Configuring the IP Address of the Outband NMS

Interface
This topic describes how to configure the IP address of the outband NMS interface (maintenance
network port).
l By default, the IP address of the maintenance network port (ETH port on the control board)
is 10.11.104.1, and the subnet mask is 255.255.0.0.
l Make sure that the IP address of the ETH port is located in the same subnet as the IP address
of the gateway or the PC used for maintaining the MA5600T.
l After setting the IP address, save the record for future reference.
Procedure
Step 1 Run the interface meth command to enter the meth mode.
Step 2 Run the ip address command to set the IP address of the ETH port on the control board.
Step 3 Run the quit command to exit the meth mode.
Step 4 Run the display interface meth command to query the IP address of the ETH port on the control
board.
----End
Example
To set the IP address of the ETH port as 10.10.10.1 and the subnet mask as 255.255.255.0, do
as follows:
huawei(config)#display interface meth 0
meth0 current state : UP
Line protocol current state : UP
Description : HUAWEI, , meth0 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcaa-8516
Auto-duplex(Full), Auto-speed(100M)

5 minutes input rate 1549 bytes/sec, 14 packets/sec

5 minutes output rate 168 bytes/sec, 1 packets/sec
10508484 packets input, 1472712535 bytes
2213003 packets output, 712283310 bytes
Related Operation
Table 3-16 lists the related operation for configuring the IP address of the outband NMS
interface.
Table 3-16 Related operation for configuring the IP address of the outband NMS interface
Delete the IP address of undo ip address In meth mode.

the outband NMS
interface
3.7 Configuring an NMS Route

This topic describes how to create a static route between the MA5600T and the manager.
l The system supports up to 1000 static routes.
l When the MA5600T and the N2000 are located in different subnets, a route must be
configured for the gateway to forward IP packets.
Procedure
Step 1 Run the ip route-static command to configure a static route.
Step 2 Run the display ip routing-table command to query the current routing configuration.
----End
Example
To create a route to subnet 10.71.8.0 (where the manager is located), and the gateway as
10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1
huawei(config)#display ip routing-table verbose
Routing Table : Public
Destinations : 15 Routes : 15
Destination: 10.0.0.0/8
Protocol: Static Process ID: 0
Preference: 60 Cost: 0
NextHop: 10.71.57.1 Interface: vlanif1001
RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Tunnel ID: 0x0 Label: NULL
State: Active Adv GotQ Age: 00h21m49s
Tag: 0

Protocol: Direct Process ID: 0

State: Active Adv Age: 00h21m50s
Tag: 0
Protocol: Direct Process ID: 0
NextHop: 127.0.0.1 Interface: InLoopBack0
State: Active NoAdv Age: 12d20h50m47s
Tag: 0
State: Active Adv GotQ Age: 00h21m51s
Tag: 0
NextHop: 10.71.53.1 Interface:
State: Inactive Adv WaitQ Age: 00h00m10s
Tag: 0
Related Operation
Table 3-17 lists the related operation for configuring an NMS route.
Table 3-17 Related operation for configuring an NMS route
To... Run the Command...
Delete an existing route undo ip route-static
3.8 Configuring the IP Address of the Inband NMS Interface

This topic describes how to configure the IP address of the inband NMS interface.
l The MA5600T realizes inband NMS through the port on the GIU board.
l To prevent login and access to the MA5600T from the user end, it is recommended that
you use the standard VLAN as the NMS VLAN.
Procedure
Step 1 Run the vlan command to create an NMS VLAN.

Step 2 Run the interface vlanif command to enter the VLAN interface mode.
Step 3 Run the ip address command to set the IP address of the VLAN interface.
Step 4 Run the quit command to exit the VLAN interface mode.
Step 5 Run the display interface vlanif command to query the IP address of the VLAN interface.
----End
Example
To set the IP address of the inband NMS interface as 10.10.10.2 and the subnet mask as
255.255.255.0, do as follows:
huawei(config)#display interface vlanif 1000
Vlanif1000 current state : up
Line protocol current state : up
Description : HUAWEI, SmartAX Series, Vlanif1000 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0.fc11.223c
Related Operation
Table 3-18 lists the related operation for configuring the IP address of the inband NMS interface.
Table 3-18 Related operation for configuring the IP address of the inband NMS interface
Delete the IP address of undo ip address In the VLAN interface mode.

the existing inband NMS
interface

SmartAX MA5600T Multi-service Access Module 4 Log Host Configuration
4 Log Host Configuration
About This Chapter
This topic describes the functions of a log host and the method of configuring a log host on the
MA5600T.
NOTE
detailed description of the basic operations on the MA5600T.
For the readers who are familiar with the MA5600T, it is recommended that you read the configuration examples
directly.
first.
4.1 Overview
This topic describes the functions of the log and the application of the log on the MA5600T.
4.2 Configuration Example of a Log Host
This topic provides an example for configuring a log host. The log host is used for recording
logs, which are useful for the device maintenance and fault location.
4.3 Configuring a Log Host
This topic describes how to configure a log host, that is, how to add and activate the log host.
4.4 Deleting a Log Host
This topic describes how to delete a log host.
4.5 Deactivating a Log Host
This topic describes how to deactivate a log host.
4.6 Querying Logs
This topic describes how to query logs.

4 Log Host Configuration SmartAX MA5600T Multi-service Access Module
4.1 Overview
This topic describes the functions of the log and the application of the log on the MA5600T.
Function
Logs can function as important references for system maintenance and troubleshooting.
In the MA5600T, you can query the executed commands and other important information
recorded in the logs.
4.2 Configuration Example of a Log Host

This topic provides an example for configuring a log host. The log host is used for recording
logs, which are useful for the device maintenance and fault location.
l The log host is always installed on the NMS station and uses the NMS VLAN to
communicate with the MA5600T.
l The log host must be installed with the FTP or TFTP software, and must be able to receive
and save the logs reported by the MA5600T.
Networking
The log host resides in the NMS station and is connected to the upstream port of the
MA5600T in the IP network. Figure 4-1 shows the example network for configuring a log host.
Figure 4-1 Example network for configuring a log host
Router
Log host
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan
Table 4-1 provides the data plan for configuring a log host.

Table 4-1 Data plan for configuring a log host
Item Data
Layer 3 interface VLAN: 10
Upstream port: 0/9/0
IP address of the L3 interface: 10.10.10.10/24

IP address of the gateway: 10.10.10.1
Log host IP address: 195.10.10.20/24
Figure 4-2 shows the flowchart for configuring a log host.
Figure 4-2 Flowchart for configuring a log host
Start
Configure the layer 3

interface
Add a log host
Add the static route
Configure the ACL rule
Activate the log host
Save the data
End
Procedure
Step 1 Configure the L3 interface.
1. Create a VLAN.
2. Add the upstream port.

3. Configure the IP address of the L3 interface.

Step 2 Add the log host.

huawei(config)#loghost add 195.10.10.20 huawei
Step 3 Add the static route to the log host.

Step 4 Configure the ACL rule (optional).

Filter the packets that passes through the L3 interface. Only the IP packet from the log host is
allowed to access the L3 interface. The packets without authorization are not allowed to access
the L3 interface.
huawei(config)#acl 3010
huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10
0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 195.10.10.20 0.0.0.0 destination
10.10.10.10 0.0.0.0
huawei(config-acl-adv-3010)#quit
huawei(config)#packet-filter inbound ip-group 3010 port 0/9/0
NOTE
The port aggregation configuration is not allowed for upstream port 0/9/0 to which the ACL rule is applied.
Step 5 Activate the log host.

huawei(config)#loghost activate name huawei

huawei(config)#save
----End
Result
l You can query the logs on the log server.
l The logs record the operation commands executed on the system. They are the same as the
commands queried on the MA5600T.
4.3 Configuring a Log Host

This topic describes how to configure a log host, that is, how to add and activate the log host.
l The MA5600T can log important operations in the log server (UNIX or Windows platform)
of the internal network through the syslog mechanism.
l After configuring a log host on the MA5600T, you need to enable the log host service, and
configure the directory for saving logs and the log file name. This helps to enable real-time
reporting of logs.
Procedure
Step 1 Run the loghost add command to add a log host.
Step 2 Run the loghost activate command to activate the log host.

Step 3 Run the display loghost list command to display the log host.
----End
Example
To add a log host as huawei with the IP address 10.10.10.1, do as follows:
huawei(config)#loghost add 10.10.10.1 huawei
huawei(config)#loghost activate name huawei
huawei(config)#display loghost list name huawei
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Normal
Related Operations
Table 4-2 lists the related operations for configuring a log host.
Table 4-2 Related operations for configuring a log host
Deactivate a log host loghost deactivate
Delete a log host loghost delete
Set the source interface for sending logs syslog source
4.4 Deleting a Log Host

This topic describes how to delete a log host.
Procedure
Step 1 Run the loghost delete command to delete a log host
----End
Example
To delete the log host with the IP address 10.10.10.1, do as follows:
huawei(config)#loghost delete ip 10.10.10.1
huawei(config)#display loghost list ip 10.10.10.1
Failure: The log server not exist
Related Operations
Table 4-3 lists the related operations for deleting a log host.

Table 4-3 Related operations for deleting a log host
Add a log host loghost add
Activate a log host loghost activate
Deactivate a log host loghost deactivate
4.5 Deactivating a Log Host

This topic describes how to deactivate a log host.
The system sends log information only to the activated log hosts.
Procedure
Step 1 Run the loghost deactivate command to deactivate a log host.
----End
Example
To deactivate the log host with the IP address 10.10.10.1, do as follows:
huawei#loghost deactivate ip 10.10.10.1
huawei#display loghost list ip 10.10.10.1
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Deactivate
Related Operations
Table 4-4 lists the related operations for deactivating a log host.
Table 4-4 Related operations for deactivating a log host
Activate a log host loghost activate
Add a log host loghost add
Delete a log host loghost delete

4.6 Querying Logs

This topic describes how to query logs.
l The MA5600T can maintain a record of the logs of the last 512 operations. System
administrators can query the last executed operation commands through logs. The executed
query commands cannot be recorded in the logs.
l Up to 512 logs can be stored in the system. When there are more than 512 records, the old
records are overwritten.
l Query and record the system logs immediately in the case of a system failure. This prevents
the loss of logs that can be used for locating a fault.
l To record the operation correctly, make sure that the system time is correct before service
configuration.
Procedure
Run the display log command to query logs.
----End
Example

SmartAX MA5600T Multi-service Access Module 5 User Management
5 User Management
About This Chapter
This topic describes the classification of users and how to add, modify, delete and disconnect a
user.
5.1 Overview
This topic provides the definition of users, and describes the user levels and authorities supported
by the MA5600T.
5.2 Adding a User Profile
This topic describes how to add a user profile. To add a new user, you need to bind this user
profile to manage operators.
5.3 Adding a User
This topic describes how to add a user who can log in to the MA5600T to maintain it.
5.4 Modifying the User Attributes
You can modify the user attributes, such as user profile, authority, password, the permitted
number of reenters and the appended information.
5.5 Disconnecting an Online User
This topic describes how to disconnect an online user to prevent the user from logging in to the
MA5600T.
5.6 Deleting a User
This topic describes how to delete a user who is not permitted to log in to the MA5600T.

5 User Management SmartAX MA5600T Multi-service Access Module
5.1 Overview
This topic provides the definition of users, and describes the user levels and authorities supported
by the MA5600T.
Service Description
Users refer to persons who configure and maintain the MA5600T through CLI.
In terms of authority, MA5600T users can be divided into the following four levels:
l Common user
l Operator
l Administrator
l Super user
Users of all levels can only add users of lower levels than them.
Table 5-1 lists the authorities for users of all levels.
Table 5-1 User authorities
User Level Authority
Common user Common users perform basic system operation and simple query
operation.
Operator Operator can configure the MA5600T and services.
Administrator and Common:

super user l Perform all operations.
l Maintain the MA5600T user accounts and user authority.
Difference:
l Only one super user exists in the system, however, multiple
administrators can exist in the system.
l The super user is of the highest level in the system.
l The super user can create the administrator level account, but the
administrator has no authority to add a super user.
5.2 Adding a User Profile

This topic describes how to add a user profile. To add a new user, you need to bind this user
profile to manage operators.

l There is a root profile in the system. The root profile disables restrictions on users so that
root users can log in to the system easily after a system is upgraded. It is not recommended
to bind the root profile when you add a new user.
l The system provides three default profiles whose levels are administrator, operator, and
common user. They are convenient for unified management and for adding users.
l Up to 12 profiles can be added.
To add a user profile, you need to configure the following parameters:

l Use profile name
l Minimum length of the user name
l Minimum length of the password
l Validity period of the user name
l Validity period of the password
l Permitted start time of login for a user
l Permitted end time of login for a user
For details, refer to Table 5-2.
Table 5-2 Parameters of a user profile
Parameters Description
Minimum length The minimum length of the user name can be 6 to 15 alphanumeric
of the user name characters and it must be equal to or longer than six alphanumeric
characters.
Minimum length The minimum length of the password can be 6 to 15 alphanumeric

of the password characters and it must be equal to or longer than six alphanumeric
characters.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, the validity does not
the user name expire. By default, it is 30 days.
The system checks the validity of the user names in the unit of day when
a user logs in to the system.
Three days prior to the expiration, the system generates an alarm
informing the user of the expiration day. The system generates an alarm
informing the user of the expiration once the system identifies the
expiration of a user name.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, the validity does not
the password expire. By default, it is 30 days. The validity period of the password
should not be equal to or shorter than the validity period of the user
name.
The system checks the validity of passwords in the unit of day when a
user logs in to the system.
Three days prior to the expiration, the system generates an alarm
informing the user of the expiration day and prompting the user to
modify the password in time.

Parameters Description
Permitted start This parameter with the permitted end time of logon by a user
time of login for a parameter specifies the permitted period for a user to log in to the
user system. A user can log in to the system only in the permitted period.
Permitted end time This parameter with the permitted start time of logon by a user
of login for a user parameter specifies the permitted period for a user to log in to the
system.
A user can log in to the system only in the permitted period. If a user
logs in to the system at the permitted start time but does not log out at
the permitted end time, the system logs out the user and stops the user
from configuring the system.
Procedure
Step 1 Run the terminal user-profile add command to add a user profile.
Step 2 Run the display terminal user-profile command to query the information on the user profile.
----End
Example
Assume the following:
l Use profile name: userprofile
l Minimum length of the user name: eight alphanumeric characters
l Minimum length of the password: eight alphanumeric characters
l Validity period of the user name: 30 days
l Validity period of the password: 30 days
l Permitted start time of login for a user: 09:00
l Permitted end time of login for a user: 19:00
To add the user profile, do as follows:
huawei(config)#terminal user-profile add
User profile name(<=15 chars):userprofile
Min. length of user name(6--15)[6]:8
Min. length of password(6--15)[6]:8
Validity period of the user name(0--999 days)[30]:
Validity period of the password(0--999 days)[30]:
Permitted start time of logon by a user(hh:mm):09:00
Permitted end time of logon by a user(hh:mm):19:00
Repeat this operation? (y/n)[n]:
huawei(config)#display terminal user-profile name userprofile
---------------------------------------------------------------------------
User profile name : userprofile
Min. length of user name : 8
Min. length of password : 8
Validity period of the user name : 30
Validity period of the password : 30
Permitted start time of logon by a user : 09:00
Permitted end time of logon by a user : 19:00
---------------------------------------------------------------------------

Related Operations
Table 5-3 lists the related operations for adding a user profile.
Table 5-3 Related operations for adding a user profile
To... Run the Command... Remarks
Modify a user terminal user-profile The user profile name cannot be modified.
profile modify The default user profiles cannot be
modified, named root, admin, operator and
common user.
The bound user profiles cannot be
modified.
Delete a user terminal user-profile delete The default user profiles cannot be
profile deleted, named root, admin, operator and
common user.
The bound user profiles cannot be deleted.
Modify the terminal user user-profile This operation binds the user to another
profile bound profile.
with a user
5.3 Adding a User

This topic describes how to add a user who can log in to the MA5600T to maintain it.
l The super user and the administrator can add users of lower levels than them. That is:
– The super user can add an administrator, operators, and common users.
– The administrator can only add an operator and a common user.
l A user name is unique, and cannot be all or online.
l The super user or administrator can add multiple users to the system simultaneously. Up
to 127 users can be added to the system. Up to 128 users can be added including the root
user.
When adding a user, you need to configure the user attributes, including the user profile, user
account, password, permitted number of reenters, authority, and appended information.
Table 5-4 lists the user attributes.
Table 5-4 User attributes
User attribute Description
User name A user name (or a user account) consists of 1-15 printable characters.
A user name is unique, case sensitive and cannot contain any space.

User attribute Description
Password A password consists of 0-15 characters. It is case sensitive, and cannot

be null.
Authority In terms of authority, the added users can be divided into the following
three levels:
l Common user
l Operator
l Administrator
Permitted number The permitted number of reenters means the concurrent login count of
of reenters a user account. Whether a username can be used to log in to the
MA5600T from several terminals at the same time depends on the
permitted number of reenters. It is in the range of 0-4, and is generally
set to 1.
Append Append information is a type of optional and supplementary

Information information. It consists of a chain of characters and its total length is
limited to 30. It can be a telephone number or an address of a user.
Procedure
Step 1 Run the terminal user name command to add a user.
Step 2 Run the display terminal user command to query a user.
----End
Example
To add a common user with the name huawei, with the password huawei, the reenter number
3, the bound user profile root, and the appended information user, do as follows:
huawei(config)#terminal user name
User profile name(<=15 chars)[root]:
User Password(<=15 chars):huawei
Confirm Password(<=15 chars):huawei
User's Level:
1. Common User 2. Operator 3. Administrator:1
Permitted Reenter Number(0--4):3
User's Appended Info(<=30 chars):user
This user has been added
huawei(config)#display terminal user all
----------------------------------------------------------------------------
Name Level Status Reenter Profile Append
Num Info
----------------------------------------------------------------------------
root Super Online 1 root -----
huawei User Offline 3 root user
------------------------------------------------------------------------------
Total record(s) number: 2

Related Operations
Table 5-5 lists the related operations for adding a user.
Table 5-5 Related operations for adding a user

Delete a user undo terminal user name l Only the super user and administrators
can delete users of lower levels than
them.
l Users cannot delete themselves.
l User root cannot be deleted.
l An online user cannot be deleted. To
delete an online user, you need to
disconnect the user first.
l Multiple users can be deleted at a time.
Modify the user terminal user user-profile The administrator can run this command to
profile modify the profile where the user is located.
That is, bind the user to another profile.
5.4 Modifying the User Attributes

You can modify the user attributes, such as user profile, authority, password, the permitted
number of reenters and the appended information.
5.4.1 Modifying the Profile Bound with a User
This topic describes how to bind a user with a different profile.
5.4.2 Modifying the User Login Mode
This topic describes how to modify the user login mode.
5.4.3 Modifying a User Level
This topic describes how to modify a user authority.
5.4.4 Changing a User Password
This topic describes how to change a user password to ensure equipment security.
5.4.5 Modifying the Permitted Number of Reenters
This topic describes how to modify the permitted number of reenters of a user to ensure the user
authority.
5.4.6 Modifying the Appended Information
This topic describes how to modify the appended information on a user to update user
information in time.
5.4.1 Modifying the Profile Bound with a User

This topic describes how to bind a user with a different profile.

l Administrators and root users can modify the bound profile of themselves and users of
lower levels than them.
l The user name and password must meet the specification of the user profile to be bound.
Otherwise, the binding operation fails.
Procedure
Step 1 Run the terminal user user-profile command to modify the bound profile of a user.
Step 2 Run the display terminal user command to query the bound profile of the user.
----End
Example
To modify the profile bound with the user named testuser to the default admin profile, do as
follows:
huawei(config)#terminal user user-profile
User Name(<=15 chars):testuser
Permitted user-profile[root]:admin
Confirm user-profile:admin
Configuration will take effect when the user logs on next time.
Repeat this operation? (y/n)[n]:
----------------------------------------------------------------------------
Num Info
----------------------------------------------------------------------------
testuser User Offline 3 admin -----
----------------------------------------------------------------------------
Related Operations
Table 5-6 lists the related operations for modifying the profile bound with a user.
Table 5-6 Related operations for modifying the profile bound with a user
Configure a user profile terminal user-profile
Modify levels of a user terminal user level
Modify the password of a user terminal user password
Modify the permitted times of login for a user terminal user reenter
Modify the appended information on a user terminal user apdinfo
5.4.2 Modifying the User Login Mode

This topic describes how to modify the user login mode.

Context
l Only the super user and administrators can perform this operation.
l The user login mode includes:
– The web mode
– The OSS mode
– The CLI mode
l By default, the user login mode is CLI.
Procedure
Step 1 Run the terminal user access-type command to modify the user login mode.
Step 2 Run the display terminal user command to query the user login mode.
----End
Example
To enable that common user huawei can login to the system in all three modes, do as follows:
huawei(config)#terminal user access-type
User Name(<=15
chars):huawei
User's access-type :(default : command line)
Authorize web user to login in? (y/n)[n]:y
Authorize OSS user to login in? (y/n)[n]:y
Information will take effect when this user logs on next time
----------------------------------------------------------------------------
Name Level Status Reenter Access Profile Append
Num Type Info
----------------------------------------------------------------------------
root Super Online 1 CLI root none
Web
huawei Operator Offline 3 CLI root user
Web
OSS
----------------------------------------------------------------------------
Related Operation
Table 5-7 lists the related operations for modifying the user login mode.
Table 5-7 Related operations for modifying the user login mode
T0… Run the Command…
Modify the user password terminal user password
Modify the user permitted number terminal user reenter

of reenters
Modify the user append information terminal user apdinfo
Modify the user level terminal user level

5.4.3 Modifying a User Level

This topic describes how to modify a user authority.
Only the super user and administrators can perform the operation for users of lower levels than
them.
l The super user can modify the level of a user to the level of a common user, an operator,
or an administrator.
l Administrators can modify the level of a user to the level of a common user or an operator.
Procedure
Step 1 Run the terminal user level command to modify a user level.
Step 2 Run the display terminal user command to query a user level.
----End
Example
To change the common user huawei to an operator, do as follows:
huawei(config)#terminal user level
1. Common User 2. Operator 3.Administrator:
User's Level:2
Confirm Level: 2
Information will take effect when this user logs on next time
----------------------------------------------------------------------------
Num Info
----------------------------------------------------------------------------
huawei Operator Offline 3 root user
------------------------------------------------------------------------------
Related Operations
Table 5-8 lists the related operations for modifying a user level.
Table 5-8 Related operations for modifying a user level
Modify the profile bound with a user terminal user user-profile
Change the user password terminal user password

Modify the permitted number of reenters of terminal user reenter

a user
5.4.4 Changing a User Password

This topic describes how to change a user password to ensure equipment security.
l The super user and the administrator can change the passwords of lower-level users
(including themselves). When changing the passwords of lower-level users, the super user
and the administrator need not enter the old password.
l The common user and the operator can change their own password only, and they need to
enter the old password.
Procedure
Step 1 Run the terminal user password command to change a user password.
Step 2 Log in to the equipment with the previous user name and the new password.
----End
Example
To change the password of the common user huawei, do as follows:
huawei(config)#terminal user password
User name (<=15 chars):huawei
New password(<=15 chars):huawei
Confirm Password(<=15 chars):huawei
Information takes effect
Related Operations
Table 5-9 lists the related operations for changing a user password.
Table 5-9 Related operations for changing a user password

Modify user level terminal user level
Modify the permitted number of reenters of terminal user reenter

a user

5.4.5 Modifying the Permitted Number of Reenters

This topic describes how to modify the permitted number of reenters of a user to ensure the user
authority.
l The super user and administrators can modify the permitted number of reenters of lower-
level users.
l The permitted number of reenters of the super user cannot be modified.
Procedure
Step 1 Run the terminal user reenter command to modify the permitted number of reenters of a user.
Step 2 Run the display terminal user command to query the permitted number of reenters of a user.
----End
Example
To modify the permitted number of reenters of the common user huawei to 1, do as follows:
huawei(config)#terminal user reenter
Permitted reenter number(0--4):1
Confirm Reenter Number(0--4):1
----------------------------------------------------------------------------
Num Info
----------------------------------------------------------------------------
huawei User Offline 1 root user
--------------------------------------------------------------------
Related Operations
Table 5-10 lists the related operations for modifying the permitted number of reenters.
Table 5-10 Related operations for modifying the permitted number of reenters
Modify user level terminal user level
Change user password terminal user password
Modify the appended information on user terminal user apdinfo

5.4.6 Modifying the Appended Information

This topic describes how to modify the appended information on a user to update user
information in time.
l The super user and administrators can modify their own appended information and the
appended information of lower-level users.
l Common users and operators can modify their own appended information.
Procedure
Step 1 Run the terminal user apdinfo command to modify the appended information on a user.
Step 2 Run the display terminal user command to query the appended information on a user.
----End
Example
To modify the appended information of common user huawei to support@huawei.com, do as
follows:
huawei(config)#terminal user apdinfo
User's Appended Info(<=30 chars):support@huawei.com
----------------------------------------------------------------------------
Num Info
----------------------------------------------------------------------------
huawei User Offline 1 root
support@huawei.com
--------------------------------------------------------------------
Related Operations
Table 5-11 lists the related operations for modifying the appended information.
Table 5-11 Related operations for modifying the appended information
Modify the user level terminal user level
Change the user password terminal user password
Modify the permitted number of reenters of a terminal user reenter

user

5.5 Disconnecting an Online User

This topic describes how to disconnect an online user to prevent the user from logging in to the
MA5600T.
Only the super user and administrators can disconnect an online lower-level user.
Procedure
Step 1 Run the client kickoff command to disconnect an online user.
Step 2 Run the display client command to query an online user.
----End
Example
To disconnect user 2, and to run the display client command to check whether the user is
disconnected, do as follows:
huawei#client kickoff 2
Are you sure to kick the user off?(y/n)[n]: y
huawei#display client
-----------------------------------------------------------------------------
ID Client name Domain name IP Address Login Time
-----------------------------------------------------------------------------
1 root -- 10.71.60.100 2006-02-08 12:26:53
-----------------------------------------------------------------------------
Related Operation
Table 5-12 lists the related operation for disconnecting an online user.
Table 5-12 Related operation for disconnection an online user

Delete a user undo terminal user name
5.6 Deleting a User

This topic describes how to delete a user who is not permitted to log in to the MA5600T.
l Only the super user and administrators can delete the lower-level users other than
themselves.
l Users cannot delete themselves.
l User root cannot be deleted.

l An online user cannot be deleted. To delete an online user, you need to disconnect the user
first.
l Multiple users can be deleted at a time.
Procedure
Step 1 Run the undo terminal user name command to delete users.
Step 2 Run the display terminal user command to verify whether a user is deleted successfully.
----End
Example
To delete a user named huawei, do as follows:
huawei(config)#undo terminal user name
Are you sure to delete the user?(y/n)[n]:y
This user has been deleted
----------------------------------------------------------------------------
Num Info
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Related Operations
Table 5-13 lists the related operations for deleting a user.
Table 5-13 Related operations for deleting a user

Disconnect an online user client kickoff
Add a user terminal user name

SmartAX MA5600T Multi-service Access Module 6 Device Management
6 Device Management
About This Chapter
This topic describes the MA5600T management, which includes the shelf management and the
board management.
6.1 Overview
This topic describes the contents of the chapter and the board status.
6.2 Setting the Description of a Shelf
This topic describes how to set the description for a shelf to differentiate it from other shelves.
6.3 Resetting the Control Boards
This topic describes how to reset the control boards. When you need to reset the control boards
to run the newly-loaded program and the database, use this command.
6.4 Adding a Service Board Offline
This topic describes how to add a required service board in an idle slot and configure data of the
service board offline. After the corresponding service board is inserted, the board can start
immediately.
6.5 Confirming a Service Board
This topic describes how to confirm a service board that has been detected automatically.
6.6 Deleting a Service Board
This topic describes how to delete a service board that is no longer required.
6.7 Resetting a Service Board
This topic describes how to reset a service board when it is unstable.
6.8 Prohibiting a Service Board
This topic describes how to prohibit a service board. Through the operation, the service of the
board is suspended but not deleted and the dynamic resources are not released.

6 Device Management SmartAX MA5600T Multi-service Access Module
6.1 Overview
This topic describes the contents of the chapter and the board status.
Service Description
Device management involves the following:
l Shelf management
– Setting description of a shelf
– Querying description of a shelf
– Querying attributes of a shelf
l Control board management
– Resetting a control board
– Querying a control board
l Service board management
– Adding a service board offline
– Confirming a service board
– Deleting a service board
– Resetting a service board
– Prohibiting/Unprohibiting a service board
– Querying a service board
Board Status
Table 6-1 lists the service board status.
Table 6-1 Service board status
State Remarks
Active_normal It indicates that the active control board is in the normal

state.
Standby_normal It indicates that the standby control board is in the normal

state.
Standby_failed It indicates that the standby control board is faulty.
Normal It indicates that the board is running in the normal state.
Failed It indicates that the service board is faulty.
Config It indicates that the service board is being configured.
Auto-find It indicates that a service board is inserted, but not

confirmed yet.

State Remarks
Prohibited It indicates that the service board is prohibited.
6.2 Setting the Description of a Shelf

This topic describes how to set the description for a shelf to differentiate it from other shelves.
Procedure
Step 1 Run the frame set command to set the description of a shelf.
Step 2 Run the display frame desc command to query the description of a shelf.
----End
Example
To set the description of shelf 0, do as follows:
huawei(config)#frame set 0 desc adl
huawei(config)#display frame desc 0
--------------------------------------------------------
FrameID Frame description
--------------------------------------------------------
0 adl
--------------------------------------------------------
Related Operation
Table 6-2 lists the related operation for setting the description of a shelf.
Table 6-2 Related operation for setting the description of a shelf

Query the description of a shelf display frame info
6.3 Resetting the Control Boards

This topic describes how to reset the control boards. When you need to reset the control boards
to run the newly-loaded program and the database, use this command.
l The control boards include active control board and the standby control board.
l Resetting an active control board leads to the following two results:
– In the case of an active/standby configuration, the operation has no adverse impact on
the ongoing services.
– In the case there is no standby control board, the operation disconnects the control board
from all the service boards, that is, all service boards in the system are reset.

CAUTION
l The reset operation may cause loss to the unsaved data. Therefore, before the
operation, run the save command to save the system data.
l Reset the system only when necessary. In general, the system is reset after a new
application or a database is loaded.
l The board reset command cannot be used to reset the control boards.
l The reboot active command and the reboot standby command can be used to reset the
active control board and the standby control board respectively.
Procedure
Run the reboot command to reset the control board.
----End
Examples
To reset the active control board, do as follows:
huawei#reboot active
Please check whether data has saved, the unsaved data may lose if reboot
active board, are you sure to reboot active board? (y/n)[n]:y
Standby board failure or not exist, reboot active will cause system reboot,
are you sure to reboot active board? (y/n)[n]:y
To reset the standby control board, do as follows:

huawei#reboot standby
Please check whether data has saved, are you sure to reboot standby board? (y/
n)[n]:y
Related Operations
Table 6-3 lists the related operations for resetting the control boards.
Table 6-3 Related operations for resetting the control boards

Query a board display board You can query the board type, board
status and port information.
Reboot system reboot system This command is used to reset the

active and standby control boards at
the same time. As a result, the service
boards reset simultaneously.

6.4 Adding a Service Board Offline

This topic describes how to add a required service board in an idle slot and configure data of the
service board offline. After the corresponding service board is inserted, the board can start
immediately.
l After the service board is added offline, the service board becomes faulty. Only after a
service board of the configured type is inserted into this slot, the board becomes normal.
If a service board of a different type is inserted, the board keep resetting because the board
type is not matching.
l You can add a service board only in an idle slot.
Procedure
Step 1 Run the board add command to add a service board.
Step 2 Run the display board command to query the information on the board.
----End
Example
To add a service board in slot 0/2, do as follows:
huawei(config)#board add 0/4 h801gpbc
huawei(config)#display board 0
-------------------------------------------------------------------------
SlotID BoardName Status SubType0 SubType1 Online/Offline
-------------------------------------------------------------------------
0 H801CITA Normal
1
2 H801GPBC Failed Offline
3 H801GPBC Normal
4 H801GPBC Failed Offline
5
6 H801TOPA Failed NH1A Online
7
8
9 H801SCUL Active_normal
10
11
12
13
14
15
16
17
18
19 H801GICG Failed Online
20
21
22
-------------------------------------------------------------------------
Related Operation
Table 6-4 lists the related operation for adding a service board offline.

Table 6-4 Related operation for adding a service board offline
To... Run the Remarks

Command...
Confirm a service board confirm The service board that is identified

board automatically is in auto-find state, and it
can be used after it is confirmed.
6.5 Confirming a Service Board

This topic describes how to confirm a service board that has been detected automatically.
After you insert a service board into an idle slot, the system automatically identifies the board
type and the board is in the auto-find state. To enable the board for normal service transmission,
you need to confirm this board.
Procedure
Step 1 Run the board confirm command to confirm a service board.
Step 2 Run the display board command to query the confirmed service board.
----End
Example
To confirm board 0/2, do as follows:
huawei(config)#board confirm 0/2
0 frame 2 slot board confirm successfully
Related Operation
Table 6-5 lists the related operation for confirming a service board.
Table 6-5 Related operation for confirming a service board
Add a service board board add You can add a service board only
offline to an idle slot.
6.6 Deleting a Service Board

This topic describes how to delete a service board that is no longer required.

l Before deleting a service board, you must delete its service data. If not, deleting the service
board fails.
l A service board in the auto-find state cannot be deleted.
Procedure
Run the board delete command to delete a service board.
----End
Example
To delete service board 0/2, do as follows:
huawei(config)#board delete 0/2
are you sure to delete this board? (y/n)[n]:y
Board delete successfully
Related Operation
Table 6-6 lists the related operation for deleting a service board.
Table 6-6 Related operation for deleting a service board
Query the board information display board
6.7 Resetting a Service Board

This topic describes how to reset a service board when it is unstable.
l The system generates a fault alarm after the reset operation, and a recovery alarm after the
board recovers.
l After a service board is reset and starts up successfully, it reports the registration
information to the control board. Then the control board recovers the data configuration of
the service board to recover the services.
Procedure
Run the board reset command to reset a service board.
----End
Example
To reset service board 0/1, do as follows:

huawei(config)#board reset 0/1

Are you sure to reset board? (y/n)[n]:y
0 frame 1 slot reset board message sent successfully...
6.8 Prohibiting a Service Board

This topic describes how to prohibit a service board. Through the operation, the service of the
board is suspended but not deleted and the dynamic resources are not released.
l A control board cannot be prohibited.
l A service board that is in the auto-find state and unconfirmed cannot be prohibited.
l Prohibiting a service board interrupts the services of the board.
Procedure
Step 1 Run the board prohibit command to prohibit a service board.
Step 2 Run the display board command to query the service board status.
----End
Example
To prohibit service board 0/2, do as follows:
huawei(config)#board prohibit 0/11
Prohibiting board will interrupt all services on this board, are you sure to
prohibit board? (y/n)[n]:y
Prohibited board successfully
Related Operation
Table 6-7 lists the related operation for prohibiting a service board.
Table 6-7 Related operation for prohibiting a service board

Un-prohibit a service board undo board prohibit

SmartAX MA5600T Multi-service Access Module 7 Remote User Authentication Configuration
7 Remote User Authentication Configuration
About This Chapter
This topic describes how to manage a remote user on the MA5600T, including the user
authentication, authorization, and accounting.
NOTE
(s) directly.
first.
7.1 Overview
This topic describes the remote user authentication and the authentication modes.
7.2 Related Concepts
This topic describes the concepts related to remote user authentication, including AAA,
RADIUS, SSH and 802.1xAAA, RADIUS and SSH.
7.3 Configuration Example of Remote User Authentication
This topic provides an example for authenticating the remote user so that the user can access the
network resources through the MA5600T.
7.4 Configuring the RADIUS
This topic describes the RADIUS configuration, including creating a RADIUS server template,
setting the IP address and port number of a RADIUS server, setting the shared key of the
RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum
retransmit count of RADIUS request packets, setting the RADIUS server type, setting the format
of user name sent to a RADIUS server.
7.5 Configuring 802.1x
This topic describes the 802.1x configuration, including configuring an 802.1x template,
enabling the 802.1x authentication on a port, configuring the control mode of a port, enabling
the 802.1x authentication globally, and enabling the DHCP-triggered authentication.
7.6 Configuring AAA

7 Remote User Authentication Configuration SmartAX MA5600T Multi-service Access Module
This topic describes the AAA configuration, including configuring an authentication scheme,
creating a domain, specifying the authentication scheme and binding the RADIUS server
template.
7.7 Configuring SSH
This topic describes the SSH configuration, including creating the local RSA key pair,
configuring the SSH user public key and configuring an SSH user.

7.1 Overview
This topic describes the remote user authentication and the authentication modes.
Service Description
Remote user authentication refers to the process of authenticating the users who remotely log
in to the MA5600T. Only the authenticated users can log in to the MA5600T to manage and
maintain it.
The MA5600T authenticates remote users in the following two ways:
l AAA/RADIUS
– In an authentication, authorization, and accounting (AAA)/Remote Authentication
Dial-In User Service (RADIUS) frame, the MA5600T functions as a network access
server (NAS). As for the RADIUS server, the MA5600T functions as a RADIUS client.
– The MA5600T forwards the user name and password of the login user to the RADIUS
server for authentication when the AAA/RADIUS function is enabled.
l Secure Shell (SSH)
– The SSH protocol is based on a client/server mode, using TCP for interconnections to
realize secure remote access to insecure networks.
7.2 Related Concepts

This topic describes the concepts related to remote user authentication, including AAA,
RADIUS, SSH and 802.1xAAA, RADIUS and SSH.
7.2.1 Introduction to AAA

This topic describes AAA and its advantages.
7.2.2 Introduction to RADIUS
This topic describes RADIUS and its principles.
7.2.3 Introduction to SSH
This topic describes SSH and the advantages of the SSH protocol.
7.2.4 Introduction to 802.1x
This topic introduces what is 802.1x and the working principle and the system architecture of
the 802.1x protocol.
7.2.1 Introduction to AAA

This topic describes AAA and its advantages.
What Is AAA
AAA provides a framework for the consistency configuration of authentication, authorization
and accounting. Actually, the AAA framework is used for network security management.

Advantages of AAA
Generally, the AAA framework adopts the server/client structure, where the server stores the
user information and the client runs on the managed resources side.
The AAA framework has the following advantages:
l Excellent expansibility
l Standardardized authentication schemes
l Centralized user management
l Multi-system based security mechanism
7.2.2 Introduction to RADIUS

This topic describes RADIUS and its principles.
What Is RADIUS
As a management framework, AAA can be performed by a number of protocols. The RADIUS
protocol is commonly used to implement AAA.
l The RADIUS protocol is an information exchange protocol with the distributed server/
client structure. It is used to manage a large number of distributed dialup users.
l A RADIUS server manages a simple user database to provide the AAA function to the
users and to modify the service information of the users according to the service types and
rights.
l The users forward their AAA requests to the RADIUS server through an NAS.
Principles of RADIUS
l When a user tries to access another network (or some network resources) by setting up a
connection to the NAS through a network, the NAS forwards the user authentication and
accounting information to the RADIUS server. The RADIUS protocol specifies the means
of transmitting the user information and accounting information between the NAS and the
RADIUS server.
l The RADIUS server receives the connection requests of users sent from the NAS,
authenticates the user account and password contained in the user data, and returns the
required data to the NAS.
NOTE
l The NAS and the RADIUS server use a key to encrypt the data exchanged between them, thus
preventing the user password from being intercepted or stolen.
l The RADIUS configuration only defines the parameters related to the connections between the
NAS and the RADIUS server. To validate these parameters, you must specify the RADIUS
scheme in domain mode and specify the RADIUS mode for authentication and accounting.
7.2.3 Introduction to SSH

This topic describes SSH and the advantages of the SSH protocol.
What Is SSH

SSH provides authentication, encryption, and identification to guarantee network

communication security. When users telnet the router through an insecure network, SSH
provides the MA5600T with powerful security and authentication. This ensures that the
MA5600T is completely protected from attacks such as IP address spoofing or interception of
passwords of plain texts.
SSH RFC
The Internet Engineering Task Force (IETF) released an SSH RFC document. The SSH protocol
defined in the RFC document has two versions:
l SSHv1.5: The SSHv1.5 was issued earlier than the SSHv2. At present, a majority of SSHs
support this version.
l SSHv2: The SSHv2 is more standard and advanced than the SSHv1.5. It enhances security
and provides the file transfer function.
Advantages
The SSH protocol is based on a client/server mode. It uses TCP for interconnections to realize
secure remote access to insecure networks. Compared with telnet, SSH has the following
advantages:
l SSH supports the methods of using the password and RSA public key to authenticate clients.
l SSH supports data encryption standard (DES), 3DES, and AES to encrypt session data.
l When the SSH server communicates with the SSH client, both the user name and the
password are encrypted to prevent the password from being intercepted.
l SSH encrypts the data to guarantee security and reliability of the data during the
transmission.
l SSH supports authentication of a server.
l SSH supports the MD5 and SHA algorithms to identify the integrity of the session data to
guarantee authenticity of the session data and prevent the data from being altered
maliciously during the transfer process. SSH supports RSA authentication mode. In this
mode, SSH implements secure key exchange and authentication of the server by generating
public and private keys. These keys are generated according to the encryption principle of
the asymmetric encryption system. This guarantees the whole secure process of sessions.
7.2.4 Introduction to 802.1x

This topic introduces what is 802.1x and the working principle and the system architecture of
the 802.1x protocol.
What is 802.1x
802.1x (IEEE Std 802.1x-2001) is derived from the 802.11 protocol of Wireless Local Area
Network (WLAN), which is used for controlling the access and authentication of wireless users
at the link layer. After the expansion, 802.1x can use the Ethernet packets to bear data so that
802.1x can be employed to facilitate the Ethernet access or other wired access methods.
Working Principle of 802.1x

802.1x defines the port-based network access control and the working principle is as follows:

The access port (the physical port or the logical port) is under the control of the access device.
Before the authentication, the port is in the disabled state and users who are connected to this
port cannot access the network resources. If a user passes the authentication, the port is enabled
and users can access the permitted network resources.
System Architecture of 802.1x

802.1x defines the following three function entities: the supplicant, the authenticator and the
authentication server.
l The supplicant is usually a user-side device (such as a PC) and the client software supporting
802.1x must be installed on the device. The client software initiates the authentication and
stops the authentication.
l The authenticator is a network device that supports the 802.1x protocol. The system
authenticates the request of the supplicant and provides a service port to the supplicant.
The service port can be a physical port or a logical port.
l The authentication server is an entity that provides the authentication service to the
authenticator. The authentication server of 802.1x is always located at the carrier's AAA
center.
The authentication port is divided into two types: the controlled port and the uncontrolled port.
l The uncontrolled port is always in the bi-directional connection and can transmit the
authentication packets.
l By default, the controlled port is in the non-connection state. If the port passes the
authentication, then the controlled port is in the authenticated state and the port can transmit
service packets. If the port fails to pass the authentication, then the controlled port is in the
unauthenticated state and the port cannot transmit the service packets.
7.3 Configuration Example of Remote User Authentication

This topic provides an example for authenticating the remote user so that the user can access the
network resources through the MA5600T.
Networking
Figure 7-1 shows an example network for configuring the remote user authentication.
The MA5600T connects the PC to the RADIUS server, and it supports the 802.1x feature. The
IP address of the primary RADIUS server is 10.10.10.1, and the IP address of the secondary
RADIUS server is 20.20.20.1. The IDs of the ports for authentication and accounting is 1812
and 1813 respectively. The 802.1x authentication mode is EAP-end, and the AAA authentication
scheme is RADIUS.

Figure 7-1 Example network for configuring the remote user authentication
10.10.10.1
Radius server
20.20.20.1
Router
G CON GE 0/19/0
P ETH
ESC
B
C
SCU MA5600T
Optical splitter
ONT
PC
Data Plan
Table 7-1 provides the data plan for configuring the remote user authentication.
Table 7-1 Data plan for configuring the remote user authentication
Item Data
Remote user 802.1x authentication mode: EAP-end
AAA authentication scheme: RADIUS
User port: 0/11/0
VLAN: 10
Upstream port 0/9/0
VLAN: 10
IP address of the primary 10.10.10.1

RADIUS server
IP address of the 20.20.20.1

secondary RADIUS
server

Item Data
RADIUS server Authentication port ID of the RADIUS server: 1812
Accounting port ID of the RADIUS server: 1813
NOTE
l This topic provides information on configuration of the MA5600T only. For configuration of the
RADIUS server, refer to related documents. The RADIUS configuration profile contains the IP address
and port number of the RADIUS server. Configure other parameters such as RADIUS shared key and
RADIUS server type according to the normal practice.
l Currently, the MA5600T supports two authentication modes: RADIUS authentication and local
authentication.
Prerequisites
l The network devices and the lines must be in the normal state.
l All boards of the MA5600T must be in the normal state.
l The 802.1x client software has been installed on the PC, or the PC supports the DHCP-
triggered 802.1x authentication.
Figure 7-2 shows the flowchart for configuring the remote user authentication.

Figure 7-2 Flowchart for configuring the remote user authentication
Start
Configure the upstream port

and the service port
Configuring an 802.1X
template
Enable the 802.1X

authentication
Configure the AAA

authentication scheme
Configure the AAA

accounting scheme
Create the virtual profile for

the RADIUS server
Configure an AAA domain
Save the data
End
Procedure
Step 1 Configure the upstream port and the service port.
1. Create a VLAN.
huawei(config)#vlan 10 smart

3. Add the service port.

huawei(config)#service-port 6 vlan 10 gpon 0/11/0 gemport 128 rx-cttr 5 tx-cttr
5
Step 2 Configuring an 802.1x template.

huawei(config)#dot1x-template 3
huawei(config-dot1x-template3)#keepalive retransmit 3 interval 10
huawei(config-dot1x-template3)#eap-end
Step 3 Enable the 802.1x authentication.

1. Enable the 802.1x authentication based on the physical port.

huawei(config-dot1x-template3)#quit
huawei(config)#dot1x service-port 6
2. Enable the 8021.X authentication globally.

huawei(config)#dot1x enable
Step 4 Configure the AAA authentication scheme.

huawei(config)#aaa
huawei(config-aaa)#authentication-scheme huawei
Note: Create a new authentication scheme
huawei(config-aaa-authen-huawei)#authentication-mode radius
Step 5 Configure the AAA accounting scheme.

huawei(config-aaa-authen-huawei)#quit
huawei(config-aaa)#accounting-scheme huawei
Note: Create a new accounting scheme
huawei(config-aaa-accounting-huawei)#accounting-mode radius
huawei(config-aaa-accounting-huawei)#accounting interim interval 10
Step 6 Create the virtual profile for the RADIUS server.

NOTE
The configuration of the virtual profile for the RADIUS server must be the same as that of the remote RADIUS
server.
huawei(config-aaa-accounting-huawei)#quit
huawei(config-aaa)#quit
huawei(config)#radius-server template huawei
Note: Create a new server template
huawei(config-radius-huawei)#radius-server authentication 10.10.10.1 1812

huawei(config-radius-huawei)#radius-server authentication 20.20.20.1 1812
secondary
huawei(config-radius-huawei)#radius-server accounting 10.10.10.1 1813
huawei(config-radius-huawei)#radius-server accounting 20.20.20.1 1813 secondary
huawei(config-radius-huawei)#radius-server shared-key huawei
Step 7 Configure an AAA domain.

huawei(config-radius-huawei)#quit
huawei(config)#aaa
huawei(config-aaa)#domain huawei
Note: Create a new domain
huawei(config-aaa-domain-huawei)#authentication-scheme huawei
huawei(config-aaa-domain-huawei)#accounting-scheme huawei
huawei(config-aaa-domain-huawei)#dot1x-template 3
huawei(config-aaa-domain-huawei)#radius-server huawei

huawei(config-aaa-domain-huawei)#quit
huawei(config-aaa)#quit
huawei(config)#save
----End
Result
After the configuration on the RADIUS server is complete, log in to the MA5600T and type in
the user name in the format of "userid@huawei". If the RADIUS server contains the user name
and domain configuration, the user can log in to it and manage the devices.
7.4 Configuring the RADIUS

This topic describes the RADIUS configuration, including creating a RADIUS server template,
setting the IP address and port number of a RADIUS server, setting the shared key of the

RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum
retransmit count of RADIUS request packets, setting the RADIUS server type, setting the format
of user name sent to a RADIUS server.
7.4.1 Overview
This topic describes the specification and notes for configuring the RADIUS.
7.4.2 Creating a RADIUS Server Template
This topic describes how to create a RADIUS server template and enter the template
configuration mode.
7.4.3 Setting the IP Address and Port Number of a RADIUS Server
This topic describes how to set the IP address and UDP port number of the RADIUS server for
a new RADIUS server template.
7.4.4 Setting the Shared Key of the RADIUS Server
This topic describes how to set the shared key of the RADIUS server.
7.4.5 Setting the Response Timeout Interval of a RADIUS Server
This topic describes how to set the response timeout interval of a RADIUS server.
7.4.6 Setting the Maximum Number of Transmissions for the RADIUS Request Packets
This topic describes how to set the maximum number of transmissions for the RADIUS request
packets.
7.4.7 Setting the Format of the User Name Sent to a RADIUS Server
This topic describes how to set the format of the user name that is sent to a RADIUS server to
specify whether the user name contains the domain name.
7.4.1 Overview
This topic describes the specification and notes for configuring the RADIUS.
Specification
For the MA5600T, the RADIUS is configured based on each RADIUS server group.
In actual networking, a RADIUS server group can be any of the following:
l An independent RADIUS server
l A pair of primary/secondary RADIUS servers with the same configuration but different IP
addresses
The following lists the attributes of a RADIUS server template:
l IP addresses of primary and secondary servers
l Shared key
l RADIUS server type
NOTE
The RADIUS configuration only defines the parameters used for data exchange between the MA5600T
and the RADIUS server. To validate these parameters, you need to reference the RADIUS server group in
a domain. For details, see "7.6 Configuring AAA."
7.4.2 Creating a RADIUS Server Template

This topic describes how to create a RADIUS server template and enter the template
configuration mode.

l Before configuring the RADIUS, you must configure a RADIUS server template and enter
the template configuration mode.
l One RADIUS server template can be used by multiple domains at the same time.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter
RADIUS config mode.
Step 2 Run the quit command to exit RADIUS config mode.
Step 3 Run the display radius-server configuration command to query the created RADIUS server
template.
----End
Example
To create the RADIUS server template named radius1, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Traffic-unit : Byte
Shared-secret-key : huawei
Timeout-interval(in second) : 5
Retransmission : 3
Domain-included : yes
Primary-authentication-server : 0.0.0.0:0
Primary-accounting-server : 0.0.0.0:0
Secondary-authentication-server : 0.0.0.0:0
Secondary-accounting-server : 0.0.0.0:0
-------------------------------------------------------------------
Related Operation
Table 7-2 lists the related operation for creating a RADIUS server template
Table 7-2 Related operation for creating a RADIUS server template
Delete a RADIUS server template undo radius-server template
7.4.3 Setting the IP Address and Port Number of a RADIUS Server

This topic describes how to set the IP address and UDP port number of the RADIUS server for
a new RADIUS server template.

l By default, the RADIUS servers may consist of the primary and secondary RADIUS
servers. The IP address of the primary and secondary RADIUS servers is 0.0.0.0.
l To ensure normal communication between the MA5600T and the RADIUS server, before
setting the IP address and UDP port number of the server, make sure that the route between
the MA5600T and the RADIUS server is in the normal state.
l Make sure that the port settings for the RADIUS service on the MA5600T must be
consistent with the port settings on the RADIUS server.
Procedure
RADIUS config mode.
Step 2 Run the radius-server authentication command to configure the primary RADIUS server.
Step 3 Run the radius-server authentication secondary command to configure the secondary
RADIUS server.
Step 5 Run the display radius-server configuration command to query the IP address and port number
of the RADIUS servers.
----End
Example
To set the IP address and port number of the primary RADIUS server as 10.10.10.1 and 1812
respectively, and the IP address and port number of the secondary RADIUS server as 10.10.10.2
and 1812 respectively, do as follows:
huawei(config-radius-radius1)#radius-server authentication 10.10.10.1 1812
huawei(config-radius-radius1)#radius-server authentication 10.10.10.2 1812
secondary
-------------------------------------------------------------------
Traffic-unit : Byte
Shared-secret-key : huawei
Retransmission : 3
-------------------------------------------------------------------
Related Operation
Table 7-3 lists the related operation for setting the IP address and port number of a RADIUS
server.

Table 7-3 Related operation for setting the IP address and port number of a RADIUS server
Delete the configured RADIUS undo radius-server authentication

server
7.4.4 Setting the Shared Key of the RADIUS Server

This topic describes how to set the shared key of the RADIUS server.
l By default, the key is "huawei".
l The RADIUS client (namely the MA5600T) and the RADIUS server use the MD5
algorithm to encrypt the packets exchanged between them. Both the MA5600T and the
RADIUS server are configured with shared keys to verify the validity of packets. They
respond to the received packets only when the keys at both ends are identical.
Procedure
RADIUS config mode.
Step 2 Run the radius-server shared-key command to set the shared key of the RADIUS server.
Step 4 Run the display radius-server configuration command to query the shared key of the RADIUS
server.
----End
Example
To set the shared key of a RADIUS server as "radius2004", do as follows:
huawei(config-radius-radius1)#radius-server shared-key radius2004
-------------------------------------------------------------------
Traffic-unit : Byte
Shared-secret-key : radius2004
Retransmission : 3
-------------------------------------------------------------------
7.4.5 Setting the Response Timeout Interval of a RADIUS Server

This topic describes how to set the response timeout interval of a RADIUS server.

l After the MA5600T sends RADIUS request packets to the RADIUS server, if no response
from the RADIUS server is received after the timeout interval, the MA5600T resends these
packets to the RADIUS server to ensure that the users can obtain the RADIUS service.
l By default, the timeout interval is 5s.
Procedure
Step 1 Run the radius-server template command to create a RADIUS template and enter RADIUS
config mode.
Step 2 Run the radius-server timeout command to set the response timeout interval of a RADIUS
server.
Step 4 Run the display radius-server configuration command to query the response timeout interval
of the RADIUS server.
----End
Example
To set the response timeout interval of a RADIUS server to 10s, do as follows:
huawei(config-radius-radius1)#radius-server timeout 10
-------------------------------------------------------------------
Traffic-unit : Byte
Retransmission : 3
-------------------------------------------------------------------
Related Operation
Table 7-4 lists the related operation for setting the response timeout interval of a RADIUS server.
Table 7-4 Related operation for setting the response timeout interval of a RADIUS server
Restore the default response timeout interval of a undo radius-server timeout

RADIUS server

7.4.6 Setting the Maximum Number of Transmissions for the

RADIUS Request Packets
This topic describes how to set the maximum number of transmissions for the RADIUS request
packets.
l If no response has been received from the RADIUS server within the response timeout time
specified by the timeout timer, the MA5600T resends the request packets to the RADIUS
server. When the number of transmissions exceeds the specified maximum value, the
MA5600T considers that its connection to the RADIUS server is interrupted, and then sends
the request packets to another RADIUS server.
l By default, the maximum number of transmissions for the RADIUS request packets is 3.
l You can modify the configuration of a RADIUS server template. If there is an online user
who is using the RADIUS server template, the new configuration effects only after the user
gets online the next time.
Procedure
RADIUS config mode.
Step 2 Run the radius-server retransmit command to configure the maximum number of
transmissions for the RADIUS request packets.
Step 4 Run the display radius-server configuration command to query the maximum number of
transmissions for the RADIUS request packets.
----End
Example
To set the maximum number of transmissions for the RADIUS request packets to 5, do as
follows:
huawei(config-radius-radius1)#radius-server retransmit 5
-------------------------------------------------------------------
Traffic-unit : Byte
Retransmission : 5
-------------------------------------------------------------------

Related Operation
Table 7-5 lists the related operation for setting the maximum number of transmissions for the
RADIUS request packets.
Table 7-5 Related operation for setting the maximum number of transmissions for the RADIUS
request packets
Restore the maximum number of undo radius-server retransmit

transmissions for the RADIUS
request packets to the default value
7.4.7 Setting the Format of the User Name Sent to a RADIUS Server
This topic describes how to set the format of the user name that is sent to a RADIUS server to
specify whether the user name contains the domain name.
l By default, a user name sent to a RADIUS server contains the domain name.
l The names of the access users are generally in the format of "userid@domain-name". The
part following "@" is the domain name. The MA5600T learns the domains of users based
on their respective domain names.
l Some earlier RADIUS servers reject the user names that contain domain names. In this
case, you can run the undo radius-server user-name domain-included command to
specify that the user name to be sent to a RADIUS server carries no domain name.
l If a RADIUS server group does not accept user names that carry domain names, make sure
that the RADIUS server group is not used at the same time in two or more domains. This
is because users of different domains with the same user name can be mistaken as the same
user by the RADIUS when it is receiving these user names at the same time.
l You can modify the configuration of a RADIUS server template. If there is an online user
who is using the RADIUS server template, the new configuration can take effect only after
the user gets online next time.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the (undo)radius-server user-name domain-included command to set whether the user
name that is sent to RADIUS server contains a domain name.
Step 4 Run the display radius-server configuration command to query the format of a user name that
is sent to the RADIUS server.
----End

Examples
To specify that a user name to be sent to a RADIUS server contains no domain name, do as
follows:
huawei(config-radius-radius1)#undo radius-server user-name domain-included
-------------------------------------------------------------------
Traffic-unit : Byte
Retransmission : 5
Domain-included : no
-------------------------------------------------------------------
To specify that a user name to be sent to a RADIUS server contains a domain name, do as follows:
huawei(config-radius-radius1)#radius-server user-name domain-included
-------------------------------------------------------------------
Traffic-unit : Byte
Retransmission : 5
-------------------------------------------------------------------
7.5 Configuring 802.1x

This topic describes the 802.1x configuration, including configuring an 802.1x template,
enabling the 802.1x authentication on a port, configuring the control mode of a port, enabling
the 802.1x authentication globally, and enabling the DHCP-triggered authentication.
7.5.1 Configuring an 802.1x Template

This topic describes how to configure an 802.1x template.
7.5.2 Enabling the 802.1x Authentication on a Port
This topic describes how to enable the 802.1x authentication on a port.
7.5.3 Configuring the Control Mode of a Port
This topic describes how to configure the control mode of the 802.1x authentication for a port.
7.5.4 Enabling the 802.1x Authentication Globally
This topic describes how to enable the 802.1x authentication globally.
7.5.5 Enabling the DHCP-Triggered Authentication
This topic describes how to trigger DHCP to enable the 802.1x authentication.

7.5.1 Configuring an 802.1x Template

This topic describes how to configure an 802.1x template.
l The default 802.1x template is template 1 in the system. The default 802.1x template can
be modified but cannot be deleted.
l When you create an 802.1x template, all the parameters in the template have default
settings. By default, keep-alive in the 802.1x template is disabled. You can configure the
permitted handshake failure times to enable the keep-alive. By default, reauthentication is
enabled.
Procedure
Step 1 Run the dot1x-template command to enter dot1x-template mode.
Step 2 Run the keepalive retransmit command to configure the number of handshake failures allowed.
Step 3 Run the keepalive interval command to set the keep-alive interval.
Step 4 Run the reauthentication interval command to set the reauthentication interval.
Step 5 Run the authentication timeout command to set the timeout interval of the server.
Step 6 Run the request interval command to set the timeout interval of the client.
Step 7 Run the request retransmit command to configure the number of times for retransmitting
packets to the client.
Step 8 Run the quiet-period command to configure the quiet period after the authentication
configuration on the client fails. In the quiet period, the system does not respond to authentication
requests.
Step 9 Run the eap-end command to configure the authentication mode as EAP-end.
Step 10 Run the quit command to exit dot1x-template mode.
Step 11 Run the display dot1x-template command to query the configuration of the 802.1x template.
----End
Example
l Permitted handshake failure times: 3
l Reauthentication interval: 100s
l Timeout interval of the server: 150s
l Timeout interval of the client: 30s
l Times for retransmitting packets to the client: 3
l Quiet period: 15s
l Authentication mode: EAP-end
To create 802.1x template 6, do as follows:

huawei(config)#dot1x-template 6
huawei(config-dot1x-template6)#keepalive retransmit 3
huawei(config-dot1x-template6)#keepalive interval 10
huawei(config-dot1x-template6)#reauthentication interval 100
huawei(config-dot1x-template6)#authentication timeout 150
huawei(config-dot1x-template6)#request interval 30
huawei(config-dot1x-template6)#request retransmit 3
huawei(config-dot1x-template6)#quiet-period 15
huawei(config-dot1x-template6)#eap-end
huawei(config-dot1x-template6)#quit
huawei(config)#display dot1x-template 6
Template Number : 6
Authentication Timeout : 150
KeepAlive Switch : enable
KeepAlive Interval : 10
KeepAlive Retransmit Times : 3
ReAuthentication Switch : enable
ReAuthentication Interval : 100
Request Interval : 30
Request Retransmit Times : 3
Quiet-Period : 15
Eap-Mode : eap-end
Related Operations
Table 7-6 lists the related operations for configuring an 802.1x template.
Table 7-6 Related operations for configuring an 802.1x template

Disable keep-alive keepalive switch-off By default, keep-alive is disabled.

You can configure the number of
handshake failures allowed to
enable keep-alive.
Disable reauthentication switch-off By default, reauthentication is

reauthentication enabled.
Restore the default undo eap-end Switching the authentication

authentication mode of an 802.1x template forces
mode of the 802.1x the related users to get offline.
template Therefore, do not change the
authentication mode after the
802.1x template is configured.
Restore the default reset When you need to cancel the

settings of configuration of a parameter of the
parameters of the 802.1x template, run the
802.1x template corresponding undo command of
the configuration command.
When you need to restore the
default settings of all the
parameters, run the reset
command.

7.5.2 Enabling the 802.1x Authentication on a Port

This topic describes how to enable the 802.1x authentication on a port.
l On the GPON service board, you can enable the 802.1x authentication on a service port
and not on a physical port.
l To reduce the occurrence of the abnormal logout caused by the change in the 802.1x
configuration, the configuration of the 802.1x template and the port on the MA5600T does
not take effect immediately. You must run the dot1x enable command to enable the 802.1x
authentication. Only then the configuration takes effect.
l After the 802.1x authentication is disabled, the parameter configuration is retained. When
the 802.1x authentication is enabled again, the configuration takes effect.
Procedure
Enable the 802.1x authentication based on the service port
1. Run the dot1x service-port command to enable the 802.1x authentication based on the
service port.
2. Run the display dot1x service-port command to query the 802.1x configuration of the
specified service port.
----End
Examples
To enable the 802.1x authentication of service port 8, do as follows:
huawei(config)#dot1x service-port 8
huawei(config)#display dot1x service-port 8
FlowID : 8
Authentication State : unauthorized
Authentication Mode : auto
User-Name :
Framed-Pool :
Related Operations
Table 7-7 lists the related operations for enabling the 802.1x authentication on a port.

Table 7-7 Related operations for enabling the 802.1x authentication on a port.
Configure the dot1x port-control By default, the control mode of a port

802.1x with the 802.1x authentication enabled
authentication is automatic. In this mode, users can
mode of the access the network resources only after
specified port the authentication.
When the control mode of a port is
force-authorized, the port is enabled
and users can access the network
resources without authentication.
When the control mode of a port is
force-unauthorized, the port is
disabled and users cannot access the
network resources.
Enable the dot1x enable By default, the 802.1x authentication of

802.1x the device is disabled.
authentication
on the device
Query the display service-port -

service ports in
the system
7.5.3 Configuring the Control Mode of a Port

This topic describes how to configure the control mode of the 802.1x authentication for a port.
l By default, the control mode of a port for which the 802.1x authentication is enabled, is
automatic. In this mode, users can access the network resources only after the
authentication.
l When the control mode of a port is force-authorized, the port is enabled and users can
access the network resources without authentication. When the control mode of a port is
force-unauthorized, the port is disabled and users cannot access the network resources.
l On the GPON service board, you can configure the control mode on a service port and not
on a physical port.
Procedure
Step 1 Run the dot1x port-control command to configure the 802.1x authentication mode of the
specified port.
Step 2 Query the 802.1x configuration of the specified port.
l Run the display dot1x service-port command to query the 802.1x configuration of the
specified service port.
----End

Example
To configure the control mode of the 802.1x authentication for service port 6 as force-
authorized, do as follows:
huawei(config)#dot1x port-control force-authorized service-port 6
huawei(config)#display dot1x service-port 6
FlowID : 6
Authentication State : -
Authentication Mode : force-authorized
User-Name :
Framed-Pool :
Related Operations
Table 7-8 lists the related operations for configuring the control mode of a port.
Table 7-8 Related operations for configuring the control mode of a port
Enable the dot1x service-port By default, the 802.1x authentication of

802.1x the service port is disabled.
authentication
of a service port
Enable the dot1x enable By default, the 802.1x authentication of

802.1x the device is disabled.
authentication
of a device
7.5.4 Enabling the 802.1x Authentication Globally

This topic describes how to enable the 802.1x authentication globally.
l By default, the 802.1x authentication of the device is disabled.
l To minimize the occurrence of the abnormal logout caused by the change in the 802.1x
configuration, the configuration of the 802.1x template and the port on the MA5600T does
not take effect immediately. You must enable the 802.1x authentication and then the
configuration takes effect.
l After the 802.1x authentication is disabled, the parameter configuration is retained. When
the 802.1x authentication is enabled again, the configuration takes effect.
Procedure
Step 1 Run the dot1x enable command to enable the 802.1x authentication globally.
Step 2 Run the display dot1x command to query the global state of the 802.1x authentication.
----End

Example
To enable the 802.1x authentication globally, do as follows:
huawei(config)#dot1x enable
It will take several minutes to dot1x enable, please wait...
huawei(config)#display dot1x
{ <cr>|port<K>|service-port<K>|statistics<K> }:
Command:
display dot1x
802.1x global status : enable
802.1x dhcp-trigger status : disable
Related Operations
Table 7-9 lists the related operations for enabling the 802.1x authentication globally.
Table 7-9 Related operations for enabling the 802.1x authentication globally
Disable the dot1x disable By default, the 802.1x authentication is

802.1x disabled globally.
authentication
globally

authentication
of a service port
7.5.5 Enabling the DHCP-Triggered Authentication

This topic describes how to trigger DHCP to enable the 802.1x authentication.
l By default, the DHCP-triggered 802.1x authentication is disabled.
l The DHCP-triggered 802.1x authentication facilitates the devices that do not support the
802.1x client-triggered authentication to implement the 802.1x authentication.
Procedure
Step 1 Run the dot1x dhcp-trigger enable command to enable the DHCP-triggered 802.1x
authentication.
Step 2 Run the display dot1x command to query the global state of the 802.1x authentication.
----End
Example
To enable the DHCP-triggered 802.1x authentication, do as follows:

huawei(config)#dot1x dhcp-trigger enable

It will take several minutes to dot1x enable, please wait...
huawei(config)#display dot1x
{ <cr>|port<K>|service-port<K>|statistics<K> }:
Command:
display dot1x
802.1x global status : enable
802.1x dhcp-trigger status : enable
Related Operation
Table 7-10 lists the related operations for enabling the DHCP-triggered 802.1x authentication.
Table 7-10 Related operations for enabling the DHCP-triggered 802.1x authentication
Disable the dot1x dhcp-trigger disable By default, the DHCP-triggered 802.1x

DHCP- authentication is disabled.
triggered
authentication

authentication
of a service port
7.6 Configuring AAA

This topic describes the AAA configuration, including configuring an authentication scheme,
creating a domain, specifying the authentication scheme and binding the RADIUS server
template.
7.6.1 Configuring an Authentication Scheme
This topic describes how to configure a scheme for authenticating the remote login requests of
managed users. In the authentication scheme, you can specify the mode for authenticating the
remote login requests of managed users.
7.6.2 Configuring an Accounting Scheme
This topic describes how to configure an accounting scheme.
7.6.3 Configure an Accounting Mode
This topic describes how to configure an accounting mode.
7.6.4 Configuring the Interval for the Real-time Accounting
This topic describes how to configure the interval for the real-time accounting.
7.6.5 Creating a Domain
This topic describes how to create a domain.
7.6.6 Binding a RADIUS Server Template
This topic describes how to bind a domain with a RADIUS server template.
7.6.7 Specifying an Authentication Scheme

When you need to configure the remotely managed users to contain the domain information for
authentication, This topic describes how to specify an authentication scheme for a domain.
7.6.8 Specifying an Accounting Scheme
This topic describes how to specify an accounting scheme for a domain for the purpose of
accounting.
7.6.9 Referencing an 802.1x Template
This topic describes how to reference an 802.1x template for a domain.
7.6.1 Configuring an Authentication Scheme

This topic describes how to configure a scheme for authenticating the remote login requests of
managed users. In the authentication scheme, you can specify the mode for authenticating the
remote login requests of managed users.
l The MA5600T supports the authentication through the RADIUS server.
l After an authentication scheme is configured, it is validated when it is referenced by a
domain. A domain defines one type of users.
l To adopt radius as the authentication mode, you must configure the RADIUS protocol for
the MA5600T (for details, see "7.4 Configuring the RADIUS") and configure the related
user information on the remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the authentication-scheme command to configure an authentication scheme.
Step 3 Run the authentication-mode radius command to configure the authentication mode of the
scheme.
Step 4 Run the quit command to exit authentication mode.
Step 5 Run the display authentication-scheme command to query the configured authentication
scheme.
----End
Example
To configure authentication scheme "huawei", with the authentication mode of RADIUS, do as
follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme huawei
huawei(config-aaa-authen-huawei)#authentication-mode radius
huawei(config-aaa-authen-huawei)#quit
huawei(config-aaa)#display authentication-scheme
{ <cr>|string<S><1,32> }:
Command:
display authentication-scheme
---------------------------------------------------------------------------
Authentication-scheme-name Authentication-mode
---------------------------------------------------------------------------
default Local authentication

huawei RADIUS authentication

---------------------------------------------------------------------------
Total 2,2 printed
Related Operations
Table 7-11 lists the related operations for configuring an authentication scheme.
Table 7-11 Related operations for configuring an authentication scheme

Delete an undo authentication-scheme The default authentication

authentication scheme scheme of the system cannot
be deleted.
Query AAA display aaa configuration You can query the usage of
configuration the configuration resources
of the authentication scheme
table.
7.6.2 Configuring an Accounting Scheme

This topic describes how to configure an accounting scheme.
l After configuring an accounting scheme, reference it for setting a user domain (the user
type has been specified) to bring it into operation.
l Before you reference the radius accounting scheme, you must configure the RADIUS
protocol (for details, see "7.4 Configuring the RADIUS") and configure the related user
information on the remote RADIUS server.
Procedure
Step 2 Run the accounting-scheme command to create an AAA accounting scheme and enter the
corresponding configuration mode.
Step 3 Run the quit command to exit the accounting mode.
Step 4 Run the display accounting-scheme command to query the configuration of the accounting
scheme.
----End
Example
To create an AAA accounting scheme named huawei, do as follows:
huawei(config)#aaa
Note: Create a new accounting scheme

huawei(config-aaa)#display accounting-scheme huawei

---------------------------------------------------------------------------
Accounting-scheme-name : huawei
Accounting-mode : No accounting
Realtime-accounting-switch : Close
Realtime-accounting-interval(min) : -
---------------------------------------------------------------------------
Related Operations
Table 7-12 lists the related operations for configuring an accounting scheme.
Table 7-12 Related operations for configuring an accounting scheme
Delete an accounting undo accounting-scheme The default accounting

scheme scheme of the system cannot
be deleted.
The referenced accounting
scheme cannot be deleted.
Configure an accounting-mode By default, the accounting

accounting mode mode is none.
Configure the interval accounting interim interval When the accounting mode
for real-time is RADIUS, by default, the
accounting real-time accounting is
disabled.
Show AAA display aaa configuration You can query the usage of
configuration the resources configured on
the accounting scheme table.
7.6.3 Configure an Accounting Mode

This topic describes how to configure an accounting mode.
l The MA5600T supports the RADIUS accounting mode. By default, the accounting mode
is none.
l After configuring an accounting scheme, reference it for setting a user domain (the user
type has been specified) to bring it into operation.
l Before you reference the radius accounting scheme, you must configure the RADIUS
protocol (for details, see "7.4 Configuring the RADIUS.") and also configure the related
user information on the remote RADIUS server.
Procedure

corresponding configuration mode, or enter the mode of the specified accounting scheme.
Step 3 Run the accounting-mode command to configure the accounting mode.
scheme.
----End
Example
To configure the accounting mode of the AAA accounting scheme of huawei as RADIUS, do
as follows:
huawei(config)#aaa
huawei(config-aaa-accounting-huawei)#accounting-mode radius
---------------------------------------------------------------------------
Accounting-mode : RADIUS accounting
Realtime-accounting-switch : Open
Realtime-accounting-interval(min) : 20
---------------------------------------------------------------------------
Related Operations
Table 7-13 lists the related operations for configuring an accounting mode.
Table 7-13 Related operations for configuring an accounting mode
Configure an accounting-scheme The accounting scheme

accounting scheme named default is the default
scheme in the system.

Configure the interval accounting interim interval When the accounting mode
for real-time is RADIUS, by default, the
accounting real-time accounting is
disabled.
7.6.4 Configuring the Interval for the Real-time Accounting

This topic describes how to configure the interval for the real-time accounting.

When the accounting mode is RADIUS, by default, the real-time accounting is disabled.
Procedure
corresponding configuration mode, or enter the mode of the specified accounting scheme.
Step 3 Run the accounting interim interval command to configure the interval for the real-time
accounting.
scheme.
----End
Example
To configure the interval for the real-time accounting of the AAA accounting scheme of huawei
as 30 minutes, do as follows:
huawei(config)#aaa
huawei(config-aaa-accounting-huawei)#accounting interim interval 30
---------------------------------------------------------------------------
Accounting-mode : RADIUS accounting
Realtime-accounting-switch : Open
Realtime-accounting-interval(min) : 30
---------------------------------------------------------------------------
Related Operations
Table 7-14 lists the related operations for configuring the interval for the real-time accounting.
Table 7-14 Related operations for configuring the interval for the real-time accounting.
Configure an accounting-scheme The accounting scheme

accounting scheme named default is the default
scheme in the system.


7.6.5 Creating a Domain

This topic describes how to create a domain.
l A domain is a group of users with the same attributes.
l For a user name in the format of "userid@domain-name", such as
huawei20041028@huawei.net, the "huawei.net" following "@" is the domain name, and
the "userid" is the user name for identity authentication.
l The length of the domain name used for login should be equal to or less than 15 characters.
The length of other domain names should be equal to or less than 20 characters.
Procedure
Step 2 Run the domain command to create a domain.
Step 3 Run the quit command to exit domain mode.
Step 4 Run the display domain command to query the domain.
----End
Example
To create a domain named huawei.net, do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#display domain
{ <cr>|string<S><1,20> }:
Command:
display domain
-----------------------------------------------------------------------
Domain name Online
-----------------------------------------------------------------------
default 0
huawei.net 0
-----------------------------------------------------------------------
Total 2,2 printed
Related Operations
Table 7-15 lists the related operations for creating a domain.
Table 7-15 Related operations for creating a domain
Delete a domain undo domain The default domain cannot be

deleted.

Query AAA display aaa You can query the usage of

configuration configuration configuration resources of the
domain.
7.6.6 Binding a RADIUS Server Template

This topic describes how to bind a domain with a RADIUS server template.
Prerequisite
You must configure a RADIUS server template before this operation. For details, see "7.4
Configuring the RADIUS."
Procedure
Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode.
Step 3 Run the radius-server template command to bind a RADIUS server template with the AAA
domain.
Step 5 Run the display domain command to query the information on the domain.
----End
Example
To bind "radius1" as the RADIUS server template of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa-domain-huawei.net)#radius-server template radius1
huawei(config-aaa)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Authentication-scheme-name : default
Accounting-scheme-name : default
Radius-server-template : radius1
Dot1x-template-number : 1
Online-number : 0
-------------------------------------------------------------------
Related Operation
Table 7-16 lists the related operation for binding the RADIUS server template.

Table 7-16 Related operation for binding the RADIUS server template
Cancel the reference of a undo radius-server template Run the command in domain
RADIUS server template mode to cancel the reference
of the RADIUS server
template.
7.6.7 Specifying an Authentication Scheme

When you need to configure the remotely managed users to contain the domain information for
authentication, This topic describes how to specify an authentication scheme for a domain.
l An authentication scheme defines the policy to authenticate all the users of an ISP domain.
l An authentication scheme can be referenced by a domain only after it is created.
Procedure
Step 3 Run the authentication-scheme command to specify the authentication scheme.
----End
Example
To specify huawei as the authentication scheme of domain huawei.net, do as follows:
huawei(config)#aaa
huawei(config-aaa-domain-huawei.net)#authentication-scheme huawei
-------------------------------------------------------------------
Authentication-scheme-name : huawei
Radius-server-template : -
Online-number : 0
-------------------------------------------------------------------
Related Operations
Table 7-17 lists the related operations for specifying the authentication scheme.

Table 7-17 Related operations for specifying the authentication scheme

Delete the undo authentication-scheme Run the command in domain

specified mode to cancel the reference of
authentication the authentication scheme.
scheme
configuration configuration resources of a
domain.
7.6.8 Specifying an Accounting Scheme

This topic describes how to specify an accounting scheme for a domain for the purpose of
accounting.
Prerequisite
Before specifying a scheme for a domain, you need to create the scheme.
Procedure
Step 3 Run the accounting-scheme command to specify the accounting scheme.
----End
Example
To specify "huawei" as the accounting scheme of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa-domain-huawei.net)#accounting-scheme huawei
-------------------------------------------------------------------
Authentication-scheme-name : huawei
Radius-server-template : -
Online-number : 0
-------------------------------------------------------------------
Related Operations
Table 7-18 lists the related operations for specifying an accounting scheme.

Table 7-18 Related operations for specifying an accounting scheme

Delete the undo accounting-scheme Delete the specified accounting

specified scheme in domain mode.
accounting scheme
configuration resources configured on the
domain.
7.6.9 Referencing an 802.1x Template

This topic describes how to reference an 802.1x template for a domain.
Prerequisite
You need to configure the 802.1x template before you reference it. For details on the
configuration, see "7.5.1 Configuring an 802.1x Template."
Procedure
Step 3 Run the dot1x-template command to bind an 802.1x template with a domain.
Step 5 Run the display domain command to query the information of the domain.
----End
Example
To configure the domain huawei.net and enable the domain to implement the authentication by
using the 802.1x template, do as follows:
huawei(config)#aaa
huawei(config-aaa-domain-huawei.net)#dot1x-template 3
-------------------------------------------------------------------
Authentication-scheme-name : default
Radius-server-template : radius1
Online-number : 0
-------------------------------------------------------------------
Related Operation
Table 7-19 lists the related operation for referencing an 802.1x template.

Table 7-19 Related operation for referencing an 802.1x template

Delete the reference to an undo dot1x-template In domain mode, run this

802.1x template command to delete the
reference to an 802.1x
template.
7.7 Configuring SSH

This topic describes the SSH configuration, including creating the local RSA key pair,
configuring the SSH user public key and configuring an SSH user.
7.7.1 Creating the Local RSA Key Pair
This topic describes how to create the local RSA key pair.
7.7.2 Configuring the SSH User Public Key
This topic describes how to configure the SSH user public key.
7.7.3 Configuring an SSH User
This topic describes how to configure an SSH user.
7.7.1 Creating the Local RSA Key Pair

This topic describes how to create the local RSA key pair.
l The key size ranges from 512 bits to 2048 bits. You can change it to 512, 1024, or 2048
bits as required. By default, it is 512 bits.
l Before using the SSH service for the first time, you must run the rsa local-key-pair
create command.
l If you destroy the SSH server host key pair and service key pair, you must create a new
SSH server host key pair and service key pair.
Procedure
Step 1 Run the rsa local-key-pair create command to create the local RSA key pair.
Step 2 Run the display rsa local-key-pair public command to query the local RSA key pair.
----End
Example
To set the name of the local RSA key pair to huawei_Host and set the length of the password to
1024, do as follows:
huawei(config)#rsa local-key-pair create
The key name will be: huawei_Host
% RSA keys defined for huawei_Host already exist.
Confirm to replace them? [y/n]:y
The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
......................++++++
..++++++
............................................++++++++
.++++++++
huawei(config)#display rsa local-key-pair public
=====================================================
Time of Key pair created: 13:39:58 2006/2/10
Key name: huawei_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BF2B1846 14543312 785ABA61 595B1FA6 9B6D2A6D
D0C5A771 07FE3692 CDEE3C8D 11EFB290 7247BC5B
6F28BBB0 8F0B9DC0 4247F4F0 0A38A5B3 A7E5BD5F
7330CB1D
0203
010001
=====================================================
Time of Key pair created: 13:40:0 2006/2/10
Key name: huawei_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
B4830A71 7974B485 1365431A 0504081E C9D5A8AF
17AE7F6B A7E07227 3260B5DB 722F42F4 B1BD03D8
E6C527F3 B4403736 29E1A954 17AA56F9 50B3857B
21354F07 95F421C7 9468D159 75B72B27 EA79E33E
68C9D35C BF98B56D 9B880598 095EAB0D
0203
010001
Related Operation
Table 7-20 lists the related operation for creating a local RSA key pair.
Table 7-20 Related operation for creating a local RSA key pair
Destroy the local RSA key rsa local-key-pair destroy

pair
7.7.2 Configuring the SSH User Public Key

This topic describes how to configure the SSH user public key.
Figure 7-3 shows the flowchart for configuring the SSH user public key.

Figure 7-3 Flowchart for configuring the SSH user public key
Start
Enter config-rsa-public-key
mode
Enter public key eidt mode
Input the user public key
Quit public key edit mode
End
Procedure
Step 1 Run the rsa peer-public-key command to enter rsa-public-key mode.
Step 2 Run the public-key-code begin command to enter public key edit mode.
Step 3 Input the user public key.
Step 4 Run the public-key-code end command to exit public key edit mode.
Step 5 Run the peer-public-key end command to exit to global config mode.
Step 6 Run the display rsa peer-public-key command to query the SSH user public key.
----End
Example
To paste the conversed user public key in the current system, do as follows:
huawei(config)#rsa peer-public-key key
huawei(config-rsa-public-key)#public-key-code begin
huawei(config-rsa-key-code)#30450240 B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E
huawei(config-rsa-key-code)#FD00ED66 B8B5E954 2B053A82 131B967C 8DDC1176 0746A8BB
huawei(config-rsa-key-code)#C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F 020125
huawei(config-rsa-key-code)#public-key-code end
huawei(config-rsa-public-key)#peer-public-key end
huawei(config)#display rsa peer-public-key
{ <cr>|brief<K>|name<K> }:
Command:
display rsa peer-public-key
=====================================
Key name: key
=====================================
Key Code:
3045
0240

B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E FD00ED66 B8B5E954 2B053A82

131B967C 8DDC1176 0746A8BB C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F
0201
25
7.7.3 Configuring an SSH User

This topic describes how to configure an SSH user.
SSH user authentication is classified as follows:
l password: indicates the common password authentication mode. It is the default

authentication type.
l rsa: indicates the RSA public key authentication.
l all: indicates the password or RSA authentication. In this authentication mode, a user can
log in to the MA5600T by passing the password authentication or the RSA public key
authentication.
l password-publickey: indicates the password and public key authentication. In this
authentication mode, a user can log into the MA5600T only after passing the password
authentication and the RSA public key authentication. This authentication mode applies to
SSHv2.0.
Procedure
Step 1 Run the ssh user assign rsa-key command to set the RSA public key of SSH user.
Step 2 Run the ssh user authentication-type rsa command to set the RSA authentication mode of SSH
user.
Step 3 Run the display ssh user-information command to query the authentication mode of an SSH
user.
----End
Example
To set the RSA public key of SSH user huawei as key, and the authentication mode as RSA, do
as follows:
huawei(config)#ssh user huawei assign rsa-key key
huawei(config)#ssh user huawei authentication-type rsa
huawei(config)#display ssh user-information
{ <cr>|string<S><1,16> }:
Command:
display ssh user-information
Username Authentication-type User-public-key-name Service-type
huawei rsa key stelnet
Related Operations
Table 7-21 lists the related operations for configuring an SSH user.

Table 7-21 Related operations for configuring an SSH user

Delete the RSA public key of an undo ssh user assign rsa-key
SSH user
Set the SSH user authentication ssh user authentication-type

mode

SmartAX MA5600T Multi-service Access Module 8 VLAN Configuration
8 VLAN Configuration
About This Chapter
This topic describes how to configure the VLANs supported by the MA5600T.
NOTE
(s) directly.
first.
8.1 Overview
This topic describes the VLAN technology, and also the count, types and attributes of the VLANs
supported by the MA5600T.
8.2 Configuration Example of a VLAN
This topic provides an example for configuring a MUX VLAN to implement the ADSL2+ access
service. For the configuration examples of VLANs of other types, see "8.1 Overview."
8.3 Configuration Example of a MUX VLAN
This topic provides an example for configuring a MUX VLAN to implement the GPON access
service. For the configuration example of VLANs of other types, see "8.1 Overview."
8.4 Creating a VLAN
This topic describes how to create a VLAN or VLANs of the same type in batches. To control
the communication between different ports of a device, you need to create the VLAN to logically
group the ports into different subnets.
8.5 Configuring the VLAN Attribute
This topic describes how to configure the VLAN attribute. You can configure the VLAN attribute
to QinQ, stacking or common as required.
8.6 Setting the Inner and Outer Ethernet Protocols Type of a VLAN Stacking
This topic describes how to set the inner and outer Ethernet protocol type that a stacking VLAN
supports. The inner VLAN tag does not adopt the standard 802.1q protocol. Therefore, to enable
the interconnection between the MA5600T and the devices of other vendors, you must configure

8 VLAN Configuration SmartAX MA5600T Multi-service Access Module
the inner and outer Ethernet protocol type of a stacking VLAN to be the same as the inner and
outer Ethernet protocol type of the interconnected devices.
8.7 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN
This topic describes how to set the inner VLAN priority of the service port in a stacking VLAN.
To classify different users, you can configure the important user packets with higher priorities.
In this way, these packets can be processed first.
8.8 Adding an Upstream Port to a VLAN
This topic describes how to add an upstream port to a VLAN. To transmit the user packets with
the VLAN tag through the upstream port, you must add the upstream port to a VLAN.
8.9 Adding a Service Port to a VLANAdding Service Port(s) to a VLAN
This topic describes how to add a service port to a VLAN. This topic describes how to add
service port(s) to a VLAN. The service port is used for user access. For the user connected to a
user port of the MA5600T through a terminal, the service traffic of this user is borne on one
service port of the user port.
8.10 Adding Service Ports in Batches
This topic describes how to add service ports in batches. The MA5600T supports the function
of adding multiple service ports on an ADSL2+ board, a SHDSL board, or a VDSL board to a
smart VLAN. The MA5600T also supports the function of adding multiple service ports on one
or more ADSL2+, SHDSL, or VDSL boards to different successive MUX VLANs at a time.
8.11 Configuring the Description of a Service Port
This topic describes how to configure the description of a service port. Then the service ports
are identified and classified based on the description to facilitate the management and
maintenance of users or services.

8.1 Overview
This topic describes the VLAN technology, and also the count, types and attributes of the VLANs
supported by the MA5600T.
Service Description
Virtual local area network (VLAN) technology is a technology used to form virtual workgroups
by logically grouping the devices of a LAN into different subtnets. The Institute of Electrical
and Electronics Engineers (IEEE) issued draft IEEE 802.1q in 1999, aiming at standardizing
VLAN implementations.
For details on the VLAN feature, refer to "VLAN" in the MA5600T Feature Description.
The MA5600T supports up to 4K VLANs.
The MA5600T supports the following types of VLANs:
l Standard VLAN
l Smart VLAN
l MUX VLAN
l Super VLAN
Table 8-1 lists the VLAN types and applications.
Table 8-1 VLAN types and applications

Type Description Application
Standard l Ethernet ports in a standard VLAN can It is applied only to

VLAN communicate with each other. Ethernet ports for network
l An Ethernet port in a standard VLAN is management and
isolated from an Ethernet port in another subtending.
standard VLAN. For the configuration of the
standard VLAN, see "3.4
Configuration Example
of an Inband NMS."

Type Description Application
Smart VLAN A smart VLAN can contain multiple xDSL It is applied to xDSL
service ports. The service streams of any two access, such as the Internet
service ports in a smart VLAN are isolated. access service for
The service streams of different VLANs are residential users.
also isolated from each other. A smart VLAN Applied to GPON access,
can serve multiple users, thus saving VLAN such as residential areas to
resources. provide access to the
A smart VLAN can contain multiple GPON Internet.
service ports. Service streams of these ports For the configuration of the
in a smart VLAN are isolated from each smart VLAN, see
other. Service streams of different VLANs "Configuration Example
are also isolated from each other. A smart of the ADSL2+ PPPoE/
VLAN can serve multiple users, thus saving IPoE Service25.2
VLAN resources. Configuration Example
of the GPON Service."
MUX VLAN A MUX VLAN can contain only one xDSL It is applied to xDSL
service port. Service streams of different access for the purpose of
VLANs are isolated from each other. One-to- distinguishing users by
one mapping can be set up between a MUX VLANs.
VLAN and an access user. In this way, a It is applied to GPON
MUX VLAN can uniquely identify an access access for the purpose of
user. distinguishing users by
A MUX VLAN can contain only one GPON VLANs.
service port. Service streams of different For the configuration of the
VLANs are isolated from each other. One-to- MUX VLAN, see "8.2
one mapping can be set up between a MUX Configuration Example
VLAN and an access user. In this way, a of a VLAN8.3
MUX VLAN can uniquely identify an access Configuration Example
user. of a MUX VLAN."
Super VLAN A super VLAN is a layer 3 (an L3)-based It is used for saving IP
VLAN. It consists of multiple sub VLANs. address resources, thus
The sub VLANs can communicate with each improving the usage
other based on the ARP proxy feature. A sub efficiency of IP addresses.
VLAN can be a smart VLAN or a MUX For the configuration of the
VLAN. super VLAN, see "10.2
ARP Proxy
Configuration Example."
The attributes of a VLAN are as follows:
l Common
l QinQ
l Stacking
Table 8-2 lists the attributes of a VLAN.

Table 8-2 VLAN attributes

VLAN Application
attribute
Common A VLAN with this attribute can be used as an L2 VLAN. You can create
an L3 virtual interface for a common VLAN if necessary.
QinQ When a packet contains the tag of a VLAN with the QinQ attribute, the
packet contains two VLAN tags:
l Inner VLAN tag from the private network
l Outer VLAN tag allocated by the MA5600T
Through the outer VLAN tag, an L2 VPN tunnel can be set up to
transparently transmit service data among private networks. For details on
the QinQ VLAN, see "29 QinQ VLAN Private Line Service
Configuration."
Stacking When a packet contains the tag of a VLAN with the stacking attribute, the
packet contains two VLAN tags allocated by the MA5600T: inner VLAN
tag and outer VLAN tag.
The upper layer BRAS can authenticate users based on the double VLAN
tags, thus increasing the number of access users. The upper layer network
working in L2 mode can forward packets based on the outer VLAN tag +
MAC to provide the wholesale service function for ISPs. For details on the
stacking VLAN, see "28 VLAN Stacking Wholesale Service
Configuration."
8.2 Configuration Example of a VLAN

This topic provides an example for configuring a MUX VLAN to implement the ADSL2+ access
service. For the configuration examples of VLANs of other types, see "8.1 Overview."
Networking
Figure 8-1 shows an example network for configuring a MUX VLAN.
In this example network, the PCs are connected to the MA5600T through modems. PC1 and
PC2 belong to different MUX VLANs. On the control board of the MA5600T, the packets from
PC1 and PC2 are differentiated by the VLAN, and transmitted to the upper layer network.

Figure 8-1 Example network for configuring a MUX VLAN
Router
A CON
ETH
D ESC
L
F GE 0/9/0
SCU MA5600T
Modem Modem
PC1 PC2
Data Plan
Table 8-3 provides the data plan for configuring a MUX VLAN.
Table 8-3 Data plan for configuring a MUX VLAN
Item Data
ADSL2+ board ADSL2+ port: 0/11/0

VPI/VCI: 0/35
VLAN ID: 20
ADSL2+ board ADSL2+ port: 0/11/1

VPI/VCI: 0/35
VLAN ID: 21
Upstream port 0/9/0
Prerequisites
l The network devices and lines must be in the normal state.
l All the boards of the MA5600T must be in the normal state.
l The VPI/VCI of the modem is 0/35.

Figure 8-2 shows the flowchart for configuring a MUX VLAN.
Figure 8-2 Flowchart for configuring a MUX VLAN
Start
Create MUX VLANs
Add upstream ports to the

VLANs
Add service ports to the

VLANs
Save the data
End
Procedure
Step 1 Create MUX VLANs.
huawei(config)#vlan 20 mux
Step 2 Add upstream ports to the VLANs.

Step 3 Add service ports to the VLANs.

The service ports use the default traffic profile (profile 5).
huawei(config)#service-port vlan 20 adsl 0/11/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5

huawei(config)#save
----End
Result
After the configuration, both PC1 and PC2 can access the Internet, but they cannot communicate
with each other.
8.3 Configuration Example of a MUX VLAN

This topic provides an example for configuring a MUX VLAN to implement the GPON access
service. For the configuration example of VLANs of other types, see "8.1 Overview."

Networking
Figure 8-3 shows an example network for configuring a MUX VLAN.
Figure 8-3 Example network for configuring a MUX VLAN
Router
MA5600T SCU
G CON GE 0/19/0
ETH
P
ESC
B
C
Optical
splitter
Level-1 split ratio 1:2
ONT
Level-2 split ratio
1:32
PC
Data Plan
Table 8-4 provides the data plan for configuring a MUX VLAN.
Table 8-4 Data plan for configuring a MUX VLAN
Item Data
MUX VLAN VLAN ID: 20
Upstream port 0/9/0
GPON port 0/2/0
DBA profile Index: 6 (the default)
Type: type1 (fixed bandwidth)
Fixed bandwidth: 100 Mbit/s
Traffic profile Index: 5 (default profile)

CIR: 2 Mbit/s

Item Data
GEM port T-CONT ID: 1

GEM port ID: 128
User VLAN: 10
ONT Port connected to the PC: FE port 0
Prerequisites
l All the boards of the MA5600T must be in the normal state.
l The ONT has been configured and the configuration data of the ONT must be consistent
with that of the OLT.
Figure 8-4 shows the flowchart for configuring a MUX VLAN.
Figure 8-4 Flowchart for configuring a MUX VLAN
Start Configure a GEM port
Creat a VLAN Bind the GEM Port with an

ONT T-CONT
Add an upstream port to

Map the GEM port to the
the VLAN
service stream
Add an ONT
Add a service port
Bind a DBA profile

Save the data
Specify VLANs for ONT

ports End
Procedure
Step 1 Create a VLAN.
Step 2 Add an upstream port to the VLAN.


Step 3 Add an ONT.

huawei(config)#interface gpon 0/2
huawei(config-if-gpon-0/2)#ont add 0 1 hwhw-11111111 password-auth huawei profile-
id 1
Step 4 Bind a DBA profile.

huawei(config-if-gpon-0/2)#tcont bind-profile 0 1 1 profile-id 6
Step 5 Specify VLANs for ONT ports.

huawei(config-if-gpon-0/2)#ont port vlan 0 1 fe 10 0
huawei(config-if-gpon-0/2)#ont port native-vlan 0 1 fe 0 vlan 10
Step 6 Configure a GEM port.

huawei(config-if-gpon-0/2)#gemport add 0 gemportid 128 eth
Step 7 Bind the GEM port with an ONT T-CONT.

huawei(config-if-gpon-0/2)#ont gemport bind 0 1 128 1 3
Step 8 Map the GEM port to the service stream.

huawei(config-if-gpon-0/2)#ont gemport mapping 0 1 128 vlan 10
Step 9 Add a service port.

huawei(config-if-gpon-0/2)#quit
huawei(config)#service-port vlan 20 gpon 0/2/0 gemport 128 multi-service user-vlan
10 rx-cttr 5 tx-cttr 5

huawei#save
----End
Result
After the configuration, the PC can access the Internet.
8.4 Creating a VLAN

This topic describes how to create a VLAN or VLANs of the same type in batches. To control
the communication between different ports of a device, you need to create the VLAN to logically
group the ports into different subnets.
Prerequisite
The ID of the VLAN to be added does not exist in the system.
The MA5600T supports up to 4000 VLANs and some VLANs are reserved for the system.
NOTE
l By default, 15 VLANs are reserved in the system, and the VLAN ID is in the range of 4079-4093.
l You can run the vlan reserve command to configure the reserved VLANs in the MA5600T.

Procedure
Step 1 Run the vlan command to add a VLAN.
Step 2 Run the display vlan command to query the VLAN information.
----End
Examples
To add a standard VLAN with the VLAN ID of 2, do as follows:
huawei(config)#display vlan 2
{ <cr>|to<K> }:
Command:
display vlan 2
VLAN ID: 2
VLAN type: standard
VLAN attribute: common
Standard port number: 0
Service virtual port number: 0
To add 10 standard VLANs with VLAN IDs ranging from 1000 to 1009, do as follows:
huawei(config)#vlan 1000 to 1009 standard
It will take several minutes, and console may be timeout, please use command
idle-timeout to set time limit
Are you sure to add VLANs? (y/n)[n]:y
huawei#display vlan all
{ <cr>|vlantype<E><mux,standard,smart,super>|vlanattr<K> }:
Command:
display vlan all
---------------------------------------------------------
VLAN Type Attribute STND-Port NUM SERV-Port NUM
---------------------------------------------------------
1 MUX common 8 0
2 standard common 0 0
---------------------------------------------------------
Total: 12
Note : STND-Port--standard port, SERV-Port--service virtual port
Related Operations
Table 8-5 lists the related operations for creating a VLAN.

Table 8-5 Related operations for creating a VLAN
Delete a VLAN undo vlan To delete a VLAN, ensure the

following:
l There is no upstream port, L3
interface, or service port in the
VLAN.
l There is no sub VLAN in the VLAN
if the VLAN is a super VLAN.
l The VLAN is not the default VLAN
(VLAN 1)
Display the number display vlan number -

of VLANs
Display VLAN display statistics vlan The traffic statistics of the service ports
traffic statistics in a VLAN are collected.
Configure the start vlan reserve -

number of the
reserved VLANs
8.5 Configuring the VLAN Attribute

This topic describes how to configure the VLAN attribute. You can configure the VLAN attribute
to QinQ, stacking or common as required.
Prerequisite
The VLAN with its attribute to be configured is already added by running the vlan command.
l The attribute of the default VLAN (VLAN 1) cannot be configured to QinQ or stacking.
l When the attribute of a smart VLAN or a MUX VLAN is common, you can configure the
attribute of the VLAN to QinQ or stacking. The attribute of a super VLAN or a standard
VLAN cannot be configured to QinQ or stacking.
l The attribute of a VLAN cannot be changed from QinQ to stacking or from stacking to
QinQ directly.
Procedure
Step 1 Run the vlan attrib command to configure the VLAN attribute.
Step 2 Run the display vlan command to display the VLAN attribute.
----End

Example
To configure the attribute of smart VLAN 10 to QinQ, do as follows:
huawei(config)#vlan attrib 10 q-in-q
{ <cr>|to<K> }:
Command:
display vlan 10
VLAN ID: 10
VLAN type: smart
VLAN type: smart
VLAN attribute: QinQ
VLAN description:
------------------------------
F/S /P Native VLAN State
------------------------------
0/9/0 2 down
------------------------------
Related Operation
Table 8-6 lists the related operation for configuring the VLAN attribute.
Table 8-6 Related operation for configuring the VLAN attribute

To... Run the Command… Remarks
Restore the VLAN undo vlan attrib By default, the VLAN attribute is
attribute common.
8.6 Setting the Inner and Outer Ethernet Protocols Type of

a VLAN Stacking
This topic describes how to set the inner and outer Ethernet protocol type that a stacking VLAN
supports. The inner VLAN tag does not adopt the standard 802.1q protocol. Therefore, to enable
the interconnection between the MA5600T and the devices of other vendors, you must configure
the inner and outer Ethernet protocol type of a stacking VLAN to be the same as the inner and
outer Ethernet protocol type of the interconnected devices.
l By default, the inner and outer Ethernet protocol type of a stacking VLAN is 0x8100. That
is, the Ethernet frame has an 802.1q VLAN Tag.
l The protocol type to be set cannot be set as a value for other protocols, such as 0x0800 (IP
packets) or 0x0806 (ARP packets).

Procedure
Step 1 Run the stacking inner-ethertype command to set the inner Ethernet protocol type of a stacking
VLAN, and run the stacking outer-ethertype command to set the outer Ethernet protocol type
of a stacking VLAN.
Step 2 Run the display stacking inner-ethertype command to display the inner Ethernet protocol type
of a stacking VLAN, and run the display stacking outer-ethertype command to display the
outer Ethernet protocol type of a stacking VLAN.
----End
Examples
To set the inner Ethernet protocol type that the stacking VLAN supports as 0x8100, do as follows:
huawei(config)#stacking inner-ethertype 0x8100
huawei(config)#display stacking inner-ethertype
The inner Ethernet type in the system: 0x8100
8.7 Setting the Inner VLAN Priority of the Service Port in a

Stacking VLAN
This topic describes how to set the inner VLAN priority of the service port in a stacking VLAN.
To classify different users, you can configure the important user packets with higher priorities.
In this way, these packets can be processed first.
The larger the value of the priority, the higher the priority.
Procedure
Run the stacking inner-priority command to set the inner VLAN priority of the service port.
----End
Example
To set GEM port ID as 128, and the inner priority of service port in user-side VLAN 10 to 5, do
as follows:
huawei(config)#stacking inner-priority 0/2/0 gemport 128 user-vlan 10 5
To set the inner VLAN priority of the service port in stacking VLAN 4000 to 5, do as follows:
huawei(config)#stacking inner-priority vlan 4000 5
8.8 Adding an Upstream Port to a VLAN

This topic describes how to add an upstream port to a VLAN. To transmit the user packets with
the VLAN tag through the upstream port, you must add the upstream port to a VLAN.

Prerequisite
The VLAN to which an upstream port is to be added already exists.
The upstream port of a VLAN must be an Ethernet port.
Procedure
Step 1 Run the port vlan command to add an upstream port.
Step 2 Run the display vlan command to query the VLAN information.
----End
Example
To add upstream port 0/9/0 to VLAN 10, do as follows:
{<cr>|to<K>}:
Command:
display vlan 10
VLAN ID: 10
VLAN type: MUX
VLAN attribute: common
------------------------------
F/S /P Native VLAN State
------------------------------
0/9/0 1 up
------------------------------
Related Operation
Table 8-7 lists the related operation for adding an upstream port to a VLAN.
Table 8-7 Related operation for adding an upstream port to a VLAN
Delete the upstream port in a undo port vlan

VLAN
8.9 Adding a Service Port to a VLANAdding Service Port(s)

to a VLAN
This topic describes how to add a service port to a VLAN. This topic describes how to add
service port(s) to a VLAN. The service port is used for user access. For the user connected to a
user port of the MA5600T through a terminal, the service traffic of this user is borne on one
service port of the user port.

Prerequisites
l The VLAN to which the service port is to be added is already added by running the vlan
command.
l A suitable traffic profile already exists.
l An xDSL port supports up to eight service ports.
l In the smart VLAN application, a user port supports multiple service ports, and the VPIs/
VCIs of the service ports are different. If the VPI/VCI of the service port is auto-sensing,
only one service port can be created on a port.
l One GEM port supports up to eight service ports.
l The priorities of the upstream and downstream traffic entries must be consistent when you
configure the upstream and downstream traffic of a service port.
l When the service port needs to carry multiple services, the MA5600T supports the traffic
classification. The traffic can be classified by user VLAN, service encapsulation mode on
the user side, and the priority of packets on the user side. When the traffic is classified by
user VLAN, the untagged packets (data packet without VLAN tag) can be classified.
Procedure
Step 1 Run the service-port vlan command to add a service port.
Step 2 Run the display service-port vlan command to query the service port.
----End
Example
To add service port 0/2/0 whose GEM port ID is 128 and user-side VLAN is 10 to VLAN 30,
do as follows:
huawei(config)#display service-port port 0/2/0
{ gemport<K>|ont<K>|<cr>|sort-by<K>|autosense<K> }:
Command:
display service-port port 0/2/0
-------------------------------------------------------------------------
INDEX VLAN VLAN PORT F/ S/ P VPI VCI FLOW FLOW RX TX STATE
ID ATTR TYPE TYPE PARA
-------------------------------------------------------------------------
1 30 common gpon 0/2 /0 128 - - - 5 5 up
-------------------------------------------------------------------------
Total : 1 (Up/Down : 1/0)
Note : F--Frame, S--Slot, P--Port, VPI indicates GEM PortID for GPON
v/e--vlan/encap
pri-tag--priority-tagged, ppp--pppoe, ip--
ipoe
Related Operations
Table 8-8 lists the related operations for adding a service port to a VLAN.

Table 8-8 Related operations for adding a service port to a VLAN

Delete a service port undo service-port The service port cannot be deleted in the
following cases:
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for BTV users.
l The port is bound with an IP address
or a MAC address.
l The port is configured with a static
MAC address.
Display VLAN display vlan -

information
Set description service-port desc -

information on the
service port
Display description display service-port desc -

information on the
service port
8.10 Adding Service Ports in Batches

This topic describes how to add service ports in batches. The MA5600T supports the function
of adding multiple service ports on an ADSL2+ board, a SHDSL board, or a VDSL board to a
smart VLAN. The MA5600T also supports the function of adding multiple service ports on one
or more ADSL2+, SHDSL, or VDSL boards to different successive MUX VLANs at a time.
l The VPI/VCI of the service port must be the same as that of the xDSL modem connected
to the port.
l The smart VLAN supports multiple service ports on the same port, and the VPIs/VCIs of
the service ports are different. If the VPI/VCI of a service port is auto-sensing, only one
service port can be created on a port.
l An xDSL port supports up to eight service ports.
l The VLAN(s) to which the service ports are to be added already exist.
l The suitable traffic profile already exists.
Procedure
Step 1 Run the multi-service-port vlan or multi-service-port from-vlan command to add service
ports.
Step 2 Run the display service-port vlan command to query service ports.
----End

Examples
To add service ports 0/11/0–0/11/4 to smart VLAN 10, do as follows:
To add all ADSL2+, SHDSL, or VDSL ports to MUX VLANs (to add port 1 to VLAN 2, port
2 to VLAN 3, and so on), do as follows:
huawei(config)#multi-service-port from-vlan 2 board 1-18 vpi 0 vci 35 rx-cttr 5 tx-
cttr 5
NOTE
If certain ports fail to be added, it indicates that these ports have been added to the corresponding VLANs
as service ports.
Related Operations
Table 8-9 lists the related operations for adding service ports in batches.
Table 8-9 Related operations for adding service ports in batches

To… Run the Command... Remarks
Delete a service port undo service-port A service port cannot be deleted in the
following cases:
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for a BTV user.
l The port is bound with an IP address
or MAC address.
l The port is configured with a static
MAC address.
By selecting the command parameters,
you can delete a specified service port
or all service ports according to the
board, port or VLAN.
Display VLAN display statistics vlan -

traffic statistics
8.11 Configuring the Description of a Service Port

This topic describes how to configure the description of a service port. Then the service ports
are identified and classified based on the description to facilitate the management and
maintenance of users or services.
Procedure
Step 1 Run the service-port desc command to configure the description of a service port.
Step 2 Run the display service-port desc command to query the description of the service port.
----End

Example
To configure the description of service port 0/11/0 with VPI/VCI of 0/35, do as follows:
huawei(config)#service-port desc 0/11/0 vpi 0 vci 35 description user0/11/0
huawei(config)#display service-port desc 0/11/0
{<cr>|autosense<K>|vpi<K>|user-vlan<K>|user-encap<K>}:
Command:
display service-port desc 0/11/0
------------------------------------------------------------------------------
PORT : adl
F/S/P : 0/11/0
VPI : 0
VCI : 35
FLOWTYPE : -
FLOWPARA : -
DESCRIPTION : user0/11/0
------------------------------------------------------------------------------
To configure the description of service port 0/11/0 with the GEM port of 128 and the user-side
VLAN of 10 to identify the user location, do as follows:
huawei(config)#service-port desc 0/11/0 gemport 128 user-vlan 10 description
{ description<S><1,63> }:F4-6-01
Command:
service-port desc 0/11/0 gemport 128 user-vlan 10 description F4-6-01
huawei(config)#display service-port desc 0/11/0 gemport 128 user-vlan 10

------------------------------------------------------------------------------
Index : 6
Port : gpon
F/S/P : 0/11/0
VPI : 128
VCI : -
Flow type : vlan
Flow para : 10
Description : F4-6-01
------------------------------------------------------------------------------
Related Operation
Table 8-10 lists the related operation for configuring the description of a service port.
Table 8-10 Related operation for configuring the description of a service port
Delete the description of a service port undo service-port desc

SmartAX MA5600T Multi-service Access Module 9 DHCP Relay Configuration
9 DHCP Relay Configuration
About This Chapter
This topic describes the DHCP relay principles, configuration examples, and related
configuration operations on the MA5600T.
NOTE
(s) directly.
first.
9.1 Overview
This topic describes the DHCP relay function and its application on the MA5600T.
9.2 Configuration Example of DHCP Standard Mode
This topic provides an example for configuring DHCP standard mode to obtain the IP address
automatically.
9.3 Configuration Example of DHCP Option60 Mode
This topic provides an example for enabling PCs to obtain IP addresses automatically in DHCP
option60 mode.
9.4 Configuration Example of DHCP MAC Address Segment Mode
This topic provides an example for enabling the PC to obtain the IP address automatically in
DHCP MAC address segment mode.
9.5 Enabling the DHCP Proxy Function
This topic describes how to enable the DHCP proxy function, including the server ID agent and
lease-time agent functions.
9.6 Creating a DHCP Server Group
This topic describes how to create a DHCP server group to provide DHCP service for the DHCP
clients in the network.
9.7 Setting the Working Mode of a DHCP Server

9 DHCP Relay Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to set the working mode of a DHCP server. That is to configure the
working mode of the DHCP server for sending DHCP packets, including load-sharing mode and
backup mode.
9.8 Setting the DHCP Relay Mode
This topic describes how to set the DHCP relay mode, including the switching between the
DHCP L2 forwarding and L3 forwarding, and the DHCP server selection mode when the L3
DHCP relay is adopted. If the device functions as the L2 device, the DHCP packets are forwarded
at L2.
9.9 Binding a DHCP Server Group with a VLAN Interface
This topic describes how to bind a DHCP server group with a VLAN interface so that the received
DHCP packets on the specified VLAN interface are all forwarded to the bound DHCP server
group.
9.10 Creating an Option60 Domain
This topic describes how to create an option60 domain. When the device is enabled with the
DHCP relay function and the forwarding mode is option60, the DHCP option60 domain needs
to be created.
9.11 Binding a DHCP Server Group with a DHCP Option60 Domain
This topic describes how to bind a DHCP server group with a DHCP Option60 domain. When
the device is enabled with the DHCP relay function and the DHCP server selection mode is
Option60, the DHCP Option60 domain needs to be bound with a DHCP server group.
9.12 Configuring the Gateway of a DHCP Option60 Domain
This topic describes how to configure the gateway of a DHCP option60 domain. When the device
is enabled with the DHCP relay function and the forwarding mode is Option60, the DHCP
option60 domain needs to be configured with a gateway.
9.13 Creating a DHCP MAC Address Segment
This topic describes how to create a DHCP MAC address segment. When the device is enabled
with the DHCP relay function and the forwarding mode is MAC address segment, a MAC
address segment needs to be created.
9.14 Setting the Range of a DHCP MAC Address Segment
This topic describes how to set the range of a DHCP MAC address segment. When the device
is enabled with the DHCP relay function and the forwarding mode is MAC address segment,
the range of a DHCP MAC address segment needs to be configured.
9.15 Binding a DHCP Server Group with a DHCP MAC Address Segment
This topic describes how to bind a DHCP server group with a DHCP MAC address segment.
When the device is enabled with the DHCP relay function and the DCHP server selection mode
is MAC address segment, a DHCP server group needs to be bound with a DHCP MAC address
segment.
9.16 Configuring the Gateway of a DHCP MAC Address Segment
This topic describes how to configure the gateway of a DHCP MAC address segment. When
the device is enabled with the DHCP relay function and the forwarding mode is MAC address
segment, a DHCP MAC address segment needs to be configured with the gateway.
9.17 Setting the DHCP Proxy Lease-Time
This topic describes how to set the DHCP proxy lease-time. After the setting, the shorter lease-
time between the lease-time allocated by the DHCP server and the lease-time allocated by the
MA5600T is used as the lease-time for a user.
9.18 Kicking Off a DHCP User

This topic describes how to kick off a DHCP user when you find that the user is invalid, or is
offline already though the MA5600T detects that the user is still online. This operation helps to
release the resources occupied by the user.

9.1 Overview
This topic describes the DHCP relay function and its application on the MA5600T.
Service Description
The Dynamic Host Configuration Protocol (DHCP) works in the server/client mode. The DHCP
client can dynamically request configuration data and the DHCP server can provide the data for
the client conveniently.
Initially, the DHCP was only suitable for applications where the DHCP client and server were
located on the same subnet and could not work across network segments. If the early DHCP is
used to dynamically configure the host, each subnet should be equipped with a DHCP server.
That is obviously uneconomical.
The introduction of DHCP relay solves the mentioned problem. The DHCP relay functions as
relay between the DHCP client and the server located on different subnets. The DHCP packets
can be relayed to the destination DHCP server (or client) across network segments. In this way,
the DHCP clients on different networks can use the same DHCP server. This is economical and
convenient for centralized management. Figure 9-1 shows the principle of DHCP relay.
Figure 9-1 MA5600T DHCP relay
LAN
DHCP client DHCP server
LAN switch
DHCP client
MA5600T
DHCP server
DHCP client
For details on DHCP, refer to "DHCP Relay" in the MA5600T Feature Description.
The MA5600T guarantees DHCP security as it supports L2 and L3 DHCP relay, and DHCP
Option82.
NOTE
For the configuration of the DHCP Option82, see "22.5 Enabling the DHCP Option82 Function" and
"22.6 Setting the Maximum Length of DHCP Packets."
The MA5600T supports the following DHCP relay working modes:

l Standard mode
l Option60 mode
l MAC address segment mode

9.2 Configuration Example of DHCP Standard Mode

This topic provides an example for configuring DHCP standard mode to obtain the IP address
automatically.
Prerequisite
The primary IP address of the L3 interface of VLAN 2 and VLAN 3 should be in the same subnet
as that of the upper layer router. There should be routing between the device and the DHCP
server.
Networking
Figure 9-2 shows an example network for configuring DHCP standard mode.
The MA5600T functions as a DHCP relay to obtain IP addresses from the DHCP servers on the
network side for the PCs (DHCP clients) in VLAN 2 and VLAN 3. The MA5600T is configured
with two DHCP server groups.
l The two PCs in VALN 2 obtain IP addresses from DHCP server group 1 through the DHCP
standard mode.
l The two PCs in VLAN 3 obtain IP addresses from DHCP server group 2 through the DHCP
standard mode.
Figure 9-2 Example network for configuring DHCP standard mode
10.1.1.1/24
VLAN 2 DHCP server group 1
10.1.1.2/24
10.2.1.1/24
MA5600T
VLAN 3
DHCP server group 2
10.2.1.2/24
Data Plan
Table 9-1 provides the data plan for configuring DHCP standard mode.
Table 9-1 Data plan for configuring DHCP standard mode
Item Data Remarks
DHCP server group 1 Primary IP address: 10.1.1.1/24 -
Secondary IP address: 10.1.1.2/24 -

Item Data Remarks
DHCP server group 2 Primary IP address: 10.2.1.1/24 -
VLAN 2 Layer 3 IP address: 2.2.2.1/24 VLAN 2 binds with

DHCP server group 1.
VLAN 3 Layer 3 IP address: 3.3.3.1/24 VLAN 3 binds with

DHCP server group 2.
Upstream port 0/9/0 -
Service ports 0/11/0, 0/11/1 -

Service port 0/2/0
NOTE
l The configuration on VLAN 3 is the same as that on VLAN 2.

l This example only shows how to configure PCs of VLAN 2 to obtain IP addresses.
Figure 9-3 shows the flowchart for configuring DHCP standard mode.

Figure 9-3 Flowchart for configuring DHCP standard mode
Start
Select the DHCP relay mode
Create a DHCP server group
Set the working mode of the DHCP

server group (optional)
Configure the VLAN upstream

port and the service port
Configure the IP address of the

layer 3 interface
Bind the interface with the DHCP

server group
Save the data
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 standard
Step 2 Create a DHCP server group.

huawei(config)#dhcp-server 1 ip 10.1.1.1 10.1.1.2
Step 3 Set the working mode of the DHCP server group.

The default load-sharing mode is applied and no separate configuration is needed.
NOTE
For details on setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP
Server."
Step 4 Configure the VLAN upstream port and the service port.

Step 5 Configure the IP address of the L3 interface.

huawei(config-if-vlanif2)#ip address 2.2.2.1 24
Step 6 Bind the interface with the DHCP server group.

huawei(config-if-vlanif2)#dhcp-server 1

huawei(config)#save
----End
Result
The PCs can obtain IP addresses dynamically, and can access the Internet.
9.3 Configuration Example of DHCP Option60 Mode

This topic provides an example for enabling PCs to obtain IP addresses automatically in DHCP
option60 mode.
Prerequisite
The primary IP address of the L3 of VLAN 2 should be in the same subnet as that of the upper
layer router. There should be routing between the device and the DHCP server.
In multi-service provisioning on MA5600T, the services such as the video multicasting and IP
phone services are provided by different service providers. These providers may use different
DHCP servers or different relay IP addresses of the same DHCP server for allocating IP addresses
for users. Hence, the DHCP option60 mode must be configured for the users to apply for the IP
address from the DHCP server
NOTE
Option60 is one of the options of the DHCP packets, and it can identify the terminal type.
Networking
Figure 9-4 shows an example network for configuring DHCP option60 mode.
Figure 9-4 Example network for configuring DHCP option60 mode
10.10.10.10/24
VLAN 2 DHCP server group
MA5600T 10.10.10.11/24

Data Plan
Table 9-2 provides the data plan for configuring DHCP option60 mode.
Table 9-2 Data plan for configuring DHCP option60 mode

Item Data
DHCP server group 2 Primary IP address: 10.10.10.10/24
Secondary IP address: 10.10.10.11/24
VLAN 2 Layer 3 interface IP address: 10.1.2.1/24
Upstream port 0/9/0
Service port 0/11/0

0/11/0
Domain Domain: msft
DHCP server group: DHCP server group
Gateway IP address: 10.1.2.1/24 (the same as the

IP address of the L3 interface)
l The name of option60 domain must be configured according to the type of connected
terminal device.
l If Windows 98/2000/XP/NT series runs on the DHCP client, the domain name must be
msft.
l The system selects the domain based on option60 field in the packet by the longest-match
rules. If there is no appropriate domain matched, the default domain is used.
Figure 9-5 shows the flowchart for configuring DHCP option60 mode.

Figure 9-5 Flowchart for configuring DHCP option60 mode
Start
Set the working mode of the

DHCP server group(optional)
Define an option60 domain
Bind the domain with the DHCP

server group
Configure the VLAN upstream

port and the service port
Configure the IP address of

Configure the domain gateway
Save the data
End
Procedure
huawei(config)#dhcp mode layer-3 option60


NOTE
For details on setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP
Server."
Step 4 Define an option60 domain.

huawei(config)#dhcp domain msft

Step 5 Bind the domain with the DHCP server group.

huawei(config-dhcp-domain-msft)#dhcp-server 2
Step 6 Configure the VLAN upstream port and the service port.
huawei(config-dhcp-domain-msft)#quit
Step 7 Configure the IP address of VLAN L3 interface.

Step 8 Configure the domain gateway.

huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1

huawei(config)#save
----End
Result
The PCs can obtain IP addresses dynamically, and can access the Internet.
9.4 Configuration Example of DHCP MAC Address

Segment Mode
This topic provides an example for enabling the PC to obtain the IP address automatically in
DHCP MAC address segment mode.
Prerequisite
The primary IP address of the L3 interface of VLAN 2 should be in the same subnet as that of
the upper layer router. There should be routing between the device and the DHCP server.
Networking
Figure 9-6 shows an example network for configuring MAC address segment mode.

Figure 9-6 Example network for configuring MAC address segment mode
10.10.10.10/24
VLAN 2 DHCP server group
MA5600T 10.10.10.11/24
Data Plan
Table 9-3 provides the data plan for configuring MAC address segment mode.
Table 9-3 Data plan for configuring MAC address segment mode
Function Data Remarks
DHCP server group Primary IP address: 10.10.10.10/24 -

2
VLAN 2 Layer 3 interface IP address: -

10.1.2.1/24
Upstream port 0/9/0 -
Service port 0/11/0 -

0/2/0
MAC address MAC address segment name: huawei -

segment
Start range: 0000-0000-0001 -
End range: 0000-0000-0100
Gateway IP address: 10.1.2.1 The gateway IP address is the

same as the IP address of the
L3 interface.
DHCP server group: DHCP server -

group
PC MAC address: 0000-0000-0010 -
Figure 9-7 shows the flowchart for configuring MAC address segment mode.

Figure 9-7 Flowchart for configuring MAC address segment mode
Start
Set working mode of the DHCP

server group (optional)
Define the MAC address segment
Bind the MAC address segment with

the DHCP server group
Configure the upstream port and the

service port to the VLAN
Configure the IP address of the

Configure the gateway address of

the MAC address segment
Save the data
End
Procedure
huawei(config)#dhcp mode layer-3 mac-range


NOTE
For details of setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP
Server."

Step 4 Define the MAC address segment.

huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
Step 5 Bind the MAC address segment with the DCHP server group.
huawei(config-mac-range-huawei)#dhcp-server 2
Step 6 Configure the upstream port and the service port to the VLAN.
huawei(config-mac-range-huawei)#quit
Step 7 Configure the IP address of the VLAN L3 interface.

Step 8 Configure the gateway address of the MAC address segment.

huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1

huawei(config)#save
----End
Result
The PCs can obtain IP addresses dynamically.
9.5 Enabling the DHCP Proxy Function

This topic describes how to enable the DHCP proxy function, including the server ID agent and
lease-time agent functions.
Context
After the DHCP proxy function is enabled, the server ID agent and lease-time agent functions
are enabled.
l Server ID agent: indicates that the MA5600T functioning as the DHCP proxy replaces the
server ID in the DHCP packets. In this way, the DHCP client considers that the
MA5600T is the DHCP server in the DHCP system. By replacing the server ID of the
DHCP packets, the MA5600T prevents the users from locating the actual DHCP server,
thus protecting the DHCP server from network attacks.
l Lease-time agent: indicates that the lease-time allocated by the DHCP server to a DHCP
client is replaced with a shorter lease-time, and then allocated to the client. A shorter lease-

time is used to quickly detect whether a user gets offline. For details on the lease-time agent
configuration, see "9.17 Setting the DHCP Proxy Lease-Time."
Procedure
Step 1 Run the dhcp proxy command to enable the DHCP proxy function.
Step 2 Run the display dhcp config command to query the current DHCP configuration.
----End
Example
To enable the DHCP proxy function, do as follows:
huawei(config)#dhcp proxy enable
huawei(config)#display dhcp config
{ <cr>|vlan<K> }:
Command:
display dhcp config
DHCP relay mode : layer-3
DHCP proxy state : enable
DHCP proxy lease-time : not configured
Related Operation
Table 9-4 lists the related operation for enabling the DHCP proxy function.
Table 9-4 Related operation for enabling the DHCP proxy function
Disable the DHCP proxy dhcp proxy disable

function
9.6 Creating a DHCP Server Group

This topic describes how to create a DHCP server group to provide DHCP service for the DHCP
clients in the network.
l To improve the reliability of a network, you can specify a primary DHCP server and a
secondary one in a server group to form a DHCP server group.
l Up to 20 DHCP server groups (0–19) can be configured in the system.
l The primary server or the secondary server is identified by its IP address. The secondary
server cannot be added independently. Instead, it has to be added together with the primary
server.
Procedure
Step 1 Run the dhcp-server command to create a DHCP server group.

Step 2 Run the display dhcp-server command to query the information on the DHCP server group.
----End
Example
To add the primary and secondary DHCP servers with IP addresses of 10.1.1.1 and 10.1.1.2
respectively to DHCP server group 1, do as follows:
huawei(config)#display dhcp-server 1
The primary IP address of DHCP server group 1: 10.1.1.1
The secondary IP address of DHCP server group 1: 10.1.1.2
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP OFFER messages: 0
DHCP ACK messages: 0
DHCP NAK messages: 0
DHCP DECLINE messages: 0
DHCP DISCOVER messages: 0
DHCP REQUEST messages: 0
DHCP INFORM messages: 0
DHCP RELEASE messages: 0
Related Operation
Table 9-5 lists the related operation for creating a DHCP server group.
Table 9-5 Related operation for creating a DHCP server group
Delete a DHCP server undo dhcp-server

group
9.7 Setting the Working Mode of a DHCP Server

This topic describes how to set the working mode of a DHCP server. That is to configure the
working mode of the DHCP server for sending DHCP packets, including load-sharing mode and
backup mode.
The MA5600T supports two DHCP server working modes:
l load-sharing: In this mode, the MA5600T sends DHCP messages to both the active and
standby DHCP servers. By default, the system is in load-sharing mode.
l backup: In this mode, the MA5600T sends DHCP messages to the DHCP server that is
running at the current time. The system firstly takes the active DHCP server as the running
DHCP server at the current time. When the DHCP server does not reply OFFER message
to the MA5600T within a specified period, the system switches the standby DHCP server
to the running DHCP server at the current time. This mode can reduce the message load in
the network.

Procedure
Step 1 Run the dhcp server mode command to set the working mode of a DHCP server.
Step 2 Run the display dhcp server config command to query the working mode of the DHCP server.
----End
Example
To set the DHCP server to backup mode, the maximum response time to DISCOVER message
to 50s and the maximum timeout times for responding to DISCOVER message to 100, do as
follows:
huawei(config)#dhcp server mode backup 50 100
huawei(config)#display dhcp server config
DHCP server mode: backup
DHCP server reply max time: 50 second
DHCP server reply timeout max times: 100
Related Operations
Table 9-6 lists the related operations for setting the working mode of a DHCP server.
Table 9-6 Related operations for setting the working mode of a DHCP server
Create a DHCP server dhcp-server
Query information on a DHCP server display dhcp-server
9.8 Setting the DHCP Relay Mode

This topic describes how to set the DHCP relay mode, including the switching between the
DHCP L2 forwarding and L3 forwarding, and the DHCP server selection mode when the L3
DHCP relay is adopted. If the device functions as the L2 device, the DHCP packets are forwarded
at L2.
The MA5600T supports the L2 and the L3 DHCP relay. For the L3 DHCP relay, the DHCP
server selection modes involve the following:
l DHCP standard mode: Select the DHCP server according to the IP address of the VLAN
L3 interface for forwarding DHCP packets.
l DHCP option60 mode: Select the DHCP server according to the DHCP option60 domain.
Option60 is one of the options of the DHCP packets, and it can identify the terminal type.
DHCP Option60 mode selects the DHCP server according to the different terminal type.
l DHCP MAC address segment mode: Select the DHCP server group according to the source
MAC address segment of DHCP packets.

Procedure
Step 1 Run the dhcp mode command to set the DHCP relay mode.
Step 2 Run the display dhcp config command to query the DHCP relay mode.
----End
Examples
To set the DHCP relay mode as layer-2, do as follows:
huawei(config)#dhcp mode layer-2
DHCP relay mode: layer-2
To set the DHCP relay mode as layer-3 and the DHCP server selection mode as option60, do as
follows:
DHCP relay mode: layer-3
DHCP server select mode: option60
9.9 Binding a DHCP Server Group with a VLAN Interface

This topic describes how to bind a DHCP server group with a VLAN interface so that the received
DHCP packets on the specified VLAN interface are all forwarded to the bound DHCP server
group.
Prerequisite
The DHCP server group has been created by running the dhcp-server command.
l A VLAN L3 interface can be bound with only one DHCP server group. Therefore, all
DHCP packets to be sent upstream through the VLAN L3 interface should be forwarded
to the DHCP server group bound with the VLAN interface.
l If an L3 interface has been bound with a DHCP server group, the new setting overwrites
the old one.
l By default, a VLAN interface is not bound with any DHCP server.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the dhcp-server command to bind a DHCP server group.
Step 3 Run the display dhcp-server interface vlanif command to query the DHCP server group that
is bound with VLAN interface.
----End
Example
To bind DHCP server group 1 to VLAN interface 2, do as follows:

huawei(config-if-Vlanif2)#dhcp-server 1
huawei(config)#display dhcp-server interface vlanif 2
The DHCP server group of this interface is 1
Related Operations
Table 9-7 lists the related operations for binding a DHCP server group with a VLAN interface.
Table 9-7 Related operations for binding a DHCP server group with a VLAN interface
Unbind a VLAN interface from a undo dhcp-server In VLAN interface mode.

DHCP server
Show the settings of DHCP relay display dhcp config -
9.10 Creating an Option60 Domain

This topic describes how to create an option60 domain. When the device is enabled with the
DHCP relay function and the forwarding mode is option60, the DHCP option60 domain needs
to be created.
l The system supports up to 128 DHCP option60 domains.
l If the domain exists, enter domain mode directly. By default, the system has a DHCP
option60 domain named default.
Procedure
Step 1 Run the dhcp domain command to create a domain.
Step 3 Run the display dhcp domain command to query the option60 domain.
----End
Example
To create domain msft, do as follows:
huawei(config)#display dhcp domain
{ <cr>|string<s><1,32> }:
Command:
display dhcp domain
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
0 default none none none

1 msft none none none

--------------------------------------------------------------------
Total: 2
Related Operation
Table 9-8 lists the related operation for creating a DHCP option60 domain.
Table 9-8 Related operation for creating a DHCP option60 domain

Delete a DHCP option60 domain undo dhcp domain The domain named default
cannot be deleted.
9.11 Binding a DHCP Server Group with a DHCP Option60

Domain
This topic describes how to bind a DHCP server group with a DHCP Option60 domain. When
the device is enabled with the DHCP relay function and the DHCP server selection mode is
Option60, the DHCP Option60 domain needs to be bound with a DHCP server group.
Only one DHCP server group can be bound to a DHCP domain.
Procedure
Step 1 Run the dhcp domain command to enter domain mode.
Step 3 Run the display dhcp domain command to query the DHCP server group.
----End
Examples
To bind DHCP server group 1 to DHCP domain msft, do as follows:
huawei(config-dhcp-domain-msft)#dhcp-server 1
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
-group
--------------------------------------------------------------------
1 msft 1 none none
--------------------------------------------------------------------
Related Operations
Table 9-9 lists the related operations for binding a DHCP server group with a DHCP option60
domain.

Table 9-9 Related operations for binding a DHCP server group with a DHCP option60 domain
Delete a DHCP domain undo dhcp domain -
Unbind the DHCP server undo dhcp-server In option60 domain mode.

group from a DHCP domain
9.12 Configuring the Gateway of a DHCP Option60 Domain

This topic describes how to configure the gateway of a DHCP option60 domain. When the device
is enabled with the DHCP relay function and the forwarding mode is Option60, the DHCP
option60 domain needs to be configured with a gateway.
l A DHCP domain can be configured with only one gateway address.
l By default, the gateway address of a domain is the IP address of the VLAN L3 interface.
Procedure
Step 2 Run the dhcp domain gateway command to set the gateway address.
Step 3 Run the quit command to exit VLAN interface mode.
Step 4 Run the display dhcp domain command to query the DHCP server group.
----End
Example
To set the gateway address of domain msft as 10.1.2.1, do as follows:
huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
-group
--------------------------------------------------------------------
1 msft 1 2 10.1.2.1
--------------------------------------------------------------------
Related Operation
Table 9-10 lists the related operation for configuring the gateway of a DHCP option60 domain.

Table 9-10 Related operation for configuring the gateway of a DHCP option60 domain
Delete the gateway of a DHCP undo dhcp domain gateway In VLAN interface
option60 domain mode
9.13 Creating a DHCP MAC Address Segment

This topic describes how to create a DHCP MAC address segment. When the device is enabled
with the DHCP relay function and the forwarding mode is MAC address segment, a MAC
address segment needs to be created.
Prerequisites
l The IP address of the VLAN L3 interface has been configured.
l By default, the system has a MAC address segment named default.
The system supports up to 128 MAC address segments.
Procedure
Step 1 Run the dhcp mac-range command to create a DHCP MAC address segment and enter MAC
address segment mode.
Step 2 Run the display dhcp mac-range command to query the MAC address segment.
----End
Example
To set a MAC address segment named huawei, do as follows:
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Index Name MAC-start MAC-end Server VLAN Gateway
-group -IF
------------------------------------------------------------------------------
0 default none none none none none
1 huawei none none none none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 9-11 lists the related operation for creating a DHCP MAC address segment.

Table 9-11 Related operation for creating a DHCP MAC address segment
Delete a DHCP MAC undo dhcp mac-range The MAC address segment
address segment named default cannot be deleted.
9.14 Setting the Range of a DHCP MAC Address Segment

This topic describes how to set the range of a DHCP MAC address segment. When the device
is enabled with the DHCP relay function and the forwarding mode is MAC address segment,
the range of a DHCP MAC address segment needs to be configured.
l A MAC address segment is a consecutive MAC address range specified by a start MAC
address and an end MAC address.
l The MAC address adopts the format of "H-H-H" ("H" is a 4-bit hexadecimal number).
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 2 Run the mac-range command to set the range of a MAC address segment.
Step 3 Run the quit command to exit the MAC address segment mode.
Step 4 Run the display dhcp mac-range command to query the range of the MAC address segment.
----End
Example
To set the range of MAC address segment huawei from 0000-0000-0001 to 0000-0000-0100,
do as follows:
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
------------------------------------------------------------------------------
-group -IF
------------------------------------------------------------------------------
1 huawei 0000-0000-0001 0000-0000-0100 none none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 9-12 lists the related operation for setting the range of a DHCP MAC address segment.

Table 9-12 Related operation for setting the range of a DHCP MAC address segment
Cancel the range of a MAC undo mac-range The MAC address segment
address segment named default cannot be
deleted.
9.15 Binding a DHCP Server Group with a DHCP MAC

Address Segment
This topic describes how to bind a DHCP server group with a DHCP MAC address segment.
When the device is enabled with the DHCP relay function and the DCHP server selection mode
is MAC address segment, a DHCP server group needs to be bound with a DHCP MAC address
segment.
A MAC address segment can be bound with only one DHCP server group.
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 3 Run the quit command to exit MAC address segment mode.
Step 4 Run the display dhcp mac-range command to query the information on the MAC address
segment.
----End
Example
To bind server group 10 to MAC address segment huawei, do as follows:
huawei(config-mac-range-huawei)#dhcp-server 10
hauwei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
------------------------------------------------------------------------------
-group -IF
------------------------------------------------------------------------------
1 huawei none none 10 none none
------------------------------------------------------------------------------
Total: 2

Related Operation
Table 9-13 lists the related operation for binding a DHCP server group with a DHCP MAC
address segment.
Table 9-13 Related operation for binding a DHCP server group with a DHCP MAC address
segment
To... Run the Command..
Delete the DHCP server group undo dhcp-server

from a DHCP MAC address
segment
9.16 Configuring the Gateway of a DHCP MAC Address

Segment
This topic describes how to configure the gateway of a DHCP MAC address segment. When
the device is enabled with the DHCP relay function and the forwarding mode is MAC address
segment, a DHCP MAC address segment needs to be configured with the gateway.
A DHCP MAC address segment can be configured with only one gateway address.
Procedure
Step 2 Run the dhcp mac-range gateway command to configure the gateway address.
Step 4 Run the display dhcp mac-range command to query the information on the gateway address.
----End
Example
To set the gateway address of MAC address segment huawei as 10.1.2.1, do as follows:
huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1
huawei(config)#display dhcp mac-range huawei
------------------------------------------------------------------------------
-group -IF
------------------------------------------------------------------------------
0 huawei none none none 2 10.1.2.1
------------------------------------------------------------------------------

Related Operations
Table 9-14 lists the related operations for configuring the gateway of a DHCP MAC address
segment.
Table 9-14 Related operations for configuring the gateway of a DHCP MAC address segment
Cancel the gateway of the MAC undo dhcp mac-range -

address segment on a VLAN gateway
interface
Unbind the DHCP server group from undo dhcp-server In MAC address segment
a MAC address segment mode.
9.17 Setting the DHCP Proxy Lease-Time

This topic describes how to set the DHCP proxy lease-time. After the setting, the shorter lease-
time between the lease-time allocated by the DHCP server and the lease-time allocated by the
MA5600T is used as the lease-time for a user.
Context
l Lease-time agent: indicates that the lease-time allocated by the DHCP server to a DHCP
client is replaced with a shorter lease-time, and then allocated to the client. A shorter lease-
time is used to quickly detect whether a user gets offline.
l This function takes effect only when the DHCP proxy function is enabled. For how to
enable the DHCP proxy function, see "9.5 Enabling the DHCP Proxy Function."
Procedure
Step 1 Run the dhcp proxy lease-time command to set the DHCP proxy lease-time.
Step 2 Run the display dhcp config command to query the current DHCP setting.
----End
Example
To set the DHCP proxy lease-time as one day, 12 hours, and 30 minutes, do as follows:
huawei(config)#dhcp proxy lease-time day 1 hour 12 minute 30
{ <cr>|vlan<K> }:
Command:
display dhcp config
DHCP relay mode : layer-2
DHCP proxy state : enable
DHCP proxy lease-time : 1 day(s) 12 hour(s) 30 minute(s)
Related Operation
Table 9-15 lists the related operation for setting the DHCP proxy lease-time.

Table 9-15 Related operation for setting the DHCP proxy lease-time
Delete a DHCP proxy lease- undo dhcp proxy lease-time

time
9.18 Kicking Off a DHCP User

This topic describes how to kick off a DHCP user when you find that the user is invalid, or is
offline already though the MA5600T detects that the user is still online. This operation helps to
release the resources occupied by the user.
Procedure
Step 1 Run the dhcp user kickoff command to kick off an online DHCP user.
NOTE
To kick off a DHCP user, you need to specify the user index. The user index is allocated dynamically. To
query the user indexes, run the display dhcp proxy user command.
Step 2 Run the display dhcp proxy user command to query the DHCP users.
----End
Example
To kick off a DHCP user with the index of 1, do as follows:
huawei(config)#display dhcp proxy user all
-------------------------------------------------------------------
Index : 1 IP-Address : 100.100.100.5
MAC-Address : 00E0-4C77-7115 VLANID : 4001
F/S/P : 0 /1 /32 Service-Port Index : 0
Server IP : 192.168.10.1 Expiration date : 2000-01-10 06:37
-------------------------------------------------------------------
Total: 1
huawei(config)#dhcp user kickoff 1
huawei(config)#display dhcp proxy user all
Failure: No DHCP proxy user exists

SmartAX MA5600T Multi-service Access Module 10 ARP & ARP Proxy Configuration
10 ARP & ARP Proxy Configuration
About This Chapter
This topic describes the principles of ARP and ARP proxy and the method of configuring them
on the MA5600T.
NOTE
(s) directly.
first.
10.1 Overview
This topic describes the ARP proxy service description and service specification.
10.2 ARP Proxy Configuration Example
This topic describes how to configure ARP proxy to enable users in isolated ports of the same
broadcast domain or in ports of different broadcast domains to communicate with each other.
The ARP proxy must be enabled on the L3 interface. To reduce the network load, the ARP
requests are limited in a VLAN.
10.3 Adding a Static ARP Entry
This topic describes how to configure the static mapping between the specified IP address and
the MAC address, that is, to add a static ARP entry.
10.4 Enabling the ARP Proxy
This topic describes how to enable the ARP proxy. To implement the communication between
users who are in isolated ports of the same broadcast domain or in ports of different broadcast
domains, the ARP proxy needs to be enabled on the L3 interface.

10 ARP & ARP Proxy Configuration SmartAX MA5600T Multi-service Access Module
10.1 Overview
This topic describes the ARP proxy service description and service specification.
Service Description
For two hosts in a network to communicate with each other, they are required to know the
physical addresses of each other. These physical addresses are the MAC addresses. The IP
address represents only the address of a host at the network layer. To send the data at the network
layer to a destination host, the source host must know the physical address of the destination
host; therefore, an IP address is required to be translated into an MAC address.
Address Resolution Protocol (ARP) is used to translate an IP address into a MAC address.
Through ARP proxy and a super VLAN, two PCs subject to L2 isolation can interconnect with
each other at L3.
For details on the ARP proxy feature, refer to "ARP Proxy" in the MA5600T Feature
Description.
The MA5600T can maintain ARP entries both dynamically and manually. In addition, the
MA5600T supports ARP proxy function.
The MA5600T supports the ARP protocol and maintains an ARP table for mapping between
the MAC addresses and the IP addresses. You can configure the static ARP entry manually. The
MA5600T supports up to 500 static ARP entries and 4096 dynamic ARP entries.
10.2 ARP Proxy Configuration Example

This topic describes how to configure ARP proxy to enable users in isolated ports of the same
broadcast domain or in ports of different broadcast domains to communicate with each other.
The ARP proxy must be enabled on the L3 interface. To reduce the network load, the ARP
requests are limited in a VLAN.
Networking
Figure 10-1 shows an example network for configuring the ARP proxy. PC1 and PC2 are in
sub VLAN 10, service ports 0/11/0 and 0/11/1 are isolated, and PC3 is in service port 0/12/0 of
sub VLAN 20. User packets can be forwarded in the L3 forwarding mode through upstream port
0/9/0 of the super VLAN. The IP address of the super VLAN interface is 10.0.0.254, and the
interface is in the same subnet with PC1, PC2, and PC3. After the ARP proxy function is enabled,
PC1 and PC2 can communicate with each other, and PC3 can communicate with PC1 and PC2.

Figure 10-1 Example network for configuring the ARP proxy
Router
MA5600 T
10.0.0.254/24
PC1 PC2 PC3
VLAN 10 VLAN 20
Data Plan
Table 10-1 provides the data plan for configuring the ARP proxy.
Table 10-1 Data plan for configuring the ARP proxy

Item Data
Super VLAN VLAN ID: 100
Sub VLAN: VLAN 10, VLAN 20
IP address: 10.0.0.254/24
Sub VLAN VLAN ID: 10
VLAN type: smart VLAN
User: PC1 (0/11/0), PC2 (0/11/1)
Sub VLAN VLAN ID: 20
VLAN type: MUX VLAN
User: PC3 (0/12/0)
Upstream port Port: 0/9/0
VLAN: standard VLAN 30
IP address: 10.0.1.254/24

Prerequisites
l The network equipment and line must work in the normal state.
l Service boards must work in the normal state.
l VPI/VCI configured on the modem must be 0/35.
Figure 10-2 shows the flowchart for configuring the ARP proxy.
Figure 10-2 Flowchart for configuring the ARP proxy
Start
Create a super VLAN
Create sub VLANs and add them

to the super VLAN
Configure the service ports of the

sub VLANs
Configure the upstream port
Configure the layer 3 interface of

the super VLAN
Enable the ARP proxy function
Save the data
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create Sub VLANs 3 and 4, and add them to the super VLAN.
huawei(config)#supervlan 100 subvlan 10
Step 3 Configure the service ports of the sub VLANs.



Step 4 Configure the upstream port.

Step 5 Configure the L3 interface of the super VLAN.

NOTE
The IP address of the L3 interface of the super VLAN must be in the same subnet as the IP address of the
PC.
Step 6 Enable the ARP proxy function.

1. Enable the ARP proxy function globally.
huawei(config)#arp proxy enable
2. Enable ARP proxy on the super VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable
3. Enable ARP proxy on the sub VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable subvlan 10
NOTE
Skip substep 3 in step 6 if you only want PCs in different VLANs to communicate with each other.

huawei(config)#save
----End
Result
After the global ARP proxy function and the ARP proxy function of the super VLAN interface
are enabled, PC1, PC2, and PC3 in different VLANs can communicate with each other.
After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and
that of the sub VLAN interface are enabled, PC1 and PC2 in the same VLAN can communicate
with each other.
10.3 Adding a Static ARP Entry

This topic describes how to configure the static mapping between the specified IP address and
the MAC address, that is, to add a static ARP entry.
The system supports the configuration of up to 500 static ARP entries.

Procedure
Step 1 Run the arp command to add a static ARP entry.
Step 2 Run the display arp static command and you can find that a static ARP entry has been added
successfully.
----End
Example
To add a static ARP entry to set up the mapping between the IP address 129.102.0.1 and the
MAC address 00e0-fc01-0000, passing through port 0/11/0 of VLAN 10, do as follows:
huawei(config)#arp 129.102.0.1 00e0-fc01-0000 10 0/11/0
huawei(config)#display arp static
IP Address MAC Address VLAN ID Port Type
129.102.0.1 00e0-fc01-0000 10 0/11/0 Static
--- 1 entry found ---
Related Operations
Table 10-2 lists the related operations for adding a static ARP entry.
Table 10-2 Related operations for adding a static ARP entry
Delete an ARP undo arp The system can delete both static and
entry dynamic ARP entries.
Clear an ARP reset arp You can clear a static ARP entry, a dynamic
entry ARP entry, or ARP entries related to a port.
By entering the parameter "all", you can clear
all ARP entries.
10.4 Enabling the ARP Proxy

This topic describes how to enable the ARP proxy. To implement the communication between
users who are in isolated ports of the same broadcast domain or in ports of different broadcast
domains, the ARP proxy needs to be enabled on the L3 interface.
Principles for applying the ARP proxy are as follows:
Hosts isolated at L2 can communicate with each other through the ARP proxy function of the
MA5600T. This topic offers an example for the principles of applying of the ARP proxy.
For the topology as shown in Table 10-3, to achieve interconnections between PCs in the VLAN,
you must set the ARP proxy as follows:

Table 10-3 Data plan of the ARP proxy
Super VLAN Sub VLAN PC
VLAN 100 (Super VLAN) VLAN 10 (Smart VLAN) PC A
PC B
VLAN 20 (MUX VLAN) PC C
l For the interconnection between PC A and PC B, enable the global ARP proxy and the
ARP proxy on super VLAN 2 and sub VLAN 3.
l For the interconnection between PC A and PC C, enable the global ARP proxy and the
ARP proxy on super VLAN 2.
Procedure
Step 1 Run the arp proxy command to enable the ARP proxy function.
Step 2 Run the display arp proxy command to query the configuration of the ARP proxy.
----End
Examples
To enable the global ARP proxy, do as follows:
huawei(config)#arp proxy enable
huawei(config)#display arp proxy
Global arp proxy is enabled
To enable the ARP proxy of an L3 interface, do as follows:

huawei(config-if-vlanif100)#arp proxy enable
huawei(config-if-vlanif100)#display arp proxy
VLANIF 100 : Arp proxy is enabled
To enable the ARP proxy of a sub VLAN, do as follows:

huawei(config)#vlan 100 super
huawei(config-if-vlanif100)#arp proxy enable subvlan 10
huawei(config-if-vlanif100)#display arp proxy
VLANIF 100 : Arp proxy is enabled
ARP proxy enable subvlan 10
Related Operation
Table 10-4 lists the related operation for enabling the ARP proxy.

Table 10-4 Related operation for enabling the ARP proxy

Disable the ARP proxy arp proxy disable

SmartAX MA5600T Multi-service Access Module 11 RIP Routing Protocol Configuration
11 RIP Routing Protocol Configuration
About This Chapter
This topic describes how to configure the RIP routing protocol supported by the MA5600T.
11.1 Overview
This topic describes Routing Information Protocol (RIP) and its application on the MA5600T.
11.2 Configuration Example of the Static Route
This topic provides an example for configuring the static route which enables users in different
network segments to interconnect across different MA5600T devices.
11.3 Configuration Example of RIP
This topic provides an example for configuring the RIP. Through the protocol, you can create
the route from the device to the network to implement the interconnection between the device
and the management network.
11.4 Configuration Example of a Routing Policy
This topic provides an example for configuring a routing policy for imported routes.
11.5 Adding a Static Route
This topic describes how to add a static route to the destination address. This helps to realize the
L3 interconnection among network devices in different network segments.
11.6 Configuring RIP
This topic describes how to configure RIP to make it function properly.
11.7 Controlling the RIP Routing Information
This topic describes how to control the RIP route advertisement and reception such as advertising
the aggregated routes, filtering the received routes, and importing the external routes.
11.8 Adjusting and Optimizing RIP
This topic describes how to adjust and optimize the RIP configuration to improve the RIP
network performance.
11.9 Configuring a Routing Policy
This topic describes how to configure a routing policy.
11.10 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN

11 RIP Routing Protocol Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to enable the transparent transmission function of the RIP packet based
on the VLAN. When you want to transmit the RIP packet in a VLAN transparently, enable this
function.

11.1 Overview
This topic describes Routing Information Protocol (RIP) and its application on the MA5600T.
Service Description
RIP is a distance-vector algorithm-based protocol.
RIP is a simple interior gateway protocol and it applies to the small-scale networks such as the
campus network, and the regional network with a simple architecture. In general, for the complex
application scenarios and the large-scale networks, it is not recommended to adopt RIP.
11.2 Configuration Example of the Static Route

This topic provides an example for configuring the static route which enables users in different
network segments to interconnect across different MA5600T devices.
Networking
Figure 11-1 shows an example network for configuring the static route.
In this example network, MA5600T_A, MA5600T_B, and MA5600T_C have the routing
function. It is expected that after the configuration, any two PCs can communicate with each
other.
Figure 11-1 Example network for configuring the static route
PC_C 1.1.5.1/24
ONT 1.1.5.2/24
1.1.2.2/24
1.1.3.1/24
1.1.2.1/24 MA5600T_ C 1.1.3.2/24
1.1.1.2/24 1.1.4.2/24
ONT MA5600T_ A MA5600T_ B
ONT
PC_A 1.1.1.1/24 PC_B 1.1.4.1/24
Data Plan
Table 11-1 provides the data plan for configuring the static route on the user side.

Table 11-1 Data plan for configuring the static route on the user side
Item Data
MA5600T_A Primary IP address of the L3 interface: 1.1.2.1/24
Secondary IP address of the L3 interface: 1.1.1.2/24
VLAN ID: 2
PC_A IP address: 1.1.1.1/24
MA5600T_B Secondary IP address of the L3 interface: 1.1.4.2/24
Primary IP address of the L3 interface: 1.1.3.2/24
VLAN ID: 2
PC_B IP address: 1.1.4.1/24
MA5600T_C Primary IP address of the L3 interface: 1.1.3.1/24
VLAN ID: 2
Upstream port: 0/9/0 (connecting MA5600T_A) and 0/9/1 (connecting

MA5600T_B)
PC_C IP address: 1.1.5.1/24
Configure a native VLAN of the L3 interface of each MA5600T to ensure a normal
communication among MA5600T devices.
Figure 11-2 shows the flowchart for configuring the static route.

Figure 11-2 Flowchart for configuring the static route
Start
Configure the IP address

of the layer 3 interface
Configure static routes
Configure the host

gateways
Save the data
End
NOTE
The procedure shown in the preceding flowchart is for configuring static routes on one MA5600T. To
configure static routes on multiple MA5600T devices, repeat the procedure.
Procedure
Step 1 Configure the IP address of the L3 interface.
NOTE
The configurations for the three MA5600T devices are the same. Here, the configuration of the MA5600T is
considered as an example.
huawei(config-if-vlanif2)#ip address 1.1.2.1 24 sub
Step 2 Configure static routes.

1. Configure static route for MA5600T_A.
2. Configure static route for MA5600T_B.

3. Configure static routes for MA5600T_C.

Step 3 Configure the host gateways.

1. Configure the default gateway of Host A to 1.1.1.2.
2. Configure the default gateway of Host B to 1.1.4.2.
3. Configure the default gateway of Host C to 1.1.5.2.

huawei#save
----End
Result
After the configuration, an interconnection can be set up between all the hosts and between all
the MA5600T devices.
11.3 Configuration Example of RIP

This topic provides an example for configuring the RIP. Through the protocol, you can create
the route from the device to the network to implement the interconnection between the device
and the management network.
Networking
Figure 11-3 shows an example network for configuring RIP.
MA5600T_A is subtended with MA5600T_B through port 0/9/1, and uses port 0/9/0 to transmit
services in the upstream. Besides, it connects to the management center network through the
MAN.
RIP is enabled on MA5600T_A and MA5600T_B so that the administrator can access
MA5600T_A and MA5600T_B through the RIP route. Then, you can operate and maintain
MA5600T_A and MA5600T_B.
Figure 11-3 Example network for configuring RIP
Management
center
Router
192.13.24.5/22
GE MA5600T_A
192.15.24.1/26 Loopback ip
192.13.2.1/24
MA5600T_B Operation and maintenance
Loopback ip
192.13.2.2/24 192.15.24.2/26
Data Plan
Table 11-2 provides the data plan for configuring RIP.

Table 11-2 Data plan for configuring RIP

Item Data
MA5600T_A Upstream port: 0/9/0

Administration VLAN: smart VLAN 100
IP address of the L3 interface in the administration VLAN:
192.13.24.5/22
Loopback interface address: 192.13.2.1/24
RIP version: V2
RIP route filtering policy: filtering routes based on the IP address prefix
list "abc". Only the routes with the IP addresses 192.13.2.1 and
192.13.2.2 can be advertised through the L3 interface of VLAN 100.
Subtending port: 0/9/1

Subtending administration VLAN: smart VLAN 10
IP address of the L3 interface in the subtending administration VLAN:
192.15.24.1/26
MA5600T_B Subtending port: 0/9/0

Administration VLAN: smart VLAN 10
IP address of the L3 interface in the administration VLAN:
192.15.24.2/26
Loopback interface address: 192.13.2.2/24
RIP version: V2
RIP route filtering policy: filtering routes based on the IP address prefix
list "abc". Only the route with the IP address 192.13.2.2 can be
advertised through the L3 interface of VLAN 10.
Figure 11-4 shows the flowchart for configuring RIP.

Figure 11-4 Flowchart for configuring RIP

Device A Device B
Start Start
Configure the L3 interface Configure the L3 interface
Enable RIP Enable RIP
Configure the route filtering policy Configure the route filtering policy
Configure the subtending port Save the data
Enable RIP on the subtending

End
port
Save the data
End
Procedure
l Configure MA5600T_A.
1. Configure the RIP-supported L3 interface.
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.1 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
huawei(config)#rip 1
huawei(config-rip-1)#network 192.13.24.0
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
3. Configure the route filtering policy.

huawei(config)#ip ip-prefix abc permit 192.13.2.1 32
huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 100
4. Configure the subtending port.



5. Enable RIP on the subtending port.

6. Save the data.

huawei(config)#save
l Configure MA5600T_B.
1. Configure the RIP-supported L3 interface.
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.2 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
3. Configure the route filtering policy.

huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 10
4. Save the data.

huawei(config)#save
----End
Result
The maintenance terminal of the administration center can access MA5600T_A and
MA5600T_B, and operate and maintain the two devices.
11.4 Configuration Example of a Routing Policy

This topic provides an example for configuring a routing policy for imported routes.
Networking
Figure 11-5 shows an example network for configuring the routing policy.
In this example network, two MA5600Ts that have the routing function are adopted, namely
MA5600T_A and MA5600T_B. Both of them are running the OSPF routing protocol, and within
area 0. MA5600T_A imports static routes, and MA5600T_B is configured with the routing
policy.

Figure 11-5 Example network for configuring the routing policy
Static:20.0.0.1
30.0.0.1
40.0.0.1
Vlanif2 Vlanif2
10.0.0.1/24 10.0.0.2/24
MA5600T_A Area 0 MA5600T_B

1.1.1.1 2.2.2.2
Data Plan
Table 11-3 provides the data plan for configuring the routing policy.
Table 11-3 Data plan for configuring the routing policy

Item Data
MA5600T_A IP address of the L3 interface: 10.0.0.1/24
VLAN ID: 2
Router ID: 1.1.1.1
OSPF area: 0
Static routes: 20.0.0.1, 30.0.0.1, 40.0.0.1
MA5600T_B IP address of the L3 interface: 10.0.0.2/24
VLAN ID: 2
Router ID: 2.2.2.2
OSPF area: 0
Figure 11-6 shows the flowchart for configuring the routing policy.

Figure 11-6 Flowchart for configuring the routing policy

Device A Device B
Start Start
Configure the IP address Configure the IP address

of layer 3 interface of layer 3 interface
Enable route function Configure the ACL
Configure the OSPF

Enable route function
router ID
Configure the OSPF

Configure the static routes
router ID
Import static routes Filter imported routes
Save the data Save the data
End End
Procedure
Step 1 Configuring MA5600T_A.
1. Configure the IP address of the L3 interface on MA5600T_A.
2. Enable OSPF on MA5600T_A and specify the area ID to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Configure the OSPF router ID on MA5600T_A.

huawei(config)#router id 1.1.1.1
4. Configure three static routes.

huawei(config)#ip route-static 20.0.0.1 32 vlanif 2
5. Import static routes into the OSPF routing table to improve its capability of obtaining routes.
huawei(config)#ospf
hawei(config-ospf-1)#import-route static
hawei(config-ospf-1)#quit
6. Save the data.

huawei(config)#save
Step 2 Configuring MA5600T_B.

1. Configure the IP address of the L3 interface on MA5600T_B.

2. Configure the ACL.

huawei(config-acl-basic-2000)#rule deny source 30.0.0.0 255.255.255.0
huawei(config-acl-basic-2000)#rule permit source any
huawei(config-acl-basic-2000)#quit
3. Enable OSPF on MA5600T_B and specify the area id to which the interface belongs.
huawei(config)#ospf
4. Configure the OSPF router ID of MA5600T_B.

5. Filter imported routes.

huawei(config)#ospf
uawei(config-ospf-1)#filter-policy 2000 import
6. Save the data.

huawei(config)#save
----End
Result
1. MA5600T_A and MA5600T_B run OSPF successfully, and they can communicate well
with each other.
2. After a filter is configured on MA5600T_B, parts of the three imported static routes are
available while part of them is screened. That is, routes from segments 20.0.0.0 and 40.0.0.0
are available, while the route from segment 30.0.0.0 is screened.
11.5 Adding a Static Route

This topic describes how to add a static route to the destination address. This helps to realize the
L3 interconnection among network devices in different network segments.
Prerequisite
The IP address has been configured for the L3 interface.
l The system supports up to 1000 static routes.
l The following items are contained in a static route:
– Destination address: It is used to label the destination address or destination network of
an IP packet.
– Subnet mask: The subnet mask is comprised of consecutive "1"s, and expressed in dotted
decimal format, or the count of consecutive "1"s. The mask is used with the destination
address to identify the subnet address of the destination host or router.

– Output interface: It specifies the interface of a router for IP packet forwarding.

– Next hop IP address: It indicates the next router that an IP packet passes through.
– Route priority: When there are multiple routes with different priorities to the same
destination, the route with the highest priority (smallest value) is the optimal one. The
default priority of a static route is 60.
l When configuring a static route, specify the transmit interface or the next hop IP address
if necessary. For a port supporting ARP or connecting to a point-to-point network, the
destination IP address is in the network that connects to the port directly. In this case, you
need to specify the transmit interface.
l A route with both the destination IP address and network mask being 0.0.0.0 is the default
route. If no matching route is found in the routing table for an IP packet, the packet is
forwarded over the default route.
Procedure
Step 1 Run the ip route-static command to add a static route.
Step 2 Run the display ip routing-table command to query the routing table.
----End
Example
To set up a static route to the subnet 10.71.8.0 through gateway 10.71.53.1, do as follows:
huawei(config)#display ip routing-table protocol static
{ <cr>|inactive<K>|verbose<K> }:
Command:
display ip routing-table protocol static
Total static routes configed in Public routing table: 3
Public routing table : Static

Static routing table status : <Active>

Static routing table status : <Inactive>

Destination/Mask Proto Pre Cost NextHop Interface
10.71.8.0/24 Static 60 0 10.71.53.1

10.71.53.0/24 Static 60 0 10.71.8.0
10.71.54.0/24 Static 60 0 10.71.8.0
Related Operation
Table 11-4 lists the related operation for adding a static route.
Table 11-4 Related operation for adding a static route

Delete a static route undo ip route-static

11.6 Configuring RIP

This topic describes how to configure RIP to make it function properly.
11.6.1 Enabling the RIP Process
This topic describes how to enable the RIP process.
11.6.2 Setting the RIP Version
This topic describes how to set the RIP version.
11.6.3 Enabling an Interface to Receive/Transmit RIP Packets
This topic describes how to enable an interface to receive and transmit RIP packets.
11.6.1 Enabling the RIP Process

This topic describes how to enable the RIP process.
To configure the global parameters of RIP, you need to enable RIP first. However, you do not
have to comply with this when configuring the interface related parameters.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the display rip command to query the RIP.
----End
Example
To enable RIP process 1, do as follows:
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0

Number of route changes : 0

Number of replies to queries : 0
Number of routes in database : 0
Number of interfaces enabled : 0
Related Operation
Table 11-5 lists the related operation for enabling the RIP process.
Table 11-5 Related operation for enabling the RIP process

Disable RIP process undo rip
11.6.2 Setting the RIP Version

This topic describes how to set the RIP version.
l The MA5600T supports packets in two formats: RIP-1 and RIP-2.
l The default is RIP-1.
Procedure
Step 2 Run the version command to set the RIP version.
Step 3 Run the display rip command to query the RIP information.
----End
Example
To set the format of packets as RIP-2, do as follows:
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled


Networks : None
Related Operation
Table 11-6 lists the related operation for setting the RIP version.
Table 11-6 Related operation for setting the RIP version
Restore the system default format of the RIP packets undo version
11.6.3 Enabling an Interface to Receive/Transmit RIP Packets

This topic describes how to enable an interface to receive and transmit RIP packets.
By default, an interface is enabled to receive and transmit RIP packets.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip input (rip output) command to enable an interface to receive/transmit RIP packets.
----End
Examples
To allow VLAN interface 2 to receive RIP packets, do as follows:
huawei(config-if-vlanif2)#rip input
To allow VLAN interface 2 to transmit RIP packets, do as follows:

huawei(config-if-vlanif2)#rip output
Related Operations
Table 11-7 lists the related operations for enabling an interface to receive and transmit RIP
packets.

Table 11-7 Related operations for enabling an interface to receive and transmit RIP packets
Prevent an interface from undo rip output -

transmitting RIP packets
Prevent an interface from undo rip input -

receiving RIP packets
Set the interface to the silent-interface When the interface is in

suppression state suppression state, it only
receives the RIP packets to
update its routing table, but it
cannot send RIP packets.
NOTE
l The configuration by running
the silent-interface command
has higher priority over that
made on the interface by
running the rip input/rip
output command.
l By default, the interface is not
in suppression state.
11.7 Controlling the RIP Routing Information

This topic describes how to control the RIP route advertisement and reception such as advertising
the aggregated routes, filtering the received routes, and importing the external routes.
11.7.1 Setting the Cost of the Default Route
This topic describes how to set the cost of the default route.
11.7.2 Specifying the Default Routing Metric
This topic describes how to specify the default routing metric.
11.7.3 Setting the Additional Metric of a Route
This topic describes how to set the additional metric of a route.
11.7.4 Enabling the Route Summarization
This topic describes how to enable the route summarization.
11.7.5 Configuring a Summary Route IP Address
This topic describes how to configure the IP address of a summary route.
11.7.6 Disabling Receiving Host Routes
This operation prohibits the router from receiving host routes. In some special cases, the router
can receive a number of host routes from the same subnet, and these routes are of little help in
route addressing, but consume vast amounts of network resources. In this case, receiving host
routes should be disabled.
11.7.7 Configuring the RIP Preference
This topic describes how to set RIP preference.
11.7.8 Importing the Routes of Other Protocols
This topic describes how to import the routes of other protocols.

11.7.9 Configuring the Route Filtering Policy

This topic describes how to configure the route filtering policy to filter unnecessary routes.
11.7.10 Verifying the Source IP Address of a RIP Route Update
This topic describes how to verify the source IP address of a RIP route update.
11.7.1 Setting the Cost of the Default Route

This topic describes how to set the cost of the default route.
Procedure
Step 2 Run the default-route originate command to create a default route and set its cost.
Step 3 Run the display rip command to query the configured cost of the default route.
----End
Example
To create a default route and set its cost as 5, do as follows:
huawei(config-rip-1)#default-route originate cost 5
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Default routes : Enabled Default route cost : 5
Networks : None
Related Operation
Table 11-8 lists the related operation for setting the cost of the default route.
Table 11-8 Related operation for setting the cost of the default route
Delete the default route undo default-route originate

11.7.2 Specifying the Default Routing Metric

This topic describes how to specify the default routing metric.
Procedure
Step 2 Run the default-cost command to specify the default routing metric.
Step 3 Run the display rip command to query the configuration information on the default routing
metric.
----End
Example
To set the default routing metric to 10, do as follows:
huawei(config-rip-1)#default-cost 10
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Networks : None
Related Operation
Table 11-9 lists the related operation for specifying the default routing metric.
Table 11-9 Related operation for specifying the default routing metric
Restore the default routing metric undo default-cost

11.7.3 Setting the Additional Metric of a Route

This topic describes how to set the additional metric of a route.
The default input metric is 0 while the default output metric is 1.
Procedure
Step 2 Run the rip metricin (rip metriout) command to set the added metric when the interface
receives or transmits the RIP packets.
----End
Examples
To set the added metric to 5 when the interface receives the RIP packets, do as follows:
huawei(config-if-vlanif2)#rip metricin 5
To set the added metric to 5 when the interface transmits the RIP packets, do as follows:
huawei(config-if-vlanif2)#rip metriout 5
Related Operations
Table 11-10 lists the related operations for setting the additional metric of a route.
Table 11-10 Related operations for setting the additional metric of a route
Restore the default added metric undo rip metricin

when the interface receives the RIP
packets
Restore the default added metric undo rip metricout

when the interface transmits the RIP
packets
11.7.4 Enabling the Route Summarization

This topic describes how to enable the route summarization.
Route summarization is to combine routes of different subnets into one route. Route
summarization helps to reduce the routing traffic on the network as well as the size of the routing
table.

Procedure
Step 1 Run the rip command to start RIP process.
Step 2 Run the summary command to enable the route summarization.
Step 3 Run the display rip command to query the configuration of default route summarization.
----End
Example
To enable the route summarization, do as follows:
huawei(config-rip-1)#summary
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Networks : None
Related Operation
Table 11-11 lists the related operation for enabling the route summarization.
Table 11-11 Related operation for enabling the route summarization
Disable the route summarization undo summary
11.7.5 Configuring a Summary Route IP Address

This topic describes how to configure the IP address of a summary route.

l The summary address is valid only when the classful summarization is disabled.
l With split horizon or poison reverse is enabled, summary address and classful
summarization fail. That is, to transmit route summarization to neighbors, disable split
horizon or poison reverse of the related interface.
Procedure
Step 1 Runt the interface vlanif command to enter VLAN interface mode.
Step 2 Runt the rip summary-address command to configure IP address of a summary route.
----End
Example
To configure the summary IP address of VLAN interface 2 as 10.0.0.0, do as follows:
huawei(config-if-vlanif2)#rip summary-address 10.0.0.0 255.255.255.0
Related Operation
Table 11-12 lists the related operation for configuring a summary route IP address.
Table 11-12 Related operation for configuring a summary route IP address

Cancel the specified summary route IP undo rip summary-address

address
11.7.6 Disabling Receiving Host Routes

This operation prohibits the router from receiving host routes. In some special cases, the router
can receive a number of host routes from the same subnet, and these routes are of little help in
route addressing, but consume vast amounts of network resources. In this case, receiving host
routes should be disabled.
By default, receiving host routes is enabled.
Procedure
Step 2 Run the undo host-route command to prohibit the host route from being added to the route
table.
Step 3 Run the display rip command to query the configuration of the host route.
----End

Example
To set the system to prohibit the host route from being added to the route table, do as follows:
huawei(config-rip-1)#undo host-route
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Networks : None
Related Operation
Table 11-13 lists the related operation for disabling receiving host routes.
Table 11-13 Related operation for disabling receiving host routes

Receive host routes host-route
11.7.7 Configuring the RIP Preference

This topic describes how to set RIP preference.
l Each kind of IGP routing protocol has its own preference. The route policy selects the route
of the routing protocol with the highest preference as the optimal route.
l The greater the preference value, the lower the preference.
l The default RIP preference is 100.

Procedure
Step 2 Run the preference command to configure the RIP preference.
Step 3 Run the display rip command to query the configuration of RIP preference.
----End
Example
To set the RIP preference to 120, do as follows:
huawei(config-rip-1)#preference 120
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Networks : None
Related Operation
Table 11-14 lists the related operation for configuring the RIP preference.
Table 11-14 Related operation for configuring the RIP preference

Restore the default RIP preference undo preference
11.7.8 Importing the Routes of Other Protocols

This topic describes how to import the routes of other protocols.
To enhance the routing function, the MA5600T allows RIP to import routes (including direct
route, static routes and OSPF routes) of other protocols into the routing table at a certain metric.

This greatly improves the capability of RIP to obtain routes and enhances the performance of
RIP.
Procedure
Step 2 Run the import-route command to import static routes.
----End
Example
To import static routes, do as follows:
huawei(config-rip-1)#import-route static
Related Operation
Table 11-15 lists the related operation for importing the routes of other protocols.
Table 11-15 Related operation for importing the routes of other protocols
Stop importing the routes of other protocols undo import-route
11.7.9 Configuring the Route Filtering Policy

This topic describes how to configure the route filtering policy to filter unnecessary routes.
The route filtering can be performed based on the ACL, IP-prefix list of the system, or the IP-
prefix of the VLAN interface. Routes which fail to meet the filtering criteria are not be received
or sent.
Procedure
Step 2 Run the filter-policy ip-prefix export static command to configure the route filtering policy.
----End
Example
To filter the transmitted RIP routing updates based on the IP-prefix list abc, do as follows:
huawei(config-rip-1)#filter-policy ip-prefix abc export static

Related Operation
Table 11-16 lists the related operation for configuring the route filtering policy.
Table 11-16 Related operation for configuring the route filtering policy
Delete the route filtering policy undo filter-policy
11.7.10 Verifying the Source IP Address of a RIP Route Update

This topic describes how to verify the source IP address of a RIP route update.
In general, do not disable this function.
Procedure
Step 2 Run the verify-source command to verify the source IP address of a RIP route update.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To enable the RIP route verification function, do as follows:
huawei(config-rip-1)#verify-source
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Networks : None

Related Operation
Table 11-17 lists the related operation for verifying the source IP address of a RIP route update.
Table 11-17 Related operation for verifying the source IP address of a RIP route update
Disable the verification function undo verify-source
11.8 Adjusting and Optimizing RIP

This topic describes how to adjust and optimize the RIP configuration to improve the RIP
11.8.1 Configuring the RIP Timer
This topic describes how to configure the RIP timer to improve the RIP running performance.
11.8.2 Configuring the Zero Field Check for RIP-I Packets
This topic describes how to configure the zero field check for RIP-1 packets.
11.8.3 Configuring the RIP-2 Authentication Mode
This topic describes how to configure the RIP-2 authentication mode.
11.8.4 Enabling the Split Horizon Function
This topic describes how to enable the split horizon function.
11.8.5 Enabling the Poison Reverse Function
This topic describes how to enable the poison reverse function.
11.8.1 Configuring the RIP Timer

This topic describes how to configure the RIP timer to improve the RIP running performance.
By default:
l The interval for sending the update packet is 30s.

l The route expiration time is 180s.
l The suppression time is 0s.
l The aging time of the route in the route table (garbage-collect time defined in the standard)
is 120s.
In general, do not change the default values of the timer.
The suppression time must be set to 0. Otherwise, the system prompts "Suppress time will not
take effect in system."
Procedure

Step 2 Run the timers rip command to configure the RIP timer.
Step 3 Run the display rip route command to query configuration information on the RIP timer.
----End
Example
To set the interval for sending the update packet to 35s, route expiration time as 170s, suppression
time as 0s and garbage-collect time as 240s, do as follows:
huawei(config-rip-1)#timers rip 35 170 0 240
Command:
display rip 1
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Silent interfaces :
vlanif7
Networks :
192.0.1.0
Configured peers :
10.0.0.1
Related Operation
Table 11-18 lists the related operation for configuring the RIP timer.
Table 11-18 Related operation for configuring the RIP timer
Restore the default RIP timer configuration undo timers rip
11.8.2 Configuring the Zero Field Check for RIP-I Packets

This topic describes how to configure the zero field check for RIP-1 packets.

If the field is not zero, RIP refuses to process the packet.
Procedure
Step 2 Run the checkzero command to configure the zero field check for RIP-1 packets.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To configure the zero field check for RIP-1 packets, do as follows:
huawei(config-rip-1)#checkzero
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Networks : None
Related Operation
Table 11-19 lists the related operation for configuring the zero field check for RIP-1 packets.
Table 11-19 Related operation for configuring the zero field check for RIP-1 packets
Cancel the zero field check for RIP-1 packets undo checkzero

11.8.3 Configuring the RIP-2 Authentication Mode

This topic describes how to configure the RIP-2 authentication mode.
RIP-2 supports two authentication modes: plain text authentication and MD5 encrypted text
authentication.
l The plain text authentication does not ensure security. The authentication key, which is not
encrypted, is sent together with the packet.
l MD5 encrypted text authentication ensures security in that the authentication key is
encrypted and then sent. MD5 encrypted text authentication has two formats: one is a
common packet format and the other is a non-standard packet format.
Procedure
Step 2 Run the rip authentication-mode command to configure the RIP-2 authentication mode.
----End
Example
To configure the RIP-2 authentication mode as plain text mode and password as huawei, do as
follows:
huawei(config-if-vlanif2)#rip authentication-mode simple huawei
Related Operation
Table 11-20 lists the related operation for configuring the RIP-2 authentication mode.
Table 11-20 Related operation for configuring the RIP-2 authentication mode
Cancel the RIP authentication undo rip authentication-mode
11.8.4 Enabling the Split Horizon Function

This topic describes how to enable the split horizon function.
l Once the function is enabled, RIP does not send the routing information learned from a
neighbor back to it again. This helps to prevents routing loops.
l By default, the split horizon function is enabled.
l The split horizon and poison reserve functions cannot be enabled at the same time.

Procedure
Step 2 Run the rip split-horizon command to enable the split horizon function.
----End
Example
To enable the RIP split horizon function, do as follows:
huawei(config-if-vlanif2)#rip split-horizon
Related Operation
Table 11-21 lists the related operation for enabling the split horizon function.
Table 11-21 Related operation for enabling the split horizon function
Disable the split horizon undo rip split-horizon

function
11.8.5 Enabling the Poison Reverse Function

This topic describes how to enable the poison reverse function.
You are not allowed to enable both the split horizon and poison reverse functions at the same
time.
Procedure
Step 2 Run the rip poison-reverse command to enable the poison reverse function.
----End
Example
To enable the RIP poison reverse function, do as follows:
huawei(config-if-vlanif2)#rip poison-reverse
NOTE
Once the function is enabled, if a route breaks down but is still kept in RIP packets, the route is configured
as infinite, that is, the routing metric is set as 16. The poison reversal function helps to prevent routing
loops among multiple routers.

Related Operation
Table 11-22 lists the related operation for enabling the poison reverse function.
Table 11-22 Related operation for enabling the poison reverse function
Disable the poison reversal undo rip poison-reverse

function
11.9 Configuring a Routing Policy

This topic describes how to configure a routing policy.
11.9.1 Defining a Routing Policy

This topic describes how to define a routing policy.
11.9.2 Defining the If-match Clause of a Route Policy
This topic describes how to define the if-match clause of a route policy. The if-match clause
defines the matching rules, namely the preconditions for routes to pass the current route policy,
based on the attributes of the routes.
11.9.3 Defining the Apply Clause of a Route Policy
This topic describes how to define the apply clause of a route policy.
11.9.1 Defining a Routing Policy

This topic describes how to define a routing policy.
l Up to 1000 route policies can be defined in the system, and each routing policy can be
configured with up to 20 nodes.
l A routing policy may consist of several nodes, with each node as a unit for the match test.
The node number is also the matching order.
l The relationship between nodes of a routing policy is "or". The system checks every node
of a routing policy. If one node passes the match test, it means that the routing policy passes
the match test.
l Every node consists of if-match clause and apply clause:
– The if-match clause defines the matching order. The relationship between two if-
match clauses of a node is "and". In other words, the match test can be considered as
pass-through only when all if-match clauses of a node are met.
– The apply clause specifies the action to be taken when node match test is conducted,
that is, set some attributes of the routes.
Parameter Description
Table 11-23 lists the parameters for defining a routing policy.

Table 11-23 Parameters for defining a routing policy
permit It specifies the matching mode of a node as "permit". When a

route entry passes a node, the system executes the apply clause
of the node without the test by the next node. If the route entry
fails to pass the filtering, the route goes to the next node for test.
deny It specifies the matching mode of a mode as "deny". In this

mode, the apply clause of the node is not executed. When a
route entry meets all if-match clauses of a node, the route entry
does not go to the next node for test. If a route entry does not
meet any if-match clause of a node, the route entry goes to the
next node for test.
Procedure
Step 1 Run the route-policy command to create a routing policy and the enter routing policy
configuration mode.
Step 2 Run the display route-policy command to query the running status of the configured routing
policy.
----End
Example
To configure routing policy 1 with node number of 10 and the matching mode "permit", do as
follows:
huawei(config)#route-policy policy1 permit node 10
Info: New Sequence of this List !
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:policy1
Command:
display route-policy policy1
Route-policy : policy1
permit : 10
Related Operation
Table 11-24 lists the related operation for configuring a routing policy.
Table 11-24 Related operation for configuring a routing policy

Command...
Delete a routing policy undo route-policy By default, no routing policy is

defined.

11.9.2 Defining the If-match Clause of a Route Policy

This topic describes how to define the if-match clause of a route policy. The if-match clause
defines the matching rules, namely the preconditions for routes to pass the current route policy,
based on the attributes of the routes.
l By default, no match action is taken.
l The relationship between two if-match clauses of a node is "and". The match test can be
considered as pass-through only when all if-match clauses of a node are met. The apply
clause specifies the action to be taken when node match test is conducted.
l If no if-match clause is specified, all routes can pass through the node.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match ip command to set the filtering criteria of routing information.
Step 3 Run the display route-policy command to query the configuration information.
----End
Example
To set filtering the address prefix list p1 of destination address of route, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip next-hop ip-prefix p1
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Related Operation
Table 11-25 lists the related operation for defining the route policy matching rule.
Table 11-25 Related operation for defining the route policy matching rule
Delete the route policy matching undo if-match ip

rule
11.9.3 Defining the Apply Clause of a Route Policy

This topic describes how to define the apply clause of a route policy.

l The apply clause specifies the commands to be used for modifying the attributes of the
routes when if-match clauses are met.
l By default, no setting is available.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match command to set the filtering criteria of routing information.
Step 3 Run the apply tag command to set the tag of the route information.
Step 4 Run the display route-policy command to query the configured route policy.
----End
Example
To set the routing information tag of the filtered route as 100, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip-prefix p1
huawei(config-route-policy)#apply tag 100
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Apply clauses :
apply tag 100
Related Operation
Table 11-26 lists the related operation for modifying the attributes of the filtered route.
Table 11-26 Related operation for modifying the attributes of the filtered route
Cancel the modification of the undo apply

attributes of the filtered route

11.10 Enabling the Transparent Transmission function of

the RIP Packet Based on the VLAN
This topic describes how to enable the transparent transmission function of the RIP packet based
on the VLAN. When you want to transmit the RIP packet in a VLAN transparently, enable this
function.
By default, the function is disabled.
Procedure
Step 1 Run the rip tunnel command to enable the transparent transmission function of the RIP packet
based on the VLAN.
Step 2 Run the display rip tunnel command to query the status of the function.
----End
Example
To enable the transparent transmission function of the RIP packet based on VLAN 10, do as
follows:
huawei(config)#rip tunnel enable vlan 10
huawei(config)#display rip tunnel vlan 10
rip tunnel is enable

SmartAX MA5600T Multi-service Access Module 12 OSPF Routing Protocol Configuration
12 OSPF Routing Protocol Configuration
About This Chapter
This topic describes how to configure the OSPF routing protocol supported by the MA5600T.
NOTE
(s) directly.
first.
12.1 Overview
This topic describes the Open Shortest Path First (OSPF) routing protocol and its application on
the MA5600T.
12.2 Configuration Example of OSPF
This topic provides an example for configuring OSPF on the MA5600T.
12.3 Configuring OSPF
This topic describes how to configure OSPF.
12.4 Controlling the OSPF Routing Information
This topic describes how to control the OSPF routing information, including transmitting
aggregation routes, filtering received routes, and importing external routes.
12.5 Adjusting and Optimizing OSPF
This topic describes how to adjust and optimize the OSPF configuration to improve the OSPF

12 OSPF Routing Protocol Configuration SmartAX MA5600T Multi-service Access Module
12.1 Overview
This topic describes the Open Shortest Path First (OSPF) routing protocol and its application on
the MA5600T.
Service Description
OSPF is a dynamic routing protocol based on the link state algorithm such as the Shortest Path
First (SPF) algorithm.
OSPF is an interior gateway protocol (IGP), which is used to divide the network of an
Autonomous System (AS) into different tiers of areas for management, thus decreasing the
number of OSPF packets, and accelerating the convergence of the network.
OSPF applies to the networks of various scales, and supports up to hundreds of routers in a
network.
12.2 Configuration Example of OSPF

This topic provides an example for configuring OSPF on the MA5600T.
Networking
Figure 12-1 shows an example network for configuring OSPF.
In this example network, OSPF is enabled on the four MA5600Ts. Besides, MA5600T_A is
configured with the highest designated router (DR) priority, MA5600T_C is configured with
the second highest DR priority, and MA5600T_A realizes the broadcast of network link status
for the DR.
Figure 12-1 Example network for configuring OSPF
MA5600T_ A 1.1.1.1 MA5600T_D 4.4.4.4
DR
192.1.1.1/24 192.1.1.4/24
192.1.1.2/24 192.1.1.3/24
BDR
MA5600T_B 2.2.2.2 MA5600T_C 3.3.3.3
Data Plan
Table 12-1 provides the data plan for configuring OSPF.

Table 12-1 Data plan for configuring OSPF

Item Data Remarks
MA5600T_A IP address of the L3 interface: -

192.1.1.1/24
Priority: 100 -
VLAN ID: 2 -
Router ID: 1.1.1.1 -
MA5600T_B IP address of the L3 interface: -

192.1.1.2/24
Priority: 80 -
VLAN ID: 2 -
MA5600T_C IP address of the L3 interface: -

192.1.1.3/24
Priority: 90 -
VLAN ID: 2 -
MA5600T_D IP address of the L3 interface: -

192.1.1.4/24
Priority: not configured Default: 1
VLAN ID: 2 -
l The native VLAN of each interface of the MA5600T must be configured to ensure a normal
communication.
l The OSPF area IDs of the MA5600T devices must be consistent.
Figure 12-2 shows the flowchart for configuring OSPF.

Figure 12-2 Flowchart for configuring OSPF
Start
Configure the IP address

of the layer 3 interface
Configure the OSPF

router ID
Enable OSPF
Configure the OSPF priority
Save the data
End
NOTE
The procedure shown in the preceding flowchart is for configuring OSPF on one MA5600T. To configure
OSFP on multiple MA5600T devices, repeat the procedure.
Procedure
Step 1 Configure MA5600T_A.
2. Configure the OSPF Router ID.

3. Enable OSPF.
huawei(config)#ospf
4. Configure the OSPF priority.

huawei(config-if-vlanif2)#ospf dr-priority 100
5. Save the data.

huawei(config)#save
Step 2 Configure MA5600T_B.



3. Enable OSPF.
huawei(config)#ospf

5. Save the data.

huawei(config)#save
Step 3 Configure MA5600T_C.


3. Enable OSPF.
huawei(config)#ospf

5. Save the data.

huawei(config)#save
Step 4 Configure MA5600T_D.


3. Enable OSPF.
huawei(config)#ospf


4. Save the data.

huawei#save
----End
Result
Run the display ip routing-table command and you can find the learnt route table. Hosts can
communicate with each other.
12.3 Configuring OSPF

This topic describes how to configure OSPF.
12.3.1 Enabling the OSPF Process

This topic describes how to enable the OSPF process.
12.3.2 Configuring the DR Priority
This topic describes how to configure the DR priority. To reduce the OSPF packet traffic in the
network segment, a router is specified as the DR and another router is specified as the BDR
according to the interface DR priority.
12.3.3 Setting an OSPF Router ID
This topic describes how to configure the ID for a router.
12.3.4 Disabling the OSPF Packet Transmission on an Interface
This topic describes how to prohibit an interface from transmitting OSPF packets to enhance
the network adaptability of OSPF and reduce the consumption of system resources.
12.3.5 Entering OSPF Area Config Mode
This topic describes how to enter OSPF area config mode.
12.3.6 Configuring the Subnets for an Area
This topic describes how to configure the interface running OSPF and the area of the interface.
12.3.7 Configuring the OSPF Stub Area
This topic describes how to configure an area as an OSPF Stub area and set its attributes. The
Stub area is a non-backbone area with one ABR at the edge of the autonomous system. The ABR
of the Stub area does not transmit the external routes of the autonomous system, thus greatly
decreasing the route information transmission and the size of the route tables of routers in this
area.
12.3.8 Configuring an NBMA Adjacent Router
This topic describes how to manually configure a router adjacent to the NBMA interface.
Because the adjacent router cannot be found dynamically through broadcasting the Hello packet
in the NBMA network, the adjacent router must be specified manually.
12.3.9 Enabling the OSPF Logging Function
This topic describes how to enable the OSPF logging function.
12.3.10 Configuring the Network Type on an OSPF Interface
This topic describes how to configure the network type for an OSPF interface.

12.3.11 Configuring the MTU of the DD Packet

This topic describes how to configure the MTU of the DD packet.
12.3.1 Enabling the OSPF Process

This topic describes how to enable the OSPF process.
l By default, OSPF is disabled.
l To configure the related parameters, enable OSPF first.
Procedure
Step 1 Run the ospf command to enable the OSPF process.
Step 2 Run the display ospf command to query the OSPF process.
----End
Example
To enable OSPF process 1, do as follows:
huawei(config)#ospf 1
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 10.71.62.27
OSPF Protocol Information
RouterID: 10.71.62.27 Border Router:
Route Tag: 0
Multi-VPN-Instance is not enabled
Spf-schedule-interval: 5
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 0
RFC 1583 Compatible
Retransmission limitation is disabled
Area Count: 0 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Related Operation
Table 12-2 lists the related operation for enabling the OSPF process.
Table 12-2 Related operation for enabling the OSPF process

Disable OSPF undo ospf

12.3.2 Configuring the DR Priority

This topic describes how to configure the DR priority. To reduce the OSPF packet traffic in the
network segment, a router is specified as the DR and another router is specified as the BDR
according to the interface DR priority.
l OSPF does not support the configuration of the DR priority for interface NULL.
l The DR is for broadcast or NBMA type interfaces. The interfaces of p2p, p2mp network
type do not need DR election.
l Before this operation, the IP address of the L3 interface must be in an OSPF domain.
Procedure
Step 2 Run the ospf dr-priority command to configure the DR priority.
Step 3 Run the display ospf interface command to query the DR priority.
----End
Example
To configure the DR priority 8 for VLAN interface 2, do as follows:
huawei(config)#display ospf interface vlanif 2
Interfaces
Interface: 192.1.1.1 (vlanif2)
Cost: 1 State: Down Type: Broadcast MTU: 1500
Priority: 8
Designated Router: 0.0.0.0
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
12.3.3 Setting an OSPF Router ID

This topic describes how to configure the ID for a router.
A router ID is a 32-bit unsigned integer, which uniquely identifies a router in the AS.
Procedure
Step 1 (Optional) Run the ospf router-id command to set an OSPF router ID.
NOTE
If this operation is omitted, the router ID configured by running the router id command in global config
mode is used as the OSPF router ID.

Step 2 Run the display ospf brief command to query the configured OSPF router ID.
----End
Example
To set the ID of a router as 192.168.1.1, do as follows:
huawei(config)#ospf router-id 192.168.1.1
Warning: OSPF The new router id will be activated only after Reset Ospf Process
huawei(config)#reset ospf 1 process
Route Tag: 0
RFC 1583 Compatible
Related Operation
Table 12-3 lists the related operation for setting an OSPF router ID.
Table 12-3 Related operation for setting an OSPF router ID
Disable the OSPF process undo ospf
12.3.4 Disabling the OSPF Packet Transmission on an Interface

This topic describes how to prohibit an interface from transmitting OSPF packets to enhance
the network adaptability of OSPF and reduce the consumption of system resources.
After the transmission is disabled on an interface, the interface should be in silent state. The
interface can still advertise its direct route. However, the OSPF Hello packets of the interface
are blocked, and no adjacency can be set up on the interface.
Procedure
Step 2 Run the silent-interface command to prohibit an interface from transmitting OSPF packets.
----End

Example
To prohibit VLAN interface 7 from transmitting OSPF packets, do as follows:
huawei(config-ospf-1)#silent-interface vlanif 7
Related Operation
Table 12-4 lists the related operation for prohibiting an interface from transmitting OSPF
packets.
Table 12-4 Related operation for prohibiting an interface from transmitting OSPF packets
Allow an interface to send undo silent-interface By default, the system

OSPF packets allows an interface to send
OSPF packets.
12.3.5 Entering OSPF Area Config Mode

This topic describes how to enter OSPF area config mode.
l OSPF further divides the AS into different areas. Routing information is transmitted
between the areas through the ABRs which are located at the boarders of the areas. This
helps to reduce the number of OSPF packets in the network, thus improving the
performance of OSPF.
l If the specified area does not exist, the system first creates the area and then enters area
config mode.
l An area ID can be set in the form of an integer or an IP address, but it is displayed only in
the form of an IP address.
l If an area ID is an integer, the MA5600T automatically converts the integer into an IP
address.
Procedure
Step 2 Run the area command to add an area and enter the configuration mode of the area.
----End
Example
To create area 1 and enter area config mode, do as follows:
huawei(config-ospf-100-area-0.0.0.1)#

Related Operation
Table 12-5 lists the related operation for entering OSPF area config mode.
Table 12-5 Related operation for entering OSPF area config mode
Delete an area undo area
12.3.6 Configuring the Subnets for an Area

This topic describes how to configure the interface running OSPF and the area of the interface.
Wildcard-mask in the network command is the reverse of the IP address, that is, the mask of
the IP address is reserved (0 changed to 1 and 1 changed to 0). "1" indicates the digit in the IP
address is omitted and "0" indicates that the digit must be reserved.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 3 Run the network command to configure the interface running OSPF and the area the interface
belongs to.
----End
Example
To configure the subnet 192.1.1.0 for the interface running OSPF, do as follows:
Related Operation
Table 12-6 lists the related operation for configuring the subnets for an area.
Table 12-6 Related operation for configuring the subnets for an area
Delete the interface running OSPF undo network
12.3.7 Configuring the OSPF Stub Area

This topic describes how to configure an area as an OSPF Stub area and set its attributes. The
Stub area is a non-backbone area with one ABR at the edge of the autonomous system. The ABR

of the Stub area does not transmit the external routes of the autonomous system, thus greatly
decreasing the route information transmission and the size of the route tables of routers in this
area.
Procedure
Step 3 Run the stub command to configure the OSPF stub area.
----End
Example
To configure OSPF area 1 as a Stub area, do as follows:
huawei(config-ospf-1-area-0.0.0.1)#stub
Related Operations
Table 12-7 lists the related operations for configuring a Stub area.
Table 12-7 Related operations for configuring a Stub area
Delete a Stub area undo stub
Configure a Stub router (undo)stub-router
12.3.8 Configuring an NBMA Adjacent Router

This topic describes how to manually configure a router adjacent to the NBMA interface.
Because the adjacent router cannot be found dynamically through broadcasting the Hello packet
in the NBMA network, the adjacent router must be specified manually.
l By default, the preference for NBMA interface adjacent router is 1.
l Up to 128 adjacent routers can be configured in a process.
Procedure
Step 2 Run the peer command to configure an NBMA adjacent router.
----End

Example
To configure the IP address of the NBMA adjacent router as 1.1.1.1 and specify the DR priority
as 120, do as follows:
huawei(config-ospf-1)#peer 1.1.1.1 dr-priority 120
Related Operation
Table 12-8 lists the related operation for configuring an NBMA adjacent router.
Table 12-8 Related operation for configuring an NBMA adjacent router

Cancel the configuration of the undo peer

NBMA adjacent router
12.3.9 Enabling the OSPF Logging Function

This topic describes how to enable the OSPF logging function.
Procedure
Step 2 Run the enable log command to query log information.
----End
Example
To enable the logging function of OSPF, do as follows:
huawei(config-ospf-1)#enable log config
Related Operation
Table 12-9 lists the related operation for enabling the OSPF logging function.
Table 12-9 Related operation for enabling the OSPF logging function
Disable the logging function of undo enable log

OSPF
12.3.10 Configuring the Network Type on an OSPF Interface

This topic describes how to configure the network type for an OSPF interface.

OSPF divides networks into four types. By default, the network type of an interface is determined
by the physical interface. For details, see Table 12-10.
Table 12-10 Description of the network types
Network Description Default

type
Broadcast The default network type. The default network type of

an Ethernet port is broadcast.
NBMA Non-Broadcast Multi-Access. This type of The default network type of

network is fully connected, non-broadcast and an ATM interface is NBMA.
multi-access. The ATM network is of this type.
p2mp Point-to-Multipoint -
p2p Point-to-Point The default network type of

a serial port is P2P.
Procedure
Step 2 Run the ospf network-type command to configure the network type.
----End
Example
Assume that the Ethernet port 0/9/0 is in VLAN 2, to configure the network type of the port
0/9/0 as P2P, do as follows:
huawei(config-vlanif-2)#ospf network-type p2p
Related Operation
Table 12-11 lists the related operation for configuring the network type on an OSPF interface.
Table 12-11 Related operation for configuring the network type on an OSPF interface
Restore the default network type of the undo ospf network-type

OSPF interface

12.3.11 Configuring the MTU of the DD Packet

This topic describes how to configure the MTU of the DD packet.
l After the adjacency is set up between two routers, the routers begin to transmit DD packets
to each other to exchange the owned routing information.
l By default, the interface does not fill in the MTU field while transmitting DD packets. In
other words, the MTU field in the DD packets is 0.
Procedure
Step 2 Run the ospf mtu-enable command to configure the MTU of the DD packet.
----End
Example
To configure VLAN interface 2 to fill in the MTU field when transmitting DD packet, do as
follows:
huawei(config-if-vlanif2)#ospf mtu-enable
Related Operation
Table 12-12 lists the related operation for configuring the MTU of the DD packet.
Table 12-12 Related operation for configuring the MTU of the DD packet
Restore the default setting for the interface undo ospf mtu-enable
when transmitting DD packets
12.4 Controlling the OSPF Routing Information

This topic describes how to control the OSPF routing information, including transmitting
aggregation routes, filtering received routes, and importing external routes.
12.4.1 Setting the OSPF Preference
This topic describes how to set the OSPF preference. Multiple dynamic routing protocols can
run on one router at the same time. Due to this reason, the problem of route sharing and routing
protocol selection occurs. The system defines a preference for each routing protocol. When
different routes are found by different protocols to the same destination, the route found by the
routing protocol with the highest preference functions as the current effective route.
12.4.2 Configuring the Maximum OSPF Route Count
This topic describes how to configure the maximum OSPF route count.
12.4.3 Configuring the OSPF Packet Authentication

This topic describes how to configure the OSPF packet authentication.

12.4.4 Configuring the OSPF Cost
This topic describes how to configure the cost of the interface running OSPF.
12.4.5 Configuring the Route Summarization Between Areas
This topic describes how to configure the route summarization between areas. Route
summarization means that the ABR summarizes all routes with the same prefix to a route entry,
and then send it to other areas to reduce the broadcast routing information.
12.4.6 Configuring the Aggregation of Routes Imported by OSPF
This topic describes how to configure the aggregation of routes imported by OSPF.
12.4.7 Importing Routes from Other Protocols into OSPF
This topic describes how to import routes from other protocols into OSPF.
12.4.8 Setting the Default Parameters of OSPF Imported Routes
This topic describes how to set the default parameters of OSPF imported routes.
12.4.1 Setting the OSPF Preference

This topic describes how to set the OSPF preference. Multiple dynamic routing protocols can
run on one router at the same time. Due to this reason, the problem of route sharing and routing
protocol selection occurs. The system defines a preference for each routing protocol. When
different routes are found by different protocols to the same destination, the route found by the
routing protocol with the highest preference functions as the current effective route.
l The OSPF preference ranges from 1 to 255.
l By default, it is 10.
Procedure
Step 2 Run the preference command to set OSPF preference.
Step 3 Run the display ospf brief command to query the OSPF preference.
----End
Example
To set the OSPF preference to 12, do as follows:
huawei(config-ospf-1)#preference 12

Route Tag: 0
Applications Supported: MPLS Traffic-Engineering


Related Operation
Table 12-13 lists the related operation for setting the OSPF preference.
Table 12-13 Related operation for setting the OSPF preference

Restore the default OSPF undo preference

preference
12.4.2 Configuring the Maximum OSPF Route Count

This topic describes how to configure the maximum OSPF route count.
The default maximum route count is:
l Intra-area routes: 10000
l Inter-area routes: 10000
l External routes: 10000
Procedure
Step 2 Run the maximum-routes command to configure the maximum OSPF route count.
----End
Example
To configure the maximum count of OSPF routes as 500, do as follows:
huawei(config-ospf-1)#maximum-routes intra 500
Related Operation
Table 12-14 lists the related operation for configuring the maximum OSPF route count.
Table 12-14 Related operation for configuring the maximum OSPF route count
Restore the default setting undo maximum-routes

12.4.3 Configuring the OSPF Packet Authentication

This topic describes how to configure the OSPF packet authentication.
l OSPF supports plain text authentication or MD5/HMAC-MD5 encrypted text
authentication for adjacent routes to transmit OSPF packets.
l By default, the interface is not configured with any authentication mode.
Procedure
Step 2 Run the ospf authentication-mode command to configure OSPF packet authentication.
----End
Example
To configure the OSPF authentication as plain text authentication and the authentication
password as "huawei", do as follows:
huawei(config-if-vlanif2)#ospf authentication-mode simple huawei
Related Operation
Table 12-15 lists the related operation for configuring the OSPF packet authentication.
Table 12-15 Related operation for configuring the OSPF packet authentication
Delete the configured authentication mode undo ospf authentication-mode

and key
12.4.4 Configuring the OSPF Cost

This topic describes how to configure the cost of the interface running OSPF.
Procedure
Step 2 Run the ospf cost command to configure the cost of the interface running OSPF.
----End

Example
To configure the cost of the interface running OSPF as 5, do as follows:
huawei(config-vlanif2)#ospf cost 5
Related Operation
Table 12-16 lists the related operation for configuring the OSPF cost.
Table 12-16 Related operation for configuring the OSPF cost

Restore the default undo ospf cost By default, the system calculates the
cost cost needed for the interface running
OSPF according to the current baud
rate of the interface.
12.4.5 Configuring the Route Summarization Between Areas

This topic describes how to configure the route summarization between areas. Route
summarization means that the ABR summarizes all routes with the same prefix to a route entry,
and then send it to other areas to reduce the broadcast routing information.
l By default, the ABR does not summarize routes between areas.
l One area can be configured with multiple summarization network segments.
l The route summarization is valid when configured on an ABR.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 3 Run the network command to configure the interface running OSPF protocol and the area the
interface belongs to.
Step 4 Run the abr-summary command to configure route summarization between areas.
----End
Example
To summarize the routes in the two network segments of 20.20.10.0 and 20.20.20.0 in OSPF
area as one route entry 20.20.0.0 and send it to other areas, do as follows:

huawei(config-ospf-100-area-0.0.0.1#abr-summary 20.20.0.0 255.255.0.0
Related Operation
Table 12-17 lists the related operation for configuring the route summarization between areas.
Table 12-17 Related operation for configuring the route summarization between areas
Disable the route summarization undo abr-summary

between areas
12.4.6 Configuring the Aggregation of Routes Imported by OSPF

This topic describes how to configure the aggregation of routes imported by OSPF.
OSPF supports the aggregation of imported routes. By default, the aggregation of imported
routes is disabled.
Procedure
Step 2 Run the asbr-summary command to configure the aggregation of routes with the same prefix.
----End
Example
To enable the aggregation of routes with the same prefix of 10.2, do as follows:
huawei(config-ospf-1)#asbr-summary 10.2.0.0 255.255.0.0
Related Operation
Table 12-18 lists the related operation for configuring the aggregation of routes imported by
OSPF.
Table 12-18 Related operation for configuring the aggregation of routes imported by OSPF
Disable the aggregation of routes undo asbr-summary

imported by OSPF

12.4.7 Importing Routes from Other Protocols into OSPF

This topic describes how to import routes from other protocols into OSPF.
l OSPF processes the routes found by other routing protocols to be processed as routes
outside the AS. The protocol types of routes that OSPF can import are RIP routes, direct
routes and static routes.
l By default, importing routes from other protocols by OSPF is disabled.
Procedure
Step 2 Run the import-route rip command to import routes from other protocols into OSPF.
----End
Example
To specify the imported RIP route as Type 2 external route, the route tag as 33, and the metric
as 50, do as follows:
huawei(config-ospf-1)#import-route rip 40 type 2 tag 33 cost 50
Related Operation
Table 12-19 lists the related operation for importing routes from other protocols into OSPF.
Table 12-19 Related operation for importing routes from other protocols into OSPF
Cancel the imported route from undo import-route rip

other protocols
12.4.8 Setting the Default Parameters of OSPF Imported Routes

This topic describes how to set the default parameters of OSPF imported routes.
The default settings are:
l Cost: 10
l The type of imported route: Type-2
l The upper limit of the imported external routes: 1000 at a time
l The tag value: 10

Procedure
Step 2 Run the default command to set the default parameters for OSPF to import external routes.
----End
Example
l The upper limit of the default imported external routes: 100
l The default cost for OSPF to accept external routes: 8
l The default tag for OSPF to accept external routes: 8
l The default type of imported routes: Type-1
To set the OSPF imported routes, do as follows:
huawei(config-ospf-100)#default cost 8 type 1 tag 8 limit 100
Related Operations
Table 12-20 lists related operations for setting parameters for OSPF to import external routes.
Table 12-20 Related operations for setting parameters for OSPF to import external routes
Restore the default upper limit for OSPF to import undo default limit
external routes each time
Restore the default cost for OSPF to import external undo default cost
routes
Restore the default tag when OSPF imports external undo default tag
routes
Restore the default type of the external routes to be undo default type
imported
12.5 Adjusting and Optimizing OSPF

This topic describes how to adjust and optimize the OSPF configuration to improve the OSPF
12.5.1 Setting the Interval for Sending the Hello Packets
This topic describes how to set the interval for sending Hello packets. The OSPF router transmits
Hello packets periodically to find the adjacent router, to maintain adjacency and elect the DR
and BDR.
12.5.2 Setting the Dead Time Between Adjacent Routers

This topic describes how to set the dead time between adjacent routers. If a router fails to receive
any Hello packet from an adjacent router for a certain period, it considers the adjacent router as
unavailable. This period is called the dead time between adjacent routers.
12.5.3 Setting the Hello Packet Poll Interval
This topic describes how to set the Hello packet poll interval.
12.5.4 Setting the LSA Transmit Delay
This topic describes how to set the LSA transmit delay.
12.5.5 Setting the LSA Retransmit Interval between Adjacent Routers
This topic describes how to set the LSA retransmit interval between adjacent routers.
12.5.6 Setting the SPF Calculation Interval for OSPF
This topic describes how to set the SPF calculation interval for OSPF.
12.5.1 Setting the Interval for Sending the Hello Packets

This topic describes how to set the interval for sending Hello packets. The OSPF router transmits
Hello packets periodically to find the adjacent router, to maintain adjacency and elect the DR
and BDR.
l By default, Hello interval of the P2P, P2MP and broadcast interfaces is 10s and that of the
NBMA interface is 30s.
l The intervals for sending Hello packets of network neighbors should be consistent with
each other.
l The interval for sending Hello packets should be in inverse proportion of route convergence
speed and network load.
l After the network type of the interface is modified, the interval for sending Hello packets
restores the default value.
Procedure
Step 2 Run the ospf timer hello command to set the interval for sending Hello packets.
----End
Example
To set the interval for sending OSPF Hello packet to 15s, do as follows:
huawei(config-if-vlanif2)#ospf timer hello 15
Related Operation
Table 12-21 lists the related operation for setting the interval for sending Hello packets.

Table 12-21 Related operation for setting the interval for sending Hello packets
Restore the default interval for sending undo ospf timer hello
Hello packets
12.5.2 Setting the Dead Time Between Adjacent Routers

This topic describes how to set the dead time between adjacent routers. If a router fails to receive
any Hello packet from an adjacent router for a certain period, it considers the adjacent router as
unavailable. This period is called the dead time between adjacent routers.
l By default, the dead time between adjacent routers on the P2P, P2MP and broadcast
interfaces is 40s and that on the NBMA (non-broadcast) interface is 120s.
l The value of dead seconds must be 4 times that of hello seconds at least.
l After the network type of the interface is modified, the dead time is restored to the default
value.
Procedure
Step 2 Run the ospf timer dead command to set the dead time of adjacent routers.
----End
Example
To set the dead time of adjacent routers to 60s, do as follows:
huawei(config-if-vlanif2)#ospf timer dead 60
Related Operation
Table 12-22 lists the related operation for setting the dead time between adjacent routers.
Table 12-22 Related operation for setting the dead time between adjacent routers
Restore the default dead time undo ospf timer dead
12.5.3 Setting the Hello Packet Poll Interval

This topic describes how to set the Hello packet poll interval.

l In the NBMA network, after the adjacent router fails, a router transmits Hello packet to the
failed router periodically with the Hello packet poll interval.
l The Hello packet poll interval shall at least four times the interval for sending Hello packets.
l By default, the Hello packet poll interval is 120s.
Procedure
Step 2 Run the ospf timer poll command to set the Hello packet poll interval.
----End
Example
To set the Hello packet poll interval to 60s, do as follows:
huawei(config-if-vlanif2)#ospf timer poll 60
Related Operation
Table 12-23 lists the related operation for setting the Hello packet poll interval.
Table 12-23 Related operation for setting the Hello packet poll interval
Restore the default poll interval undo ospf timer poll
12.5.4 Setting the LSA Transmit Delay

This topic describes how to set the LSA transmit delay.
l The Link State Advertise (LSA) describes the interface state and the adjacency state of a
router. An LSA gets aged when it is saved in the LSDB of the local router. However, an
LSA does not get aged in the transmission process.
l Before an LSA is transmitted by an interface, you must configure the delay for the interface
to transmit the LSA according to the transmission condition of the network, especially for
a low speed network. Besides, you must add the delay to the aging time for the LSA during
the transmission process. This configuration is to ensure the LSA validity.
l By default, the LSA transmit delay is 1s.
Procedure

Step 2 Run the ospf trans-delay command to set the LSA transmit delay.
----End
Example
To set LSA transmit delay as 10s, do as follows:
huawei(config-if-vlanif2)#ospf trans-delay 10
Related Operation
Table 12-24 lists the related operation for setting the LSA transmit delay.
Table 12-24 Related operation for setting the LSA transmit delay
Restore the default LSA transmit delay undo ospf trans-delay
12.5.5 Setting the LSA Retransmit Interval between Adjacent

Routers
This topic describes how to set the LSA retransmit interval between adjacent routers.
l When a router sends an LSA to its neighbors, it shall wait for an ACK from them. If no
ACK is received from the neighbors within the retransmit interval, this LSA should be
resent.
l A very small LSA retransmit interval on an interface may lead to unnecessary
retransmission. A very large LSA retransmit interval affects the flooding speed in case of
packet loss.
l By default, the LSA retransmit interval between adjacent routers is 5s.
Procedure
Step 2 Run the ospf timer retransmit command to set the LSA retransmit interval.
----End
Example
To set the LSA retransmit interval to 8s, do as follows:
huawei(config-if-vlanif2)#ospf timer retransmit 8

Related Operation
Table 12-25 lists the related operation for setting the LSA retransmit interval between adjacent
routers.
Table 12-25 Related operation for setting LSA retransmit interval between adjacent routers
Restore the default LSA retransmit undo ospf timer retransmit

interval between adjacent routers
12.5.6 Setting the SPF Calculation Interval for OSPF

This topic describes how to set the SPF calculation interval for OSPF.
l Whenever the LSDB of OSPF changes, the SPF should be recalculated.
l Calculating the shortest path upon any change consumes vast amounts of resources and
affects the operation efficiency of the router. Adjusting the SPF calculation interval,
however, can restrain the resource consumption due to frequent network changes.
l By default, the interval of SPF recalculation is 5s.
Procedure
Step 2 Run the spf-schedule-interval command to set the SPF calculation interval for OSPF.
----End
Example
To set the interval of SPF recalculation to 10s, do as follows:
huawei(config-ospf-1)#spf-schedule-interval 10
Related Operation
Table 12-26 lists the related operation for setting the SPF calculation interval for OSPF.
Table 12-26 Related operation for setting the SPF calculation interval for OSPF
Restore the default SPF calculation undo spf-schedule-interval

interval

SmartAX MA5600T Multi-service Access Module 13 IS-IS Routing Protocol Configuration
13 IS-IS Routing Protocol Configuration
About This Chapter
This topic describes how to configure the IS-IS routing protocol supported by the MA5600T.
NOTE
(s) directly.
first.
13.1 Overview
This topic describes the Intermediate System-to-Intermediate System (IS-IS) routing protocol
and its application on the MA5600T.
13.2 Configuration Example of IS-IS
This operation enables the corresponding device configured data to run the IS-IS protocol on
the MA5600T.
13.3 Configuring IS-IS
This topic describes how to configure IS-IS. Before configuring or validating other functions
related to IS-IS, you must start the IS-IS process, specify the NET, and then enable IS-IS on the
specified port.
13.4 Controlling the IS-IS Routing Information
This topic describes how to control the IS-IS routing information, including advertising
aggregated routes, filtering received routes, and importing external routes. It also describes how
to modify the attributes of a route such as its priority and cost. Based on the methods described
in this topic, you can control the propagation of the IS-IS routing information in the AS.
13.5 Adjusting and Optimizing IS-IS
This topic describes how to adjust and optimize the configurations of an IS-IS network, including
modifying the network type of an interface, adjusting the IS-IS protocol parameters, and
configuring the IS-IS verification function.

13 IS-IS Routing Protocol Configuration SmartAX MA5600T Multi-service Access Module
13.1 Overview
This topic describes the Intermediate System-to-Intermediate System (IS-IS) routing protocol
and its application on the MA5600T.
Service Description
IS-IS is a dynamic routing protocol based on the link state algorithm.
IS-IS belongs to the Interior Gateway Protocols (IGPs). It is used to create two-level hierarchical
network topologies, namely Level-1 areas and Level-2 areas, by dividing areas within the AS.
Level-1 routers manage the intra-area routes, and Level-2 routers manage the inter-area routes.
The border router that belongs to the Level-1 area and the Level-2 area is a Level-1-2 router. In
this way, a large-scale routing network is supported, and the bandwidth occupied by the IS-IS
packets is decreased. Figure 13-1 shows the IS-IS network topology.
Figure 13-1 IS-IS network topology
Level-1
Area
Level-2
Backbone
Level-1 Level-1
Area Area
The MA5600T acts as an MSAN. When the MA5600T supports the IS-IS protocol, it always
runs in the Level-1 area as an Intermediate System (IS).
Related Concepts
l IS: It is the basic unit used for generating routes and transmitting routing information in
the IS-IS application. The function of an IS is similar to that of a router in the TCP/IP
application. When enabled with the IS-IS protocol, the MA5600T can act as an IS.
l End system (ES): It is not involved in the processing of the IS-IS protocol. The function of
an ES is similar to that of a host system in the TCP/IP application.
l Routing domain (RD): In an RD, a group of ISs exchange routing information by adopting
the same routing protocol.
l Area: It is the division unit of a routing domain.

l Link state database (LSDB): It contains the information on the states of all the links in a
network. Each IS has a minimum of one LSDB. An IS generates its own routes through the
link state SPF algorithm by using the LSDB.
l Link state protocol data unit (LSP): In the IS-IS application, each IS generates LSP. The
LSP contains information on the states of all the links of the IS. Each IS collects all LSPs
within an area and generates its own LSDB by exchanging LSP packets.
l Network protocol data unit (NPDU): It indicates the protocol packets at the network layer
in the ISO. The function of NPDU packets is similar to that of the IP packets in the TCP/
IP application.
l Designated IS (DIS): It is an elected router in a broadcast network. The function of a DIS
is similar to that of a DR in the OSPF application.
l Network service access point (NSAP): It indicates the address of the network layer in the
ISO. The function of an NSAP address is similar to that of an IP address in the TCP/IP
application.
13.2 Configuration Example of IS-IS

This operation enables the corresponding device configured data to run the IS-IS protocol on
the MA5600T.
Networking
Figure 13-2 shows an example network for configuring IS-IS on the MA5600T.
In this example network, the MA5600T forwards the access VoIP service through the L3
interface to the NGN network. Then, the MA5600T obtains the routes of the NGN networking
through the IS-IS protocol. The area ID of the Level-2 router differs from the area ID of the
Level-1-2 router to which the Level-2 router connects.
Figure 13-2 Example network for configuring IS-IS
Backbone
Area 10 Level-2
Level-1
RG
VoIP NGN
Router2
Router1
MA5600T
DHCP Server
Phone
Data Plan
Table 13-1 provides the data plan for configuring IS-IS.
Table 13-1 Data plan for configuring IS-IS
Item Data
MA5600T IS-IS process ID: 1

Item Data
NET: 10.0000.0000.0001.00, where:

l Area ID: 10
l System ID: 0000.0000.0001
l Level: Level-1
l Host name: MA5600T
IS-IS interface:
l Port number: 0/19/0
l VLAN ID: 20
l IP address: 192.15.24.5/16
Router1 IS-IS process ID: 1
NET: 10.0000.0000.0002.00, where:

l Area ID: 10
l System ID: 0000.0000.0002
l Level: Level-1
l Host name: Router1
IS-IS interface: 1/0/0

IP address: 192.15.20.8/16
Router2 IS-IS process ID: 1
NET: 10.0000.0000.0005.00, where:

l Area ID: 10
l System ID: 0000.0000.0005
l Level: Level-1-2
l Host name: Router2
IS-IS interface: 1/0/0

IP address: 192.15.18.5/16
NOTE
NET: Network entity title
Figure 13-3 shows the flowchart for configuring IS-IS.

Figure 13-3 Flowchart for configuring IS-IS
Start
Configure the layer 3 interface
Start the IS-IS process
Configure the NET
Configure the router level
Configure the local host name

(optional)
Enable the IS-IS function

on an interface
Control the IS-IS routing

information (optional)
Adjust and optimize IS-

IS (optional)
End
Procedure
l Configure IS-IS on the MA5600T.
1. Configure the L3 interface.
2. Start the IS-IS process.

huawei(config)#isis 1
huawei(config-isis-1)#
3. Configure the NET.

huawei(config-isis-1)#network-entity 10.0000.0000.0001.00
4. Configure the router level.

huawei(config-isis-1)#is-level level-1
5. Configure the local host name.

huawei(config-isis-1)#is-name MA5600T
huawei(config-isis-1)#quit
6. Enable the IS-IS function on an interface.

huawei(config-if-vlanif20)#isis enable 1
l Configure IS-IS on Router1.

The process of configuring IS-IS on Router1 is similar to that of configuring IS-IS on the
MA5600T. The details are not provided in this chapter.
l Configure IS-IS on Router2.
The process of configuring IS-IS on Router2 is similar to that of configuring IS-IS on the
MA5600T. The details are not provided in this chapter.
----End
Result
l Run the display isis lsdb command and you can query the IS-IS LSDB.
l Run the display isis route command and you can query the IS-IS route. The routing table
of the Level-1 router should have a default route, and the next hop should be the Level-1-2
router. The Level-2 router should have the routes to all the Level-1 routers and the Level-2
routers.
13.3 Configuring IS-IS

This topic describes how to configure IS-IS. Before configuring or validating other functions
related to IS-IS, you must start the IS-IS process, specify the NET, and then enable IS-IS on the
specified port.
13.3.1 Enabling the IS-IS Process
This topic describes how to create an IS-IS process and enter IS-IS mode of the process. If the
specified IS-IS process already exists, the system enters IS-IS mode directly.
13.3.2 Configuring the Network Entity Title
This topic describes how to configure the network entity title (NET) of the specified IS-IS
process.
13.3.3 Configuring the Router Level
This topic describes how to configure the router level.
13.3.4 Enabling the IS-IS Function on an Interface
This topic describes how to enable the IS-IS function on a specified interface and starts the IS-
IS protocol.
13.3.1 Enabling the IS-IS Process

This topic describes how to create an IS-IS process and enter IS-IS mode of the process. If the
specified IS-IS process already exists, the system enters IS-IS mode directly.
l You can configure the IS-IS process only in IS-IS mode.
l If the IS-IS process ID is not specified, the system creates IS-IS process 1 by default.

l The IS-IS protocol be started only when an IS-IS process is created, and is activated on the
interface that may have connection to other routers.
Prerequisite
The IP address of the interface on the MA5600T is configured, and the ping operation between
the MA5600T and the adjacent router is successful.
Procedure
In global config mode, run the isis command to create an IS-IS process and enter IS-IS mode of
the process.
----End
Example
To create IS-IS process 1 and enter IS-IS mode of process 1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#
Related Operation
Table 13-2 lists the related operation for enabling the IS-IS process.
Table 13-2 Related operation for enabling the IS-IS process
Delete the IS-IS undo isis

process
13.3.2 Configuring the Network Entity Title

This topic describes how to configure the network entity title (NET) of the specified IS-IS
process.
An NET defines the area address and the system ID of the current IS-IS. Figure 13-4 shows the
architecture of the IS-IS network topology.
Figure 13-4 IS-IS network topology
1-13byte 6byte 1byte
Area Address System ID SEL
Where:

l Area Address
An area address indicates the ID of an area. The area addresses must be unique in any two
routing domains.
In general, a router requires only one area address, and the area addresses of all nodes in
an area must be the same. If a router needs to support the functions of an area, such as
smooth merge, split, and conversion, multiple area addresses must be configured. The
MA5600T supports up to three area addresses.
l System ID
A system ID is used to uniquely identify a router in an area. The length of an ID is always
48 bits (six bytes).
In actual applications, a router ID is always mapped with a system ID. For example, if a
router uses the IP address (168.10.1.1) of an L3 interface as the router ID, the system ID
used by the router in the IS-IS can be converted in the following way:
1. Extend each segment of the IP address 168.10.1.1 to three bytes by adding 0 to the
left of the segment
2. Divide the extended address 168.010.001.001 into three segments. Each of these
segments should consist of four bytes.
3. The new address 1680.1000.1001 can be used as the system ID of the router.
NOTE
A system ID can be specified in different ways. It should uniquely identify a router in an area.
l SEL
The function of an SEL (also referred as NSAP Selector or N-SEL) is similar to that of a
protocol identifier in the IP application. The SEL varies according to the transfer protocols.
The SEL corresponding to the IP protocol is 00.
Because the foresaid address format definitely defines an area, the routing mode is simplified
in this way:
l The Level-1 router performs the routing in an area based on the system ID. Upon detecting
that the destination address of the packets does not belong to its area, the Level-1 router
forwards the packets to the nearest Level-1-2 router.
l The level-2 router performs the routing between different areas based on the area address.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the network-entity command to configure the NET.
----End
Example
To configure the NET of IS-IS process 1 as 10.0001.1010.1020.1030.00, where the area address
is 10.0001, the system ID is 1010.1020.1030 and the SEL is 00, do as follows:
huawei(config)#isis
huawei(config-isis-1)#network-entity 10.0001.1010.1020.1030.00

Related Operation
Table 13-3 lists the related operation for configuring an NET.
Table 13-3 Related operation for configuring an NET
Delete an NET undo network-entity
13.3.3 Configuring the Router Level

This topic describes how to configure the router level.
The levels of a router are classified into Level-1, Level-2 and Level-1-2. The default router level
of the MA5600T is Level-1-2.
l Level-1 router
A Level-1 router manages the intra-area routes, and has adjacencies only with other Level-1
routers and Level-1-2 routers in the same area. The Level-1 router maintains a Level-1
LSDB, which contains only the information on the routes of the local area. When the
Level-1 router exchanges data with the routers in other areas, it forwards the data to the
nearest Level-1-2 router.
l Level-2 router
A Level-2 router manages the inter-area routes, and has adjacencies with the Level-2 and
Level-1-2 routers in other areas. The Level-2 router maintains a Level-2 LSDB, which
contains the information on the inter-area routes.
All the Level-2 routers constitute the backbone network of a routing domain for inter-area
communication. The Level-2 routers in a routing domain must be deployed successively
for ensuring the continuity of the backbone network. Only the Level-2 routers can directly
exchange data packets or routing information with the routers that exist outside the routing
domain.
l Level-1-2 router
The router that belongs to both Level-1 area and Level-2 area is a Level-1-2 router. Such
a router can have Level-1 adjacencies with the Level-1 and Level-2 routers in the same
area, and have Level-2 adjacencies with the Level-2 and Level-1-2 routers in other areas.
A Level-1 router can connect to other areas only through a Level-2 router.
A Level-1-2 router maintains two LSDBs, where, Level-1 LSDB is used for maintaining
the intra-area routes, and Level-2 LSDB is used for maintaining the inter-area routes.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of a specified process.
Step 2 Run the is-level command to configure the NET.
----End

Example
To enable the current router to work at Level-1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#is-level level-1
Related Operation
Table 13-4 lists the related operation for configuring the router level.
Table 13-4 Related operation for configuring the router level

Restore the default level of a router undo is-level
13.3.4 Enabling the IS-IS Function on an Interface

This topic describes how to enable the IS-IS function on a specified interface and starts the IS-
IS protocol.
When the IS-IS function on a specified interface is enabled, the IS-IS process running on the
interface is activated, and the IS-IS protocol is started.
After the IS-IS function is enabled successfully, the interface starts exchanging routing
information with its adjacent routers and also starts learning the network routes. In this case,
you can query the information on the IS-IS LSDB, adjacent routers, routes and statistics.
Prerequisites
l The router must be enabled with the IS-IS process, and configured with the NET.
l The specified virtual L3 interface of the VLAN must be configured.
l The virtual L3 interface of the VLAN must be up.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run
the interface loopback command to enter loopback mode to configure IS-IS on the L3 interface.
Step 2 Run the isis enable command to enable the IS-IS function on the L3 interface and associate the
interface with the specified IS-IS process.
----End
Examples
To enable the IS-IS function and IS-IS process 1 on VLAN interface 10, do as follows:
huawei(config-if-vlanif10)#isis enable 1

To enable the IS-IS function and IS-IS process 1 on loopback interface 0, do as follows:
huawei(config)#interface loopback 0
huawei(config-if-loopback0)#isis enable 1
Related Operations
Table 13-5 lists the related operations for enabling the IS-IS function on an interface.
Table 13-5 Related operations for enabling the IS-IS function on an interface
Disable the IS-IS function on an undo isis enable

interface
Query the IS-IS interface display isis interface
Query the IS-IS LSDB display isis lsdb
Query the IS-IS adjacent routers display isis peer
Query the IS-IS routes display isis route
Query the statistics on an IS-IS display isis statistics

process
13.4 Controlling the IS-IS Routing Information

This topic describes how to control the IS-IS routing information, including advertising
aggregated routes, filtering received routes, and importing external routes. It also describes how
to modify the attributes of a route such as its priority and cost. Based on the methods described
in this topic, you can control the propagation of the IS-IS routing information in the AS.
13.4.1 Configuring the IS-IS Priority
This topic describes how to configure the priority of the IS-IS protocol.
13.4.2 Configuring the Cost of an IS-IS Interface
This topic describes how to configure the cost of an IS-IS interface.
13.4.3 Configuring IS-IS Route Aggregation
This topic describes how to aggregate multiple routes with the same next hop into one route,
thus decreasing the number of IS-IS route entries.
13.4.4 Generating IS-IS Default Routes
This topic describes how to configure the MA5600T to generate IS-IS default routes.
13.4.5 Configuring IS-IS to Filter the Received or Advertised Routing Information
This topic describes how to configure the MA5600T to filter the received or advertised routing
information based on the ACL rule, IP address prefix or routing policy. By default, the
MA5600T does not filter the received or advertised routing information.
13.4.6 Setting the State of IS-IS Interface to Suppressed
This topic describes how to set an IS-IS interface to the suppressed state so that it can prevent
the transmission of useless IS-IS protocol packets in the area.

13.4.7 Configuring IS-IS to Import External Routes

This topic describes how to configure the IS-IS system to import external routes.
13.4.8 Configuring the IS-IS Route Leaking
This topic describes how to configure the IS-IS route leaking. This allows the routing information
on the Level-2 router to be advertised to the Level-1 areas.
13.4.1 Configuring the IS-IS Priority

This topic describes how to configure the priority of the IS-IS protocol.
Multiple routing protocols can concurrently run on a router. When these routing protocols detect
the routes to the same destination, the system selects the route detected by the protocol with the
highest priority as the route to the destination.
By default, the priority of the IS-IS protocol is 15. The smaller the priority value, the higher the
priority.
Procedure
Step 2 Run the preference command to configure the priority of the IS-IS protocol.
----End
Examples
To configure the priority of the IS-IS protocol as 20, do as follows:
huawei(config)#isis
huawei(config-isis-1)#preference 20
To configure the priority of the IS-IS route matching routing policy abc as 50, and the priority
of other IS-IS routes as 30, do as follows:
huawei(config)#route-policy abc permit node 1
huawei(config-route-policy)#if-match cost 20
huawei(config-route-policy)#apply preference 50
huawei(config)#display route-policy abc
Route-policy : abc
permit : 1
Match clauses :
if-match cost 20
Apply clauses :
apply preference 50
huawei(config)#isis
huawei(config-isis-1)#preference 30 route-policy abc
NOTE
If the priority is not specified in the routing policy, the priority specified by running the preference
command is used as the priority for all IS-IS routes.
Related Operations
Table 13-6 lists the related operations for configuring the IS-IS priority.

Table 13-6 Related operations for configuring the IS-IS priority
Restore the default IS-IS priority undo preference
13.4.2 Configuring the Cost of an IS-IS Interface

This topic describes how to configure the cost of an IS-IS interface.
The IS-IS determines the cost of its interface in the following ways:
l Interface cost: indicates that the link cost is configured for a single IS-IS interface. By
default, the link cost of an IS-IS interface is 10.
l Global cost: indicates that the link cost is configured for all interfaces. By default, the global
cost is not configured in the system.
l Auto-cost: indicates that the link cost is automatically calculated based on the IS-IS
interface bandwidth.
If the IS-IS interface cost is not configured by using any of the foresaid ways, the default cost
of an IS-IS interface is 10.
IS-IS supports multiple cost types. For different cost types, the cost range of an interface is
different, and the cost range of the routes that can be received also varies. The cost types are as
follows:
l Narrow: If the cost type is narrow, the cost of an interface ranges from 0 to 63, and the
maximum cost of the received route is 1023.
l Narrow-compatible or compatible: If the cost type is narrow-compatible or compatible, the
cost of an interface ranges from 0 to 63, and the cost of the received route is related to the
parameter relax-spf-limit.
l Wide or wide-compatible: If the cost type is wide or wide-compatible, the cost of an
interface ranges from 1 to 16777215. When the cost is 16777215, the neighbor TLV (cost:
16777215) generated on the link cannot be used in the routing calculation and can only be
used to deliver the information related to TE. The maximum cost of the received route is
0xFFFFFFFF.
By default, the cost type is narrow.
Notes
l If the IS-IS interface cost is not configured by using any of the foresaid ways, the default
cost of an IS-IS interface is 10.
l The priority of the global cost is lower than the priority of the interface cost. If the link cost
is not configured for a specified interface, the global cost configured for the interface takes
effect.
l The priority of the auto-cost is the lowest. If the function of automatic cost calculation is
enabled on an interface, the system automatically calculates the cost of the interface only

when the interface cost is not configured for the interface and the global cost is not
configured for the IS-IS process.
l The cost of a loopback interface cannot be modified by enabling the function of automatic
cost calculation or by configuring the global cost. It must be separately configured only in
loopback interface mode.
Procedure
l Configure the cost of the specified interface.
1. (Optional) In global config mode, run the isis command to enter IS-IS mode of the
specified process.
2. (Optional) Run the cost-style command to configure the cost type of the interface.
3. In global config mode, run the interface vlanif command to enter VLAN interface
mode, or run the interface loopback command to enter loopback mode to configure
the L3 interface enabled with the IS-IS function.
4. Run the isis cost command to configure the link cost of the interface.
l Configure the global cost.
1. In global config mode, run the isis command to enter IS-IS mode of the specified
process.
3. Run the circuit-cost command to configure the global cost of the interface.
l Configure the auto-cost.
process.
3. (Optional) Run the bandwidth-reference command to configure the reference value
for calculating the bandwidth.
4. Run the auto-cost enable command to enable the function of automatic cost
calculation on the IS-IS interface.
NOTE
l The bandwidth reference value configured by running the bandwidth-reference is valid only
when the cost type is wide or wide-compatible. Then, the cost of each interface = (bandwidth –
reference/interface bandwidth) x 10.
l When the cost type is narrow, narrow-compatible, or compatible, the cost of each interface can
be obtained by referring to Table 13-7.
Table 13-7 Relationship between the interface cost and the bandwidth
Cost Interface Bandwidth Range
60 interface bandwidth <= 10 Mbit/s
50 10 Mbit/s < interface bandwidth <= 100 Mbit/s
20 622 Mbit/s < interface bandwidth <= 2.5 Gbit/s

Cost Interface Bandwidth Range
10 2.5 Gbit/s < interface bandwidth
----End
Examples
To configure the link cost of VLAN interface 10 as 8, do as follows:
huawei(config)#interface vlanif
huawei(config-if-vlanif10)#isis cost 8
NOTE
If the Level-1 or Level-2 is not specified in the command lines, the same link cost is configured for the
level-1 and level-2 interfaces by default.
To configure the cost of all Level-1 interfaces as 10 and that of all Level-2 interfaces as 8, do
as follows:
huawei(config)#isis
huawei(config-isis-1)#circuit-cost 10 level-1
huawei(config-isis-1)#circuit-cost 8 level-2
NOTE
If Level-1 or Level-2 is not specified in the command lines, the cost of all Level-1-2 interfaces is configured
by default.
To enable the function of automatic cost calculation on an IS-IS interface, do as follows:

huawei(config)#isis
huawei(config-isis-1)#auto-cost enable
Related Operations
Table 13-8 lists the related operations for configuring the IS-IS interface cost.
Table 13-8 Related operations for configuring the IS-IS interface cost
Restore the default cost of an IS-IS undo isis cost

interface
Delete the global cost of an IS-IS undo circuit-cost

interface
Disable the function of automatic undo auto-cost enable

cost calculation on an IS-IS interface
Restore the default cost type of an IS- undo cost-style

IS interface
Cancel the reference value of the undo bandwidth-reference

interface bandwidth

13.4.3 Configuring IS-IS Route Aggregation

This topic describes how to aggregate multiple routes with the same next hop into one route,
thus decreasing the number of IS-IS route entries.
The minimum cost of the routes to be aggregated is used as the cost of the aggregated route.
By default, the IS-IS route aggregation is not configured in the MA5600T.
Procedure
Step 2 Run the summary command to configure the IS-IS route aggregation.
----End
Example
To configure aggregation route 202.0.0.0/8, do as follows:
huawei(config)#isis
huawei(config-isis-1)#summary 202.0.0.0 255.0.0.0
Related Operations
Table 13-9 lists the related operations for configuring the IS-IS route aggregation.
Table 13-9 Related operations for configuring the IS-IS route aggregation
Delete an IS-IS aggregation route undo summary
13.4.4 Generating IS-IS Default Routes

This topic describes how to configure the MA5600T to generate IS-IS default routes.
Based on the route level, you can configure the MA5600T to generate the Level-1 and Level-2
default routes. If the level is not specified, the Level-2 default route is generated.
The generated default routes are advertised only to the routers at the same level.
By using the routing policy, you can force the IS-IS to generate the default routes only if there
is a matching route in the routing table.

Procedure
Step 2 Run the default-route-advertise command to configure the IS-IS to generate default routes.
----End
Example
To configure the IS-IS to generate the Level-1 default route, do as follows:
huawei(config)#isis
huawei(config-isis-1)#default-route-advertise level-1
Related Operations
Table 13-10 lists the related operations for configuring the IS-IS to generate default routes.
Table 13-10 Related operations for configuring the IS-IS to generate default routes
Disable the function of undo default-route-advertise

generating IS-IS default routes
13.4.5 Configuring IS-IS to Filter the Received or Advertised

Routing Information
This topic describes how to configure the MA5600T to filter the received or advertised routing
information based on the ACL rule, IP address prefix or routing policy. By default, the
MA5600T does not filter the received or advertised routing information.
Procedure
Step 2 Run the filter-policy import command or the filter-policy export command to configure the
MA5600T to filter the received or advertised routing information.
----End
Examples
To apply ACL rule 2000 filter to filter the routing information received by the MA5600T, do as
follows:
huawei(config)#isis
huawei(config-isis-1)#filter-policy 2000 import
NOTE
The ACL rule applied must be a basic ACL rule. That means the ID of the ACL rule must be in the range of
2000–2999.

To filter the routing information advertised by the MA5600T applying IP address prefix abc,
and allow the MA5600T to advertise the routing information of the network 10.0.192.0/8, do as
follows:
huawei(config)#isis
huawei(config-isis-1)#filter-policy ip-prefix abc export
Related Operations
Table 13-11 lists the related operations for filtering the received or advertised routing
information.
Table 13-11 Related operations for filtering the received or advertised routing information
Disable the function of filtering the undo filter-policy import

routing information received by the
IS-IS
Disable the function of filtering the undo filter-policy export

routing information advertised by the
IS-IS
13.4.6 Setting the State of IS-IS Interface to Suppressed

This topic describes how to set an IS-IS interface to the suppressed state so that it can prevent
the transmission of useless IS-IS protocol packets in the area.
When the IS-IS network connects to other ASs, the IS-IS protocol must be enabled on the egress
interface, so that the routers within an area can learn the egress routes. In this way, the interface
sends IS-IS Hello packets to the network segment where it belongs. However, this is not required.
Then, you can enable the suppression function on the IS-IS interface. With the function enabled,
the interface does not send or receive Hello packets. But, the routes of the network segment, to
which the interface belongs, can still be advertised to other routers within the area.
NOTE
If the IS-IS protocol on the egress interface in the area is Down, the routers within the area cannot learn
the egress routes.
Procedure
the interface loopback command to enter loopback mode to configure the L3 interface enabled
with the IS-IS function.
Step 2 Run the isis silent command to enable the suppression function on the interface.
----End

Example
To enable the suppression function on VLAN interface 10, do as follows:
huawei(config-if-vlanif10)#isis silent
Related Operations
Table 13-12 lists the related operations for configuring the suppression function on an IS-IS
interface.
Table 13-12 Related operations for configuring the suppression function
Cancel the suppression undo isis silent

function on an IS-IS interface
13.4.7 Configuring IS-IS to Import External Routes

This topic describes how to configure the IS-IS system to import external routes.
The MA5600T enabled with the IS-IS protocol considers the routes discovered by other routing
protocols as external routes.
When importing the routes of other routing protocols, you can specify the default cost and the
level of the imported routes. If the level is not specified, the system imports the external routes
to the Level-2 routing table by default.
By default, the IS-IS system does not import external routes.
Procedure
Step 2 Run the import-route command to configure the IS-IS to import external routes.
Step 3 (Optional) Run the filter-policy import command to apply a routing policy to filter the imported
routes.
----End
Example
To import an internal static route and set its cost as 15, do as follows:
huawei(config)#isis
huawei(config-isis-1)#impor-route static cost-style internal cost 15

Related Operations
Table 13-13 lists the related operations for configuring the IS-IS to import external routes.
Table 13-13 Related operations for configuring the IS-IS to import external routes
Disable the IS-IS to import external undo import-route

routes
13.4.8 Configuring the IS-IS Route Leaking

This topic describes how to configure the IS-IS route leaking. This allows the routing information
on the Level-2 router to be advertised to the Level-1 areas.
A Level-1 router manages the intra-area routes, and a Level-2 router manages the inter-area
routes. By default, a Level-2 router does not advertise the known routing information of Level-2
areas and other Level-1 areas to the routers in a Level-1 area.
A Level-1 router cannot determine the routes outside the local area. Therefore, it may fail to
determine an optimal route to other areas. Through the IS-IS route leaking, a Level-2 router can
advertise its own routing information of other Level-1 areas and Level-2 areas to a specified
Level-1 area, and the routing information can be filtered by applying the ACL rule, routing
policy, and IP address prefix.
Procedure
Step 2 Run the import-route isis level-2 into level-1 command to configure the IS-IS to import external
routes.
----End
Example
To enable the IS-IS route leaking, do as follows:
huawei(config)#isis
huawei(config-isis-1)#import-route isis level-2 into level-1
Related Operations
Table 13-14 lists the related operations for configuring the IS-IS route leaking.

Table 13-14 Related operations for configuring the IS-IS route leaking
Disable the IS-IS route leaking undo import-route isis level-2 into level-1
13.5 Adjusting and Optimizing IS-IS

This topic describes how to adjust and optimize the configurations of an IS-IS network, including
modifying the network type of an interface, adjusting the IS-IS protocol parameters, and
configuring the IS-IS verification function.
13.5.1 Configuring Network Type of an IS-IS Interface
This topic describes how to configure the network type of an IS-IS interface. A P2P interface
can be simulated on an Ethernet port when the network type is set to P2P. By default, the network
type of an interface is determined by the physical interface.
13.5.2 Configuring the Level of an IS-IS Interface
This topic describes how to configure the level of an IS-IS interface for establishing an adjacency
of a certain level with a peer interface.
13.5.3 Configuring DIS Priority of an IS-IS Interface
This topic describes how to configure the DIS priority of an IS-IS interface.
13.5.4 Configuring IS-IS for Not Checking IP Addresses of Received Hello Packets
This topic describes how to configure the IS-IS for not checking the IP addresses of the received
Hello packets. This allows the setup of adjacencies between the P2P interfaces of different
subnets.
13.5.5 Configuring the IS-IS Packet Timer
This topic describes how to configure the IS-IS packet timer.
13.5.6 Configuring LSP Parameters
This topic describes how to configure the LSP parameters to improve the efficiency of the IS-
IS protocol.
13.5.7 Enabling LSP Fast Flooding
This topic describes how to configure the LSP fast flooding. This helps to accelerate the network
convergence and stablize the IS-IS network.
13.5.8 Configuring SPF Parameters
This topic describes how to configure the SPF parameters to improve the performance of the IS-
IS router.
13.5.9 Configuring IS-IS Host Name Mapping
This topic describes how to configure the IS-IS host name to set up the mapping between the
host name and the system ID. After configuring the IS-IS host name successfully, the host name
is advertised in an area as LSP packets.
13.5.10 Configuring IS-IS Authentication
This topic describes how to configure the area, routing domain, and interface authentication on
the MA5600T by running the IS-IS protocol.
13.5.11 Configuring LSDB Overload Flag Bit

This topic describes how to configure the LSDB overload flag bit. This allows other routers in
an area not to take the overloaded router into consideration during the SPF calculation.
13.5.12 Enabling Output of the Adjacency State
This topic describes how to enable the output of the adjacency state, allowing the change of IS-
IS adjacency state to be output to the maintenance terminal.
13.5.1 Configuring Network Type of an IS-IS Interface

This topic describes how to configure the network type of an IS-IS interface. A P2P interface
can be simulated on an Ethernet port when the network type is set to P2P. By default, the network
type of an interface is determined by the physical interface.
Procedure
Step 2 Run the isis circuit-type command to set the network type of the IS-IS interface to P2P.
----End
Example
To set the network type of IS-IS VLAN interface 10 to P2P, do as follows:
huawei(config-if-vlanif10)#isis circuit-type p2p
Related Operation
Table 13-15 lists the related operation for configuring the network type of an IS-IS interface.
Table 13-15 Related operation for configuring the network type of an IS-IS interface
Restore the default network type of undo isis circuit-type

an IS-IS interface
13.5.2 Configuring the Level of an IS-IS Interface

This topic describes how to configure the level of an IS-IS interface for establishing an adjacency
of a certain level with a peer interface.
The levels of an IS-IS interface are as follows:
l Level-1: indicates that only the Level-1 adjacency can be established for the interface.
l Level-2: indicates that only the Level-2 adjacency can be established for the interface.

l Level-1-2: indicates that both Level-1 and Level-2 adjacencies can be established for the
interface.
By default, the level of an IS-IS interface is Level-1-2. That is, both Level-1 and Level-2
adjacencies can be established for the IS-IS interface.
To prevent unnecessary processing and to save the network bandwidth, you can configure the
level of an interface on a Level-1-2 router, allowing the interface to receive and send Hello
packets of a certain level (Level-1 or Level-2), and to establish an adjacency with another
interface.
For a P2P link, only one type of Hello packets can be received and sent. Hence, the level
configuration is invalid for a P2P interface.
NOTE
The level configuration of an interface takes effect only for the Level-1-2 router. For the routers of other
levels, the level of a router determines the level of the adjacency with a peer router.
Procedure
Step 2 Run the isis circuit-level command to configure the level of an IS-IS interface.
----End
Example
To configure the level of VLAN interface 10 as Level-1, do as follows:
huawei(config-if-vlanif10)#isis circuit-level level-1
Related Operations
Table 13-16 lists the related operations for configuring the IS-IS interface level.
Table 13-16 Related operations for configuring the IS-IS interface level
Restore the default setting of the IS-IS undo isis circuit-level

interface level
Configure the router level is-level
13.5.3 Configuring DIS Priority of an IS-IS Interface

This topic describes how to configure the DIS priority of an IS-IS interface.

Level-1 designated ISs (DISs) and Level-2 DISs are elected respectively. The higher the DIS
priority value of a router is, the more likely that the router is elected as a DIS. If there are two
or more routers with the same DIS priority in the network, the router with the largest MAC
address is elected. If the level is not specified when you configure the DIS priority, the Level-1-2
DIS priority is preferred by default. By default, the DIS priority of an IS-IS interface is 64.
NOTE
The DIS priority is valid only for the broadcast network. If the network type of an IS-IS interface is set to
P2P running the isis circuit-type command, the DIS priority setting does not take effect for the interface.
Procedure
Step 2 Run the isis dis-priority command to configure the DIS priority of the IS-IS interface.
----End
Example
To configure the DIS priority of VLAN interface 10 as 50, and the level as Level-1, do as follows:
huawei(config-if-vlanif10)#isis dis-priority 50 level-1
Related Operations
Table 13-17 lists the related operations for configuring the DIS priority of an IS-IS interface.
Table 13-17 Related operations for configuring the DIS priority of an IS-IS interface
Restore the default DIS priority of undo isis dis-priority

an IS-IS interface
Configure the router level is-level
13.5.4 Configuring IS-IS for Not Checking IP Addresses of

Received Hello Packets
This topic describes how to configure the IS-IS for not checking the IP addresses of the received
Hello packets. This allows the setup of adjacencies between the P2P interfaces of different
subnets.
When the network type of an IS-IS interface is set to P2P by running the isis circuit-type
command for simulating a P2P interface, the IS-IS checks the IP address of the received Hello

packets. The adjacency can be set up only when the IP address of the packets and the address
of the local interface receiving the Hello packets belong to the same subnet. If the IP address of
the interface that sends the Hello packets and the IP address of the interface that receives the
Hello packets belong to different subnets, and the IS-IS is configured for not checking the IP
addresses of the received Hello packets, the adjacency can also be set up between the interfaces
at both ends. The routing table has routes of two different subnets. The ping between the two
subnets, however, fails.
Prerequisites
The network type of the IS-IS interface is P2P.
Procedure
Step 2 Run the isis peer-ip-ignore command to configure the IS-IS for not checking the IP addresses
of the received Hello packets.
----End
Example
To configure VLAN interface 10 for not checking the IP address of the received Hello packets,
do as follows:
huawei(config-if-vlanif10)#isis peer-ip-ignore
Related Operations
Table 13-18 lists the related operations for configuring the IS-IS for not checking the IP
addresses of the received Hello packets.
Table 13-18 Related operations for configuring the IS-IS for not checking the IP addresses of
the received Hello packets
Configure the IS-IS to check the IP undo isis peer-ip-ignore

addresses of the received Hello
packets
Configure the network type of an IS- isis circuit-type

IS interface
13.5.5 Configuring the IS-IS Packet Timer

This topic describes how to configure the IS-IS packet timer.

By configuring the IS-IS packet timer, you can specify the interval for sending Hello packets,
the number of Hello packets which invalidates an adjacency, the interval for sending CSNP
packets, the interval for retransmitting Label Switched Path (LSP) packets, and the minimum
interval for sending the LSP packets.
l Interval for sending Hello packets

On the broadcast links, there are Level-1 and Level-2 Hello packets. For different types of
Hello packets, the intervals vary. If the level is not specified, the configuration is valid for
both Level-1 and Level-2 Hello packets by default.
On a P2P link, the Hello packets are not divided into levels. Hence, the packet level does
not need to be specified.
By default, the interval for sending Hello packets is 10000 ms.
l Number of Hello packets which invalidates an adjacency
The IS-IS protocol maintains the adjacencies among the routers by sending and receiving
Hello packets. If the MA5600T does not receive the Hello packets from the peer router
within the holding time, that is, if the MA5600T does not receive the specified number of
Hello packets continuously within this time, it considers that the peer router is not working
properly. By default, the number of Hello packets which invalidates an adjacency is 3.
l Interval for sending CSNP packets
The CSNP packets are transmitted by the Designated IS (DIS) over the broadcast network
to synchronize the LSDB. If the level is not specified, the interval for broadcasting the
CSNP packets of the current level is configured by default.
By default, the interval for sending CSNP packets is 10s.
l Interval for retransmitting LSP packets
After sending an LSP packet on a P2P link, if the local router does not receive the response
from the peer router within a specified period of time, it considers that the LSP packet has
been lost or dropped. To ensure reliable transmissions, the local router is configured to
retransmit the LSP packet.
A broadcast link does not support retransmission of LSP packets.
By default, the interval for retransmitting LSP packets over a P2P link is 5s.
l Minimum interval for sending LSP packets
The minimum interval for the IS-IS to send LSP packets on an interface, that is, the delay
between two successive LSP packets.
By default, the minimum interval for sending the LSP packets is 50 ms.
Procedure
Step 2 (Optional) Run the isis timer hello command to configure the interval for sending Hello packets
on the interface.
Step 3 (Optional) Run the isis timer holding-multiplier command to configure the number of Hello
packets which invalidates an adjacency.

Step 4 (Optional) Run the isis timer csnp command to configure the interval for sending the CSNP
packets on the interface.
Step 5 (Optional) Run the isis timer lsp-retransmit command to configure the interval for
retransmitting LSP packets on the P2P link.
Step 6 (Optional) Run the isis timer lsp-throttle command to configure the minimum interval for
sending LSP packets.
----End
Example
For VLAN interface 10, to configure the interval for sending Level-1 Hello packets as 20s, the
number of Hello packets which invalidates an adjacency as 6, and the minimum interval for
sending LSP packets as 500 ms, do as follows:
huawei(config-if-vlanif10)#isis timer hello 20 level-1
huawei(config-if-vlanif10)#isis timer holding-multiplier 6 level-1
huawei(config-if-vlanif10)#isis timer lsp-throttle 500
Related Operations
Table 13-19 lists the related operations for configuring the IS-IS packet timer.
Table 13-19 Related operations for configuring the IS-IS packet timer
Restore the default interval for sending undo isis timer hello
Hello packets
Restore the default number of Hello undo isis timer holding-multiplier

packets which invalidates an adjacency
Restore the default interval for sending undo isis timer csnp
CSNP packets
Restore the default interval for undo isis timer lsp-retransmit

retransmitting LSP packets
Restore the default minimum interval undo isis timer lsp-throttle

for sending LSP packets
13.5.6 Configuring LSP Parameters

This topic describes how to configure the LSP parameters to improve the efficiency of the IS-
IS protocol.
You can modify the LSP parameters according to the running status of the network to improve
the efficiency of the IS-IS protocol. A router supports the following LSP parameters. In general,
it is recommended that you use the default LSP configurations.

l LSP refreshment period

To synchronize all the LSPs in the entire area, the IS-IS periodically transmits all the current
LSPs. Ensure that the LSP refresh period is shorter than the aging time of the LSP.
By default, the LSP refresh period is 900s.
l LSP aging time
When a router generates an LSP, it configures the aging time for the LSP. When the LSP
is received by another router, the router starts its aging timer. If the router does not receive
LSP update messages within the aging time, it keeps the LSP for 60 more seconds. After
60s, if LSP update messages are not received, the router deletes the LSP from the LSDB.
By default, the LSP aging time is 1200s.
l Intelligent timer for generating LSPs
For the IS-IS protocol, when the local routing information is changed, the router generates
new LSPs to advertise this change. When the change is frequent, the interval for generating
a new LSP should, however, be delayed. This is to prevent too many system resources from
being occupied, which impairs the system performance. If the delay is very long, the change
in the local routing information cannot be advertised to the adjacent routers in time, thus
decelerating the network convergence.
To accelerate the network convergence without affecting the system performance of the
routers, the intelligent timer is adopted. The intelligent timer is used to adjust the delay
according to the frequency of network change. The interval for initially generating the LSP
is called the initial-interval. An incremental interval is added to the initial-interval when
each change occurs until the initial-interval reaches the value of max-interval. When the
interval reaches the value of max-interval three times, it drops to the initial-interval value
again.
By default, the max-interval for generating an LSP is 2s.
l Ignoring LSP checksum error
When the router receives an LSP, it checks its checksum. If the checksum is inconsistent
with the calculated checksum, you can set the aging time and the checksum of the LSP to
0. That is, the LSP gets aged. If you configure the router to ignore the checksum error, the
LSP packets are processed as normal packets even when the LSP checksum error is
detected.
By default, the system does not ignore the LSP checksum error.
l LSP cache size
The LSP packet cache is classified into cache for generating LSP packets and cache for
receiving LSP packets, which indicate the size of the LSP packets generated by a router
and the size of the LSP packets received by a router respectively. The size of the cache
generating LSP packets must be smaller than the size of the cache receiving LSP packets.
By default, the size of the cache for LSP packets is 1497 bytes.
NOTE
The cache for LSP packets must be smaller than the MTU of the IS-IS interface. Otherwise, the
forwarding of the LSP packets may fail.
Procedure
Step 2 (Optional) Run the timer lsp-refresh command to configure the LSP refreshment period.

Step 3 (Optional) Run the timer lsp-max-age command to configure the LSP aging time.
Step 4 (Optional) Run the timer lsp-generation command to configure the intelligent timer for
generating the LSPs.
Step 5 (Optional) Run the ignore-lsp-checksum-error command to configure the function of ignoring
the LSP checksum errors.
Step 6 (Optional) Run the lsp-length receive command to configure the size of the LSP packets
received currently.
Step 7 (Optional) Run the lsp-length originate command to configure the size of the LSP packets
generated by the current router.
----End
Example
To configure the LSP refresh period as 1000 ms, the LSP aging time as 1500 ms, the max-interval
as 20s, the initial-interval as 50 ms, the incremental-interval as 2000 ms, and the size of generated
LSP packets as 1024 bytes, do as follows:
huawei(config)#isis
huawei(config-isis-1)#timer lsp-refresh 1000
huawei(config-isis-1)#timer lsp-max-age 1500
huawei(config-isis-1)#timer lsp-generation 20 50 2000
huawei(config-isis-1)#lsp-length originate 1024
Related Operations
Table 13-20 lists the related operations for configuring the LSP parameters.
Table 13-20 Related operations for configuring the LSP parameters
Restore the default LSP refreshment undo timer lsp-refresh

period
Restore the default LSP aging time undo timer lsp-max-age
Restore the default configuration of undo timer lsp-generation

the intelligent timer for generating the
LSPs
Restore the default configuration of undo ignore-lsp-checksum-error

ignoring the LSP checksum errors
Restore the default size of the LSP undo lsp-length receive

packets received by the current router
Restore the default size of the LSP undo lsp-length originate

packets generated by the current
router

13.5.7 Enabling LSP Fast Flooding

This topic describes how to configure the LSP fast flooding. This helps to accelerate the network
convergence and stablize the IS-IS network.
You can specify the maximum number of LSPs flooded each time and the maximum interval
for LSP flooding for an interface. The configuration takes effect for all the interfaces.
By default, for an interface, the maximum number of LSPs flooded each time is 5, and the
maximum interval for LSP flooding is 10 ms. If the level is not specified, the configuration takes
effect for both Level-1 and Level-2 LSPs.
Procedure
Step 2 Run the flash-flood command to configure the LSP fast flooding.
----End
Example
To configure the LSP fast flooding on the MA5600T running the IS-IS protocol, allowing each
interface to send up to six LSPs each time at a maximum interval of 100 ms, do as follows:
huawei(config)#isis
huawei(config-isis-1)#flash-flood 6 max-timer-interval 100
Related Operation
Table 13-21 lists the related operation for configuring the LSP fast flooding.
Table 13-21 Related operation for configuring the LSP fast flooding
Restore the default setting of LSP fast undo flash-flood

flooding
13.5.8 Configuring SPF Parameters

This topic describes how to configure the SPF parameters to improve the performance of the IS-
IS router.
For the IS-IS protocol, when the LSDB changes, the router needs to recalculate the routes.
Recalculating the routes frequently occupies many system resources and affects the system
efficiency. Delaying SPF calculation improves the efficiency in route calculation to some extent
and reduces consumption of system resources. A long delay, however, slows the network
convergence.

l SPF intelligent timer

It can adjust the delay for SPF calculation according to the LSDB change frequency.
By default, the delay for SPF calculation is 10s.
l Duration for each SPF calculation
When the number of routing entries in a routing table is more than 150,000, the SPF
calculation of IS-IS occupies the CPU for a long time, lowering the system performance
of the router. To prevent this, you can divide the SPF calculation into segments and set the
duration for each SPF calculation.
By default, the SPF calculation is not divided into segments, and the calculation is
completed at a time.
Procedure
Step 2 (Optional) Run the timer spf command to configure the delay for SPF calculation.
Step 3 (Optional) Run the spf-slice-size command to configure the duration for each SPF calculation.
----End
Example
To configure the maximum delay for SPF calculation as 5s, and the duration for SPF calculation
as 500 ms, do as follows:
huawei(config)#isis
huawei(config-isis-1)#timer spf 5
huawei(config-isis-1)#spf-slice-size 500
Related Operations
Table 13-22 lists the related operations for configuring the SPF parameters.
Table 13-22 Related operations for configuring the SPF parameters
Restore the default delay for SPF undo timer spf

calculation
Restore the default duration for SPF undo spf-slice-size

calculation
13.5.9 Configuring IS-IS Host Name Mapping

This topic describes how to configure the IS-IS host name to set up the mapping between the
host name and the system ID. After configuring the IS-IS host name successfully, the host name
is advertised in an area as LSP packets.

l An IS-IS router supports the mapping of both the local IS-IS host name and the remote IS-
IS host name. A DIS router also supports the mapping of DIS host name.
l By default, the mapping of the IS-IS host name is not configured.
l When you run the display isis peer command to query the adjacency, the mapping name
is displayed in the command response, provided that the mapping of the IS-IS host name
is configured on both ends. The mapping name is not displayed if the mapping of the IS-
IS host name is configured on only one end.
NOTE
The DIS host name is configured for the DIS interface. A P2P interface does not support the configuration
of a host name.
Procedure
l Configure the host name of the local IS-IS and that of the remote IS-IS.
process.
2. Run the is-name command to configure the host name of the local or remote IS-IS.
l Configure the DIS host name.
2. Run the isis dis-name command to configure the DIS host name.
----End
Examples
To configure the host name of the local IS-IS process as RUTA, and to configure the host name
of the remote IS-IS process (System ID: 0000.0000.0041) as RUTB, do as follows:
huawei(config)#isis
huawei(config-isis-1)#is-name RUTA
huawei(config-isis-1)#is-name map 0000.0000.0041 RUTB
To configure the DIS host name as LocalArea, do as follows:

huawei(config-if-vlanif10)#isis dis-name LocalArea
huawei(config-isis-1)#is-name map 0000.0000.0041 RUTB
Related Operations
Table 13-23 lists the related operations for configuring host name mapping.
Table 13-23 Related operations for configuring host name mapping
Delete the local/remote host name undo is-name
Delete the DIS host name undo isis dis-name

Query the mapping between the display isis name-table

host name and the system ID
13.5.10 Configuring IS-IS Authentication

This topic describes how to configure the area, routing domain, and interface authentication on
the MA5600T by running the IS-IS protocol.
l Area authentication
This function is used to verify the Level-1 routing packets such as LSP, CSNP, and PSNP
received by the router, and filter the routing packets that cannot pass the authentication.
With the area authentication enabled, a router encapsulates the specified authentication
mode and password into the LSP, CSNP, and PSNP packets for advertisement. At the same
time, the router authenticates the received LSP, CSNP and PSNP packets. The packets can
be received only when these packets contain the authentication mode and password
consistent with those configured on the router. If other routers in the same area also start
the area authentication process, the authentication modes and the passwords of these routers
should be identical. Otherwise, the routers cannot work normally. By default, the area
authentication is not disabled.
l Routing domain authentication
This function is used to verify the Level-2 routing packets such as LSP, CSNP, and PSNP
received by the router, and filter the routing packets that cannot pass the authentication.
With the routing domain authentication enabled, a Level-2 router at the backbone layer
encapsulates the specified authentication mode and password into the LSP, CSNP, and
PSNP packets for advertisement. At the same time, the router authenticates the received
LSP, CSNP and PSNP packets. The packets can be received only when these packets
contain the authentication mode and password consistent with the authentication mode and
password configured on the router. If other routers at the backbone layer also start the
routing domain authentication process, the authentication modes and the passwords of these
routers should be identical. Otherwise, the routers cannot work normally. By default, the
routing domain authentication is not disabled.
l Interface authentication
This function is used to verify the received Hello packets to confirm if their adjacencies
are valid and correct.
NOTE
When configuring the interface authentication, note the following:

l The IS-IS function is enabled on the interface.
l The authentication modes and passwords of the same level must be identical for all interfaces in
the same network.
l The level configuration does not take effect for a P2P interface.

Procedure
l Configure the area and domain authentication.
process.
2. Run the area-authentication-mode command to configure the area authentication.
3. Run the domain-authentication-mode command to configure the routing domain
authentication.
l Configure the interface authentication.
2. Run the isis authentication-mode command to configure the interface authentication.
----End
Examples
To configure the area authentication password as hello and the authentication mode as simple,
do as follows:
huawei(config)#isis
huawei(config-isis-1)#area-authentication-mode simple hello
To configure the routing domain authentication password as huawei and the authentication mode
as MD5, do as follows:
huawei(config)#isis
huawei(config-isis-1)#domain-authentication-mode md5 huawei
To configure the authentication password as huawei and the authentication mode as simple for
VLAN interface 10, do as follows:
huawei(config-if-vlanif10)#isis authentication-mode simple huawei
Related Operations
Table 13-24 lists the related operations for configuring the IS-IS authentication.
Table 13-24 Related operations for configuring the IS-IS authentication
Disable the area authentication undo area-authentication-mode
Disable the routing domain undo domain-authentication-mode

authentication
Disable the interface undo isis authentication-mode

authentication

13.5.11 Configuring LSDB Overload Flag Bit

This topic describes how to configure the LSDB overload flag bit. This allows other routers in
an area not to take the overloaded router into consideration during the SPF calculation.
With the LSDB overload flag bit configured, a router still advertises the LSP packets containing
the overload flag bit. The other routers in the network, however, do not use the LSP packets with
the overload flag bit for calculating the routes of the overloaded router. That is, after a router is
configured with the overload flag bit, other routers do not take the routes learned by this router
into consideration during the SPF calculation. But the direct routes of this router are calculated.
In the IS-IS network, if a router is faulty, the routes for the entire area are not calculated correctly.
Then, you can set the overload flag bit for the faulty router to temporarily remove it from the
IS-IS network. This helps you to locate the fault easily.
By default, the overload flag bit is not configured.
Procedure
Step 2 Run the set-overload command to configure the LSDB overload flag bit.
----End
Example
To configure the LSDB overload flag bit for IS-IS process 1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#set-overload
Related Operation
Table 13-25 lists the related operation for configuring the LSDB overload flag bit.
Table 13-25 Related operation for configuring the LSDB overload flag bit
Delete the overload flag bit undo set-overload
13.5.12 Enabling Output of the Adjacency State

This topic describes how to enable the output of the adjacency state, allowing the change of IS-
IS adjacency state to be output to the maintenance terminal.
Procedure

Step 2 Run the log-peer-change command to enable the output of the adjacency state.
----End
Example
To enable the output of the adjacency state for IS-IS process 1, do as follows:
huawei(config)#isis
huawei(config-isis-1)#log-peer-change
Related Operation
Table 13-26 lists the related operation for enabling the output of the adjacency state.
Table 13-26 Related operation for enabling the output of the adjacency state
Disable the output of the adjacency undo log-peer-change

state

SmartAX MA5600T Multi-service Access Module 14 BGP Routing Protocol Configuration
14 BGP Routing Protocol Configuration
About This Chapter
This topic describes how to configure the BGP routing protocol supported by the MA5600T.
NOTE
(s) directly.
first.
14.1 Overview
This topic describes the Border Gateway Protocol (BGP) and its application on the MA5600T.
14.2 Configuration Example of BGP
This topic provides an example for configuring the BGP on the MA5600T.
14.3 Configuring Basic BGP Functions
This topic describes how to configure the basic BGP functions.
14.4 Configuring BGP Route Attributes
This topic describes how to configure the BGP route attributes.
14.5 Controlling the BGP Routing Information
This topic describes how to control the BGP routing information.
14.6 Adjusting and Optimizing BGP
This topic describes how to adjust and optimize the configurations of a BGP network such as
modifying the BGP timers, configuring the interval for sending update messages, and
configuring the BGP verification function.

14 BGP Routing Protocol Configuration SmartAX MA5600T Multi-service Access Module
14.1 Overview
This topic describes the Border Gateway Protocol (BGP) and its application on the MA5600T.
Service Description
l BGP is a dynamic routing protocol used between Autonomous Systems (ASs).
l BGP is an Exterior Gateway Protocol (EGP). It controls the route propagation and selection
of optimal routes. It does not control the discovery and calculation of routes. This
distinguishes BGP from the Interior Gateway Protocols (IGPs) such as OSPF and RIP.
l As an exterior routing protocol for the Internet, BGP is widely used among various Internet
service providers (ISPs).
Service Specifications
BGP runs on the MA5600T in either of the following modes:
l Interior BGP (IBGP): BGP is called an IBGP when it runs within an AS.
l Exterior BGP (EBGP): BGP is called an EBGP when it runs among ASs.
14.2 Configuration Example of BGP

This topic provides an example for configuring the BGP on the MA5600T.
Networking
Figure 14-1 shows an example network for configuring the BGP.
In this example network, an EBGP connection is set up between MA5600T_A and
MA5600T_B, and an IBGP connection is set up among MA5600T_B, MA5600T_C, and
MA5600T_D.
Figure 14-1 Example network for configuring the BGP
AS 2001
AS 2000
9.1.3.2/24 9.1.2.1/24
8.1.1.1/8 MA5600T_C
3.3.3.3
200.1.1.2/24
9.1.3.1/24 9.1.2.2/24
MA5600T_A
1.1.1.1
200.1.1.1/24 9.1.1.1/24
9.1.1.2/24
MA5600T_B
MA5600T_D
2.2.2.2
4.4.4.4

Data Plan
Table 14-1 provides the data plan for configuring the BGP.
Table 14-1 Data plan for configuring the BGP
Item Data Remarks
MA5600T_A IP address of VLAN interface 6: It is used for the EBGP

200.1.1.2/24 connection to
AS2001.
IP address of VLAN interface 2: -

8.1.1.1/8
Router ID：1.1.1.1 -
AS number: 2000 -
MA5600T_B IP address of VLAN interface 6: It is used for the EBGP

200.1.1.1/24 connection to
AS2000.
IP address of VLAN interface 3: It is used for the IBGP

9.1.3.1/24 connection to the
MA5600T_C.

MA5600T_D.
AS number: 2001 -
MA5600T_C IP address of VLAN interface 3: It is used for the IBGP

MA5600T_B.

MA5600T_D.
AS number: 2001 -
MA5600T_D IP address of VLAN interface 5: It is used for the IBGP

MA5600T_C.

MA5600T_B.
AS number: 2001 -

Figure 14-2 shows the flowchart for configuring the BGP.
Figure 14-2 Flowchart for configuring the BGP
Start
Configure the L3 interface
Enable the BGP function
Save the data
End
Procedure
Step 1 Configure MA5600T_A.
2. Enable the BGP function.

huawei(config)#bgp 2000
huawei(config-BGP)#router-id 1.1.1.1
huawei(config-BGP)#peer 200.1.1.1 as-number 2001
huawei(config-BGP)#network 8.0.0.0 8
huawei(config-BGP)#quit
3. Save the data.

huawei(config)#save
Step 2 Configure MA5600T_B.




huawei(config-BGP)#import-route direct
3. Save the data.

huawei(config)#save
Step 3 Configure MA5600T_C.


3. Save the data.

huawei(config)#save
Step 4 Configure MA5600T_D.


3. Save the data.

huawei(config)#save
----End

Result
l Run the display bgp peer command, and you can see that:
– The EBGP connection is set up between MA5600T_A and MA5600T_B.
– The IBGP connections are set up among MA5600T_B, MA5600T_C, and
MA5600T_D.
– The route with the destination subnet 8.0.0.0/8 exists on MA5600T_C and
MA5600T_D, and the next hop of the route is the interface address of MA5600T_A
l Run the ping command on MA5600T_C and MA5600T_D to ping the Layer 3 interface
(8.1.1.1/24) on MA5600T_A. The ping command is executed successfully.
14.3 Configuring Basic BGP Functions

This topic describes how to configure the basic BGP functions.
14.3.1 Configuring BGP Basic Description
This topic describes how to configure the BGP basic description.
14.3.2 Configuring BGP to Advertise the Local Routes
This topic describes how to configure the MA5600T to advertise the BGP local routes.
14.3.3 Configuring the Local Interface Used for a BGP Connection
This topic describes how to configure the local interface used for a BGP connection.
14.3.4 Configuring the Maximum Number of Hops in an EBGP Connection
This topic describes how to configure the maximum number of hops in an EBGP connection.
14.3.1 Configuring BGP Basic Description

This topic describes how to configure the BGP basic description.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode.
Step 2 Run the router-id command to set the BGP router ID.
NOTE
l This configuration is optional. If the BGP router ID is not set, the router ID set in global config mode
by running the router id command is used as the BGP router ID.
l Setting the BGP router ID reestablishes the connections between the MA5600T and the peer. Exercise
caution when you perform this operation.
Step 3 Run the peer as-number command to specify the IP address and the AS number of the peer.
NOTE
The IP address of the specified peer can be as follows:

l The IP address of the peer interface that is directly connected to the MA5600T.
l The IP address of the loopback interface of the reachable peer. In this case, you must run the peer
connect-interface command to configure the source interface of the peer for sending the BGP packets,
and make sure that the peer is connected properly.
Step 4 Run the peer description command to configure the description of the peer.

Step 5 Run the display bgp peer command to query the peer.
----End
Example
To enable BGP process 1 and enter BGP mode to set the router ID to 10.10.10.1, to specify the
peer IP address as 10.10.10.2 and AS number as 10, and to set the description of the peer to
huawei, do as follows:
huawei(config-bgp)#router-id 10.10.10.1
CAUTION! Changing configuration will reset peer session. Continue?(Y/N):y
huawei(config-bgp)#peer 10.10.10.2 as-number 10
huawei(config-bgp)#peer 10.10.10.2 description huawei
huawei(config-bgp)#quit
huawei(config)#display bgp peer 10.10.10.2 verbose
Peer: 10.10.10.2 Local router ID: 10.10.10.1

Type: EBGP link
Peer's description: "huawei"
BGP version 4, remote router ID 0.0.0.0
BGP current state: Active
BGP current event: ConnOpenFailed
BGP last state: Connect
Received: Total 0 messages, Update messages 0

Sent: Total 0 messages, Update messages 0
Minimum time between advertisement runs is 30 seconds
Optional capabilities:
Route refresh capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
Related Operation
Table 14-2 lists the related operation for configuring the BGP basic description.
Table 14-2 Related operation for configuring the BGP basic description
Configure the source interface of the peer for peer connect-interface

sending the BGP packets
14.3.2 Configuring BGP to Advertise the Local Routes

This topic describes how to configure the MA5600T to advertise the BGP local routes.
Procedure
Step 2 Run the network command to configure the BGP router to advertise the local routes.
Step 3 Run the display bgp network command to query the routing information advertised by the BGP
router running the network command.

Step 4 Run the display bgp routing-table command to query the BGP routing information.
NOTE
After the BGP router is configured to advertise the local routes by running the network command, the
routing information advertised by the BGP router by running the command can be queried by running the
display bgp network command. A route, however, exists in the BGP routing table only when the
destination address and the mask specified by the network command match the local route. You can run
the display bgp routing-table command to query the routes in the BGP routing table.
----End
Example
To configure the BGP router to advertise local route with the destination address/mask of
10.10.10.0/24 by applying routing policy huawei, do as follows:
huawei(config-bgp)#network 10.10.10.0 24 route-policy huawei
huawei(config)#display bgp network
BGP Local Router ID is 10.10.10.1
Local AS Number is 1
Network Mask Route-policy
10.10.10.0 255.255.255.0 huawei

huawei(config)#display bgp routing-table
{ regular-expression<K>|<cr>|ip_addr<X.X.X.X>|statistics<K>|cidr<K>|community
<K>|community-filter<K>|dampened<K>|dampening<K>|as-path-filter<K>|flap-info<K>|
peer<K>|different-origin-as<K> }:
Command:
display bgp routing-table
Total Number of Routes: 1
BGP Local router ID is 10.71.42.12

Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.10.10.0 0.0.0.0 0 0 i
Related Operations
Table 14-3 lists the related operations for advertising the BGP local routes.
Table 14-3 Related operations for advertising the BGP local routes
Query the current routing information in the display ip routing-table

system
Create a routing policy and enter the routing route-policy

policy mode
14.3.3 Configuring the Local Interface Used for a BGP Connection

This topic describes how to configure the local interface used for a BGP connection.

Context
l By default, the physical interface that is directly connected to the peer is used as the local
interface for a BGP connection.
l To ensure that a BGP connection is reliable and stable, you can configure the local interface
used for the BGP connection as the loopback interface. In this way, when there are
redundant links in the network, the BGP connection should not break off due to the failure
of a certain interface or link.
l In general, to create a BGP connection, you need to configure the local interface used for
the BGP connection as the loopback interface. Otherwise, the BGP connection cannot be
created.
Procedure
Step 2 Run the peer connect-interface command to configure the local interface of the peer for sending
the BGP packets.
Step 3 Run the display bgp peer command to query the BGP peer.
----End
Example
To set the local interface for the peer 10.10.10.2 to send BGP packets as the loopback interface,
do as follows:
huawei(config-bgp)#peer 10.10.10.2 connect-interface loopback 0

Type: EBGP link
Peer's description: "huawei"
BGP current state: Idle
BGP current event: TransFatalError

Connect-interface has been configured
Related Operation
Table 14-4 lists the related operation for configuring the local interface used for a BGP
connection.

Table 14-4 Related operation for configuring the local interface used for a BGP connection
Configure the IP address and AS number of the peer as-number

peer
14.3.4 Configuring the Maximum Number of Hops in an EBGP

Connection
This topic describes how to configure the maximum number of hops in an EBGP connection.
Context
By default, the maximum number of hops in an EBGP connection is 1, which indicates that the
EBGP connection cannot be set up between the BGP router and the peers on the network. An
EBGP connection can be set up with the peers on the network that is not connected directly only
when the maximum number of hops in the EBGP connection is configured.
Procedure
Step 2 Run the peer ebgp-max-hop command to configure the maximum number of hops for setting
up an EBGP connection to the peers on the network that is not connected directly.
Step 3 Run the display bgp peer command to query the BGP peer.
----End
Example
To configure the maximum number of hops as 10 for setting up an EBGP connection to peer
20.20.20.1 on the network that is not connected directly, do as follows:
huawei(config-bgp)#peer 20.20.20.1 ebgp-max-hop 10

Type: EBGP link
BGP current state: Active
BGP current event: ConnOpenFailed

Multi-hop ebgp has been enabled

Related Operation
Table 14-5 lists the related operation for configuring the maximum number of hops in an EBGP
connection.
Table 14-5 Related operation for configuring the maximum number of hops in an EBGP
connection
Configure the IP address and AS number of the peer as-number

peer
14.4 Configuring BGP Route Attributes

This topic describes how to configure the BGP route attributes.
14.4.1 Configuring the BGP Route Preference
This topic describes how to configure the BGP route preference.
14.4.2 Configuring the Default Local_Pref Attribute
This topic describes how to configure the default Local_Pref attribute, that is the local priority
of the MA5600T, which shows the priority of the BGP router, and check the best routing when
the flow exits the AS.
14.4.3 Configuring the MED Attribute
This topic describes how to configure the MED attribute.
14.4.4 Configuring the Next_Hop Attribute
This topic describes how to configure the Next_Hop attribute.
14.4.5 Configuring the AS-Path Attribute
This topic describes how to configure the AS_Path attribute.
14.4.1 Configuring the BGP Route Preference

This topic describes how to configure the BGP route preference.
Context
You can configure the preference for the following three types of BGP routes.
l routes learned from external peers (EBGP)

l routes learned from internal peers (IBGP)
l routes that originated locally (Local Originated)
Procedure
Step 2 Run the preference(BGP) command to configure the BGP route preference.

Step 3 Run the display ip routing-table command to query the preference of the EBGP and IBGP
routes.
----End
Example
To configure the preference of the EBGP route as 200, and to adopt the default preference 255
for the IBGP and BGP local routes, do as follows:
huawei(config-bgp)#preference 200 255 255
huawei(config)#display ip routing-table
{ <cr>|vpn-instance<K>|verbose<K>|statistics<K>|protocol<K>|acl<K>|ip-prefix<K>|
ip_addr<X.X.X.X> }:
Command:
display ip routing-table
Routing Tables: Public
Destination/Mask Proto Pre Cost NextHop Interface
10.10.10.0/24 BGP 200 0 20.20.20.2 vlanif20

20.20.20.0/24 Direct 0 0 20.20.20.1 vlanif20
14.4.2 Configuring the Default Local_Pref Attribute

This topic describes how to configure the default Local_Pref attribute, that is the local priority
of the MA5600T, which shows the priority of the BGP router, and check the best routing when
the flow exits the AS.
Procedure
Step 2 Run the default local-preference command to configure the Local_Pref attribute of the
MA5600T.
----End
Example
To configure the default BGP local preference as 200, do as follows:
huawei(config-bgp)#default local-preference 200
14.4.3 Configuring the MED Attribute

This topic describes how to configure the MED attribute.
Context
When a router where BGP is running obtains multiple routes with the same destination address
but different next hops through different EBGP peers, the router chooses the route with the
minimum MED value as the optimal route, provided that the other parameters of the routes are
the same. Configuring the MED attribute involves the following:

l Configuring the MED value of a BGP route

l Enabling the comparison of MED values of the routes from different ASs
In general, the BGP router compares only the MED values of the routes from the same AS
(different peers).
l Configuring the disposal method when the MED value is lost
After configuring the disposal method, if the MED value does not exist in the route
attributes, a maximum MED value is used during the optimal route selection.
Procedure
Step 2 Run the default med command to configure the MED value of the BGP route.
Step 3 Run the compare-different-as-med command to enable the comparison of MED values of the
routes from different ASs.
Step 4 Run the bestroute med-none-as-maximum command to configure the disposal method when
the MED value is lost.
----End
Example
To configure the MED value of the BGP route as 200, enable the comparison of MED values
of the routes from different ASs, and use the maximum MED value during the optimal route
selection when the MED value does not exist in the route attributes, do as follows:
huawei(config-bgp)#default med 200
huawei(config-bgp)#compare-different-as-med
huawei(config-bgp)#bestroute med-none-as-maximum
14.4.4 Configuring the Next_Hop Attribute

This topic describes how to configure the Next_Hop attribute.
Context
If BGP load balancing is configured, the MA5600T sets the address of its outbound interface as
the next hop address when advertising routes to IBGP peer groups, regardless of whether the
Next_Hop attribute is configured by running the peer next-hop-local command.
Procedure
Step 2 Run the peer next-hop-local command to enable the MA5600T to change the address of its
outbound interface as the next hop address when advertising routes to the IBGP peer.
----End
Example
To enable the MA5600T to set its outbound interface as the next hop address when it advertises
routes to IBGP peer 10.101.10.1, do as follows:

huawei(config-bgp)#peer 10.10.10.1 next-hop-local
Related Operation
Table 14-6 lists the related operation for configuring the Next_Hop attribute.
Table 14-6 Related operation for configuring the Next_Hop attribute
Configure BGP load balancing maximum load-balancing
14.4.5 Configuring the AS-Path Attribute

This topic describes how to configure the AS_Path attribute.
Context
Configuring the AS_Path attribute involves the following:
l Allowing repeat local AS numbers

In special applications such as VPN, you can configure the AS_Path attribute of the routes
sent from the peers to contain the local AS number, and configure the repeat count of the
local AS number.
l Ignoring the AS_Path attribute during the optimal BGP route selection
By default, the AS_Path attribute is used as a rule for the optimal route selection. In certain
special applications, if the attribute is not used supposed to be a rule for the optimal route
selection, use this function.
l Configuring the fake AS number
This function is used to hide the actual AS number. EBGP peers in other ASs can see only
the fake AS number. That is, when specifying their local AS number, the EBGP peers in
other ASs must choose this fake AS number as their local number.
l Replacing the AS number in the AS-path attribute
When this function is enabled, if the AS_Path attribute of a route to be advertised contains
the same AS number as that of the specified peer, the AS number is replaced with the AS
number of the local router before the route is advertised.
l Configuring the AS_Path attribute to carry only the public AS number when the BGP router
sends BGP update messages
When this function is enabled, if the AS_Path attribute of the BGP routing information
advertised to the peer contains private AS numbers, the BGP router deletes the private AS
numbers.
Procedure
Step 2 Run the peer allow-as-loop command to allow repeat local AS numbers.

Step 3 Run the bestroute as-path-neglect command to configure the BGP to ignore the AS_Path
attribute during the optimal route selection.
Step 4 Run the peer fake-as command to configure the fake AS number.
Step 5 Run the peer substitute-as command to enable the function of replacing the AS number in the
AS_Path attribute.
Step 6 Run the peer public-as-only command to configure the AS_Path attribute to carry only the
public AS number when the BGP router sends BGP update messages.
NOTE
Each attribute above can be configured. If it is not configured, the value is default.
----End
Examples
To configure the repeat count of the local AS number allowed by peer 10.10.10.1 as 2, do as
follows:
huawei(config-bgp)#peer 10.10.10.1 allow-as-loop 2
To configure the BGP to ignore the AS_Path attribute during the optimal route selection, do as
follows:
huawei(config-bgp)#bestroute as-path-neglect
To configure the fake AS number of peer 10.10.10.1 as 200, do as follows:

huawei(config-bgp)#peer 10.10.10.1 fake-as 200
To enable the function of replacing AS numbers for peer 10.10.10.1, do as follows:

huawei(config-bgp)#peer 10.10.10.1 substitute-as
To configure peer 10.10.10.1 to carry only public AS numbers when the BGP router sends BGP
update messages, do as follows:
huawei(config-bgp)#peer 10.10.10.1 public-as-only
Related Operation
Table 14-7 lists the related operation for configuring the AS_Path attribute.
Table 14-7 Related operation for configuring the AS_Path attribute

Enable the split horizon function among the ASs as-split-horizon
14.5 Controlling the BGP Routing Information

This topic describes how to control the BGP routing information.

14.5.1 Configuring BGP to Import Routes

This topic describes how to configure the BGP to import the routes.
14.5.2 Filtering the Routes Imported by BGP
This topic describes how to filter the routes imported by BGP.
14.5.3 Configuring BGP Route Aggregation
This topic describes how to configure the BGP route aggregation.
14.5.4 Configuring a Router to Advertise the Default Route to Its Peer
This topic describes how to configure a router to advertise the default route to its peer.
14.5.5 Configuring BGP Access List
This topic describes how to configure the BGP access list.
14.5.6 Configuring a BGP Routing Policy
This topic describes how to configure a BGP routing policy.
14.5.7 Configuring the Policy for Advertising the BGP Routing Information
This topic describes how to configure the policy for advertising the BGP routing information.
14.5.8 Configuring the Policy for Receiving the BGP Routing Information
This topic describes how to configure the policy for receiving the BGP routing information.
14.5.1 Configuring BGP to Import Routes

This topic describes how to configure the BGP to import the routes.
Procedure
Step 2 Run the import-route command to enable the BGP to import the routes of other protocols.
----End
Example
To import static routes to the BGP routing table, do as follows:
huawei(config-bgp)#import-route static
Related Operations
Table 14-8 lists the related operations for configuring the BGP to import routes.
Table 14-8 Related operations for configuring the BGP to import routes
Advertise the default route to a peer peer default-route-advertise
Query the BGP routing information display bgp routing-table

system

Enable the default route to be imported to the default-route imported

BGP routing table
14.5.2 Filtering the Routes Imported by BGP

This topic describes how to filter the routes imported by BGP.
Procedure
Step 2 Run the filter-policy import command to configure the rules for filtering the received routes.
----End
Example
To filter the received routes according to the rules defined in ACL 2001, do as follows:
huawei(config-bgp)#filter-policy 2001 import
Related Operation
Table 14-9 lists the related operation for filtering the routes imported by BGP.
Table 14-9 Related operation for filtering the routes imported by BGP
Configure the rules for filtering the routes filter-policy export

advertised by BGP
14.5.3 Configuring BGP Route Aggregation

This topic describes how to configure the BGP route aggregation.
Context
The BGP route aggregation can be automatic aggregation and manual aggregation. The
preference of manual aggregation is higher than that of automatic aggregation.
l Automatic aggregation: aggregates the imported routes, which can be direct routes, static
routes, RIP routes, OSPF routes, and IS-IS routes, except the routes advertised by running
the network command.
l Manual aggregation: aggregates the routes existing in the local BGP routing table. For
example, when the route to the subnet 10.1.0.0/24 does not exist in the BGP routing table,

BGP does not advertise the aggregated route even if you run the aggregate 10.1.0.0 16
command to aggregate the route.
Procedure
l Configure the automatic route aggregation function.
1. Run the bgp command to enable the BGP process and enter BGP mode.
2. Run the summary automatic command to configure the function of automatically
aggregating the BGP subnet routes.
l Configure the manual route aggregation function.
2. Run the aggregate command to aggregate routes in BGP.
----End
Examples
To configure the function of automatically aggregating the BGP subnet routes, do as follows:
huawei(config-bgp)#summary automatic
To manually aggregate the BGP routes in the subnet 10.10.0.0/16, do as follows:

huawei(config-bgp)#aggregate 10.10.0.0 16
Related Operations
Table 14-10 lists the related operations for configuring the BGP route aggregation.
Table 14-10 Related operations for configuring the BGP route aggregation

system
14.5.4 Configuring a Router to Advertise the Default Route to Its

Peer
This topic describes how to configure a router to advertise the default route to its peer.
Context
Perform this operation to enable a router to unconditionally send a default route with its own
address as the next hop address to a peer in case that the routing table does not have to contain
any default route.

Procedure
Step 2 Run the peer default-route-advertise command to configure the MA5600T to advertise the
default route to its peer.
----End
Example
To configure the MA5600T to advertise the default route to peer 10.10.10.1, do as follows:
huawei(config-bgp)#peer 10.10.10.1 default-route-advertise
Related Operations
Table 14-11 lists the related operations for configuring the MA5600T to advertise the default
route to its peer.
Table 14-11 Related operations for configuring the MA5600T to advertise the default routes to
its peer
Enable BGP to import the routes of other import-route

protocols
Enable the default route to be imported to the default-route imported

BGP routing table
14.5.5 Configuring BGP Access List

This topic describes how to configure the BGP access list.
Procedure
Step 1 Run the ip as-path-filter command to configure the AS path filter.
Step 2 Run the ip community-filter command to configure the community attributes filter.
----End
Examples
To set AS path filter 1, which permits the routes of AS 30 to pass through (regular expression
"-30-" indicates any AS list that contains AS30), do as follows:
huawei(config)#ip as-path-filter 1 permit -30-
To configure basic community attribute filter 10, where the community number is 20, the
community attributes list is 100:2, and the matching mode for the community attributes is permit,
do as follows:

huawei(config)#ip community-filter 10 permit 20 100:2 internet
Related Operations
Table 14-12 lists the related operations for configuring the BGP access list.
Table 14-12 Related operations for configuring the BGP access list
Query the community attributes filter display ip community-filter
Enable the MA5600T to advertise the community peer advertise-community

attributes to its peer
14.5.6 Configuring a BGP Routing Policy

This topic describes how to configure a BGP routing policy.
Context
l The MA5600T supports up to 16 routing policies, each of which can be configured with
up to eight nodes.
l A routing policy can have multiple nodes. Each node acts as a unit of a matching test, and
the nodes are identified by sequence number for the matching test.
l The relation between different nodes of a routing policy is OR. That is, the router checks
the nodes of the routing policy one by one. If one node passes the match test, it means that
the route policy passes the match test, and match test for the next node is not required.
l Each node consists of the following clauses:
– if-match clause
It defines the matching rules. The relation between different if-match clauses of a node
is AND. That is, the node can pass the matching test only when all the if-match clauses
of the node are met.
– apply clause
It specifies the actions to be taken after a route passes the matching test. The apply
clause is used to configure the attributes of the route.
Procedure
Step 1 Run the route-policy command to create a routing policy and enter routing policy mode.
Step 2 Run the if-match command to configure the matching rules of the routing policy for filtering
the routing information.
NOTE
You can configure the rules in different ways. For details, see Table 14-13.
Step 3 Run the apply command to configure the attributes of a route.

NOTE
You can configure various attributes of a route. For details, see Table 14-13.

Step 4 Run the display route-policy command to query the configured routing policies.
----End
Example
To create routing policy huawei with the node of 1 and the matching mode of permit, set the IP
address prefix list 100 as the matching condition, and set the cost of the route meeting the
matching condition as 40000, do as follows:
huawei(config)#route-policy huawei permit node 1
Info: You are overwriting this sequence !
huawei(config-route-policy)#if-match ip-prefix 100
huawei(config-route-policy)#apply cost 40000
huawei(config)#display route-policy huawei
Route-policy : huawei
permit : 1
Match clauses :
if-match ip-prefix 100
Apply clauses :
apply cost 40000
Table 14-13 lists the parameters for configuring a routing policy.
Table 14-13 Parameters for configuring a routing policy
Parameter Parameter Description
permit Specifies the matching mode of the node as permit. If the routing
information is permitted to pass the node, the apply clause of
the node is executed, and the matching test of another node is
not performed. If the routing information is not permitted to pass
the node, the matching test continues on the next node.
deny Specifies the matching mode of the node as deny. In this case,
the apply clause is not executed. When the routing information
meets all the if-match clauses of the node, the matching test is
not performed on the next node. If the routing information does
not meet the if-match clause of the node, the matching test
continues on the next node.
Related Operations
Table 14-14 lists the related operations for configuring a routing policy.
Table 14-14 Related operations for configuring a routing policy
Configure a matching rule based on the access if-match acl

control list (ACL)

Configure a matching rule based on the AS path if-match as-path-filter

filter
Configure a matching rule based on the if-match community-filter

community attribute filter
Configure a matching rule based on the route cost if-match cost
Configure a matching rule based on the egress if-match interface

interface
Configure a matching rule based on the IP if-match ip

information
Configure a matching rule based on the IP if-match ip-prefix

address prefix
Configure a matching rule based on the route type if-match route-type
Configure a matching rule based on the routing if-match tag

tag field
Configure the AS_Path attribute of the route apply as-path

meeting the matching rules
Delete the BGP routing community according to apply comm-filter

the value specified in the community attribute
filter
Configure the BGP community attribute of the apply community

route meeting the matching rules
Configure the routing cost for the matched route apply cost
Configure the next hop of the routing information apply ip-address
Configure the local preference of the BGP route apply local-preference
Configuring the Origin attribute of the BGP route apply origin
Configure the preference of the BGP route apply preference
Configure the preferred value of the BGP route apply preferred-value
Configure the tag of the routing information apply tag
14.5.7 Configuring the Policy for Advertising the BGP Routing

Information
This topic describes how to configure the policy for advertising the BGP routing information.
Context
Configuring the policy for advertising the BGP routing information involves the following:

l Filtering the advertised BGP routing information

It filters all advertised BGP routing information. The routes advertised to all peers are
discarded when they do not comply with the filtering rules.
l Applying a routing policy to the advertised routing information
It indicates that if the routing information advertised to the peer complies with the routing
policy, the route is configured based on the routing policy and then advertised to the peer.
If the routing information does not comply with the routing policy, the route is directly
advertised to the peer.
l Filtering the routing information advertised to the peer
It indicates that the routing information advertised to the peer is discarded when it does not
comply with the routing policy.
Procedure
l Filter the advertised BGP routing information.
2. Run the filter-policy export command to configure the rules for filtering the
advertised BGP routes.
l Apply a routing policy to the advertised routing information.
2. Run the peer route-policy command and select the parameter export to apply the
routing policy to the routing information advertised to the peer.
NOTE
The routing policy applied in the peer route-policy command does not support taking a certain
interface as one of the matching rules. That is, the if-match interface command is not supported
for applying a routing policy.
l Filter the routing information advertised to the peer.
2. Run the peer filter-policy command and select the parameter export to configure the
ACL-based routing policy for the routing information advertised to the peer.
NOTE
The routes advertised to the peer can also be filtered in the following ways:
l Run the peer as-path-filter command and select the parameter export to configure a policy
based on the AS path for filtering the routes advertised to the peer.
l Run the peer ip-prefix command and select the parameter export to configure a policy
based on the IP address prefix for filtering the routes advertised to the peer.
----End
Examples
To filter the advertised information on the static routes based on the rules defined in ACL 2001,
do as follows:
huawei(config-bgp)#filter-policy 2001 export static
To apply routing policy abc to the routing information advertised to peer 10.10.10.1, do as
follows:

huawei(config-bgp)#peer 10.10.10.1 route-policy abc export
To apply ACL-based routing policy 2009 to the routing information advertised to peer
10.10.10.1, do as follows:
huawei(config-bgp)#peer 10.10.10.1 filter-policy 2009 export
Related Operations
Table 14-15 lists the related operations for configuring the policy for advertising the BGP
routing information.
Table 14-15 Related operations for configuring the policy for advertising the BGP routing
information
Configure a filtering policy based on the AS path peer as-path-filter

for the peer
Configure a filtering policy based on the IP peer ip-prefix

address prefix for the peer
Configure the rules for filtering the received BGP filter-policy import
routing information
14.5.8 Configuring the Policy for Receiving the BGP Routing

Information
This topic describes how to configure the policy for receiving the BGP routing information.
Context
Configuring the policy for receiving the BGP routing information involves the following:
l Filtering the received BGP routing information: filters all received BGP routing
information. The routes from all peers are discarded if they do not comply with the filtering
rules.
l Applying a routing policy to the received routing information: indicates that if the routing
information from a specified peer complies with the routing policy, the route is configured
according to the routing policy. The received route is not affected even if the routing
information does not comply with the routing policy.
l Filtering the routing information from the peer: indicates that the routing information from
a specified peer is discarded if it does not comply with the routing policy.
l Limiting the number of the routes received from peers: Limits the number of routes from
a specified peer.
Procedure
l Filter the received BGP routing information.

2. Run the filter-policy import command to configure the rules for filtering the received
BGP routes.
l Apply a routing policy to the received routing information.
2. Run the peer route-policy command and select the parameter import to apply the
routing policy to the received routing information.
NOTE
The routing policy applied in the peer route-policy command does not support taking a certain
interface as one of the matching rules. That is, the if-match interface command is not supported
for applying a routing policy.
l Filter the routing information received from the peer.
2. Run the peer filter-policy command and select the parameter import to configure the
ACL-based routing policy for the routes received from the peer.
NOTE
The routes received from the peer can also be filtered in the following ways:
l Run the peer as-path-filter command and select the parameter import to configure a policy
based on the AS path for filtering the routes received from the peer.
l Run the peer ip-prefix command and select the parameter import to configure a policy
based on the IP address prefix for filtering the routes received from the peer.
l Limit the number of routes received from the peer.
2. Run the peer route-limit command to configure the number of routes allowed to be
received from the peer.
----End
Examples
To filter the received routes based on the rules defined in ACL 2001, do as follows:
huawei(config-bgp)#filter-policy 2001 import
To apply routing policy abc to the routes received from peer 10.10.10.1, do as follows:
huawei(config-bgp)#peer 10.10.10.1 route-policy abc import
To apply ACL-based routing policy 2009 to the routes received from peer 10.10.10.1, do as
follows:
huawei(config-bgp)#peer 10.10.10.1 filter-policy 2009 import
To set the maximum number of routes allowed to be received from peer 10.10.10.1 to 200, and
enable the generation of only an alarm when the number of received routes exceeds the threshold,
do as follows:
huawei(config-bgp)#peer 10.10.10.1 route-limit 200 alert-only

Related Operations
Table 14-16 lists the related operations for configuring the policy for receiving the BGP routing
information.
Table 14-16 Related operations for configuring the policy for receiving the BGP routing
information
Configure a filtering policy based on the AS path peer as-path-filter

for the peer
Configure a filtering policy based on the IP peer ip-prefix

address prefix for the peer
Configure the rules for filtering the advertised filter-policy export

BGP routing information
14.6 Adjusting and Optimizing BGP

This topic describes how to adjust and optimize the configurations of a BGP network such as
modifying the BGP timers, configuring the interval for sending update messages, and
configuring the BGP verification function.
14.6.1 Configuring the BGP Timers
This topic describes how to configure the BGP keepalive time and holding time.
14.6.2 Configuring the Interval for Sending the Update Messages
This topic describes how to configure the interval for the peer to send the update messages.
14.6.3 Configuring BGP Soft Reset
This topic describes how to configure the BGP soft reset. This allows the BGP router to apply
new routing policies to dynamically update the routing table without interrupting the BGP
connection.
14.6.4 Enabling Quick Reset of an EBGP Connection
This topic describes how to enable the quick reset function of an EBGP connection. This allows
a quick response to changes of EBGP routes.
14.6.5 Configuring MD5 Authentication
This topic describes how to configure the MD5 authentication for the TCP connection set up by
the BGP peer. This ensures the security of the BGP connection.
14.6.6 Configuring the Maximum Number of Equal-Cost Routes
This topic describes how to configure the maximum number of equal-cost routes. This allows
the load transmitted to the same destination to be shared among the equal-cost routes.
14.6.7 Configuring EBGP Neighbor Split Horizon
This topic describes how to configure the split horizon function among the EBGP neighbors.
This decreases unnecessary routing information advertised among ASs.

14.6.1 Configuring the BGP Timers

This topic describes how to configure the BGP keepalive time and holding time.
There are two types of BGP timers, which are used for controlling the BGP keepalive time and
holding time.
l keepalive-time
The BGP router sends keepalive messages to the peer at an interval of keepalive time for
maintaining the connectivity of the BGP connection.
The maximum interval for sending keepalive messages is one third of the holding time,
and cannot be less than 1s.
l hold-time
If the BGP router does not receive keepalive messages or update messages from the peer
within the specified holding time, it considers that the BGP connection is closed and then
exits the connection.
By default, the keepalive time is 60s and the holding time is 180s.
When creating a BGP connection to a peer, a router negotiates with the peer to obtain the
keepalive time and the holding time. Between the holding time of the BGP router and that of its
peer, the smaller one is considered as the negotiated holding time. Between the keepalive time
(one third of the holding time) and the keepalive time configured locally, the smaller one is
considered as the negotiated keepalive time.
The BGP router allows you to configure the global BGP timer and the peer BGP timer. The
priority for configuring the global BGP timer is lower than that for configuring the peer BGP
timer.
Notes
CAUTION
Modifying the BGP timer value temporarily interrupts the BGP connection between routers.
Exercise caution when you perform this operation.
Note the following when configuring the BGP timers:
l If the values of keepalive time and holding time are 0, the BGP timers are invalid. That is,
the BGP router does not send keepalive messages or detect whether the holding time has
expired.
l The holding time is more than the keepalive time. For example, the keepalive time is 1,
and the holding time is 65535. A longer holding time, however, cannot ensure that BGP
detects the link faults in time.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.

Step 2 Run the time command to configure the global BGP timer.
Step 3 Run the peer timer command to configure the peer BGP timer.
----End
Example
To configure the global BGP timer with the keepalive time of 30s and the holding time of 90s,
and configure the peer BGP timer with the keepalive time of 10s and the holding time of 30s,
do as follows:
huawei(config-bgp)#timer keepalive 30 hold 90
huawei(config-bgp)#peer 20.20.20.1 timer keepalive 10 hold 30
Related Operations
Table 14-17 lists the related operations for configuring the BGP timer.
Table 14-17 Related operations for configuring the BGP timer
Restore the default settings of the undo time

global BGP timer
Restore the default settings of the undo peer timer

peer BGP timer
Configure the BGP peer peer as-number
14.6.2 Configuring the Interval for Sending the Update Messages

This topic describes how to configure the interval for the peer to send the update messages.
Update messages are used for exchanging routing information among the peers. The packets can
be used for advertising the information on a reachable route, or can be used for canceling multiple
unreachable routes.
By default, the interval for the IBGP peer to send the update messages is 15s, and that for the
EBGP peer to send the update messages is 30s.
Procedure
Step 2 Run the peer route-update-interval command to configure the interval for the peer to send the
update messages.
----End

Example
To configure the interval for the peer to send the update messages as 10s, do as follows:
huawei(config-bgp)#peer 20.20.20.1 route-update-interval 10
Related Operations
Table 14-18 lists the related operations for configuring the interval for sending the update
messages.
Table 14-18 Related operations for configuring the interval for sending the update messages
Restore the default interval for undo peer route-update-interval

sending the update messages
Configure the BGP peer peer as-number
14.6.3 Configuring BGP Soft Reset

This topic describes how to configure the BGP soft reset. This allows the BGP router to apply
new routing policies to dynamically update the routing table without interrupting the BGP
connection.
After changing the BGP routing policies, you must reset the current BGP connection to validate
the new configuration. The BGP connection is thus interrupted temporarily.
BGP supports the route-refresh function. In this way, when routing policies change, the router
refreshes the BGP routing table automatically without interrupting the BGP connection.
l If the route-refresh function is enabled on all peers, the local router advertises route-refresh
messages to its peers when the BGP routing policy is changed. The peer receiving the
messages sends its routing information to the local router again. In this way, the BGP
routing table is updated dynamically by applying the new routing policy without
interrupting the BGP connection. You can also run the refresh bgp command to perform
soft reset on the local router to update the routing table manually.
By default, the route-refresh function is enabled on the BGP router.
l For a peer not supporting the route-refresh function, you can configure the local router to
reserve all the route update information of the peer. When the routing policy of the local
router changes, the BGP soft reset command is executed, allowing the routing information
to generate the BGP routes again.
By default, the route update information of the peer is not reserved.
Procedure
l Configure the BGP soft reset when the peer supports the route-refresh function.
1. In global config mode, run the bgp command to enter BGP mode.

2. Run the peer capability-advertise command to advertise the route-fresh function that
the MA5600T supports to the peer.
3. (Optional) Run the refresh bgp command to perform soft reset on the BGP connection
manually.
l Configure the BGP soft reset when the peer does not support the route-refresh function.
1. In global config mode, run the bgp command to enter BGP mode.
2. Run the ipv4-family unicast command to enter IPv4 unicast mode.
3. Run the peer keep-all-routes command to reserve all route update information of the
peer.
4. Run the refresh bgp command to perform soft reset on the BGP connection manually.
----End
Examples
To advertise the route-refresh function that the MA5600T supports to the peer with the IP address
of 20.20.20.1, do as follows:
huawei(config-bgp)#peer 20.20.20.1 capability-advertise route-refresh
To perform soft reset on the ingress direction of the BGP connection to peer 20.20.20.1, do as
follows:
huawei(config-bgp)#ipv4-family unicast
huawei(config-bgp-af-ipv4)peer 20.20.20.1 keep-all-routes
huawei(config-bgp)#return
huawei#refresh bgp 20.20.20.1 import
Related Operations
Table 14-19 lists the related operations for configuring the BGP soft reset.
Table 14-19 Related operations for configuring the BGP soft reset
Restore the default setting of the undo peer capability-advertise

route-refresh function of the peer
Restore the default configuration of undo peer keep-all-routes

reserving all route update
information of the peer
Query the details of the BGP peer display bgp peer
14.6.4 Enabling Quick Reset of an EBGP Connection

This topic describes how to enable the quick reset function of an EBGP connection. This allows
a quick response to changes of EBGP routes.

l When this function is enabled, if the EBGP connection is faulty, that is, the status of a
certain interface becomes Down, the BGP immediately deletes failure and then resets.
l When this function is disabled, the repeated setup and deletion of the BGP session caused
by route flapping is prevented. This saves the network bandwidth to some extent.
l By default, the quick reset function of the EBGP connection is enabled.
Procedure
Step 2 Run the ebgp-interface-sensitive command to enable the quick reset function of the EBGP
connection.
----End
Example
To enable the quick reset function of the EBGP connection, do as follows:
huawei(config-bgp)#ebgp-interface-sensitive
Related Operation
Table 14-20 lists the related operation for enabling the quick reset function of the EBGP
connection.
Table 14-20 Related operation for enabling the quick reset function of the EBGP connection
Disable the quick reset function of undo ebgp-interface-sensitive

the EBGP connection
14.6.5 Configuring MD5 Authentication

This topic describes how to configure the MD5 authentication for the TCP connection set up by
the BGP peer. This ensures the security of the BGP connection.
A BGP router uses the TCP protocol as the transport layer protocol for setting up the BGP
connection to the peer. To improve the security of the BGP connection, the BGP router supports
the MD5 authentication for setting up the TCP connection.
The MD5 authentication supported by BGP applies to the TCP connection, but does not apply
to the BGP packets. TCP completes the authentication procedure. The TCP connection can be
set up only when the authentication is successful.

Procedure
Step 2 Run the peer password command to configure the MD5 authentication.
----End
Example
To configure the MD5 authentication with the password huawei and the plaintext mode (simple)
for the TCP connection set up between the local router and the peer 20.20.20.1, do as follows:
huawei(config-bgp)#peer 20.20.20.1 password simple huawei
Related Operation
Table 14-21 lists the related operation for configuring the MD5 authentication.
Table 14-21 Related operation for configuring the MD5 authentication
Cancel the MD5 authentication undo peer password
14.6.6 Configuring the Maximum Number of Equal-Cost Routes

This topic describes how to configure the maximum number of equal-cost routes. This allows
the load transmitted to the same destination to be shared among the equal-cost routes.
The maximum number of equal-cost routes varies with products and protocols, and it must be
adjusted according to the license file of a product.
By default, the maximum number of equal-cost routes is 1.
Procedure
Step 2 Run the ipv4-family unicast command to enter IPv4 unicast mode.
Step 3 Run the maximum load-balancing command to configure the maximum number of BGP equal-
cost routes.
----End
Example
To allow two equal-cost routes to reach the destination address, do as follows:

huawei(config-bgp)#ipv4-family unicast
huawei(config-bgp-af-ipv4)maximum load-balancing 2
Related Operation
Table 14-22 lists the related operation for configuring the maximum number of equal-cost
routes.
Table 14-22 Related operation for configuring the maximum number of equal-cost routes
Restore the default maximum undo maximum load-balancing

number of equal-cost routes
14.6.7 Configuring EBGP Neighbor Split Horizon

This topic describes how to configure the split horizon function among the EBGP neighbors.
This decreases unnecessary routing information advertised among ASs.
In general, the split horizon function among the EBGP neighbors can be enabled only when
multiple EBGP peers exist between two ASs.
When the function is disabled, the route received from one AS is advertised through other EBGP
peers back to the AS again. If the EBGP peer does not support AS loops, it discards the route
based on the AS_Path attribute, thus wasting the resources.
When the function is enabled, the route received from an AS is not advertised back to the AS.
In this way, the unnecessary route advertising is decreased.
By default, the split horizon function among ASs is disabled.
Procedure
Step 2 Run the as-split-horizon command to enable the split horizon function among the EBGP
neighbors.
----End
Example
To enable the split horizon function among the EBGP neighbors, do as follows:
huawei(config-bgp)#as-split-horizon
Related Operations
Table 14-23 lists the related operations for configuring the split horizon function among the
EBGP neighbors.

Table 14-23 Related operations for configuring the split horizon function among the EBGP
neighbors
Disable the split horizon function undo as-split-horizon

among the EBGP neighbors
Configure the peer to allow AS peer allow-as-loop

loops

SmartAX MA5600T Multi-service Access Module 15 MSTP Configuration
15 MSTP Configuration
About This Chapter
This topic describes how to configure MSTP on the MA5600T.
15.1 Overview
This topic describes the multiple spanning tree protocol (MSTP) and its application on the
MA5600T.
15.2 Enabling the MSTP Function
This topic describes how to enable the MSTP function on the MA5600T.
15.3 Setting the Working Mode of MSTP
This topic describes how to set the working mode of MSTP.
15.4 Setting the MST Region Parameters
This topic describes how to set the parameters of the multiple spanning tree (MST) region.It
includes setting the MD5-Key for the MD5 encryption algorithm,configuring the MST region
name,mapping the specified VLAN to the specified MSTP instance,mapping all VLANs to the
MSTP instances by modular arithmetic,setting the MSTP revision level,restoring the default
settings for all parameters of the MST region.
15.5 Activating the Configuration of the MST Region
This topic describes how to activate the configuration of the MST region.
15.6 Specifying the Device as a Root Bridge or a Backup Root Bridge
This topic describes how to specify the device as a root bridge or a backup root bridge.
15.7 Setting the Priority of the Device in the Specified Spanning Tree Instance
This topic describes how to set the priority of the device in the specified spanning tree instance.
15.8 Setting the Maximum Number of Hops of the MST Region
This topic describes how to set the maximum number of hops of the MST region.
15.9 Setting the Diameter of the Switching Fabric
This topic describes how to set the diameter of the switching fabric.
15.10 Setting the Calculation Standard for the Path Cost
This topic describes how to set the calculation standard for the path cost.
15.11 Setting the Time Parameters of the Specified Network Bridge

15 MSTP Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to set the time parameters of the specified network bridge. The time
parameters include Forward Delay, Hello Time, MAX Age, and Time Factor.
15.12 Setting the Parameters of the Specified Port
This topic describes how to set the parameters of the specified port.
15.13 Setting the mCheck Variable
This topic describes how to set the mCheck variable to force a port to work in MSTP mode.
15.14 Configuring the Device Protection Function
This topic describes how to configure the device protection functions, including BPDU
protection, loopback protection and root protection.
15.15 Clear the MSTP Protocol Statistics
This topic describes how to clear the protocol statistics.

15.1 Overview
This topic describes the multiple spanning tree protocol (MSTP) and its application on the
MA5600T.
Service Description
MSTP applies to a redundant network. It makes up for the drawback of STP and RSTP. MSTP
makes the network converge fast and the traffic of different VLANs distributed along their
respective paths, which provides a better load-sharing mechanism.
MSTP trims a loop network into a loop-free tree network. It prevents the proliferation and infinite
cycling of the packets in the loop network. In addition, MSTP provides multiple redundant paths
for VLAN data transmission to achieve the load-sharing purpose.
For details on MSTP, refer to "MSTP" in the MA5600T Feature Description.
The MA5600T supports MSTP, which is compatible with the STP and RSTP. It supports MSTP
loop network to meet the various networking requirements.
15.2 Enabling the MSTP Function

This topic describes how to enable the MSTP function on the MA5600T.
l By default, the MSTP function is disabled.
l After the MSTP function is enabled, the device determines whether it works in STP
compatible mode or MSTP mode based on the configured protocol.
l After the MSTP function is enabled, MSTP maintains dynamically the spanning tree of the
VLAN based on the received BPDU packets. After the MSTP function is disabled, the
MSTP device becomes a transparent bridge and does not maintain the spanning tree.
Procedure
Step 1 Run the stp enable command or the stp port enable command to enable the MSTP function of
the bridge or the port.
Step 2 Run the display stp command or the display stp port command to query the MPLS state of the
bridge or the port.
----End
Examples
To enable the MSTP function of the bridge, do as follows:
huawei(config)#stp enable
Change global stp state may active region configuration,it may take several
minutes,are you sure to change global stp state? [Y/N][N]y

huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 1 days :18m:27s
============================== Instance 0 ==================================

Bridge Priority : 32768 MAC Address : 00e0-fc99-5050
Hello Time: 2 sec Forward Delay: 15 sec Max Age: 20 sec
IST Root Priority : 32768 MAC Address : 00e0-fc99-5050
CST Root Priority : 32768 MAC Address : 00e0-fc99-5050
Path cost to IST root bridge is 0

Path cost to CST root bridge is 0
-----------------------------------------------------------------------------
To enable the MSTP function of port 0/9/0, do as follows:

huawei(config)#stp port 0/9/0 enable
huawei(config)#display stp port 0/9/0
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :32768.00e0-fc99-5050 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :3 packets/hello-time
Protection Type :None
Port Stp Mode :Stp
PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
Related Operations
Table 15-1 lists the related operations for enabling the MSTP function.
Table 15-1 Related operations for enabling the MSTP function
Disable the MSTP function of the device stp disable -
Disable the MSTP function of the port stp port disable -
Restore the default MSTP state of the undo stp By default, it is

device disabled.
Restore the default MSTP state of the undo stp port By default, it is
port enabled.

Query the MSTP information display stp -
15.3 Setting the Working Mode of MSTP

This topic describes how to set the working mode of MSTP.
l MSTP supports two working modes:
– MSTP mode
– STP mode
l MSTP is compatible with STP. If the network bridge that runs STP exists in the switching
fabric, MSTP automatically runs in MSTP/STP compatible mode.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the stp mode
mstp command to force the port to work in MSTP mode.
Procedure
l The following section shows the procedure for setting the STP working mode.
1. Run the stp mode stp command to set the STP working mode.
2. Run the display stp command to query the working mode.
l The following section shows the procedure for setting the RSTP working mode.
1. Run the stp mode mstp command to set the MSTP working mode.
2. Run the display stp command to query the working mode.
----End
Examples
To set the STP working mode, do as follows:
huawei(config)#stp mode stp
Command:
display stp
The bridge is executing the IEEE compatible Spanning Tree Protocol
Time Factor : 3
============================== Instance 0 ==================================



-----------------------------------------------------------------------------
To set the MSTP working mode, do as follows:

huawei(config)#stp mode mstp
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 15-2 lists the related operation for setting the working mode of MSTP.
Table 15-2 Related operation for setting the working mode of MSTP
Restore the default working mode of undo stp mode By default, the
MSTP device works in
MSTP mode.
15.4 Setting the MST Region Parameters

This topic describes how to set the parameters of the multiple spanning tree (MST) region.It
includes setting the MD5-Key for the MD5 encryption algorithm,configuring the MST region
name,mapping the specified VLAN to the specified MSTP instance,mapping all VLANs to the
MSTP instances by modular arithmetic,setting the MSTP revision level,restoring the default
settings for all parameters of the MST region.
15.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region
This topic describes how to set the MD5-Key for the MD5 encryption algorithm.
15.4.2 Configuring the MST Region Name
This topic describes how to configure the MST region name.

15.4.3 Mapping the Specified VLAN to the Specified MSTP Instance

This topic describes how to map the specified VLAN to the specified MSTP instance.
15.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic
This topic describes how to map all VLANs to the MSTP instances by modular arithmetic.
15.4.5 Setting the MSTP Revision Level
This topic describes how to set the MSTP revision level.
15.4.6 Restoring the Default Settings for All Parameters of the MST Region
This topic describes how to restore the default settings for all parameters of the MST region.
15.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm

Configured on the MST Region
This topic describes how to set the MD5-Key for the MD5 encryption algorithm.
l The purpose of setting the MD5-Key is for device security. Two devices in the same
multiple spanning tree (MST) can communicate with each other when their MD5-Key
values are the same.
l The MD5-Key value is a hex character string not more than 32 bytes. In addition, its length
must be a multiple of 2. By default, it is 0x13AC06A62E47FD 51F95D2BA243CD0346.
Procedure
Step 1 Run the stp md5-key command to set the MD5-Key for the MD5 encryption algorithm
configured on the MST region.
Step 2 Run the display current-configuration command to query the configuration of the device.
----End
Example
To set the MD5-Key for the MD5 encryption algorithm as 0x11ed224466, do as follows:
huawei(config)#stp md5-key 11ed224466
huawei(config)#display current-configuration section config
[MA5680V800R005: 1001]
#
[config]
<config>
mpls vlan 10
mpls vlan 20
mpls vlan 500
mpls vlan 1000
mpls vlan 1001
#
stp region-configuration
region-name huawei
instance 1 vlan 1000
instance 2 vlan 100
active region-configuration
stp instance 0 priority 0
stp timer hello 1000
stp md5-key 11ED224466
stp port 0/9/0 root-protection enable
stp enable

#
lacp priority 0 system
lacp long-period 20
Related Operation
Table 15-3 lists the related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region.
Table 15-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region
Restore the default MD5-Key for the undo stp md5-key

MD5 encryption algorithm
15.4.2 Configuring the MST Region Name

This topic describes how to configure the MST region name.
You can configure the parameters related to the MST regions, such as the name, revision level,
and VLAN instance mapping table.
The default values of the three parameters are as follows:
l The MST region name is the MAC address of the maintenance network port of the device.
l All VLANs are mapped to common and internal spanning tree (CIST).
l The revision level of MSTP is 0.
Procedure
Step 1 Run the stp region-configuration command to enter MST region mode.
Step 2 Run the region-name command to configure the name of the MST region.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To configure the name of the MST region as huawei-mstp-bridge, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#region-name huawei-mstp-bridge
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge

Revision level :0
Instance Vlans Mapped

0 1 to 4094
Related Operations
Table 15-4 lists the related operations for configuring the MST region name.
Table 15-4 Related operations for configuring the MST region name
Restore the default name of the MST undo region-name

region
Activate the configuration of the MST active region-configuration

region
Query the configuration of the MST display stp region-configuration

region
15.4.3 Mapping the Specified VLAN to the Specified MSTP

Instance
This topic describes how to map the specified VLAN to the specified MSTP instance.
l By default, all VLANs are mapped to CIST, that is, instance 0.
l One VLAN can be mapped to only one instance. If you re-map a VLAN to another instance,
the original mapping is disabled.
l A maximum of 10 VLAN sections can be configured for an MSTP instance.
l The configuration does not take effect immediately. It is validated only after being
activated.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the instance vlan command to map the specified VLAN to the specified MSTP instance.
region.
----End
Example
To map VLANs 2-10 and VLANs 12-16 to MSTP instance 3, do as follows:
huawei(stp-region-configuration)#instance 3 vlan 2 to 10 12 to 16

Admin configuration
Format selector :0
Revision level :0

0 1, 11, 17 to 4094
3 2 to 10, 12 to 16
Related Operations
Table 15-5 lists the related operations for mapping the specified VLAN to the specified MSTP
instance.
Table 15-5 Related operations for mapping the specified VLAN to the specified MSTP instance
Disable the VLAN undo instance vlan VLAN mapping in CIST

mapping of the specified (instance 0) cannot be disabled.
MSTP instance
Activate the active region-configuration -

configuration of the MST
region
Query the configuration display stp region- -

of the validated MST configuration
region
15.4.4 Mapping All VLANs to the MSTP Instances by Modular

Arithmetic
This topic describes how to map all VLANs to the MSTP instances by modular arithmetic.
l By default, all VLANs are mapped to CIST, that is, instance 0.
l On the MA5600T, you can specify the VLAN to each MSTP instance rapidly by modular
arithmetic.
– When you map the VLAN to the MSTP instance by modular arithmetic, the ID of the
mapped instance is (VLANID - 1) % module + 1.
– The modular value for the modular arithmetic ranges from 1 to 16. It indicates the
number of the MSTP instances.
l This operation is used to map the VLANs to the MSTP instances rapidly, which results in
the change of the mapping relations for all VLANs. In actual application, you can run the
instance vlan command to adjust the mappings as required.
l The configuration does not take effect immediately. It is validated only after being
activated.

Procedure
Step 2 Run the vlan-mapping module command to map all VLANs to the MSTP instances by modular
arithmetic.
region.
----End
Example
To map all VLANs to the MSTP instances by modular arithmetic, with the modular value of 16,
do as follows:
huawei(stp-region-configuration)#vlan-mapping module 16
Admin configuration
Format selector :0
Revision level :0
InstanceVlans Mapped
1 1, 17, 33, 49, 65, 81, 97, 113, 129, 145, 161,
177, 193, 209, 225, 241, 257, 273, 289, 305, 321, 337,
353, 369, 385, 401, 417, 433, 449, 465, 481, 497, 513,
529, 545, 561, 577, 593, 609, 625, 641, 657, 673, 689,
705, 721, 737, 753, 769, 785, 801, 817, 833, 849, 865,
881, 897, 913, 929, 945, 961, 977, 993, 1009, 1025, 1041,
1057, 1073, 1089, 1105, 1121, 1137, 1153, 1169, 1185, 1201, 1217,
1233, 1249, 1265, 1281, 1297, 1313, 1329, 1345, 1361, 1377, 1393,
1409, 1425, 1441, 1457, 1473, 1489, 1505, 1521, 1537, 1553, 1569,
1585, 1601, 1617, 1633, 1649, 1665, 1681, 1697, 1713, 1729, 1745,
1761, 1777, 1793, 1809, 1825, 1841, 1857, 1873, 1889, 1905, 1921,
1937, 1953, 1969, 1985, 2001, 2017, 2033, 2049, 2065, 2081, 2097,
2113, 2129, 2145, 2161, 2177, 2193, 2209, 2225, 2241, 2257, 2273,
2289, 2305, 2321, 2337, 2353, 2369, 2385, 2401, 2417, 2433, 2449,
2465, 2481, 2497, 2513, 2529, 2545, 2561, 2577, 2593, 2609, 2625,
2641, 2657, 2673, 2689, 2705, 2721, 2737, 2753, 2769, 2785, 2801,
2817, 2833, 2849, 2865, 2881, 2897, 2913, 2929, 2945, 2961, 2977,
2993, 3009, 3025, 3041, 3057, 3073, 3089, 3105, 3121, 3137, 3153,
3169, 3185, 3201, 3217, 3233, 3249, 3265, 3281, 3297, 3313, 3329,
3345, 3361, 3377, 3393, 3409, 3425, 3441, 3457, 3473, 3489, 3505,
3521, 3537, 3553, 3569, 3585, 3601, 3617, 3633, 3649, 3665, 3681,
3697, 3713, 3729, 3745, 3761, 3777, 3793, 3809, 3825, 3841, 3857,
3873, 3889, 3905, 3921, 3937, 3953, 3969, 3985, 4001, 4017, 4033,
4049, 4065, 4081
2 2, 18, 34, 50, 66, 82, 98, 114, 130, 146, 162,
178, 194, 210, 226, 242, 258, 274, 290, 306, 322, 338,
Related Operations
Table 15-6 lists the related operations for mapping all VLANs to the MSTP instances.
Table 15-6 Related operations for mapping all VLANs to the MSTP instances
Map all VLANs to CIST instance 0 undo vlan-mapping module


region
Query the effective configuration of the display stp region-configuration

MST region
15.4.5 Setting the MSTP Revision Level

This topic describes how to set the MSTP revision level.
l By default, the revision level is 0.
l Activate the setting to validate it.
NOTE
l When you configure the parameters related to the MST region, the current device is placed into a specified
MST region.
l Two devices belong to the same MST region when they meet the following conditions:
l They have the same MST region name and the MSTP revision level.
l The VLAN mapping tables, which correspond to all the spanning tree instances, must be the same with
each other.
Procedure
Step 1 Run the stp region-configuration command to enter MST region mode.
Step 2 Run the revision-level command to set the MSTP revision level of the device.
region.
----End
Example
To set the MSTP revision level as 100, do as follows:
huawei(stp-region-configuration)#revision-level 100
Admin configuration
Format selector :0
Region name :00e0fc995050
Revision level :100

0 1 to 4094
Related Operations
Table 15-7 lists the related operations for setting the MSTP revision level of the device.

Table 15-7 Related operations for setting the MSTP revision level of the device
Restore the MSTP revision level undo revision-level

region
Query the configuration of the validated display stp region-configuration

MST region
15.4.6 Restoring the Default Settings for All Parameters of the MST
Region
This topic describes how to restore the default settings for all parameters of the MST region.
By default, the name of the MST region is its management MAC address, all VLANs are mapped
to instance 0, and the revision level of MSTP is 0.
Procedure
Step 1 Run the reset stp region-configuration command to restore the default settings to all parameters
of the MST region.
Step 3 Run the display stp region-configuration command to query the configuration of the MST
region.
----End
Example
To restore the default settings for all parameters of the MST region, do as follows:
huawei(config)#reset stp region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Region name :00e0fc995050
Revision level :0

0 1 to 4094
15.5 Activating the Configuration of the MST Region

This topic describes how to activate the configuration of the MST region.

When you configure the parameters related to the MST region, especially the VLAN mapping
table, MSTP recalculates the spanning tree. This results in an unstable network topology.
To prevent it, MSTP does not recalculate the spanning tree immediately after you configure the
parameters, unless the following conditions are met:
l Run the active region-configuration command to activate the configuration of the MST
region.
l Run the stp enable command to enable the MSTP function.
Procedure
Step 2 Run the active region-configuration command to activate the configuration of the MST region.
Step 3 Run the display stp region-configuration command to query the effective configuration of the
MST region.
----End
Example
To activate the configuration of the MST region, do as follows:
huawei(stp-region-configuration)#active region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Revision level :100

0 1 to 4094
Related Operation
Table 15-8 lists the related operation for activating the configuration of the MST region.
Table 15-8 Related operation for activating the configuration of the MST region
Query the configuration of the current check region-configuration

MST region
15.6 Specifying the Device as a Root Bridge or a Backup Root

Bridge
This topic describes how to specify the device as a root bridge or a backup root bridge.

l By default, the device is not used as a root bridge or a backup root bridge.
l After specifying the current bridge as a root bridge or a backup root bridge, you cannot
modify the system priority of the root bridge.
l One spanning tree instance can be configured with only one root bridge, but more backup
root bridges.
– If the root bridge fails or is powered off, the backup root bridge is used as the root bridge.
– If multiple backup root bridges are configured, the root bridge with the smallest MAC
address is used as the root bridge of the specified spanning tree instance.
Procedure
Step 1 Run the stp root command to specify the device as a root bridge or a backup root bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To specify the current device as the root bridge of MSTP instance 2, do as follows:
huawei(config)#stp instance 2 root primary
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 2
{ <cr>|port<K> }:
Command:
display stp instance 2
Time Factor : 3
============================== Instance 2 ==================================

Related Operation
Table 15-9 lists the related operation for specifying the device as a root bridge or a backup root
bridge.
Table 15-9 Related operation for specifying the device as a root bridge or a backup root bridge
Restore the device to be a root bridge or undo stp root

a backup root bridge

15.7 Setting the Priority of the Device in the Specified

Spanning Tree Instance
This topic describes how to set the priority of the device in the specified spanning tree instance.
l The priority of the device ranges from 0 to 61440, with the step of 4096. By default, it is
32768.
l The priority of the device determines whether it can be selected as the root bridge of the
spanning tree. A device with a smaller priority is likely to be selected as the root bridge of
the spanning tree.
l The device that supports MSTP has different priorities in different spanning tree instances.
l If the devices have the same priority, then the device with the smallest MAC address is
selected as the root bridge of the spanning tree.
Procedure
Step 1 Run the stp priority command to set the priority of the device in the specified spanning tree
instance.
----End
Example
To set the priority of the device in spanning tree instance 2 as 4096, do as follows:
huawei(config)#stp instance 2 priority 4096
NOTE
If you set the parameter instance instance-id as 0, the priority you set is used as the priority of the device in the
CIST.
{ <cr>|port<K> }:
Command:
Time Factor : 3
============================== Instance 2 ==================================

Related Operations
Table 15-10 lists the related operations for setting the priority of the device in the specified
spanning tree instance.

Table 15-10 Related operations for setting the priority of the device in the specified spanning
tree instance
Restore the default priority of the device undo stp priority

in the specified spanning tree instance
Set the priority of the port in the specified stp port port-priority
spanning tree instance
15.8 Setting the Maximum Number of Hops of the MST

Region
This topic describes how to set the maximum number of hops of the MST region.
l By default, the maximum number of hops of the MST region is 20.
l The device takes the root device of the spanning tree in the MST region as a start point.
When the configuration message in the region, that is, the BPDU packet, is forwarded by
one device, the hop is reduced by 1. The device drops the packet with the hop of 0. In this
case, the network scale in the region is restricted.
l If the current device becomes the root bridge device of the CIST or multiple spanning tree
instance (MSTI) in the MST region, the maximum number of hops configured on the bridge
device becomes the network diameter of the spanning tree. In this case, the spanning tree
scale in the region is restricted.
Procedure
Step 1 Run the stp max-hops command to set the maximum number of hops of the MST region.
Step 2 Run the display stp command to query the MSTP configuration of the current device.
----End
Example
To set the maximum number of hops of the MST region to 10, do as follows:
huawei(config)#stp max-hops 10
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================




-----------------------------------------------------------------------------
Related Operation
Table 15-11 lists the related operation for setting the maximum number of hops of the MST
region.
Table 15-11 Related operation for setting the maximum number of hops of the MST region
Restore the default maximum number of undo stp max-hops

hops of the device
15.9 Setting the Diameter of the Switching Fabric

This topic describes how to set the diameter of the switching fabric.
l The setting takes effect only to CIST.
l If the current device becomes the root bridge of the CIST or MSTI in the MST region, the
maximum hop configured on the root bridge is the network diameter of the spanning tree.
l The parameters Hello Time, Forward Delay and Max Age are related to the network scale.
When you set the diameter of the switching fabric, MSTP sets automatically the parameters
Hello Time, Forward Delay and Max Age to a proper value based on the configured network
diameter.
l By default, the diameter of the switching fabric is 7, the Forward Delay is 15s, the Hello
Time is 2s, and the Max Age is 20s.
NOTE
l The diameter of the switching fabric is the path with the most switching devices along it. The diameter is
indicated by the number of the switching devices along the path.
l Network diameter indicates the scale of a network. The larger the network diameter is, the larger the network
scale is.
Procedure
Step 1 Run the stp bridge-diameter command to set the diameter of the switching fabric.
----End

Example
To set the diameter of the switching fabric to 6, do as follows:
huawei(config)#stp bridge-diameter 6
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 15-12 lists the related operation for setting the diameter of the switching fabric.
Table 15-12 Related operation for setting the diameter of the switching fabric
Restore the default diameter of the undo stp bridge-diameter

switching fabric
15.10 Setting the Calculation Standard for the Path Cost

This topic describes how to set the calculation standard for the path cost.
l The MA5600T supports three kinds of calculation standards for the path cost: the IEEE
802.1d standard (dot1d), the IEEE 802.1t standard (dot1t), and the private standard of
Huawei (legacy). By default, the private standard of Huawei (legacy) is used.
l After the calculation standard is set, the path cost of the device is calculated based on it
automatically.
l Different calculation standards define different path cost values for the ports. If the set
calculation standard is different from the current standard, all ports use the default path cost
of the set calculation standard.

Procedure
Step 1 Run the stp pathcost-standard command to set the calculation standard for the path cost.
----End
Example
To set the calculation standard for the path cost as IEEE 802.1t, do as follows:
huawei(config)#stp pathcost-standard dot1t
Command:
display stp
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 95 Time since last TC : 0 days : 0m: 4s
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 15-13 lists the related operation for setting the calculation standard for the path cost.
Table 15-13 Related operation for setting the calculation standard for the path cost
Restore the default calculation standard undo stp pathcost-standard

for the path cost
15.11 Setting the Time Parameters of the Specified Network

Bridge
This topic describes how to set the time parameters of the specified network bridge. The time
parameters include Forward Delay, Hello Time, MAX Age, and Time Factor.
15.11.1 Setting the Forward Delay of the Specified Network Bridge
This topic describes how to set the Forward Delay of the specified network bridge.

15.11.2 Setting the Hello Time of the Specified Network Bridge

This topic describes how to set the Hello Time of the specified network bridge.
15.11.3 Setting the Max Age of the Specified Network Bridge
This topic describes how to set the Max Age of the specified network bridge.
15.11.4 Setting the Timeout Time Factor of the Specified Network Bridge
This topic describes how to set the timeout time factor of the specified network bridge.
15.11.1 Setting the Forward Delay of the Specified Network Bridge

This topic describes how to set the Forward Delay of the specified network bridge.
l For MSTP, when the port switches from discarding to forwarding state, an intermediate
state (Learning) is used if the rapid transition condition of the port state is not met, and the
state switching needs to wait for some time. This is to maintain the state switching
concurrent with the remote switch and to prevent temporary loops.
l The Forward Delay of the root bridge specifies the interval of state transition. If the current
device is a root bridge, its state transition interval is specified by the Forward Delay. The
other devices use the Forward Delay specified by the root bridge to perform state transition.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Forward Delay is 15 seconds. The unit of the Forward Delay is centisecond
(one second equals to 100 centiseconds).
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer forward-delay command to set the Forward Delay of the specified network
bridge.
----End
Example
To set the Forward Delay of the specified network bridge to 2000 centiseconds, do as follows:
huawei(config)#stp timer forward-delay 2000
Command:
display stp
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s

============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operations
Table 15-14 lists the related operations for setting the Forward Delay of the specified network
bridge.
Table 15-14 Related operations for setting the Forward Delay of the specified network bridge
Restore the default Forward Delay undo stp timer forward-delay
Set the Hello Time of the specified stp timer hello

network bridge
Set the Max Age of the specified network stp timer max-age
bridge
15.11.2 Setting the Hello Time of the Specified Network Bridge

This topic describes how to set the Hello Time of the specified network bridge.
l The device transmits the configuration packets at regular intervals specified by the Hello
Time to keep the spanning tree stable. If a device does not receive the configuration packets,
it considers that the configuration packets are timed out and then recalculates the spanning
tree.
l If the current device is a root bridge, the configuration packets are sent at regular intervals
specified by the Hello Time. The other devices use the Hello Time specified by the root
bridge to send the configuration packets.
l By default, the Hello Time is 2 seconds. The unit of the Hello Time is centisecond (one
second equals to 100 centiseconds).
NOTE
network diameter.

Procedure
Step 1 Run the stp timer hello command to set the Hello Time of the specified network bridge.
----End
Example
To set the Hello Time of the specified network bridge to 1000 centiseconds, do as follows:
huawei(config)#stp timer hello 1000
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operations
Table 15-15 lists the related operations for setting the Hello Time of the specified network
bridge.
Table 15-15 Related operations for setting the Hello Time of the specified network bridge
Restore the default Hello Time undo stp timer hello
Set the Forward Delay of the specified stp timer forward-delay

network bridge
Set the Max Age of the specified network stp timer max-age
bridge
15.11.3 Setting the Max Age of the Specified Network Bridge

This topic describes how to set the Max Age of the specified network bridge.

l The Max Age takes no effect to MSTI.
l On the CIST, the MA5600T uses the Max Age to determine whether the configuration
received by the port is out of date. If it is out of date, the MA5600T recalculates the spanning
tree instance.
l If the device is a CIST root bridge, it uses the Max Age to determine whether the
configuration is out of date. If the device is not a CIST root bridge, it uses the Max Age set
on the CIST root bridge to determine it.
l By default, the Max Age is 20 seconds. The unit of the Max Age is centisecond (one second
equals to 100 centiseconds).
NOTE
network diameter.
Procedure
Step 1 Run the stp timer max-age command to set the Max Age of the specified network bridge.
----End
Example
To set the Max Age of the specified network bridge to 3000 centiseconds, do as follows:
huawei(config)#stp timer max-age 3000
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------

Related Operations
Table 15-16 lists the related operations for setting the Max Age of the specified network bridge.
Table 15-16 Related operations for setting the Max Age of the specified network bridge
Restore the default Max Age undo stp timer max-age
Set the Forward Delay of the specified stp timer forward-delay

network bridge
Set the Hello Time of the specified stp timer hello

network bridge
15.11.4 Setting the Timeout Time Factor of the Specified Network

Bridge
This topic describes how to set the timeout time factor of the specified network bridge.
l The device that supports MSTP sends Hello packets at regular intervals to the neighboring
network bridges. In this case, it checks whether the links are in the normal state.
l If the device does not receive the Hello packets from the upstream device within a triple
Hello Time, it considers the upstream device faulty and recalculates the spanning tree. By
doing so, the link problem can be resolved in time.
l Generally, the network condition is good. If the upstream devices are busy, the spanning
tree may be recalculated. You can avoid such an unnecessary calculation by the timeout
time factor of the specified network bridge.
l By default, the timeout time factor of the specified network bridge is 3.
Procedure
Step 1 Run the stp time-factor command to set the timeout time factor of the specified network bridge.
----End
Example
To set the timeout time factor of the specified network bridge as 6, do as follows:
huawei(config)#stp time-factor 6
Command:
display stp

Time Factor : 6
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 15-17 lists the related operation for setting the timeout time factor of the specified network
bridge.
Table 15-17 Related operation for setting the timeout time factor of the specified network bridge
Restore the default timeout time factor of undo stp time-factor

the specified network bridge
15.12 Setting the Parameters of the Specified Port

This topic describes how to set the parameters of the specified port.
15.12.1 Setting the Maximum Transmission Rate of the Specified Port
This topic describes how to set the maximum transmission rate of the specified port.
15.12.2 Setting the Specified Port as an Edge Port
This topic describes how to set the specified port as an edge port. An edge port is not connected
to any switching device.
15.12.3 Setting the Path Cost of a Specified Port
This topic describes how to set the path cost of a specified port.
15.12.4 Setting the Priority of the Specified Port
This topic describes how to set the priority of the specified port.
15.12.5 Setting the Point-to-Point Link Connection of the Specified Port
This topic describes how to set the point-to-point link connection of the specified port.
15.12.1 Setting the Maximum Transmission Rate of the Specified

Port
This topic describes how to set the maximum transmission rate of the specified port.

l The maximum transmission rate of the port indicates the maximum number of MSTP
packets transmitted by the port within one Hello Time.
l The port can transmit a maximum of 255 packets within one Hello Time. The default
number of packets transmitted is 3.
Procedure
Step 1 Run the stp port transmit-limit command to set the number of packets transmitted by the port
within the Hello Time.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To set the maximum number of packets transmitted by the port within one Hello Time to 16, do
as follows:
huawei(config)#stp port 0/9/0 transmit-limit 16
huawei(config)#display stp port
{ frame/slot/port<S><1,15> }:0/9/0
Command:
display stp port 0/9/0
Port Priority :128
Desg. Bridge/Port :32768.2222-2222-2222 / 128.1
Protection Type :None
Port Stp Mode :Stp
PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20
BPDU Sent :0
BPDU Received :0
Related Operation
Table 15-18 lists the related operation for setting the maximum transmission rate of the specified
port.
Table 15-18 Related operation for setting the maximum transmission rate of the specified port
Restore the default maximum number of undo stp port transmit-limit

packets transmitted by the port

15.12.2 Setting the Specified Port as an Edge Port

This topic describes how to set the specified port as an edge port. An edge port is not connected
to any switching device.
l You can set only the port connected to the terminal as an edge port. When the BPDU
protection is disabled from the switching device, after the port receives the BPDD packets,
even if the port is set as an edge port, it still works as a non-edge port. By default, all ports
are set as non-edge ports.
l If you specify a port as an edge port, the rapid transition can be implemented if the port is
transited from blocking to forwarding state.
l This setting takes effect to all spanning tree instances. When a port is set as an edge port,
it works as an edge port on all spanning tree instances. When a port is set as a non-edge
port, it works as a non-edge port on all spanning tree instances.
NOTE
For the port directly connected to the terminal, set it as an edge port, and enable its BPDU protection function.
For more details, see This topic "15.14.1 Enabling the BPDU Protection Function of the Device." In this case,
the rapid transition of the port state can be implemented, and the network security is guaranteed.
Procedure
Step 1 Run the stp port edged-port enable command to set the port as an edge port.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set port 0/9/0 as an edge port, do as follows:
huawei(config)#stp port 0/9/0 edged-port enable
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/9/ 0 128 200000 Disabled Disa Down Edge

3 0/9/ 2 128 200000 Enabled Disa Down None

17 0/ 2/ 0 0 200000 Enabled Disa Down None
-----------------------------------------------------------------------------
Related Operation
Table 15-19 lists the related operation for setting the specified port as an edge port.
Table 15-19 Related operation for setting the specified port as an edge port
Set a port as a non-edge port stp port edged-port disable
15.12.3 Setting the Path Cost of a Specified Port

This topic describes how to set the path cost of a specified port.
l By default, the network bridge obtains the path cost of the port based on the link status.
l Setting the path cost of the Ethernet port results in the recalculation of the spanning tree.
Therefore, the default path cost is recommended.
NOTE
l Path cost is a parameter related to the rate of the link connected to the port. For the device that supports
MSTP, the port has different path costs in different spanning tree instances.
l Setting a proper path cost makes various VLAN traffic be forwarded along different physical links. In this
case, the VLAN load-sharing function is implemented.
Procedure
Step 1 Run the stp port cost command to set the path cost of a specified port.
----End
Example
To set the path cost of the port in the specified spanning tree instance to 1024, do as follows:
huawei(config)#stp port 0/9/0 instance 0 cost 1024
NOTE
{ <cr>|port<K> }:
Command:


Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
Related Operation
Table 15-20 lists the related operation for setting the path cost of a specified port.
Table 15-20 Related operation for setting the path cost of a specified port
Restore the default path cost of a undo stp port cost

specified port
15.12.4 Setting the Priority of the Specified Port

This topic describes how to set the priority of the specified port.
l The priority of a port affects its role in the specified spanning tree instance. You can set
different priorities for the same port on the different MSTIs. This makes various VLAN
traffic be forwarded along different physical links. In this case, the VLAN load-sharing
function is implemented.
l If the priority of the port changes, MSTP recalculates the role of the port and perform state
transition.
l The priority of the port ranges from 0 to 240, with the step of 16. By default, it is 128.
Procedure
Step 1 Run the stp port port-priority command to set the priority of the specified port.
----End

Example
To set the priority of the specified port to 64, do as follows:
huawei(config)#stp port 0/9/0 instance 0 port-priority 64
NOTE
{ <cr>|port<K> }:
Command:
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
Related Operation
Table 15-21 lists the related operation for setting the priority of the specified port.
Table 15-21 Related operation for setting the priority of the specified port
Restore the default priority of the undo stp port port-priority

specified port
15.12.5 Setting the Point-to-Point Link Connection of the Specified

Port
This topic describes how to set the point-to-point link connection of the specified port.

l By default, the point-to-point parameter is set to auto mode. MSTP checks whether the
link connected to the specified port is a point-to-point link.
l The port state cannot be changed rapidly if the port is not connected to a point-to-point link.
The default setting is recommended.
l This setting takes effect to CIST and MSTI. When the port is set as connecting (or not
connecting) to the point-to-point link, the setting applies to all the spanning tree instances.
l If the port is set as connecting to the point-to-point link, but actually it is not connected to
a point-to-point link, the port is in loopback state.
NOTE
l For an aggregated port, only the primary port can be set as connecting to the point-to-point link.
l Assume that a port works in auto negotiation mode, if it is in full-duplex mode after the negotiation, it can
be set as connecting to the point-to-point link.
Procedure
Run the stp port point-to-point command to set whether the link that is connected to the port
is a point-to-point link.
----End
Example
To set the link that is connected to port 0/9/0 as a point-to-point link, do as follows:
huawei(config)#stp port 0/9/0 point-to-point force-true
Related Operation
Table 15-22 lists the related operation for setting the point-to-point link connection of the
specified port.
Table 15-22 Related operation for setting the point-to-point link connection of the specified port
Set the link connected to the port as the undo stp port point-to-point
default state
15.13 Setting the mCheck Variable

This topic describes how to set the mCheck variable to force a port to work in MSTP mode.
Run the stp port mcheck command to check whether there is any network bridge that runs STP
in the subnet to which the current port is connected.

l If the network bridge that runs STP exists in the subnet where the port is connected, the
port runs in MSTP/STP compatible mode automatically.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the command
to force the port to work in MSTP mode. After that, the type of the packets received by the
port determines whether it works in MSTP or STP compatible mode.
This command takes effect only when the network bridge runs MSTP.
Procedure
Run the stp port mcheck command to set the mCheck variable.
----End
Example
To transit port 0/9/0 to work in MSTP mode, do as follows:
huawei(config)#stp port 0/9/0 mcheck
15.14 Configuring the Device Protection Function

This topic describes how to configure the device protection functions, including BPDU
protection, loopback protection and root protection.
15.14.1 Enabling the BPDU Protection Function of the Device
This topic describes how to enable the BPDU protection function of the device.
15.14.2 Enabling the Loop Protection Function of the Device
This topic describes how to enable the loop protection function of the device.
15.14.3 Enabling the Root Protection Function of the Device
This topic describes how to enable the root protection function of the device.
15.14.1 Enabling the BPDU Protection Function of the Device

This topic describes how to enable the BPDU protection function of the device.
l By default, the BPDU protection function is disabled.
l If the port of an access device is connected directly to the user terminal, such as a PC, or
connected to the file server, the port is usually set as an edge port to implement rapid state
transition. When the port receives the BPDU packets, the system sets the port as a non-
edge port and recalculates the spanning tree. This results in an unstable network topology.
l MSTP provides the BPDU protection function to prevent users from forging BPDU packets
to attack the device maliciously. If the BPDU protection function is enabled on the device,
the system disables the edge port that receives the BPDU packets. If the disabled port does
not receive the BPDU packets within 180s, it is enabled automatically.

Procedure
Step 1 Run the stp bpdu-protection enable command to enable the BPDU protection function of the
device.
----End
Example
To enable the BPDU protection function of device, do as follows:
huawei(config)#stp bpdu-protection enable
Command:
display stp
PathCost standard : LEGACY BPDU-Protection : enabled
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 15-23 lists the related operation for enabling the BPDU protection function of the device.
Table 15-23 Related operation for enabling the BPDU protection function of the device
Disable the BPDU protection function of stp bpdu-protection disable

the device
15.14.2 Enabling the Loop Protection Function of the Device

This topic describes how to enable the loop protection function of the device.
l To prevent the switching fabric loop due to the link congestion or unidirectional link fault,
MSTP provides the loop protection function.

l After the loop protection function is enabled, the root port keeps its role, and the blocked
port keeps its discarding state and does not forward any packets. In this case, the loop does
not occur in the network.
l By default, the loop protection function is disabled.
Procedure
Step 1 Run the stp port loop-protection enable command to enable the loop protection function of
the port.
----End
Example
To enable the loop protection function of port 0/9/0, do as follows:
huawei(config)#stp port 0/9/0 loop-protection enable
Port Priority :128
Protection Type :Loop
Port Stp Mode :Stp
PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop
20
BPDU Sent :0
BPDU Received :0
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128
Related Operations
Table 15-24 lists the related operations for enabling the loop protection function of the device.
Table 15-24 Related operations for enabling the loop protection function of the device
Disable the loop protection function of stp port loop-protection disable

the device
Enable the BPDU protection function of stp bpdu-protection

the device
Enable the root protection function of the stp port root-protection

device

15.14.3 Enabling the Root Protection Function of the Device

This topic describes how to enable the root protection function of the device.
l Due to the incorrect configuration or malicious attacks, the legal root bridge in the network
might receive the configuration packets with a higher priority. In this case, the current root
bridge becomes invalid, which causes the network topology changed. MSTP provides the
root protection function to prevent such a case.
l For the port that is enabled with the root protection function, it is only used as a specified
port for all instances. Once the port receives the configuration packets with a higher priority,
which sets the port as a non-specified port, the port is in the listening state, and does not
forward the packets. When the port does not receive the configuration packets with a higher
priority for a certain period, the port restores to the normal state.
l By default, the root protection function of the port is disabled.
Procedure
Step 1 Run the stp port root-protection enable command to enable the root protection function of the
port.
----End
Example
To enable the root protection function of port 0/9/0, do as follows:
huawei(config)#stp port 0/9/0 root-protection enable
Port Priority :128
Protection Type :Root
Port Stp Mode :Stp
PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop
20
BPDU Sent :0
BPDU Received :0
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128

Related Operations
Table 15-25 lists the related operations for enabling the root protection function of the device.
Table 15-25 Related operations for enabling the root protection function of the device
Disable the root protection function of the stp port root-protection disable
device
Enable the BPDU protection function of stp bpdu-protection

the device
Enable the loop protection function of the stp port loop-protection

port
15.15 Clear the MSTP Protocol Statistics

This topic describes how to clear the protocol statistics.
You can clear the device/port protocol statistics.
Procedure
l Run the reset stp statistics command to clear the protocol statistics.
l Run the reset stp port statistics command to clear the protocol statistics of a port.
----End
Examples
To clear the protocol statistics on the MA5600T, do as follows:
huawei(config)#reset stp statistics
To clear the protocol statistics on the 0/9/0, do as follows:

huawei(config)#reset stp port 0/9/0 statistics

SmartAX MA5600T Multi-service Access Module 16 NTP Configuration
16 NTP Configuration
About This Chapter
This topic describes how to configure the NTP protocols supported by the MA5600T.
NOTE
configuration, describes the configuration flow with one or more configuration examples, and provides a detailed
description of the basic operations on the MA5600T.
(s) directly.
first.
16.1 Overview
This topic describes the NTP concepts and its specification on the MA5600T.
16.2 Configuration Example of NTP Broadcast Mode
This topic describes how to configure the NTP broadcast mode on the MA5600T, and implement
the clock synchronization among network devices. The server and the client must be configured
in the broadcast mode. After the configuration, the server broadcasts the clock synchronization
packets periodically, and the client intercepts the broadcast packets and synchronizes the local
clock based on the received packet.
16.3 Configuration Example of NTP Multicast Mode
This topic describes how to configure the NTP multicast mode on the MA5600T, and implement
the clock synchronization among network devices. After the configuration, the server broadcasts
the clock synchronization packets periodically, and the client intercepts the broadcast packets
and synchronizes the local clock based on the received packet.
16.4 Configuration Example of NTP Server/Client Mode
This topic provides an example for configuring the MA5600T as the NTP client to implement
clock synchronization with the NTP server.
16.5 Configuration Example of NTP Peer Mode
This topic describes how to configure the NTP peer mode on the MA5600T, and implement the
clock synchronization among network devices. In the peer mode, only the active peer needs to
be configured, whereas the passive peer needs not to be configured. In addition to it, the active

16 NTP Configuration SmartAX MA5600T Multi-service Access Module
and passive peers can synchronize each other, and the peer with a higher clock stratum is
synchronized by the peer with a lower clock stratum.
16.6 Configuring the NTP ID Authentication
This topic describes how to configure the NTP ID authentication to enhance network security
and prevent unauthorized clock modification.
16.7 Configuring the NTP Master Clock
This topic describes how to configure the NTP master clock. You can select the external
reference clock or local clock as the master clock.
16.8 Configuring the NTP Broadcast Mode
This topic describes how to configure the MA5600T as the NTP broadcast server mode and NTP
broadcast client mode.
16.9 Configuring the NTP Multicast Mode
This topic describes how to configure the MA5600T as the NTP multicast server or the client.
16.10 Configuring the NTP Server/Client Mode
This topic describes how to configure the MA5600T as the NTP server or the client in the NTP
server/client mode.
16.11 Configuring the NTP Peer Mode
This topic describes how to configure the MA5600T as the peer of a local device.
16.12 Configuring the Authority of Access to an NTP Service of a Local Device
This topic describes how to configure the authority of access to an NTP service of a local device.
The access control authority provides minimum security measures. A more secure method is to
configure the NTP authentication.
16.13 Configuring an Interface for Transmitting/Receiving NTP Packets
This topic describes how to configure an interface for transmitting or receiving NTP packets.

16.1 Overview
This topic describes the NTP concepts and its specification on the MA5600T.
Service Description
The Network Time Protocol (NTP) is an application layer protocol in the TCP/IP protocol suite.
The NTP is used to synchronize the time between the distributed time server and the client. The
network devices that support NTP synchronizes the time by exchanging NTP packets to
implement various service applications based on universal time, such as the network
management system and the network accounting system.
The NTP synchronization is a relatively advanced time-based mode. If the network or the lower
level server can access the upper level server, the NTP synchronization can be implemented.
The NTP mode is accurate to microsecond, hence it is applicable to alarm, log, and charging.
For details on NTP, refer to "NTP" in the MA5600T Feature Description.
There are four NTP modes, which are as follows:
l Server/client
l Peer
l Broadcast
l Multicast
The MA5600T supports all these modes.
The MA5600T, which is an access layer device, mainly works in the server/client mode and
functions as an NTP client to synchronize the NTP server in the network.
16.2 Configuration Example of NTP Broadcast Mode

This topic describes how to configure the NTP broadcast mode on the MA5600T, and implement
the clock synchronization among network devices. The server and the client must be configured
in the broadcast mode. After the configuration, the server broadcasts the clock synchronization
packets periodically, and the client intercepts the broadcast packets and synchronizes the local
clock based on the received packet.
Networking
Figure 16-1 shows an example network for configuring the NTP broadcast mode.
An MA5600T functions as an NTP broadcast server, and periodically sends the clock
synchronization packets to destination 255.255.255.255. The other MA5600T functions as a
client to intercept the broadcast packets from the server, and then synchronizes its clock with
the clock of the server.

Figure 16-1 Example network for configuring the NTP broadcast mode
LAN switch
1.1.1.1/24 1.1.1.2/24
MA5600T_ A MA5600T_B
Data Plan
Table 16-1 provides the data plan for configuring the NTP broadcast mode.
Table 16-1 Data plan for configuring the NTP broadcast mode
Item Data
MA5600T_A VLAN ID: 2

IP address of the L3 interface 1: 1.1.1.1/24
Clock: selects the local clock as the NTP master clock at stratum
2.
MA5600T_B VLAN ID: 2

IP address of the L3 interface 2: 1.1.1.2/24
Clock: is set according to the clock of the broadcast server.
l The network devices and the line must be in the normal state.
l The clock stratum of the synchronizing device must be equal to or lower than the clock
stratum of the synchronized device. Otherwise, the clock synchronization fails.
Figure 16-2 shows the flowchart for configuring the NTP broadcast mode.

Figure 16-2 Flowchart for configuring the NTP broadcast mode
Start
Is there a clock No
reference?
Yes
Configure the master NTP clock
No Configure
authentication
Yes
Enable NTP authentication
No
Add a layer 3 virtual port?
Yes
Add a layer 3 virtual port
Configure NTP broadcast mode
Save the data
End
Procedure
l Configure the NTP broadcast server MA5600T_A.
1. Define the local clock of MA5600T_A as the master NTP clock at stratum 2.
huawei(config)#ntp-service refclock-master 2
2. Enable NTP authentication.

huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 88 authentication-mode
md5 123456
huawei(config)#ntp-service reliable authentication-keyid 88
3. Add an L3 virtual port.


4. Define the master NTP clock as the NTP broadcast server and specify the
authentication ID.
huawei(config-if-vlanif2)#ntp-service broadcast-server
authentication-keyid 88
5. Save the data.

huawei(config)#save
l Configure the NTP broadcast client MA5600T_B.

1. Enable NTP authentication.
md5 123456

3. Define the MA5600T_B as a broadcast client.

huawei(config-if-vlanif2)#ntp-service broadcast-client
4. Save the data.

huawei(config)#save
----End
Result
Perform the following steps to verify the configuration:
1. After synchronization, check the status of MA5600T_B.

huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 1.1.1.1
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 996.5820 ms
root delay: 0.00 ms
root dispersion: 10.45 ms
peer dispersion: 10.93 ms
reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
According to the preceding configurations, the clock of the MA5600T_B is at stratum 3,

and is synchronized with the clock of the MA5600T_A.
2. Check the sessions of the MA5600T_B.
huawei(config)#display ntp-service sessions
{ <cr>|verbose<K> }:
Command:
display ntp-service sessions
source reference stra reach poll now offset delay
disper
******************************************************************************
**
[1234]1.1.1.1 LOCAL(0) 2 376 64 27 991.1 0.0
1.9
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
By analyzing the sessions of the MA5600T_B, you can find that the MA5600T_B is
connected to the MA5600T_A.

16.3 Configuration Example of NTP Multicast Mode

This topic describes how to configure the NTP multicast mode on the MA5600T, and implement
the clock synchronization among network devices. After the configuration, the server broadcasts
the clock synchronization packets periodically, and the client intercepts the broadcast packets
and synchronizes the local clock based on the received packet.
Networking
Figure 16-3 shows an example network for configuring the NTP multicast mode.
The MA5600T_A sends multicast packets through VLAN interface 2, whereas the
MA5600T_B intercepts multicast information from VLAN interface 2. After receiving multicast
packets from the MA5600T_A, the MA5600T_B synchronizes with the MA5600T_A.
Figure 16-3 Example network for configuring the NTP multicast mode
LAN switch
1.1.1.1/24 1.1.1.2/24
Data Plan
Table 16-2 provides the data plan for configuring the NTP multicast mode.
Table 16-2 Data plan for configuring the NTP multicast mode
Item Data
MA5600T_A IP address of the L3 interface 2: 1.1.1.1/24
Clock: selects the local clock as the NTP master clock at stratum
2.
MA5600T_B IP address of the L3 interface 2: 1.1.1.2/24
Clock: follows the clock of the multicast server.

The stratum of the NTP server must be higher than or equal to the stratum of the NTP client.
Otherwise, the synchronization fails.
Figure 16-4 shows the flowchart for configuring the NTP multicast mode.
Figure 16-4 Flowchart for configuring the NTP multicast mode
Start
Is there a clock No
reference?
Yes
Configure the master NTP clock
No Configure
authentication?
Yes
Configure the NTP
authentication
No
Yes
Configure NTP multicast mode
Save the data
End
Procedure
l Configure the NTP multicast server MA5600T_A.
1. Set the local clock as the master clock working at stratum 2.

2. Configure the NTP authentication.

md5 123456

4. Set the MA5600T_A as the multicast server and specify the authentication ID.
huawei(config-if-vlanif2)#ntp-service multicast-server authentication-
keyid 88
5. Save the data.

huawei(config)#save
l Configure the NTP multicast host MA5600T_B.

1. Configure the NTP authentication.
md5 123456

3. Set the MA5600T_B as an NTP multicast client.

huawei(config-if-vlanif2)# ntp-service multicast-client
4. Save the data.

huawei(config)#save
----End
Result
Perform the following steps to verify the configuration:
1. After synchronization, check the status of the MA5600T_B.
clock stratum: 3
root delay: 0.00 ms
reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
According to the preceding configurations, the clock of the MA5600T_B is at stratum 3,

and is synchronized with the clock of the MA5600T_A.
2. Check the sessions of the MA5600T_B.
huawei(config)#display ntp-service sessions
{ <cr>|verbose<K> }:
Command:
display ntp-service sessions


disper
******************************************************************************
**
[1234]1.1.1.1 LOCAL(0) 2 376 64 27 991.1 0.0
1.9
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
By analyzing the sessions of the MA5600T_B, you can find that the MA5600T_B is
connected to the MA5600T_A.
16.4 Configuration Example of NTP Server/Client Mode

This topic provides an example for configuring the MA5600T as the NTP client to implement
clock synchronization with the NTP server.
Prerequisites
l The NTP server has been configured and must be in the normal state.
l There is a route from the NTP server to the gateway of the MA5600T.
Networking
Figure 16-5 shows an example network for configuring NTP server/client mode.
An MA5600T functions as an NTP broadcast server, while the other MA5600T functions as a
client. The client sends the clock synchronization request to the server and the server
synchronizes the clock according to the request.
Figure 16-5 Example network for configuring NTP server/client mode

Router
NTP server
CON GE 0/19/0
ETH
ESC
SCU MA5600T
Data Plan
Table 16-3 provides the data plan for configuring NTP server/client mode.

Table 16-3 Data plan for configuring NTP server/client mode
Item Data
Layer 3 interface VLAN: 2
IP address of the L3 interface: 10.10.10.10/24, IP address of

the gateway: 10.10.10.1
NTP server IP address: 195.10.10.10/24
Figure 16-6 shows the flowchart for configuring NTP server/client mode.
Figure 16-6 Flowchart for configuring the NTP server/client mode
Start
Configure the layer 3

interface
Specify the IP address of

the NTP server
Add the static route
Save the data
End
Procedure
Step 1 Configure the L3 interface.
Step 2 Specify the IP address of the NTP server.

huawei(config)#ntp-service unicast-server 195.10.10.10
Step 3 Add the static route to the NTP server.

huawei(config)#ip route-static 195.10.10.10 255.255.255.255 10.10.10.1 preference 1

Step 4 Configure the ACL rule.

Filter the packet that pass through the L3 interface. Only the IP packet from the log host is
allowed to access the L3 interface; others without authorization are denied.
huawei(config-acl-adv-3010)#rule permit ip source 195.10.10.10 0.0.0.0 destination
10.10.10.10 0.0.0.0
huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10
0.0.0.0

huawei(config)#save
----End
Result
1. Query the status of the MA5600T before the synchronization.
clock status:
unsynchronized
clock stratum:
16
reference clock ID:
none
nominal frequency: 100.0000
Hz
actual frequency: 100.0000
Hz
clock precision:
2^18
clock offset: 0.0000
ms
root delay: 0.00
ms
root dispersion: 0.00
ms
peer dispersion: 0.00
ms
reference time: 00:00:00.000 UTC Jan 1 1900
(00000000.00000000)
2. Query the status of the MA5600T after the synchronization.

clock status:
synchronized
clock stratum:
3
reference clock ID:
195.10.10.10
nominal frequency: 100.0000
Hz
actual frequency: 100.0000
Hz
clock precision:
2^18
clock offset: 1189.3705
ms
root delay: 999.73
ms
root dispersion: 0.11
ms
peer dispersion: 10.94
ms

reference time: 18:14:38.1000 UTC Apr 26 2007

(C9DB6A8E.FFFFFFFF)
3. Query the sessions of the MA5600T.

huawei(config)#display ntp-service
sessions
{ <cr>|
verbose<K> }:
Command:
display ntp-service
sessions
disper
******************************************************************************
**
[12345]195.10.10.10 LOCAL(0) 2 377 64 20 -307 -0.3
4.9
note: 1 source(master),2 source(peer),3 selected,4 candidate,5
configured,
6 vpn-
instance
16.5 Configuration Example of NTP Peer Mode

This topic describes how to configure the NTP peer mode on the MA5600T, and implement the
clock synchronization among network devices. In the peer mode, only the active peer needs to
be configured, whereas the passive peer needs not to be configured. In addition to it, the active
and passive peers can synchronize each other, and the peer with a higher clock stratum is
Networking
Figure 16-7 shows an example network for configuring the NTP peer mode.
One MA5600T functions as an NTP active peer, whereas the other MA5600T functions as a
passive peer. The active peer sends a clock synchronization request to the passive peer, and the
passive peer responds to the request. In this case, the peer with a higher clock stratum is
Figure 16-7 Example network for configuring the NTP peer mode
LAN switch
1.1.1.1/24 1.1.1.2/24

Data Plan
Table 16-4 provides the data plan for configuring the NTP peer mode.
Table 16-4 Data plan for configuring the NTP peer mode
Item Data
MA5600T_A IP address of VLAN interface 2: 1.1.1.1/24
Clock: selects the local clock as the NTP master clock at

stratum 2.
MA5600T_B IP address of VLAN interface 2: 1.1.1.2/24
Clock: selects the MA5600T_A as the peer.
Figure 16-8 shows the flowchart for configuring the NTP peer mode.

Figure 16-8 Flowchart for configuring the NTP peer mode
Start
Is there a clock No
reference?
Yes
Configure the NTP master clock
No Configure
authentication?
Yes
Configure the NTP
authentication
No
Yes
Configure NTP peer mode
Save the data
End
Procedure
l Configure the server MA5600T_A.
1. Set the local clock as the NTP master clock at stratum 2.

3. Set the MA5600T_B as the peer.

huawei(config)#ntp-service unicast-peer 1.1.1.2
4. Save the data.

huawei(config)#save

l Configure the MA5600T_B as the passive peer.

2. Save the data.

huawei(config)#save
----End
Result
According to the preceding configurations, the MA5600T_A and MA5600T_B are defined as
peers. The MA5600T_A works in the active peer mode, and the MA5600T_B works in the
passive peer mode.
By default, the system clock is at stratum 16; hence, the clock of the MA5600T_B is at stratum
16. The clock of the MA5600T_A is at stratum 2. Therefore, the MA5600T_B synchronizes
with the MA5600T_A.
You can verify the configuration by performing the following steps:
1. Check the status of the MA5600T_B before the synchronization.

clock stratum: 16
reference clock ID: none
root delay: 8.18 ms
reference time: 11:06:39.203 UTC May 14 2005(C6305A3F.3422EE41)
2. Check the status of the MA5600T_B after the synchronization.

clock stratum: 3
root delay: 8.18 ms
reference time: 11:06:39.203 UTC May 14 2005(C6305A3F.3422EE41)
The MA5600T_A is synchronized with MA5600T_B, and the stratum of MA5600T_B is 3,

which is one more than the stratum of MA5600T_A.
NOTE
Whether the active peer synchronizes with the passive peer or the passive peer synchronizes with active
peer is determined by the clock stratum and is not determined by the active or the passive states of the
peers.

16.6 Configuring the NTP ID Authentication

This topic describes how to configure the NTP ID authentication to enhance network security
and prevent unauthorized clock modification.
l If the NTP authentication is disabled on the client, the client can synchronize with the server,
regardless of whether the NTP authentication is enabled on the server.
l If NTP authentication is enabled, a reliable key should be configured.
l The configuration of the server should be consistent with the configuration of the client.
l If NTP is enabled on the client, the client can pass the authentication by the server only if
the server is configured with the same key as the key of the client, regardless of whether
NTP authentication is enabled on the server or its key is reliable.
l The client synchronizes with the server that provides the reliable key. If the server provides
an unreliable key, the client does not synchronize with the server.
Figure 16-9 shows the flowchart for configuring the NTP server/client mode with ID
authentication.
Figure 16-9 Flowchart for configuring the NTP server/client mode with ID authentication
Start
Enable the NTP ID

authentication
Set a key for the ID authentication
Define the key as a reliable one
Query the current configuration of

the system
End
Procedure
Step 1 Run the ntp-service authentication enable command to enable the NTP ID authentication.
Step 2 Run the ntp-service authentication-keyid command to set a key for the ID authentication.

Step 3 Run the ntp-service reliable authentication-keyid command to define the key as a reliable
key.
Step 4 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To enable the NTP ID authentication, configure the NTP configuration key as aNiceKey with
key number 42, and then define key 42 as a reliable key, do as follows:
huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5
aNiceKey
huawei(config)#display current-configuration section post-system
#
[post-system]
<post-system>
ip route-static 0.0.0.0 0.0.0.0 10.71.55.1
ip route-static 2.2.2.2 255.255.255.255 10.1.1.2
ip route-static 2.2.2.2 255.255.255.255 20.1.1.2
#
static-lsp ingress tunnel-interface tunnel1 destination 2.2.2.2 nexthop 10.1.1
.2 out-label 8200
static-lsp ingress tunnel-interface tunnel2 destination 2.2.2.2 nexthop 20.1.1
.2 out-label 8210
#
snmp-agent local-engineid 000007DB0300E0FC590001
snmp-agent sys-info version v1 v2c
snmp-agent group v3 group authentication read-view internet
snmp-agent usm-user v3 user group authentication-mode md5
5B35F3BA2B65CA9D4A35CC868E5963CF privacy-mode des56
B889728872508FA68D4C91595D092958
snmp-agent
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 X&9#$^U(!:[Q=^Q`
MAF4<1!!
ntp-service reliable authentication-keyid 42
#
ssh user op authentication-type password
ssh user user authentication-type password
ssh user test authentication-type password
#
tunnel-policy policy10
#
return
Related Operations
Table 16-5 lists the related operations for configuring the NTP ID authentication.
Table 16-5 Related operations for configuring the NTP ID authentication
Disable the NTP ID undo ntp-service authentication enable

authentication

Remove the NTP undo ntp-service authentication-keyid

authentication key
Cancel a key as a reliable key undo ntp-service reliable authentication-keyid
Display the NTP service status display ntp-service status
16.7 Configuring the NTP Master Clock

This topic describes how to configure the NTP master clock. You can select the external
reference clock or local clock as the master clock.
l The IP address of the local reference clock is set to 127.127.t.u, in which:
– t ranges from 0 to 37, but is currently set to 1.
– u ranges from 0 to 3, representing the NTP process number.
l When the IP address is not specified, local clock 127.127.1.0 functions as the NTP master
clock by default.
l Clock stratum represents clock accuracy. The clock stratum number ranges from 1 to 15.
The default value of the clock stratum is 16 before it is configured. The most accurate clock
is at stratum 1. The larger the clock stratum number, the lower is the clock accuracy.
Procedure
Step 1 Run the ntp-service refclock-master command to configure the NTP master clock.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To define the clock of a local device as the master NTP clock at stratum 2 and specify the IP
address as 127.127.127.0, do as follows:
huawei(config)#ntp-service refclock-master 127.127.1.0 2
clock stratum: 2
reference clock ID: LOCAL(0)
root delay: 0.00 ms
reference time: 13:41:41.065 UTC Feb 14 2006(C79C5C95.10ADBC66)

Related Operation
Table 16-6 lists the related operation for configuring the NTP master clock.
Table 16-6 Related operation for configuring the NTP master clock
Cancel the NTP master clock undo ntp-service refclock-master
16.8 Configuring the NTP Broadcast Mode

This topic describes how to configure the MA5600T as the NTP broadcast server mode and NTP
broadcast client mode.
16.8.1 Configuring the NTP Broadcast Server Mode
This topic describes how to configure the MA5600T as the NTP broadcast server.
16.8.2 Configuring the NTP Broadcast Client Mode
This topic describes how to configure the MA5600T as the NTP broadcast client.
16.8.1 Configuring the NTP Broadcast Server Mode

This topic describes how to configure the MA5600T as the NTP broadcast server.
l This task is performed to specify an interface on the local device to transmit the NTP
broadcast packets. The local device operates in the broadcast-server mode, and functions
as a broadcast server to broadcast packets to its clients regularly.
l Perform this operation on the interface where the NTP broadcast packets are to be
transmitted.
Procedure
Step 2 Run the ntp-service broadcast-server command to configure the NTP broadcast server mode.
the system.
----End
Example
To define VLAN interface 2 on a local device to transmit NTP broadcast packets which are
encrypted by key 88, do as follows:
huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-keyid 88

Related Operations
Table 16-7 lists the related operations for configuring the NTP broadcast server mode.
Table 16-7 Related operations for configuring the NTP broadcast server mode
Cancel the broadcast server undo ntp-service -

configuration broadcast-server
Display NTP service trace display ntp-service trace Synchronize NTP server chain
from the local device to the
reference clock source, and
display brief information on
each NTP server.
Display the state of sessions display ntp-service -

maintained by NTP service sessions
Enable NTP debugging debugging ntp-service -
16.8.2 Configuring the NTP Broadcast Client Mode

This topic describes how to configure the MA5600T as the NTP broadcast client.
l The local device first detects the broadcast packets from the server. When the local device
receives the first broadcast packet, it enters the client/server mode briefly to exchange
packets with a remote server for estimating the network delay. The local device then enters
the broadcast client mode, continues to detect the broadcast packets, and synchronizes the
local clock according to the received broadcast packets.
l Perform this operation on the interface where the NTP multicast packets are to be
transmitted.
Procedure
Step 2 Run the ntp-service broadcast-client command to configure the NTP broadcast client mode.
Step 3 Run the display ntp-service status command to query the NTP information.
----End
Example
To specify a local device as a broadcast client to receive broadcast packets through VLAN
interface 2, do as follows:
huawei(config-if-vlanif2)#ntp-service broadcast-client

huawei#display ntp-service status

clock stratum: 3
nominal frequence: 100.0000 Hz
actual frequence: 100.0000 Hz
root delay : 372.66 ms
peer disper: 10.83 ms
reference time: 04:01:11.344 UTC May 16 2003(C26EE107.5847A17F)
Related Operations
Table 16-8 lists the related operations for configuring the NTP broadcast client mode.
Table 16-8 Related operations for configuring the NTP broadcast client mode
To... Run the Command…
Cancel the broadcast client configuration undo ntp-service broadcast-client
Display NTP service trace display ntp-service trace
16.9 Configuring the NTP Multicast Mode

This topic describes how to configure the MA5600T as the NTP multicast server or the client.
Working principle of the NTP multicast server is as follows:
l The multicast server sends the clock synchronization packets to multicast destination IP
address 224.0.1.1. The client detects the multicast packets and synchronizes the local clock
according to the packets.
Working principles of the NTP multicast client are as follows:
l The local device first detects the multicast packets from the server. When local device
receives the first multicast packet, it enters the client/server mode briefly to exchange
packets with a remote server for estimating the network delay.
l The local device then enters the multicast client mode, continues to detect the multicast
packets, and synchronizes the local clock according to the received multicast packets.
Note the following:
l The server and the client can be configured only on the interface where the NTP multicast
packets are to be transmitted or received.
l In the multicast mode, the NTP configurations must be performed on both the server and
the client. The client must be synchronized by the clock of the server.
Procedure
Step 1 Run the interface vlanif command to enter the L3 interface mode.

Step 2 Run the ntp-service multicast-server command to configure the NTP multicast mode.
----End
Examples
To define a local device as multicast server to transmit multicast packets through VLAN interface
2, do as follows:
huawei(config-if-vlanif2)#ntp-service multicast-server
clock stratum: 2
root delay: 0.00 ms
reference time: 21:57:54.244 UTC Sep 9 2006(C8ADB762.3E7CD035)
To define a local device as multicast client to receive multicast packets through VLAN interface
2, do as follows:
huawei(config-if-vlanif2)#ntp-service multicast-client
UA5000(config)#display ntp-service status
clock stratum: 2
root delay: 0.00 ms
reference time: 22:00:03.537 UTC Sep 9 2006(C8ADB7E3.89A7E308)
Related Operations
Table 16-9 lists the related operations for configuring the NTP multicast mode.
Table 16-9 Related operations for configuring the NTP multicast mode
Cancel the multicast server configuration undo ntp-service multicast-server
Cancel the multicast client configuration undo ntp-service multicast-client
Display NTP service trace display ntp-service trace

16.10 Configuring the NTP Server/Client Mode

This topic describes how to configure the MA5600T as the NTP server or the client in the NTP
server/client mode.
l The client sends the clock synchronization request to the server. After receiving the request,
the server automatically works in the server mode and sends the response. After receiving
the response from the server, the client filters and selects the clock, and synchronizes with
the preferred server.
l In this mode, only the local client initiates the clock synchronization with the remote server,
whereas the remote server does not initiate the clock server.
Procedure
Step 1 Run the ntp-service unicast-server command to configure the NTP server/client mode.
----End
Example
To specify the device with the IP address of 1.0.1.11 as the NTP server and the version as 3 for
the client, do as follows:
huawei(config)#ntp-service unicast-server 1.0.1.11 version 3
clock status: unsynchronized
clock stratum: 16
root delay: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operations
Table 16-10 lists the related operations for configuring the NTP server/client mode.
Table 16-10 Related operations for configuring the NTP server/client mode
Cancel a specified NTP server undo ntp-service unicast-server
Set the maximum local session number ntp-service max-dynamic-sessions
Restore the default setting of maximum undo ntp-service max-dynamic-sessions

local sessions

16.11 Configuring the NTP Peer Mode

This topic describes how to configure the MA5600T as the peer of a local device.
l The active peer sends the clock synchronization request to the passive peer. After receiving
the request, the passive peer automatically works in the passive peer mode and sends the
response. The clocks between the active peer and the passive peer are synchronized
mutually.
l In the NTP peer mode, the NTP configuration is performed only on the active peer.
l The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
Procedure
Step 1 Run the ntp-service unicast-peer command to configure the NTP peer mode.
----End
Example
To specify the remote device with IP address of 3.0.1.32 as the peer of the local device, do as
follows:
huawei(config)#ntp-service unicast-peer 3.0.1.32
clock status: unsynchronized
clock stratum: 16
root delay: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operation
Table 16-11 lists the related operation for configuring the NTP peer mode.
Table 16-11 Related operation for configuring the NTP peer mode
Cancel the specified NTP peer undo ntp-service unicast-peer

16.12 Configuring the Authority of Access to an NTP Service

of a Local Device
This topic describes how to configure the authority of access to an NTP service of a local device.
The access control authority provides minimum security measures. A more secure method is to
configure the NTP authentication.
Prerequisite
The ACL applied already exists.
By default, access to an NTP service of a local device is not controlled. With this configuration,
when there is an access request, the request is matched with the peer, query, server, and
synchronization in the descending order. The peer, query, server, and synchronization are
described as follows:
l peer: authority for absolute access
l query: control and query authority.
l server: authority for server's access and query
l synchronization: authority for only the server access
Procedure
Step 1 Run the ntp-service access command to configure the authority of access to an NTP service of
a local device.
the system.
----End
Example
To configure the authority of access to an NTP service of a local device as "peer", and the ACL
applied as 2000, do as follows:
huawei(config)#ntp-service access peer 2000
Related Operations
Table 16-12 lists the related operations for configuring the authority of access to an NTP service
of a local device.

Table 16-12 Related operations for configuring the authority of access to an NTP service of a
local device
Cancel the NTP access undo ntp-service access

authority configuration
Configure the maximum ntp-service max-dynamic-sessions

number of dynamic sessions
that can be set up on a local
device
Cancel the configuration of undo ntp-service max-dynamic-sessions

maximum number of dynamic
sessions that can be set up on
a local device
16.13 Configuring an Interface for Transmitting/Receiving

NTP Packets
This topic describes how to configure an interface for transmitting or receiving NTP packets.
Prerequisite
The applied ACL must exist.
l Once an interface is specified through the ntp-service source-interface command, the IP
address of the interface is also the IP address of the packets.
l If the ntp-service unicast-server or the ntp-service unicast-peer command also specifies
a transmit interface, take the transmit interface specified by the ntp-service unicast-
server or the ntp-service unicast-peer command.
Procedure
Run the ntp-service source-interface command to specify an interface for transmitting NTP
packets.
----End
Example
To specify interface MEth 0 for transmitting NTP packets, do as follows:
huawei(config)#ntp-service source-interface meth 0
Related Operations
Table 16-13 lists the related operations for configuring an interface for transmitting or receiving
NTP packets.

Table 16-13 Related operations for configuring an interface for transmitting or receiving NTP
packets
To... Run the Command… Remarks
Cancel the local transmit or undo ntp-service source- -

receive interface interface
Disable an interface from ntp-service in-interface disable In corresponding

receiving NTP packets interface config mode
Enable an interface to receive undo ntp-service in-interface In corresponding

NTP packets disable interface config mode

SmartAX MA5600T Multi-service Access Module 17 System Clock Configuration
17 System Clock Configuration
About This Chapter
This topic describes the synchronization of system clock and the method of configuring the
system clock on the MA5600T.
NOTE
(s) directly.
first.
17.1 Overview
This topic describes the specification and synchronization of system clock on the MA5600T.
17.2 Configuration Example of the System Clock
This topic provides an example for configuring the system clock to restrict the clock frequency
and phase of each node in a network within the predefined tolerance scope.
17.3 Configuring a Clock Source
This topic describes how to set the MA5600T to extract clock signals from the E1 port as the
clock source.
17.4 Setting the Priority of a Clock Source
This topic describes how to set the priority of a clock source. The clock source with the highest
priority and in the normal state is used as the system clock source.

17 System Clock Configuration SmartAX MA5600T Multi-service Access Module
17.1 Overview
This topic describes the specification and synchronization of system clock on the MA5600T.
Service Description
The MA5600T provides the solution to Time Division Multiplex (TDM) over packet switching
network. In a TDM network, the problem that needs to be solved initially is the clock
synchronization. The purpose of clock synchronization is to restrict the clock frequency and
phase of each node in a network within the predefined tolerance scope. This prevents degradation
of transmission performance due to inaccurate location at both Tx and Rx ends.
To achieve clock synchronization in a digital network, the MA5600T provides the following
methods:
l Pseudo synchronization
l Master-slave synchronization
Table 17-1 describes the two modes of clock synchronization.
Table 17-1 Clock synchronization description
Synchronization mode Description
Pseudo synchronization In a digital network that uses pseudo synchronization, all

digital exchanges are independent in terms of the clock. The
clock of each digital exchange is of high precision and stability.
Usually, the cesium clock is used. Because these clocks are
independent of each other, their frequencies and phases are not
totally synchronized; but because these clocks are precise, the
difference can be negligible. Therefore, the synchronization of
such a clock is known as pseudo synchronization. It is applied
in international digital networks.
Master-slave In a digital network that uses master-slave synchronization,

synchronization there is a master exchange with a high-precision clock, and the
other exchanges in the network lock the clock of this master
exchange. The lower layer exchange locks the clock of the
upper layer exchange.
The MA5600T often applies the master-slave synchronization mode. The MA5600T supports
the system clock and the line clock. By default, the system clock is applied.
The control board delivers the system clock to various service boards. The clock signals are
transmitted to the lower layer network element through the service boards.
The line clock is provided by the E1 data signal of the TOPA board. The working procedure is
as follows:

1. The MA5600T extracts the clock source signals from the upper-layer equipment. A clock
source that has the highest priority is used as the system clock source.
2. After processed by the TOPA board, the clock source provides clock signals.
NOTE
When the TOPA board is not configured, or when the board is not in position or not in the normal state,
the MA5600T uses the input clock source as the output clock signal.
3. The clock signal processed by the TOPA board is sent to all service boards.
4. The service boards transmit the clock signals to the lower-layer network element.
17.2 Configuration Example of the System Clock

This topic provides an example for configuring the system clock to restrict the clock frequency
and phase of each node in a network within the predefined tolerance scope.
Networking
Figure 17-1 shows an example network for configuring the system clock.
In this example network, the MA5600T is uplinked to the TDM network through the E1 port on
the TOPA board. The TOPA board obtains the clock signals with high priority from the TDM
device at the upper layer network, and sends the signals to each service board. Then the service
board sends the signals to the TDM device connected to the ONT.
Figure 17-1 Example network for configuring the system clock
TDM
network
TDM device
E1
SCU
G CON
ETH
P ESC
B
A
MA5600T
Optical splitter
ONT
E1
TDM device

Data Plan
Table 17-2 provides the data plan for configuring the system clock.
Table 17-2 Data plan for configuring the system clock

Item Data
Clock source port of the Clock source 0: 0/6/0

MA5600T Priority: 1 (the secondary priority)
Clock source 2: 0/6/2

Priority: 0 (the highest priority)
Figure 17-2 shows the flowchart for configuring the system clock.
Figure 17-2 Flowchart for configuring the system clock
Start
Set sysytem clock sources
Set priorities of clock sources
Save the data
End
Procedure
Step 1 Set system clock sources.
Set the input clocks of ports 0/6/0 and 0/6/2to function as the clock sources.
huawei(config)#clock source 0 0/6/0
Step 2 Set priorities of clock sources.

Set clock source 2 with the highest priority, and clock source 0 with the second highest priority.
huawei(config)#clock priority 2/0

huawei(config)#save
----End

Result
After the configuration, the system obtains the reference clock source from port 0/6/2 when the
clock source is in the normal state.
17.3 Configuring a Clock Source

This topic describes how to set the MA5600T to extract clock signals from the E1 port as the
clock source.
l By default, the MA5600T adopts the system clock.
l The system supports up to 10 clock sources. The system adopts the clock that has the highest
priority and is normal as the clock source.
Procedure
Step 1 Run the clock source command to specify the system clock source.
Step 2 Run the display clock source command to query the information on the clock source.
----End
Example
To set E1 port 0 of the TOPA board in slot 0/6 as clock source 0, and E1 port 2 as clock source
2, do as follows:
huawei(config)#display clock source
--------------------------------------------------------------------
Index Config Source State Priority Output
--------------------------------------------------------------------
0 YES H801TOPA 0/6 /0 Failed --- ---
1 NO
2 YES H801TOPA 0/6 /2 Failed --- ---
3 NO
4 NO
5 NO
6 NO
7 NO
8 NO
9 NO
--------------------------------------------------------------------
Related Operations
Table 17-3 lists the related operations for configuring the system clock.

Table 17-3 Related operations for configuring the system clock

Set the priority of a clock priority When there are multiple clock sources,
clock source the system selects the clock source
with the highest priority as the
reference clock source.
Query working mode display clock mode The MA5600T supports two clock
of a clock source modes: system clock and line clock.
17.4 Setting the Priority of a Clock Source

This topic describes how to set the priority of a clock source. The clock source with the highest
priority and in the normal state is used as the system clock source.
l The system supports up to 10 priorities. They also stand for the priority sequence of the
clock sources. The highest priority is p0 and the lowest priority is p9.
l The system selects the port with the highest priority as the clock source irrespective of the
quality of the clock source. Therefore, assign a higher priority for the clock source with
better quality.
l The clock priority takes effect after the clock module is configured. Setting the priority of
a clock source may cause the switchover of clock sources.
Procedure
Step 1 Run the clock priority command to specify the priority of a clock source.
Step 2 Run the display clock source command to query the information on the clock source.
----End
Example
To assign the highest priority (p0) to clock source 5, the second highest priority (p1) to clock
source 2, and the third highest priority (p2) to clock source 0, do as follows:
huawei(config)#clock priority 5/2/0
huawei(config)#display clock source
--------------------------------------------------------------------
Index Config Source State Priority Output
--------------------------------------------------------------------
0 YES H801TOPA 0/6 /0 Failed 2 ---
1 NO
3 NO
4 NO
6 NO
7 NO
8 NO
9 NO
--------------------------------------------------------------------

Related Operations
Table 17-4 lists the related operations for setting the priority of a clock source.
Table 17-4 Related operations for setting the priority of a clock source
Configure a clock clock source -

source
Query the working display clock mode The MA5600T supports two clock
mode of a clock modes: system clock and line clock.

SmartAX MA5600T Multi-service Access Module 18 MAC Address Management
18 MAC Address Management
About This Chapter
This topic describes how to configure the MAC address and MAC address pool on the
MA5600T.
18.1 Overview
This topic describes MAC address and its application on the MA5600T.
18.2 Adding a Static MAC Address
This topic describes how to add a static MAC address.
18.3 Setting the Maximum MAC Address Number Learned by a Service Port
This topic describes how to set the maximum MAC address number learned by a service port.
This helps to restrict the number of users connected to the port.
18.4 Configuring the Aging Time of a Dynamic MAC Address
This topic describes how to configure the aging time of a dynamic MAC address.
18.5 Binding the MAC Address
This topic describes how to bind a service port with a MAC address. This helps to limit the
source MAC address of the packets passing through this service port to be only the bound MAC
address.
18.6 Configuring the MAC Address Filtering
This topic describes how to configure the function of MAC address filtering to discard the
packets with the specified source MAC address.
18.7 Configuring the MAC Address Pool
This topic describes how to configure the MAC address pool.

18 MAC Address Management SmartAX MA5600T Multi-service Access Module
18.1 Overview
This topic describes MAC address and its application on the MA5600T.
Service Description
To meet the requirements for bearing multiple services, the MA5600T supports the MAC address
list and the MAC address pool.
The MAC address list of the MA5600T can learn the new MAC addresses. If the source MAC
address of a packet does not exist in the list, the MA5600T can add the source MAC address
and the port number of the received packet to the list as a new item.
Dynamic MAC addresses in the MAC address list also features the aging function. If the
MA5600T does not receive any packet from a device for a certain period, it deletes the associated
address items of the device.
In IP over ATM (IPoA) or PPP over ATM (PPPoA) access, the MA5600T needs to convert the
IPoA/PPPoA packets into IP over Ethernet (IPoE)/PPP over Ethernet (PPPoE) packets. In this
case, the MAC address pool of the MA5600T needs to allocate MAC addresses to users, and
add ATM cells with the MAC address, that is, source MAC addresses (SMAC), to convert ATM
cells into Ethernet frames.
The MA5600T supports up to 1024 static MAC addresses.
The MA5600T supports up to 20 MAC address pools, but the total number of configurable MAC
addresses cannot exceed 1024.
18.2 Adding a Static MAC Address

This topic describes how to add a static MAC address.
Prerequisites
l The service port must be created before you set the static MAC address of the port.
l The port must be added to the specified VLAN before you set the static MAC address of
the upstream port.
l When you add a static MAC address and a similar dynamic MAC address already exists
in the specified service channel or the upstream port of a specified VLAN, the dynamic
MAC address is overwritten by the static MAC address. A static MAC address cannot be
added if the same static MAC address already exists in the system.
l The configured static MAC address must be excluded from the MAC address pool. You
can run the display mac-pool command to check it.
l An upstream port which is included in different VLANs can be configured with the same
static MAC address.

Procedure
Step 1 Run the mac-address static command to add a static MAC address.
Step 2 Run the display mac-address static command to query the configured static MAC address.
----End
Example
To configure the MAC address of port 0/11/0 with VPI/VCI of 0/32 with GEM port of 151 as
1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/11/0 vpi 0 vci 32 1010-1010-1010
huawei(config)#display mac-address static
---------------------------------------------------------------------------
Type MAC MAC Type F/S /P VPI VCI FLOWTYPE FLOWPARA VLANID
---------------------------------------------------------------------------
adl 1010-1010-1010 static 0/11/0 0 32 - - 3
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in epon port
Related Operation
Table 18-1 lists the related operation for adding a static MAC address.
Table 18-1 Related operation for adding a static MAC address
Delete a static MAC address undo mac-address static
18.3 Setting the Maximum MAC Address Number Learned

by a Service Port
This topic describes how to set the maximum MAC address number learned by a service port.
This helps to restrict the number of users connected to the port.
l By default, the maximum MAC address number learned by a service port is 255.
l The maximum MAC address number learned by a service port does not include the
configured static MAC addresses.
Procedure
Step 1 Run the mac-address max-mac-count command to set the maximum MAC address number
learned by a service port.

Step 2 Run the display mac-address max-mac-count command to query the configured maximum
MAC address number learned by the service port.
----End
Example
To set the maximum MAC address number learned by service port 0/11/0 with VLAN ID of 10
on the user side to 10, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan 10 10
huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan
10
Command:
display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan 10
----------------------------------------------------------------------------
Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
----------------------------------------------------------------------------
adl 0/11/0 0 32 10 user-vlan 10 10
----------------------------------------------------------------------------
or PON ID in gpon port
To set the maximum MAC address number learned by port 0/2/0, with VLAN ID of 10, GEM
Port ID of 128 on the user side to 10, do as follows:
huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 user-vlan 10 10
18.4 Configuring the Aging Time of a Dynamic MAC

Address
This topic describes how to configure the aging time of a dynamic MAC address.
l To effectively realize the aging function of dynamic MAC addresses, you need to configure
the aging time. If a device has not transmitted any packet during the period which is the
one to two times of the aging time, the MA5600T deletes the MAC address of the device
from the MAC address list.
l By default, the aging time is 300s. In general, the default value is recommended.
l If the aging time is set very short, a dynamic MAC address is deleted very soon. As a result,
the data packets associated with the address are broadcast to all the ports in a VLAN due
to the failure to find the destination address, thus affecting the running efficiency of the
MA5600T.
l On the other hand, if the aging time is set very long, the MA5600T cannot update its MAC
address list according to the network change. Consequently, if the number of MAC
addresses learnt by the specified port reaches the maximum value, packets with new MAC
addresses are directly discarded due to the failure to find the destination address.
l The address aging function is only effective to dynamic MAC addresses.
Procedure
Step 1 Run the mac-address timer command to configure the aging time of a dynamic MAC address.

Step 2 Run the display mac-address timer command to query the configured aging time of the
dynamic MAC address.
----End
Examples
To set the aging time of a dynamic MAC address to 500s, do as follows:
huawei(config)#mac-address timer 500
huawei(config)#display mac-address timer
MAC aging time: 500s
To configure no aging time of a dynamic MAC address, do as follows:

huawei(config)#mac-address timer no-aging
huawei(config)#display mac-address timer
MAC aging time: No aging

address.
The MA5600T does not support the configuration of binding a MAC address directly. By
configuring a static MAC address entry and setting the maximum address count to 0, you can
bind a port with a MAC address.
l The MA5600T supports up to 1K static MAC addresses. The number of MAC addresses
that can be bound with a service stream is not limited.
l The MA5600T supports up to 8K dynamic MAC addresses. Each service stream can be
bound with up to eight MAC addresses dynamically.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/11/0 is 1010-1010-1010, and the
maximum address count is 0. To bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35 0
huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35

----------------------------------------------------------------------------
----------------------------------------------------------------------------
adl 0/11/0 0 35 4000 - - 0
--------------------------------------------------------------------------
Total: 1
Assume that the static MAC address of GPON port 0/11/0 is 1010-1010-1010, and the maximum
address count is 0. To bind the port with the MAC address so that the port only allows the pass
of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static gpon 0/2/0 gemport 128 1010-1010-1010
huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 0
huawei(config)#display mac-address max-mac-count gpon 0/2/0 gemport 128
{ <cr>|user-vlan<K>|user-8021p<K> }:
Command:
display mac-address max-mac-count gpon 0/2/0 gemport 128
---------------------------------------------------------------------------
Type F /S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
---------------------------------------------------------------------------
gpon 0 /2 /0 128 - 10 - - 0
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port; VPI indicates GEM PortID for GPON

The system supports up to four MAC addresses to be filtered.
Procedure
Step 1 Run the security mac-filter command to configure the MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End
Example
To filter the data packets with the source MAC address of 1000-0000-0000, do as follows:
huawei(config)#security mac-filter source 1000-0000-0000
huawei(config)#display security mac-filter
---------------------------------------------------------
Index MAC-Address Type
---------------------------------------------------------
1 1000-0000-0000 source
---------------------------------------------------------
Total: 1
Related Operation
Table 18-2 lists the related operation for configuring the MAC address filtering.

Table 18-2 Related operation for configuring the MAC address filtering
Delete the filtering MAC address undo security mac-filter
18.7 Configuring the MAC Address Pool

This topic describes how to configure the MAC address pool.
l The system supports up to 20 MAC address pools and totally 1024 MAC addresses.
l The configured static MAC address must be excluded from the MAC address pool to be
configured. You can run the display mac-pool static command to check it.
l A MAC address pool cannot contain the MAC address of the control board.
l When adding a MAC address pool, you do not need to specify the index and range of the
MAC address pool. By default, the range is 256.
Procedure
Step 1 Run the mac-pool command to configure the MAC address pool.
Step 2 Run the display mac-pool command to query the added MAC address pool.
----End
Example
To add a MAC address pool with the index of 0, the start MAC address of 1000-0000-0000, and
the address count of 800, do as follows:
huawei(config)#mac-pool 0 1000-0000-0000 800
huawei(config)#display mac-pool all
Current allocation method of MAC addresses: manual
User-configured MAC pools :
----------------------------------------------------------------
Index StartMAC EndMAC Scope UsedNum
----------------------------------------------------------------
0 1000-0000-0000 1000-0000-031f 800 0
----------------------------------------------------------------
MAC pools : 1, MAC addresses :800, Addresses in use : 0

SmartAX MA5600T Multi-service Access Module 19 TCP/IP Connection Configuration
19 TCP/IP Connection Configuration
About This Chapter
This topic describes how to configure the TCP/IP connections on the MA5600T.
19.1 Overview
This topic describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application on the MA5600T.
19.2 Basic Concepts
This topic describes the concepts of synwait timer and finwait timer.
19.3 Configuring the Synwait Timer
This topic describes how to configure the synwait timer.
19.4 Configuring the Finwait Timer
This topic describes how to configure the finwait timer.
19.5 Configuring the Socket Buffer
This topic describes how to configure the size of the socket transmit and receive buffer.
19.6 Enabling the TCP Debugging
This topic describes how to enable the TCP debugging so that the required information can be
displayed on the terminal.
19.7 Enabling the IP Packets Debugging
This topic describes how to enable the IP packets debugging.

19 TCP/IP Connection Configuration SmartAX MA5600T Multi-service Access Module
19.1 Overview
This topic describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application on the MA5600T.
Service Description
TCP connection configuration supported by the MA5600T includes the following:
l Configuring the synwait timer

l Configuring the finwait timer
l Configuring the socket buffer
l Enabling the TCP debugging
IP connection involves enabling the IP packets debugging.
The MA5600T supports the configuration of TCP/IP connection.
19.2 Basic Concepts

This topic describes the concepts of synwait timer and finwait timer.
Synwait Timer
When the synchronization (SYN) packet is sent, TCP enables the synwait timer. If no
acknowledgement (ACK) packet is received before time specified by the synwait timer, the TCP
connection is terminated.
Finwait Timer
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer
is enabled.
If no FIN packet is received before the time specified by the finwait timer, the TCP connection
is dropped.
19.3 Configuring the Synwait Timer

This topic describes how to configure the synwait timer.
The timeout time of synwait timer ranges from 2s to 600s. The default is 75s.

Procedure
Run the tcp timer syn-timeout command to configure the synwait timer.
----End
Example
To set the TCP timer time to 100s, do as follows:
huawei(config)#tcp timer syn-timeout 100
Related Operation
Table 19-1 lists the related operation for configuring the synwait timer.
Table 19-1 Related operation for configuring the synwait timer
Restore the default setting of the syswait undo tcp timer syn-timeout
timer
19.4 Configuring the Finwait Timer

This topic describes how to configure the finwait timer.
The timeout time of finwait timer ranges from 76s to 3600s. The default is 675s.
Procedure
Run the tcp timer fin-timeout command to configure the finwait timer.
----End
Example
To set the time of finwait timer to 200s, do as follows:
huawei(config)#tcp timer fin-timeout 200
Related Operation
Table 19-2 lists the related operation for configuring the finwait timer.

Table 19-2 Related operation for configuring the finwait timer
Restore the default setting of finwait undo tcp timer fin-timeout

timer
19.5 Configuring the Socket Buffer

This topic describes how to configure the size of the socket transmit and receive buffer.
The buffer size ranges from 1 KB to 32 KB. The default is 4 KB.
Procedure
Run the tcp window command to set the size of the socket transmit and receive buffer.
----End
Example
To set the size of the socket transmit & receive buffer to 12 KB, do as follows:
huawei(config)#tcp window 12
Related Operation
Table 19-3 lists the related operation for configuring the socket buffer.
Table 19-3 Related operation for configuring the socket buffer
Restore the default setting of the socket undo tcp window

buffer
19.6 Enabling the TCP Debugging

This topic describes how to enable the TCP debugging so that the required information can be
displayed on the terminal.
The debugging information is displayed on the terminal only after the terminal monitor and
terminal debugging function are enabled.

Procedure
Run the debugging tcp packet command to enable the TCP debugging.
----End
Example
To enable the TCP debugging, do as follows:
huawei(config)#debugging tcp packet
Related Operations
Table 19-4 lists the related operations for enabling the IP packets debugging.
Table 19-4 Related operations for enabling the IP packets debugging

Disable the TCP debugging undo debugging tcp
Enable/Disable the function of displaying the (undo) terminal monitor

debugging/log/alarm information at the
terminal
Enable/Disable output of the debugging (undo) terminal debugging

information on the terminal
19.7 Enabling the IP Packets Debugging

This topic describes how to enable the IP packets debugging.
The debugging information is displayed on the terminal only after the terminal monitor and
terminal debugging function are enabled.
By default, the terminal monitor and terminal debugging function are disabled.
NOTE
A large amount of debugging information may be displayed on the terminal after the debugging is enabled.
Perform this operation with caution!
Procedure
Run the debugging ip packet command to enable the IP packets debugging.
----End
Example
To enable the IP packets debugging, do as follows:

huawei(config)#debugging ip packet
*0.24271340 MA5600-42 IP/8/debug_case:
Receiving, interface = vlanif3000, version = 4, headlen = 20, tos = 192,
pktlen = 70, pktid = 35614, offset = 0, ttl = 1, protocol = 17,
checksum = 17131, s = 10.11.0.209, d = 224.0.0.2
prompt: Receiving IP packet
*0.880717530 huawei IP/8/debug_case:
Sending, interface = meth0, version = 4, headlen = 20, tos = 192,
pktlen = 316, pktid = 5152, offset = 0, ttl = 255, protocol = 6,
checksum = 36292, s = 10.78.212.64, d = 10.70.47.67
prompt: Sending the packet from local at meth0
Related Operations
Table 19-5 lists the related operations for enabling the IP packets debugging.
Table 19-5 Related operations for enabling the IP packets debugging

Disable the IP packets debugging undo debugging ip packet
Enable/Disable the ICMP debugging (undo) debugging ip icmp
Query the information about the IP layer display ip interface

interfaces
Enable/Disable the switch for displaying the (undo) terminal monitor

debugging/log/alarm information at the
terminal
Enable/Disable output of the debugging (undo) terminal debugging

information on the terminal

SmartAX MA5600T Multi-service Access Module 20 ACL Configuration
20 ACL Configuration
About This Chapter
This topic describes the ACL types, rules and related configurations on the MA5600T.
NOTE
(s) directly.
first.
20.1 Overview
This topic describes access control list (ACL) and its application on the MA5600T.
20.2 Configuring the Basic ACL
This topic describes how to filter data packets that meet the source IP address conditions within
a certain period of time.
20.3 Configuring the Advanced ACL
This topic describes how to filter data packets that meet the source IP address and DSCP
conditions within a certain period of time.
20.4 Configuring the L2 ACL
This topic describes how to filter data packets that meet the source MAC address, destination
MAC address, and VLAN ID conditions within a certain period of time.
20.5 Configuration Example of the User-Defined ACL
This topic describes how to filter data packets that meet the customized conditions within a
certain period of time.
20.6 Creating an ACL
This topic describes how to create a basic ACL, an advanced ACL, an L2 ACL or a customized
ACL.
20.7 Configuring a Time Range
This topic describes how to configure a time range to specify the valid time of an ACL rule.

20 ACL Configuration SmartAX MA5600T Multi-service Access Module
20.8 Setting the Step

This topic describes how to modify the step of ACL rules when they are automatically numbered.
20.9 Creating a Basic ACL Rule
This topic describes how to configure a basic ACL rule so that the device can filter data packets
according to the source IP address.
20.10 Creating an Advanced ACL Rule
This topic describes how to configure an advanced ACL rule to filter data packets according to
information such as the source IP address, destination IP address, and IP bearer protocol type.
20.11 Creating an L2 ACL Rule
This topic describes how to configure an L2 ACL rule to filter data packets according to the link
layer information such as the source MAC address, source VLAN ID, L2 protocol type, L2
forward port, and destination MAC address.
20.12 Creating a Customized ACL Rule
This topic describes how to configure a customized ACL rule to filter data packets according to
any eight character strings (up to four bytes in a character string) in the first 80 bytes of the IP
data frame.
20.13 Activating an ACL
This topic describes how to activate a configured ACL to validate it.

20.1 Overview
This topic describes access control list (ACL) and its application on the MA5600T.
Service Description
An ACL performs the packet filtering function. You can configure some matching rules on
network devices to filter unwanted data packets. With the matching rules, network devices can
allow or disallow the matching data packets to pass. The classified traffic is the prerequisite for
configuring the Quality of Service (QoS) or user security.
For details on ACL, refer to "ACL" in the MA5600T Feature Description.
The MA5600T supports the following types of ACLs:
l Basic ACL
l Advanced ACL
l L2 ACL
l Customized ACL
The MA5600T performs filtering, traffic mirroring, traffic limitation, adding the priority tag,
redirection, and traffic measurement on packets filtered by ACL rules.
If ACL rules are delivered to user port of the MA5600T, such as ADSL2+ port 0/11/0, then all
ADSL2+ ports in slot 0/11 filter packets. If ACL rules are delivered to an Ethernet port, then
only the Ether port filters the packets.
For the basic, advanced or L2 ACL, the mask of the IP/MAC address is the inverse mask. For
the customized ACL, the mask of the IP/MAC address is the positive mask.
ACL Types
Table 20-1 describes the four types of ACLs.
Table 20-1 ACL types

ACL Type Numeral Range Feature
Basic ACL 2000–2999 Allows rule definition

according to L3 source IP
address.

ACL Type Numeral Range Feature
Advanced ACL 3000–3999 Allows rule definition

according to source address,
destination address, IP bearer
protocol type, TCP source
port, TCP destination port,
ICMP protocol type and
ICMP code.
Compared with the basic
ACL, the definition of the
advanced ACL is more
accurate, richer and more
flexible.
L2 ACL 4000–4999 Allows rule definition

according to source MAC
address, source VLAN ID,
L2 protocol type, and
destination MAC address.
Customized ACL 5000–5999 Allows rule definition

according to any 32 bytes of
the first 80 bytes in an IP
frame.
Difference Between Matching Sequence and Configuration Sequence

ACL rule IDs are assigned in the same sequence as the sequence in which the ACL is defined.
By default, the ID of the first ACL rule is 5, the ID of the second rule is 10, the ID of the third
rule is 15, and so on. This is called configuration sequence.
If a service stream reaches a device and matches with two or more ACL rules, the rule which
should be followed to handle the traffic is determined by the matching sequence.
You can match the traffic with one group of ACL rules or with different groups of ACL rules.
Matching with One Group of ACL Rules

l If all rules in an ACL are activated at the same time, a rule defined later has a higher priority
than the rules defined at earlier stages.
l If rules in an ACL are activated one by one, a rule activated later has higher priority than
those activated earlier.
Configure ACL rule A that permits packets to a specific IP address, and then configure ACL
rule B that denies all IP packets. Activate the two rules at the same time. In this case, the two
ACL rules conflict when they are used to process packets to such a specific IP address. Since
ACL rule B is configured later, it has higher priority over ACL rule A, so ACL rule B is chosen
as the rule to denies all IP packets.

Matching with Different Groups of ACL Rules

When matching the packets using different groups of ACL rules, the QoS action that is activated
later has a higher priority than the actions activated earlier.
Configure ACL rule A that permits packets to a specific IP address, and then configure ACL
rule B that denies all IP packets. QoS action A is based on ACL A, and QoS action B is based
on ACL B. Activate QoS action A first on a port, and then activate QoS action B on the same
port. After that, all IP packets are filtered. This is because the QoS action B is activated after the
QoS action A.
If QoS action B is activated first on the port, and QoS action A is activated later, all packets are
filtered except the packets with the specific IP address.
Default Matching Sequence

If a service stream does not match with any rule, the stream is processed according to a default
rule.
The default rule is to forward all the un-matched packets.
To avoid ambiguity, you can define a rule such as permit any or deny any for all ACLs so that
any packet has a rule to match. This helps to determine whether to forward or filter packets that
have no special tags by default.
Recommendations on Configuring ACL Rules

To use ACLs more efficiently, you can do as follows:
l Activate QoS actions consecutively if the QoS actions apply to the same ACL rule.
To enable traffic statistics and traffic limitation on packets that match with rule 10 of ACL
2001, activate these two actions consecutively. The reason is that all QoS actions based on
the same rule share the same hardware resource.
l The activated ACL rules consume the hardware resources and share the hardware resources
with the protocol module (such as DHCP and IPoA) functions. In this case, the hardware
resources are insufficient.
Hardware resources consumption by the ACL rules results in failure in enabling other
service function. Therefore, it is recommended to initiate the protocol module first and then
activate ACL rules in the data configuration.
If you fail to initiate a protocol module, perform the following steps:
– Check whether ACL rules occupy too many resources.
– If ACL rules occupy too many resources, deactivate or delete the ACL configurations
that are unimportant or not in the use, and then initiate the protocol module.
20.2 Configuring the Basic ACL

This topic describes how to filter data packets that meet the source IP address conditions within
a certain period of time.
Data Plan
Table 20-2 provides the data plan for configuring the basic ACL.

Table 20-2 Data plan for configuring the basic ACL
Item Data Remarks
ACL number 2000 -
Source IP 2.2.2.2 Data packets from 2.2.2.2 are permitted to

address pass. Wildcard: 0.0.0.0 (negative mask).
ACL step Default value -
Time range From 00:00 to 12:00 every -

Friday
Port 0/9/0 Apply ACL 2000 on the port.
Figure 20-1 shows the flowchart for configuring a basic ACL.
Figure 20-1 Flowchart for configuring a basic ACL
Start
Configure a time range

(Optional)
Create an ACL
Configure the basic ACL rule
Activate/Deactivate the ACL

on a port
Save the data
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
Step 2 Create an ACL.


Step 3 Configure the basic ACL rule.

huawei(config-acl-basic-2000)#rule deny time-range time1
huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0.0.0.0 time-range time1
Step 4 Activate the ACL on port 0/9/0.


huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, the port 0/9/0 on the MA5600T
can receive the data packets from IP address 2.2.2.2, and discard other data packets.
20.3 Configuring the Advanced ACL

This topic describes how to filter data packets that meet the source IP address and DSCP
conditions within a certain period of time.
Data Plan
Table 20-3 provides the data plan for configuring the advanced ACL.
Table 20-3 Data plan for configuring the advanced ACL
Item Data Remarks
ACL number 3000 -
Source IP 2.2.2.2 Wildcard mask: 0.0.0.255

address
Destination 3.3.3.3 Wildcard mask: 0.0.0.0

IP address
DSCP 23 -

Friday
Figure 20-2 shows the flowchart for configuring an advanced ACL.

Figure 20-2 Flowchart for configuring an advanced ACL.
Start

(Optional)
Create an ACL

on a port
Save the data
End
Procedure

Step 3 Configure the advanced ACL rule.

huawei(config-acl-adv-3000)#rule deny ip time-range time1
huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0.0.0.255 destination
3.3.3.3 0 dscp 23 time-range time1

huawei(config)#packet-filter inbound ip-group 3000 port

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T can
receive the data packets from 2.2.2.0 to 3.3.3.3 with DSCP of 23. Other packets are discarded.
20.4 Configuring the L2 ACL

This topic describes how to filter data packets that meet the source MAC address, destination
MAC address, and VLAN ID conditions within a certain period of time.

Data Plan
Table 20-4 provides the data plan for configuring the L2 ACL.
Table 20-4 Data plan for configuring the L2 ACL

Item Data Remarks
ACL number 4000 -
Type 0x8863 The type of an Ethernet bearer protocol in

hexadecimal digits.
COS 1 802.1p priority
Source VLAN ID 12 -
Source MAC 2222-2222-2222 Wildcard: 0000-0000-0000

address
Destination MAC 00e0-fc11-4141 Wildcard: 0000-0000-0000

address
Time range From 00:00 to 12:00 -

every Friday
CAUTION
If you omit "0x" when entering the type of an Ethernet bearer protocol, the input should be
considered as a decimal number. The decimal number you input is converted to hexadecimal
number for the protocol type.
Figure 20-3 shows the flowchart for configuring an L2 ACL.

Figure 20-3 Flowchart for configuring an L2 ACL
Start

(Optional)
Create an ACL

on a port
Save the data
End
Procedure

Step 3 Configure the L2 ACL rule.

huawei(config-acl-link-4000)#rule deny time-range time1
huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12
2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000 time-range
time1

huawei(config-acl-link-4000)#quit
huawei(config)#packet-filter inbound link-group 4000 port 0/9/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T can
receive the Ethernet frames with the source MAC address of 2222-2222-2222, destination MAC
address of 00e0-fc11-4141, VLAN ID of 12, and COS of 1. Other packets are discarded.

20.5 Configuration Example of the User-Defined ACL

This topic describes how to filter data packets that meet the customized conditions within a
certain period of time.
In the user-defined ACL, the regular mask and the offset are used to extract any bytes from the
first 80 bytes for comparison with the user-defined rule. After the comparison, the data frames
matching the rule are obtained for related processing.
Data Plan
Table 20-5 provides the data plan for configuring the user-defined ACL.
Table 20-5 Data plan for configuring the user-defined ACL

Item Data Remarks
ACL number 5000 -
Matching byte 06 Wildcard: FF (regular mask)
Offset 27 -
ACL step default -

Friday
Port 0/9/0 The ACL 5000 applies to this port.
Figure 20-4 shows the flowchart for configuring a user-defined ACL.

Figure 20-4 Flowchart for configuring a user-defined ACL
Start

(Optional)
Create an ACL

on a port
Save the data
End
Procedure

Step 3 Configure the user-defined ACL rule.

huawei(config-acl-user-5000)#rule deny 06 ff 27 time-range time1

huawei(config-acl-user-5000)#quit
huawei(config)#packet-filter inbound user-group 5000 port 0/9/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T rejects
TCP packets.
20.6 Creating an ACL

This topic describes how to create a basic ACL, an advanced ACL, an L2 ACL or a customized
ACL.

The MA5600T supports up to 64 ACLs. Each ACL can be configured with up to 64 rules.
Table 20-6 lists the ACL number range.
Table 20-6 ACL number range
ACL type Numeral range
Basic ACL (for IP packets) 2000-2999
Advanced ACL (IP packets) 3000-3999
L2 ACL (for link layer packets) 4000-4999
Customized ACL 5000-5999
Procedure
Step 1 Run the acl command to create an ACL.
Step 2 Run the quit command to exit ACL config mode.
Step 3 Run the display acl command to query the configuration of the ACL.
----End
Example
To create an advanced ACL with ID of 3000, do as follows:
huawei(config)#display acl 3000
Advanced ACL 3000, 0 rule
Acl's step is 5
Related Operations
Table 20-7 lists the related operations for creating an ACL.
Table 20-7 Related operations for creating an ACL
Delete an ACL undo acl If an ACL and its rules are activated, or if
they are quoted by other QoS functions,
the ACL and the rules cannot be deleted.
Configure the description The description covers the functions and

description for an features of the ACL.
ACL

Delete the undo description -

description for an
ACL
Configure the step step Step means the difference between two
for an ACL neighboring rules in a group of ACL rules.
By default, it is 5.
Restore the default undo step By default, it is 5.

step
20.7 Configuring a Time Range

This topic describes how to configure a time range to specify the valid time of an ACL rule.
ACL time ranges include relative time and absolute time.
l Relative time refers to periodical intervals, such as the period from 8:30 in the morning to
18:30 in the afternoon every Monday.
l Absolute time refers to intervals from a specific moment to another specific moment, such
as the period from 12:00 in the noon on June 8, 2006 to 18:00 in the afternoon on August
8, 2006.
The principle for a time range to take effect is as follows:
l When a time range includes only absolute time or relative time, the union set of all intervals
in the time range takes effect.
l When a time range includes both absolute time and relative time, the intersection set of the
union sets of both relative time and absolute time takes effect.
NOTE
l Configuring a time range is optional when you configure an ACL.

l A time range that is used cannot be deleted.
Procedure
Step 1 Run the time-range command to configure a time range.
Step 2 Run the display time-range command and you can find that the time range is configured.
----End
Example
To create a time range named "last24hrs" that is valid for the whole day of 2008-03-24, do as
follows:
huawei(config)#time-range last24hrs from 00:00 2008/03/24 to 24:00 2008/03/24
huawei(config)#display time-range all

Current time is 15:12:28 3-21-2007 Wednesday
Time-range : last24hrs ( Inactive )

from 00:00 2008/3/24 to 24:00 2008/3/24
20.8 Setting the Step

This topic describes how to modify the step of ACL rules when they are automatically numbered.
l By default, the step is 5.
l If a step changes, the rules in an ACL should be re-numbered.
For example, assume that the rules of an ACL are numbered as 5, 10, and 15. If you set the
step to 2 by using the command step 2, the rules are numbered as 2, 4, and 6.
l To restore the default step value and renumber the ACL rules, run the undo step command.
Assume that ACL 1 contains rules 1, 3 and 5 with a step of 2. After you run the undo step
command, the numbers of the ACL rules are 5, 10, and 15, with the default step of 5.
Procedure
Step 1 Run the step command to modify the step of ACL rule.
Step 2 Run the display acl command to query the set step.
----End
Example
To set the step to 10, do as follows:
huawei(config-acl-basic-2000)#step 10
Basic ACL 2000, 1 rule
Acl's step is 10
rule 10 permit (0 times matched)
Related Operation
Table 20-8 lists the related operation for setting the step.
Table 20-8 Related operation for setting the step

Restore the default undo step By default, it is 5.

step value
20.9 Creating a Basic ACL Rule

This topic describes how to configure a basic ACL rule so that the device can filter data packets
according to the source IP address.

Prerequisite
The basic ACL to which the rule is added already exists.
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create a basic ACL rule.
Step 2 Run the rule command to configure the basic ACL rule.
Step 3 Run the quit command to exit the basic ACL config mode.
Step 4 Run the display acl command to query the information on the basic ACL rule.
----End
Example
To define a basic ACL rule that enables data packets from 2.2.2.2 to pass, do as follows:
huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0
Acl's step is 5
rule 5 permit source 2.2.2.2 0 (0 times matched)
Related Operation
Table 20-9 lists the related operation for creating a basic ACL rule.
Table 20-9 Related operation for creating a basic ACL rule
Delete an ACL rule undo rule
20.10 Creating an Advanced ACL Rule

This topic describes how to configure an advanced ACL rule to filter data packets according to
information such as the source IP address, destination IP address, and IP bearer protocol type.
Prerequisite
The advanced ACL to which the rule is added already exists.

Procedure
Step 1 Run the acl command to create an advanced ACL rule.
Step 2 Run the rule command to configure the advanced ACL rule.
Step 3 Run the quit command to exit the advanced ACL config mode.
Step 4 Run the display acl command to query the information on the ACL rule.
----End
Example
To define an advanced ACL rule that enables data packets from 2.2.2.2 to 3.3.3.3 with DSCP
of 23 to pass, and the valid time as the predefined time 1, do as follows:
huawe(config)#acl 3000
huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3
0 dscp 23 time-range time1
Advanced ACL 3000, 1 rule
Acl's step is 5
rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3 0 dscp 23 time-range
time1 (0 times matched)(Inactive)
Related Operation
Table 20-10 lists the related operation for creating an advanced ACL rule.
Table 20-10 Related operation for creating an advanced ACL rule
20.11 Creating an L2 ACL Rule

This topic describes how to configure an L2 ACL rule to filter data packets according to the link
layer information such as the source MAC address, source VLAN ID, L2 protocol type, L2
forward port, and destination MAC address.
Prerequisite
The L2 ACL to which the rule is added already exists.

Procedure
Step 1 Run the acl command to create an L2 ACL rule.
Step 2 Run the rule command to configure the L2 ACL rule.
Step 3 Run the quit command to exit the L2 ACL config mode.
Step 4 Run the display acl command to query the information on the L2 ACL rule.
----End
Example
To define an L2 ACL rule that enables data packets with type of 0x8863, VLAN ID of 12, COS
of 1, source MAC address of 2222-2222-2222 and destination MAC address of 00e0-fc11-4141
to pass, do as follows:
huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12
2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000
Acl's step is 5
rule 1 permit type 0x8863 cos background source 2222-2222-2222 0000-0000-0000
12 destination 00e0-fc11-4141 0000-0000-0000
Related Operation
Table 20-11 lists the related operation for creating an L2 ACL rule.
Table 20-11 Related operation for creating an L2 ACL rule
20.12 Creating a Customized ACL Rule

This topic describes how to configure a customized ACL rule to filter data packets according to
any eight character strings (up to four bytes in a character string) in the first 80 bytes of the IP
data frame.
Prerequisite
The customized ACL to which the rule is added already exists.

Figure 20-5 shows the first 64 bytes of an IP frame. Every letter represents one hexadecimal,
and every two letters represent one byte.
Figure 20-5 First 64 bytes of an IP frame
Table 20-12 lists the meaning of the letters and their offset values.
Table 20-12 Description of letters and their offset values

Letter Meaning Offset Letter Meaning Offset
A Destination 0 L IP check sum 28

MAC address
B Source MAC 6 M Source IP 30

address address
C VLAN tag 12 N Destination IP 34

field address
D Protocol type 16 O TCP source port 38
E IP version 18 P TCP destination 40

port
F TOS field 19 Q Serial number 42
G IP packet 20 R Acknowledgem 46
length ent
H ID number 22 S IP header length 50

and reserved bit
I Flags field 24 T Reserved bit and 51

flags bit
J TTL field 26 U Window Size 52

field

Letter Meaning Offset Letter Meaning Offset
K Protocol 27 V Other 54
number (6
refers to TCP
and 17 refers to
UDP)
NOTE
In Figure 20-5, the offset value of their field is their offset value in the 802.3 data frame of Sub Network Access
Protocol (SNAP) + tag. For the customized ACL, the user can use the rule mask and offset parameters to extract
any byte from the first 80 bytes of data frame, and then compare the extracted byte with customized rules to
filter matched data frames for processing.
Procedure
Step 1 Run the acl command to create a customized ACL rule.
Step 2 Run the rule command to configure the customized ACL rule.
Step 3 Run the display acl command to query the information on the ACL rule.
----End
Example
To filter all TCP packets, do as follows:
huawei(config-acl-adv-5000)#rule permit 06 ff 27
User ACL 5000, 1 rule
Acl's step is 5
rule 5 permit 06 ff 27
Related Operation
Table 20-13 lists the related operation for creating a customized ACL rule.
Table 20-13 Related operation for creating a used defined ACL rule
20.13 Activating an ACL

This topic describes how to activate a configured ACL to validate it.

Prerequisite
The ACL to be activated must be configured, and the port for which the ACL is to be activated
must work in the normal state.
Procedure
Step 1 Run the packet-filter command to activate an ACL.
Step 2 Run the display packet-filter port command and you can find that the ACL is activated.
----End
Example
To activate ACL 3000 of port 0/11/0, do as follows:
huawei(config)#display packet-filter port 0/11/0
port0/11/0
Inbound:
inbound Acl 3000 rule 1 port 0/11/0 running
Related Operation
Table 20-14 lists the related operation for activating the ACL of a port.
Table 20-14 Related operation for activating the ACL of a port

Deactivate an ACL undo packet-filter

SmartAX MA5600T Multi-service Access Module 21 QoS Configuration
21 QoS Configuration
About This Chapter
This topic describes the QoS configuration examples and related configuration operations on
the MA5600T.
NOTE
(s) directly.
first.
21.1 Overview
This topic describes various QoS functions and their applications on the MA5600T.
21.2 Configuration Example of Queue Scheduling
This topic provides an example for configuring queue scheduling so that services with different
priorities have different scheduling policies. Then corresponding QoS of these services can be
guaranteed.
21.3 Configuration Example of Traffic Management Based on service streams
This topic provides an example for configuring the IP and ATM traffic profiles to manage the
traffic of different service streams through different traffic profiles.
21.4 Configuration Example of Traffic Management Based on ACL rules
This topic provides an example for applying different ACL rules to different VLANs to
implement flow control on upstream services transmitted through different VLANs.
21.5 Configuring the Traffic Management Based on service streams
This topic describes the types and application of the traffic profile supported by the
MA5600T. The MA5600T specifies different traffic profiles for different streams to implement
the traffic management based on service streams.
21.6 Configuring the Traffic Management Based on Port + CoS

21 QoS Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to configure the traffic management based on port + CoS to specify a
specified IP traffic profile for service streams that have the same 802.1p priority and are borne
on the same port. This facilitates the service traffic management through the traffic profile.
21.7 Configuring Queue Scheduling
A queue is the unit of the packet scheduling in the physical port. After the queue scheduling is
configured, the packet of the key service can be processed in time when the network congestion
occurs.
21.8 Configuring Traffic Management Based on ACL rules
This topic describes the function of filtering the traffic of the port through the ACL rule and
manages the traffic that complies with the ACL rule.
21.9 Enabling the Line Rate Limit on an Upstream Port
This topic describes how to enable the line rate limit on a specified upstream port.

21.1 Overview
This topic describes various QoS functions and their applications on the MA5600T.
Service Description
Quality of service (QoS) means the performance of the data stream that passes the network. By
setting different parameters of the QoS, such as service availability, throughput, time delay,
jitter, and loss rate, you can provide users with high quality services.
For details on QoS, refer to "QoS" in the MA5600T Feature Description.
The MA5600T mainly supports the following QoS functions:
l Traffic management based on service streams
l Traffic management based on port + CoS
– If this mode is configured based on a service board, it is valid to all ports of the board.
– The AIUG, GPON, and ETHAGPON and ETHA boards do not support this mode.
l Queue scheduling
The MA5600T supports the following queue scheduling modes:
– PQ: Strict-Priority queue
– WRR: Weighted Round Robin
– PQ + WRR
l Traffic management based on ACL rules
l Line rate limit on an upstream port
21.2 Configuration Example of Queue Scheduling

This topic provides an example for configuring queue scheduling so that services with different
priorities have different scheduling policies. Then corresponding QoS of these services can be
guaranteed.
Networking
Figure 21-1 shows an example network for configuring queue scheduling.
The MA5600T is configured with the queue scheduling policy based on the service type. The
VoIP service priority is 7, the video service priority is 6, and the Internet service priority is 5.
When congestion occurs, the system can ensure that the service stream with higher priority can
be processed in time, and can also guarantee the QoS of services with lower priority.

Figure 21-1 Example network for configuring queue scheduling
LAN switch
MA5600T
Internet VoIP
IPTV
Data Plan
Table 21-1 provides the data plan for configuring queue scheduling.
Table 21-1 Data plan for configuring queue scheduling
Item Data
Mapping between the queue and the Adopts the default mapping and needs no separate
priority configuration.
Queue 0: 0 (802.1p)
Queue 1: 1 (802.1p)
Queue 2: 2 (802.1p)
Queue 3: 3 (802.1p)
Queue 4: 4 (802.1p)
Queue 5: 5 (802.1p)
Queue 6: 6 (802.1p)
Queue 7: 7 (802.1p)
Queue buffer Buffer ratio of each queue

Queue 0: 7%
Queue 1: 6%
Queue 2: 13%
Queue 3: 13%
Queue 4: 12%
Queue 5: 12%
Queue 6: 25%
Queue 7: 12%

Item Data
Queue scheduling mode 2PQ + 6WRR

Where: Queues 7 and 6 adopt the PQ mode, and other
queues adopt the WRR mode.
Figure 21-2 shows the flowchart for configuring queue scheduling.
Figure 21-2 Flowchart for configuring queue scheduling
Start
Map the queue to the 802.1

priority of the packet (optional)
Configure the queue buffer (optional)
Configuration queue scheduling

mode
Save the data
End
Procedure
Step 1 Map the queue to the 802.1 priority of the packet.
huawei(config)#cos-queue-map cos0 0 cos1 1 cos2 2 cos3 3 cos4 4 cos5 5 cos6 6 cos7
7
huawei(config)#display cos-queue-map
CoS and queue map:
------------------------
CoS Queue ID
------------------------
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
------------------------
Step 2 Configure the queue buffer.

huawei(config)#queue-buffer 7 6 13 13 12 12 25 12
huawei(config)#display queue-buffer

------------------------
Queue Depth size ratio
------------------------
0 7
1 6
2 13
3 13
4 12
5 12
6 25
7 12
------------------------
Step 3 Configuration queue scheduling mode.

huawei(config)#queue-scheduler wrr 5 5 10 10 10 60 0 0
huawei(config)#display queue-scheduler
Queue scheduler mode : WRR
---------------------------------
Queue Scheduler Mode WRR Weight
---------------------------------
0 WRR 5
1 WRR 5
2 WRR 10
3 WRR 10
4 WRR 10
5 WRR 60
6 PQ --
7 PQ --
---------------------------------

huawei(config)#save
----End
Result
When network congestion occurs, the system performs scheduling based on the configured
scheduling policy.
21.3 Configuration Example of Traffic Management Based

on service streams
This topic provides an example for configuring the IP and ATM traffic profiles to manage the
traffic of different service streams through different traffic profiles.
Networking
Figure 21-3 shows an example network for configuring the traffic management based on service
streams.
The MA5600T is accessed with the broadband service through ADSL port 0/11/0 and ATM port
0/6/0. To implement the traffic management on this service, select or configure the proper IP
and ATM profiles, and bind the profiles with the specified service streams.

Figure 21-3 Example network for configuring the traffic management based on service streams
LAN switch
MA5600T
ADSL user ATM access device
Data Plan
Table 21-2 provides the data plan for configuring the traffic management based on service
streams.
Table 21-2 Data plan for configuring the traffic management based on service streams
Item Data
ADSL Internet service IP traffic profile with the index of 7

l Access rate: 3072 kbit/s
l Priority: 6
l Scheduling policy: Local-Setting
Upstream VLAN: 10, with the type of smart VLAN
Access port: 0/11/0
ATM Internet service ATM traffic profile with the index of 5 (the default profile)
l Service type: UBR
l Access rate: 3072 kbit/s
Upstream VLAN: type 10, and smart VLAN
Access port: 0/6/0
Figure 21-4 shows the flowchart for configuring the traffic management based on service
streams.

Figure 21-4 Flowchart for configuring the traffic management based on service streams
Start
Is there the proper No

traffic profile?
Configure a traffic
Yes profile
Specify a traffic profile for
the service stream
End
Procedure
l Configure the traffic management of the ADSL service.
1. Check whether the proper IP traffic profile exists in the system.
huawei(config)#display traffic table ip from-index 0
-------------------------------------------------------------------------
TID CIR(kbps) CBS(bytes) PIR(kbps) PBS(bytes) Pri Copy-policy Pri-Policy
-------------------------------------------------------------------------
0 1024 34768 2048 69536 6 - tag-pri
1 2496 81872 4992 163744 6 - tag-pri
2 512 18384 1024 36768 0 - tag-pri
3 576 20432 1152 40864 2 - tag-pri
4 64 4048 128 8096 4 - tag-pri
5 2048 67536 4096 135072 0 - tag-pri
6 off off off off 0 - tag-pri
-------------------------------------------------------------------------
Total Num : 7
2. Configure a proper IP traffic profile.

huawei(config)#traffic table ip index 7 cir 3072 priority 6 priority-
policy local-Setting
Create traffic descriptor record successfully
--------------------------------------------
TD Index : 7
Priority : 6
Copy Priority : -
Priority Policy : local-pri
CIR : 3072 kbps
CBS : 100304 bytes
PIR : 6144 kbps
PBS : 200608 bytes
Referenced Status: not used
--------------------------------------------
3. Bind the IP traffic profile with the service stream.

huawei(config)#service-port vlan 10 adsl 0/11/0 rx-cttr 7 tx-cttr 7
l Configure the traffic management of the ATM service.

1. Check whether the proper ATM traffic profile exists in the system.
huawei(config)#display traffic table atm from-index 0
Traffic parameters for ATM
service:
-------------------------------------------------------------------------
----
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/

SHAPE
Type Type kbps kbps kbps kbps cells
1/10us
-------------------------------------------------------------------------
----
0 cbr 2 1024 -- -- -- -- -- off/
--
1 cbr 2 2500 -- -- -- -- -- off/
--
2 ubr 2 512 -- -- -- -- -- on /
--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /
--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /
off
5 ubr 2 2048 -- -- -- -- -- on /
--
6 ubr 1 -- -- -- -- -- -- off/
--
-------------------------------------------------------------------------
----
Total Num :
7
Traffic type
definition:
1:NoTrafficDescriptor 2:NoClpNoScr
3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr
6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr
9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr
12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt
15:ClpTaggingScrCdvt
-------------------------------------------------------------------------
----
2. Bind the default ATM traffic profile 5 with the service stream.
huawei(config)#service-port vlan 10 atm 0/6/0 vpi 0 vci 35 rx-cttr 5 upc
off tx-cttr 5 upc off
----End
Result
The system manages the traffic of the ADSL and ATM services respectively based on the
specified traffic profiles.
21.4 Configuration Example of Traffic Management Based

on ACL rules
This topic provides an example for applying different ACL rules to different VLANs to
implement flow control on upstream services transmitted through different VLANs.
Networking
Figure 21-5 shows an example network for configuring the traffic management based on ACL
rules.

The MA5600T transmits the service streams to the upper layer network through VLANs 10, 20,
and 30. To manage the service stream received through different VLANs, the MA5600T applies
different ACL rules to different VLANs for flow control.
Figure 21-5 Example network for configuring the traffic management based on ACL rules
LAN switch
VLAN 10, 20, and 30
MA5600T
PC PC PC
Data Plan
Table 21-3 provides the data plan for configuring the traffic management based on ACL rules.
Table 21-3 Data plan for configuring the traffic management based on ACL rules
Item Data
Upstream port Upstream port: 0/9/0

Upstream VLAN: 10, 20, and 30, with the type of smart VLAN
ACL rule ACL number: 4100 (link ACL)

Rule 5: allowing passing the packet from VLAN 10.
Flow control policy Limits VLAN 10 to receive the traffic with bandwidth of 6400
kbit/s.
Limits VLAN 20 to receive the traffic with bandwidth of 12800
kbit/s.
Limits VLAN 30 to receive the traffic with bandwidth of 19200
kbit/s.
Figure 21-6 shows the flowchart for configuring the traffic management based on ACL rules.

Figure 21-6 Flowchart for configuring the traffic management based on ACL rules
Start
Configure the upstream

port
Configure the flow

control policy
Save the data
End
Procedure
Step 1 Configure the upstream port.
huawei(config)#vlan 10,20,30 smart
huawei(config)#port vlan 10,20,30 0/9 0
Step 2 Configure the ACL rule.

huawei(config-acl-link-4100)#rule permit source 10
Step 3 Configure the flow control policy.

huawei(config)#traffic-limit inbound link-group 4100 rule 5 6400 port 0/9/0

huawei(config)#save
----End
Result
The service traffic received in VLANs 10, 20, and 30 do not exceed their respective flow control
bandwidth.
21.5 Configuring the Traffic Management Based on service

streams
This topic describes the types and application of the traffic profile supported by the
MA5600T. The MA5600T specifies different traffic profiles for different streams to implement
the traffic management based on service streams.

Overview
The MA5600T performs the traffic management by specifying a traffic profile for each service
stream accessing the device.
By default, the system supports the traffic management based on service streams.
21.5.1 Configure the IP Traffic Profile
This topic describes how to configure the IP traffic profile. The IP traffic profile defines multiple
traffic parameters. When configuring a service port, apply the IP traffic profile to the port and
manages the traffic of the port through the traffic parameters defined in the profile.
21.5.2 Configure the ATM Traffic Profile
The ATM traffic profile defines ATM traffic parameters. When configuring the service
connection, apply the ATM traffic profile to the service port and manages the ATM service
traffic through the traffic parameters defined in the profile.
21.5.1 Configure the IP Traffic Profile

This topic describes how to configure the IP traffic profile. The IP traffic profile defines multiple
traffic parameters. When configuring a service port, apply the IP traffic profile to the port and
manages the traffic of the port through the traffic parameters defined in the profile.
l The system contains seven default IP traffic profiles with the IDs of 0-6. You can run the
display traffic table command to query the traffic parameters of these default traffic
profiles.
l It is recommended to select the default traffic profiles first. You need to configure a new
IP traffic profile only when the default traffic profiles cannot meet the demand.
Table 21-4 lists the traffic parameters defined in the IP traffic profile.
Table 21-4 Traffic parameters defined in the IP traffic profile

Item Parameter Description
Parameters of two CIR: committed information rate

rate three color CBS: committed burst size
management
PIR: peak information rate
PBS: peak burst size
NOTE
l CIR is mandatory, and the other three parameters are optional. If you
configure only the CIR, the system calculates the other three parameters based
on the formula.
l According to the four parameters, the system marks the service packet with
color. The red packet is discarded directly, and the packets of the other two
colors are marked on its DEI field of the VLAN tag, with 1 on the yellow
packet and 0 on the green one.

Item Parameter Description
Priority policy The priority policies are classified into the following three types:
l Specified priority: specifying the 802.1p priority for the packet.
l user-cos: copying the 802.1p priority in the VLAN of the packet to
the VLAN of the upstream packet.
l user-cos: copying the ToS priority in the VLAN of the packet to the
VLAN of the upstream packet.
Scheduling policy The scheduling policies are classified into the following two types:
l Tag-In-Package: The system performs scheduling based on the
802.1p priority of the packet.
l Local-Setting: the local priority. The system performs scheduling
based on the 802.1p priority specified in the traffic profile bound
with the service stream.
NOTE
The scheduling policy is only valid to the downstream packet.
Procedure
Step 1 Run the traffic table ip command to configure the traffic profile.
Step 2 Run the display traffic table ip command to query the traffic profile.
----End
Example
To add IP traffic profile 9, with the CIR as 2048 kbit/s, the 802.1p priority of the upstream packet
as 6, and the scheduling policy of downstream packet as tag-in-package, do as follows:
huawei(config)#traffic table ip index 9 cir 2048 priority 6 priority-policy tag-In-
Package
--------------------------------------------
TD Index : 9
Priority : 6
Copy Priority : -
Priority Policy : tag-pri
CIR : 2048 kbps
CBS : 67536 bytes
PIR : 4096 kbps
PBS : 135072 bytes
--------------------------------------------
huawei(config)#display traffic table ip index 9

--------------------------------------------
TD Index : 9
Priority : 6
Copy Priority : -
CIR : 2048 kbps
CBS : 67536 bytes
PIR : 4096 kbps
PBS : 135072 bytes


--------------------------------------------
Related Operations
Table 21-5 lists the related operations for configuring the traffic entry.
Table 21-5 Related operations for configuring the traffic entry
Delete the IP undo traffic table ip Only the traffic entry that is not
traffic profile applied can be deleted.
Modify the IP traffic table ip modify l The priority policy and the
traffic profile scheduling policy in the traffic
profile cannot be modified.
l The default and the applied traffic
profiles can be modified.
21.5.2 Configure the ATM Traffic Profile

The ATM traffic profile defines ATM traffic parameters. When configuring the service
connection, apply the ATM traffic profile to the service port and manages the ATM service
traffic through the traffic parameters defined in the profile.
l The system contains seven default ATM traffic profiles with the IDs of 0-6. You can run
the display traffic table atm command to query the traffic parameters of these default
traffic profiles.
l It is recommended to select the default traffic profiles first. You need to configure a new
traffic profile only when the default traffic profiles cannot meet the demand.
Table 21-6 lists the relations between the service type, traffic description, and traffic parameters.
Table 21-6 Relations between the service type, traffic description, and traffic parameters.
Service Type Traffic Description Type Parameter Description
Constant bit ClpNoTaggingNoScr Clp01Pcr: peak cell rate (PCR) with

rate (CBR) the CLP of 0 + 1
Clp01Pcr: PCR with the CLP of 0
ClpNoTaggingNoScr Clp01Pcr: PCR with the CLP of 0 +

1
Cdvt: cell delay variation tolerance
ClpTransparentNoScr Clp01Pcr: PCR with the CLP of 0 +

1

Service Type Traffic Description Type Parameter Description
ClpNoTaggingNoScr Clp01Pcr: PCR with the CLP of 0 +

1
NoClpNoScrCdvt Clp01Pcr: PCR with the CLP of 0 +

1
real-time ClpNoTaggingScrCdvt Clp01Pcr: PCR with the CLP of 0 +

Variable Bit 1
Rate (rt_VBR) ClpTaggingScrCdvt
Clp0Scr: SCR with the CLP of 0 + 1
ClpTransparentScr Mbs: maximum burst size
NoClpScrCdvt Cdvt: cell delay variation tolerance
Non-real-time ClpNoTaggingScr Clp01Pcr: PCR with the CLP of 0 +

variable bit 1
rate (nrt_VBR) ClpTaggingScr
Clp0Scr: SCR with the CLP of 0 + 1
NoClpScr Mbs: maximum burst size
Unspecified bit NoClpNoScr Clp01Pcr: PCR with the CLP of 0 +

rate (UBR) 1
NoClpNoScrCdvt Clp01Pcr: PCR with the CLP of 0 +

1
NoClpTaggingNoScr Clp01Pcr: PCR with the CLP of 0 +

1
NoTrafficDescriptor -
Table 21-7 lists the application scenario of the ATM services.
Table 21-7 Application scenario of the ATM services

Service Type Application Scenario
CBR CBR service is used for connections that require static bandwidth and top
priority. CBR features high stability and low burst. Data services are
delivered in fixed period. Typical applications of CBR services are circuit
service, emulation voice service and video service. Peak cell rate (PCR)
is the only parameter required for applying CBR service. Cells are
delivered at the source end at the PCR rate or a rate below PCR.

Service Type Application Scenario
rt_VBR rt-VBR service is very sensitive to delay and jitter. Typical applications
of rt-VBR are voice service and video service. Compared with CBR
service, rt-VBR service allows a certain degree of delay. The data may be
delivered at the source end at different rates. Parameters required for
applying rt-VBR service include PCR, SCR, and MBS.
nrt_VBR nrt-VBR service is used for connections in which there is no fixed timing
relationship between samples. Compared with rt-VBR, nrt-VBR has lower
priority than rt-VBR. Parameters required for service application include
PCR, SCR, and MBS.
UBR UBR service is used for services with high burst and without real-time
requirement. UBR users only demand optimum network service, but
require no guarantee on quality of service (QoS). The network offers no
QoS guarantee for UBR service. In the case of network congestion, UBR
cells are the first to be discarded. Error correction is implemented by the
upper layer protocols. Typical applications of UBR service are FTP and
E-mail.
Procedure
Step 1 Run the traffic table atm command to configure the ATM traffic profile.
Step 2 Run the display traffic table atm command to query the ATM traffic profile.
----End
Example
To add ATM traffic profile 12, with the service type of UBR, traffic description type of
NoClpNoScr and 2048 kbit/s, and Clp01Pcr of 2048 kbit/s, do as follows:
huawei(config)#traffic table atm index 12 srvcategory ubr tdtype noclpnoscr
clp01Pcr 2048
-----------------------------------------------------------------------------
TD Index : 12
Priority : 0
TD Type : NoClpNoScr
Service Category : ubr
EnPPDISC : off
Clp01Pcr : 2048 kbps

-----------------------------------------------------------------------------
huawei(config)#display traffic table atm index 12

-----------------------------------------------------------------------------
TD Index : 12
Priority : 0
TD Type : NoClpNoScr
Service Category : ubr
EnPPDISC : off

Clp01Pcr : 2048 kbps

-----------------------------------------------------------------------------
Related Operation
Table 21-8 lists the related operation for configuring the traffic entry.
Table 21-8 Related operation for configuring the traffic entry
Delete the ATM undo traffic table atm Only the traffic entry that is not
traffic profile applied can be deleted.
21.6 Configuring the Traffic Management Based on Port +

CoS
This topic describes how to configure the traffic management based on port + CoS to specify a
specified IP traffic profile for service streams that have the same 802.1p priority and are borne
on the same port. This facilitates the service traffic management through the traffic profile.
l Traffic management based on service streams and based on port + CoS are mutually
exclusive. By default, the system supports traffic management based on service streams.
l If the board is configured with the service stream, the traffic management mode cannot be
modified.
l You cannot set or query the CAR mode of a GPON service board.
l The AIUG and GPON boards supportGPON board supports only the traffic management
based on service streams while not supporting that based on port + CoS.
Procedure
Step 1 Run the car-mode command to set the traffic management mode of a service board as port +
CoS.
NOTE
l The configured traffic management mode is valid to all ports of the board.
l service-port: traffic management mode based on service streams, which is the default mode.
l port-cos: traffic management mode based on port + CoS.
Step 2 Run the car-port command to set the 802.1p priority of the a port, bind the IP traffic profile
with the service stream that matches the set priority, and manage the traffic of the service stream
through the profile.
Step 3 Run the display car-mode command to query the traffic management mode of the service board.
Step 4 Run the display car-mode command to query the traffic management mode of the port.
----End

Example
Assume that the packets with the 802.1p priority of 4 on port 0 in upstream is bound with IP
traffic profile 2 and those in downstream is bound with profile 5, and the packets with the 802.1p
priority of 6 on port 0 in upstream is bound with IP traffic profile 2 and those in downstream is
bound with profile 7. To set the traffic management mode of service board 0/2 to port + COS,
do as follows:
huawei(config)#interface adsl 0/2
huawei(config-if-adsl-0/2)#car-mode port-cos
huawei(config-if-adsl-0/2)#car-port 0 cos 4 inbound 2 outbound 5
huawei(config-if-adsl-0/2)#car-port 0 cos 6 inbound 2 outbound 7
huawei(config-if-adsl-0/2)#display car-mode
The CAR mode of the board : port-cos
huawei(config-if-adsl-0/2)#display car-port 0
-------------------------------------
Port CoS Inbound-index Outbound-index
-------------------------------------
0 4 2 5
0 6 2 7
-------------------------------------
21.7 Configuring Queue Scheduling

A queue is the unit of the packet scheduling in the physical port. After the queue scheduling is
configured, the packet of the key service can be processed in time when the network congestion
occurs.
Features of Queue Scheduling

l The system performs queue scheduling based on the queue priority. The larger the queue
number, the higher the priority.
l The mapping between the queue and the 802.1 priority of the packet can be configured.
l The queue buffer size can be configured.
l Three queue scheduling modes are supported:
– PQ: strict-priority queue
– WRR: Weighted Round Robin
– PQ + WRR
NOTE
By default, the system adopts PQ mode.
21.7.1 Configuring the Queue Scheduling Mode

This topic describes how to configure the queue scheduling mode for ensuring that the packet
in the queue with higher priority can be processed in time in the case of congestion.
21.7.2 Mapping the 802.1p Priority to Queues
This topic describes how to map the 802.1p priority to queues so that packets with different
802.1p priorities map to the specified queues based on the configured mapping. This enhances
the flexibility of mapping packets to the queue.
21.7.3 Configuring the Queue Buffer of a Service Board
This topic describes how to configure the buffer size for the queue. After the configuration,
buffer sizes are re-allocated to queues to guarantee a flexible QoS.

21.7.1 Configuring the Queue Scheduling Mode

This topic describes how to configure the queue scheduling mode for ensuring that the packet
in the queue with higher priority can be processed in time in the case of congestion.
The MA5600T supports the following three queue scheduling modes: Strict-Priority Queue (PQ)
and Weighted Round Robin (WRR) and PQ+WRR.
l Strict-Priority Queue (PQ)

PQ gives preference to packets in a high priority queue. When a high priority queue is
empty, packets in a queue of lower priority are sent.
By default, PQ mode is adopted.
l Weighted Round Robin (WRR)
The system supports WRR for eight queues. Each queue has a weight value (w7, w6, w5,
w4, w3, w2, w1 and w0 in descending order) for resource acquisition. WRR is performed
for the queues by turns. This guarantees that each queue can obtain certain service time.
Table 21-9 lists the mapping between the queue weight and the actual queue.
Table 21-9 Mapping between the queue weight and the actual queue
Queue Configured Actual Queue Actual Queue

Number Weight Weight (the port Weight (the port
supporting 8 supporting 4
queues) queues)
7 W7 W7 -
6 W6 W6 -
5 W5 W5 -
4 W4 W4 -
3 W3 W3 W7+W6
2 W2 W2 W5+W4
1 W1 W1 W3+W2
0 W0 W0 W1+W0
Wn: indicates the weight of queue n. The weight sum of queues must be equal to 100.
l PQ + WRR
– The system supports PQ for some queues and WRR for the other queues. When the
value of WRR is 0, it indicates that this queue adopts the PQ mode.
– The queues adopting the PQ mode must be the ones with higher priorities.
– The weight sum of queues must be equal to 100.

Procedure
Step 1 Run the queue-scheduler command to configure the queue scheduling mode.
Step 2 Run the display queue-scheduler command to query configuration of the queue scheduling.
----End
Examples
To configure a WRR scheduler and assign these weight values to the eight queues: 10, 10, 20,
20, 10, 10, 10 and 10, do as follows:
---------------------------------
---------------------------------
0 WRR 10
1 WRR 10
2 WRR 20
3 WRR 20
4 WRR 10
5 WRR 10
6 WRR 10
7 WRR 10
---------------------------------
To configure a PQ+WRR scheduler and assign these weight values to the six queues: 20, 20,
10, 30, 10, and 10, do as follows:
---------------------------------
---------------------------------
0 WRR 20
1 WRR 20
2 WRR 10
3 WRR 30
4 WRR 10
5 WRR 10
6 PQ --
7 PQ --
---------------------------------
Related Operations
Table 21-10 lists the related operations for configuring the queue scheduling mode.
Table 21-10 Related operations for configuring the queue scheduling mode
Restore the default queue undo queue-scheduler

scheduling setting
Configure the mapping between cos-queue-map

the 802.1p priority and the queue

Configure the queue buffer of a queue-buffer

service board
21.7.2 Mapping the 802.1p Priority to Queues

This topic describes how to map the 802.1p priority to queues so that packets with different
802.1p priorities map to the specified queues based on the configured mapping. This enhances
the flexibility of mapping packets to the queue.
l The configuration applies to all the service boards in the system.
l By default, the mapping between the 802.1p priority and queues is as shown in Table
21-11.
Table 21-11 Mapping between the 802.1p priority and queue

Queue Number Actual Queue Actual Queue 802.1p Priority
Number (the port Number (the port
supporting 8 supporting 4
queues) queues)
7 7 3 7
6 6 3 6
5 5 2 5
4 4 2 4
3 3 1 3
2 2 1 2
1 1 0 1
0 0 0 0
Procedure
Step 1 Run the cos-queue-map command to map the 802.1p priority to the queues.
Step 2 Run the display cos-queue-map command to query the mapping setting.
----End
Example
To map 802.1p priority 0 to queue 0, 802.1p priority 1 to queue 2, and others to queue 6, do as
follows:

huawei(config)#cos-queue-map cos0 0 cos1 2 cos2 6 cos3 6 cos4 6 cos5 6 cos6 6 cos7

6
huawei(config)#display cos-queue-map
CoS and queue map:
------------------------
CoS Queue ID
------------------------
0 0
1 2
2 6
3 6
4 6
5 6
6 6
7 6
------------------------
Related Operations
Table 21-12 lists the related operations for mapping the 802.1p priority to the queue of a service
board.
Table 21-12 Related operations for mapping the 802.1p priority to the queue of a service board
Restore the default mapping setting undo cos-queue-map
Configure the queue buffer of a service queue-buffer

board
Configure the queue scheduling mode queue-scheduler
21.7.3 Configuring the Queue Buffer of a Service Board

This topic describes how to configure the buffer size for the queue. After the configuration,
buffer sizes are re-allocated to queues to guarantee a flexible QoS.
The queue buffer determines the capacity of queues for handling the burst packet. The larger
the queue buffer, the stronger the capacity for handling the burst packet.
The buffer size of a port is set by proportion. Table 21-13 lists the default buffer size.
Table 21-13 Default buffer size
Queue Number Queue Buffer (the port Actual queue number (the
supporting 8 queues) port supporting 4 queues)
7 L7 (Default: 6) -
6 L6 (Default: 25) -
5 L5 (Default: 12) -

Queue Number Queue Buffer (the port Actual queue number (the
supporting 8 queues) port supporting 4 queues)
4 L4 (Default: 12 -
3 L3 (Default: 13) L7+L6 (Default: 31)
Ln: indicates the buffer size of queue n. The sum of proportions must be equal to 100.
Procedure
Step 1 Run the queue-buffer command to configure the buffer size for the queue of a service board.
Step 2 Run the display queue-buffer command to query the buffer size configuration for the queue of
a service board.
----End
Example
To configure the buffer size proportion of the eight queues as 20, 20, 10, 10, 10, 10, 10 and 10,
do as follows:
huawei(config)#queue-buffer 20 20 10 10 10 10 10 10
huawei(config)#display queue-buffer
------------------------
Queue Depth size ratio
------------------------
0 20
1 20
2 10
3 10
4 10
5 10
6 10
7 10
------------------------
Related Operations
Table 21-14 lists the related operations for configuring the queue buffer of a service board.
Table 21-14 Related operations for configuring the queue buffer of a service board
Restore the default buffer setting undo queue-buffer
Configure the queue scheduling queue-scheduler

Map the 802.1p priority to the priority cos-queue-map

queue
21.8 Configuring Traffic Management Based on ACL rules

This topic describes the function of filtering the traffic of the port through the ACL rule and
manages the traffic that complies with the ACL rule.
21.8.1 Enabling Traffic Limit
This topic describes how to enable traffic limit of packets matching an ACL rule on a specified
port, and processing the traffic that exceeds the limit such as adding the DSCP tag or discarding
the packet directly.
21.8.2 Adding a Priority Tag to Packets
This topic describes how to add a priority tag to packets matching an ACL on a specified port
so that the traffic can obtain the service that match the specified priority. The priority tag type
can be ToS, DSCP, and 802.1p.
21.8.3 Enabling the Traffic Statistics
This topic describes how to enable the traffic statistics for packets matching an ACL on a port
to analyze and monitor this traffic.
21.8.4 Enabling the Traffic Mirroring
This topic describes how to mirror the traffic matching an ACL rule on a port to a specified port.
Mirroring does not affect receiving and transmitting packets on the mirroring source port. You
can monitor the traffic of the mirroring source port through analyzing the traffic that passes the
mirroring destination port.
21.8.5 Enabling the Traffic Redirection
This topic describes how to enable the redirection of packets matching an ACL on a port. After
this operation is executed successfully,, the original port does not forward packets matching the
ACL, but the specified port forwards the packets.
21.8.1 Enabling Traffic Limit

This topic describes how to enable traffic limit of packets matching an ACL rule on a specified
port, and processing the traffic that exceeds the limit such as adding the DSCP tag or discarding
the packet directly.
Prerequisite
The ACL and its rule have been configured, and the port for traffic limit is working in the normal
state.
l The traffic limitation is only valid for permit rules of an ACL.
l The limited traffic must be a multiple of 64.

Procedure
Step 1 Run the traffic-limit command to enable traffic limit of packets matching an ACL rule on a
specified port.
Step 2 Run the display qos-info traffic-limit port command to query the traffic limitation information
on the specified port.
----End
Example
To limit the traffic received on port 0/11/0 that matches the rules of ACL 2001 to 512 kbit/s,
and mark the DSCP priority tag (af1) to packets that exceed the limitation, do as follows:
huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port
0/11/0
huawei(config)#display qos-info traffic-limit port 0/11/0
traffic-limit:
port 0/11/0:
Inbound:
Matches: Acl 2001 rule 5 running
Target rate: 512 Kbps
Exceed action: remark-dscp af1
Related Operation
Table 21-15 lists the related operation for enabling traffic limit of packets matching an ACL on
a specified port.
Table 21-15 Related operation for enabling traffic limit of packets matching an ACL on a
specified port
Disable the traffic limitation of packets undo traffic-limit

matching an ACL rule on a specified port
21.8.2 Adding a Priority Tag to Packets

This topic describes how to add a priority tag to packets matching an ACL on a specified port
so that the traffic can obtain the service that match the specified priority. The priority tag type
can be ToS, DSCP, and 802.1p.
Prerequisite
The ACL and its rule have been configured, and the port involved in adding a priority tag to
packets is working in the normal state.
l This operation is only valid for permit rules of an ACL.
l The ToS priority and the DSCP priority cannot be configured at the same time.

Procedure
Step 1 Run the traffic-priority command to add a priority tag to packets matching an ACL on a
specified port.
Step 2 Run the display qos-info traffic-priority port command to query the configured priority.
----End
Example
l DSCP priority level: 10 (af1)
l Local priority level: 0
To add a priority tag to packets received on port 0/11/0 that match ACL 2001, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0
port 0/11/0
huawei(config)#display qos-info traffic-priority port 0/11/0
traffic-priority:
port 0/11/0:
Inbound:
Priority action: dscp af1 cos background
Related Operation
Table 21-16 lists the related operation for adding a priority tag to packets matching an ACL on
a specified port.
Table 21-16 Related operation for adding a priority tag to packets matching an ACL on a
specified port
Cancel the priority tag of the traffic that undo traffic-priority

matches an ACL
21.8.3 Enabling the Traffic Statistics

This topic describes how to enable the traffic statistics for packets matching an ACL on a port
to analyze and monitor this traffic.
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic statistics is working
in the normal state.
The traffic statistics function is only valid for permit rules of an ACL.

Procedure
Step 1 Run the traffic-statistic command to measure traffic matching an ACL on a specified port.
Step 2 Run the display qos-info traffic-statistic port command to query the traffic statistics for packets
matching an ACL on the specified port.
----End
Example
To measure the packets received at port 0/9/0 that match ACL 2001, do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/9/0
huawei(config)#display qos-info traffic-statistic port 0/9/0
traffic-statistic:
port 0/9/0:
Inbound:
0 packet
Related Operations
Table 21-17 lists the related operations for enabling the traffic statistics for packets matching
an ACL on a port.
Table 21-17 Related operations for enabling the traffic statistics for packets matching an ACL
on a port
Clear the traffic statistics for packets reset traffic-statistic

that match an ACL rule on a port
Disable traffic statistics for packets undo traffic-statistic

matching an ACL
21.8.4 Enabling the Traffic Mirroring

This topic describes how to mirror the traffic matching an ACL rule on a port to a specified port.
Mirroring does not affect receiving and transmitting packets on the mirroring source port. You
can monitor the traffic of the mirroring source port through analyzing the traffic that passes the
mirroring destination port.
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic mirroring is working
l The command only works for permit rules of an ACL.

l The mirroring destination port cannot be an aggregated port.

l Only one mirroring destination port is supported and the mirroring destination port must
be the upstream port.
Procedure
Step 1 Run the traffic-mirror command to enable the traffic mirroring of packets matching an ACL
rule on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the traffic mirroring of packets
matching an ACL rule on a specified port.
----End
Example
To mirror the packets on ADSL2+ port 0/11/0 that match the rules of ACL 2001 to Ethernet port
0/9/0, do as follows:
huawei(config)#traffic-mirror inbound ip-group 2001 port 0/11/0 to port 0/9/0
huawei(config)#display qos-info traffic-mirror port 0/11/0
traffic-mirror:
port 0/11/0:
Inbound:
Mirror to: port 0/9/0
Related Operation
Table 21-18 lists the related operation for enabling the traffic mirroring of packets matching an
ACL rule on a specified port.
Table 21-18 Related operation for enabling the traffic mirroring of packets matching an ACL
rule on a specified port
Disable traffic mirroring on undo traffic-mirror

packets matching an ACL rule
21.8.5 Enabling the Traffic Redirection

This topic describes how to enable the redirection of packets matching an ACL on a port. After
this operation is executed successfully,, the original port does not forward packets matching the
ACL, but the specified port forwards the packets.
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic redirection is working

l The traffic redirection is only valid for permit rules of an ACL.
l The service ports support only redirection of packets matching the ACL to upstream ports.
The upstream port supports only redirection of packets matching the ACL to ports on the
board of the same type.
Procedure
Step 1 Run the traffic-redirect command to redirect traffic matching an ACL on a port.
Step 2 Run the display qos-info traffic-redirect port command to query the redirection information
of packets matching an ACL on a port.
----End
Example
To redirect traffic matching with ACL 2001 on port 0/9/0 to port 0/9/1, do as follows:
huawei(config)#traffic-redirect inbound ip-group 2001 port 0/9/0 to port 0/9/1
huawei(config)#display qos-info traffic-redirect port 0/9/0
traffic-redirect:
port 0/9/0:
Inbound:
Redirected to: port 0/9/1
Related Operation
Table 21-19 lists the related operation for redirecting traffic matching an ACL on a port.
Table 21-19 Related operation for redirecting traffic matching an ACL on a port
Cancel the ACL-based traffic undo traffic-redirect

redirection
21.9 Enabling the Line Rate Limit on an Upstream Port

This topic describes how to enable the line rate limit on a specified upstream port.
l Line rate limit on the MA5600T is to limit the transmit rate of an Ethernet port on the
SCU and GIU boards, instead of limiting the rate on a service port.
l The limited rate should be a multiple of 64.
Procedure
Step 1 Run the line-rate command to limit the line rate on a specified port.

Step 2 Run the display qos-info line-rate port command to query the line rate limit information on
the specified port.
----End
Example
To limit the rate at Ethernet port 0/9/0 to 6400 kbit/s, do as follows:
huawei(config)#line-rate 6400 port 0/9/0
huawei(config)#display qos-info line-rate port 0/9/0
line-rate:
port 0/9/0:
Line rate: 6400 Kbps
Related Operation
Table 21-20 lists the related operation for enabling the line rate limit on an upstream port.
Table 21-20 Related operation for enabling the line rate limit on an upstream port
Disable the line rate limit on a port undo line-rate

SmartAX MA5600T Multi-service Access Module 22 User Security Configuration
22 User Security Configuration
About This Chapter
This topic describes how to configure the user security on the MA5600T.
22.1 Overview
This topic describes the service description and service specifications of user security.
22.2 Enabling PITP
This topic describes how to enable PITP so that the device can report the user port information
to the BRAS for authenticating the user.
22.3 Setting the RAIO Working Mode
This topic describes how to set the Relay Agent Information Option (RAIO) working mode to
correctly classify the format of the DHCP option82 tag and the PITP tag required by different
operators.
22.4 Setting the Ethernet Encapsulation Type
This topic describes how to set the Ethernet encapsulation type.
22.5 Enabling the DHCP Option82 Function
This topic describes how to enable the DHCP option82 function so that the BRAS can
authenticate the access users. The MA5600T adds the option82 field to the DHCP packets to
ensure the security of the DHCP function.
22.6 Setting the Maximum Length of DHCP Packets
This topic describes how to set the maximum length of DHCP packets.
22.7 Binding the IP Address
This topic describes how to bind a service channel with one or more IP addresses. In this way,
only the messages with the source IP address as the bound IP address can pass through the service
channel.
address.
22.9 Enabling the Anti MAC Spoofing
This topic describes how to enable the anti MAC spoofing function. With the anti MAC spoofing
function enabled, unauthorized users are prevented from sending PPPoE and DHCP control

22 User Security Configuration SmartAX MA5600T Multi-service Access Module
packets through forging the MAC addresses of the valid users, thus guaranteeing the user security
greatly.
22.10 Enabling the Anti IP Spoofing
This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled,
unauthorized users are prevented from logging in to the device by forging legal IP addresses,
thus guaranteeing the user security.

22.1 Overview
This topic describes the service description and service specifications of user security.
Service Description
Policy Information Transfer Protocol (PITP), a member of Huawei Group Management Protocol
(HGMP) family, provides the Broadband Remote Access Server (BRAS) with the information
about the user port.
PITP binds user accounts with the user ports to prevent the theft and roaming of user accounts.
The DHCP option82 contains reliable user port information and terminal information, which are
added to the DHCP packets. The DHCP option82 is used as reference for the DHCP server to
allocate the IP address and other parameters.
For details on the user security feature, refer to "User Security" in the MA5600T Feature
Description.
The MA5600T supports the PITP V mode and P mode as well as DHCP option82 to implement
binding between the user account and the user port.
l PITP V mode (VBAS mode): After the PPPoE discovery phase, BRAS initiates a request
for querying user ports, requiring the MA5600T to report the information on the user ports.
The MA5600T sends the user port information to the BRAS when the MA5600T responds
to messages.
l PITP V mode (PPPoE Tag mode): In the PPPoE discovery phase, the MA5600T initiates
a request for querying user ports, and adds tags to the PPPoE authentication request
messages. In this way, the user port information is sent to the BRAS.
22.2 Enabling PITP

This topic describes how to enable PITP so that the device can report the user port information
to the BRAS for authenticating the user.
PITP has two modes:
l vmode
VBAS mode: The BRAS sends the VBAS request packets to the MA5600T first, and the
MA5600T sends the port information to the BRAS.
l pmode
PPPoE mode: The MA5600T adds the tag to the PPPoE packets directly, and sends the port
information to the BRAS.
You can configure the PITP in the following two modes:
l Global configuration

– You can run the pitp { disable | enable { pmode | vmode } } command to disable PITP
or select PITP mode.
– By default, the PITP is disabled globally.
l Port configuration
– You can run the pitp { port frameid/slotid/portid { enable | disable } | board
frameid/slotid { enable | disable } } command to enable or disable PITP of the physical
port.
– By default, the port configuration of PITP is enabled.
l You can switch over between P and V modes of PITP. However, the system works in only
one mode. Disabling PITP invalidates both PITP modes.
l Global PITP configuration is of higher priority than port PITP configuration.
l If global PITP configuration is disabled, packets from a port do not contain user port
information no matter whether the port PITP is enabled.
l When you enable or disable PITP of the physical port on one board, the board must be in
the normal state or the offline configuration state.
l The ports on the control board do not support PITP, and it only transmits the PITP packets
transparently.
l To enable DHCP option82 or PITP, you need to configure the RAIO mode first. For the
configuration of the RAIO mode, see This topic "22.3 Setting the RAIO Working
Mode."
Procedure
Step 1 Run the pitp command to enable the PITP V mode or the PITP of the physical port.
Step 2 Run the display pitp config command to query the PITP configuration.
----End
Examples
To enable the PITP V mode, do as follows:
huawei(config)#pitp enable vmode
huawei(config)#display pitp config
PITP is enabled. Current mode:vmode
PITP sub-option90 is disabled
To enable PITP of port0/11/0the service port with GEM Port ID of 128 in port 0/11/0, do as
follows:
huawei(config)#pitp port 0/11/0 enablepitp port 0/11/0 gemport 128 enable
huawei(config)#display pitp port 0/11/0 configdisplay pitp port 0/11/0 gemport 128
config
PITP is enabled on this port
22.3 Setting the RAIO Working Mode

This topic describes how to set the Relay Agent Information Option (RAIO) working mode to
correctly classify the format of the DHCP option82 tag and the PITP tag required by different
operators.

l RAIO includes DHCP option82 and PITP tag. Because these two options are not
standardized, different carriers have different formats of them.
l By default, the RAIO working mode is common.
l To differentiate the formats, set correctly the RAIO working mode before using the DHCP
option82 and PITP tag function.
Procedure
Step 1 Run the raio-mode command to set the RAIO working mode.
Step 2 Run the display raio-mode command to query the RAIO working mode.
----End
Examples
To set the RAIO working mode as port-userlabel so that after the DHCP option82 function is
enabled on the port, and the PPPoE packets contain the description of the port, do as follows:
huawei(config)#raio-mode port-userlabel dhcp-option82
To set the RAIO working mode as user-defined so that after the PITP P mode is enabled on the
port, the PPPoE packets contain the user-defined description of the port, do as follows:
To set the RAIO working mode as xdsl-port-rate so that after the PITP P mode is enabled on
the port, the PPPoE packets contain the upstream/downstream activation rate of the port, do as
follows:
huawei(config)#raio-mode xdsl-port-rate pitp-pmode
huawei(config)#raio-mode user-defined pitp-pmode
huawei(config)#display raio-mode
{ <cr>|pitp-pmode<K>|pitp-vmode<K>|dhcp-option82<K>|detail<K> }:
Command:
display raio-mode
Current mode of PITP pmode: user-defined mode
Current mode of PITP vmode: common mode
Current mode of DHCP option82: xdsl-port-rate mode
22.4 Setting the Ethernet Encapsulation Type

This topic describes how to set the Ethernet encapsulation type.
When setting a protocol type, make sure that it does not conflict with any of existing protocol
types, such as:
l IP: 0x0800
l ARP: 0x0806
l RARP: 0x8035
l 802.1q: 0x8100
l PPPoE: 0x8863 and0x8864

NOTE
Before setting the Ethernet encapsulation type, make sure that the PITP V mode is disabled.
Procedure
Step 1 Run the pitp vmode ether-type command to set the Ethernet encapsulation type.
Step 2 Run the display pitp vmode ether-type command and you can find the Ethernet encapsulation
type is set successfully.
----End
Example
To set the Ethernet encapsulation type in V mode, do as follows:
huawei(config)#pitp vmode ether-type 0x8200
huawei(config)#display pitp vmode ether-type
Vmode ethernet type is 0x8200
Related Operation
Table 22-1 lists the related operation for setting the Ethernet encapsulation type.
Table 22-1 Related operation for setting the Ethernet encapsulation type
Disable PITP function pitp disable
22.5 Enabling the DHCP Option82 Function

This topic describes how to enable the DHCP option82 function so that the BRAS can
authenticate the access users. The MA5600T adds the option82 field to the DHCP packets to
ensure the security of the DHCP function.
l With the DHCP option82 function enabled, the MA5600T can add/remove the option82
field to/from DHCP packets.
l With the DHCP option82 function disabled, the MA5600T transparently transmits or
directly forwards DHCP packets without processing them.
Procedure
Step 1 Run the dhcp option82 enable command to enable the DHCP option82.
Step 2 Run the display dhcp option82 config command to query the state of the DHCP option82
function.
----End

Example
To enable the DHCP option82, do as follows:
huawei(config)#dhcp option82 enable
huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes
Related Operations
Table 22-2 lists the related operations for enabling the DHCP option82.
Table 22-2 Related operations for enabling the DHCP option82
Disable the DHCP option82 function dhcp option82 disable
Set the maximum length of the DHCP dhcp option82 max-length

packet
22.6 Setting the Maximum Length of DHCP Packets

This topic describes how to set the maximum length of DHCP packets.
l By default, the maximum length of DHCP packets is 1500 bytes.
l You can set the maximum length for the DHCP packets added with Relay Agent
Information Option messages. If there are packets with length exceeding this value, the
system transparently transmits these packets.
Procedure
Step 1 Run the dhcp option82 max-length command to set the maximum length of DHCP packets.
Step 2 Run the display dhcp option82 config command to query the configured maximum length of
DHCP packets.
----End
Example
To set the maximum length of DHCP packets to 1300 bytes, do as follows:
huawei(config)#dhcp option82 max-length 1300
huawei(config)#huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes

22.7 Binding the IP Address

This topic describes how to bind a service channel with one or more IP addresses. In this way,
only the messages with the source IP address as the bound IP address can pass through the service
channel.
l A service channel can be bound with up to 8 IP addresses. The bound IP address must be
a unicast IP address.
l One port can be bound with either one IP address or eight consecutive IP addresses
according to the IP address mask at one time.
Procedure
Step 1 Run the bind ip command to bind an IP address.
Step 2 Run the display bind command to query the IP address binding information.
----End
Examples
To bind the IP address 10.1.1.245 of the service channel (VPI/VCI of 0/35) with ADSL port
To bind the IP address 10.10.10.1 of the service channel (GEM Port ID of 128) with GPON port
huawei(config)#bind ip gpon 0/11/0 gemport 128 10.10.10.1
huawei(config)#display bind gpon 0/11/0 gemport 128
Command:
display bind gpon 0/11/0 gemport 128
-------------------------
No. IP address
-------------------------
0 10.10.10.1
1 -
2 -
3 -
4 -
5 -
6 -
7 -
-------------------------
To bind IP addresses 10.10.10.1/29 of the service channel (GEM Port ID of 128) with GPON
port 0/11/0 (the bound IP address segment is 0.10.10.0–10.10.10.7), do as follows:
huawei(config)#bind ip gpon 0/11/0 gemport 128 10.10.10.1 29
huawei(config)#display bind gpon 0/11/0 gemport 128
Command:
display bind gpon 0/12/1 gemport 128
-------------------------
No. IP address
-------------------------

0 10.10.10.0
1 10.10.10.1
2 10.10.10.2
3 10.10.10.3
4 10.10.10.4
5 10.10.10.5
6 10.10.10.6
7 10.10.10.7
-------------------------
Related Operation
Table 22-3 lists the related operation for binding the IP address.
Table 22-3 Related operation for binding the IP address

Cancel the binding of IP address undo bind ip

address.
The MA5600T does not support the configuration of binding a MAC address directly. By
configuring a static MAC address entry and setting the maximum address count to 0, you can
bind a port with a MAC address.
l The MA5600T supports up to 1K static MAC addresses. The number of MAC addresses
that can be bound with a service stream is not limited.
l The MA5600T supports up to 8K dynamic MAC addresses. Each service stream can be
bound with up to eight MAC addresses dynamically.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/11/0 is 1010-1010-1010, and the
maximum address count is 0. To bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:


huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35 0
huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35
----------------------------------------------------------------------------
----------------------------------------------------------------------------
adl 0/11/0 0 35 4000 - - 0
--------------------------------------------------------------------------
Total: 1
Assume that the static MAC address of GPON port 0/11/0 is 1010-1010-1010, and the maximum
address count is 0. To bind the port with the MAC address so that the port only allows the pass
of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static gpon 0/2/0 gemport 128 1010-1010-1010
huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 0
huawei(config)#display mac-address max-mac-count gpon 0/2/0 gemport 128
Command:
display mac-address max-mac-count gpon 0/2/0 gemport 128
---------------------------------------------------------------------------
Type F /S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
---------------------------------------------------------------------------
gpon 0 /2 /0 128 - 10 - - 0
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port; VPI indicates GEM PortID for GPON
22.9 Enabling the Anti MAC Spoofing

This topic describes how to enable the anti MAC spoofing function. With the anti MAC spoofing
function enabled, unauthorized users are prevented from sending PPPoE and DHCP control
packets through forging the MAC addresses of the valid users, thus guaranteeing the user security
greatly.
l The anti MAC spoofing function is implemented through MAC address binding.
l Each service virtue port can be bound with up to eight different MAC addresses
dynamically.
l If a user has been online before the anti MAC spoofing function is enabled, the system does
not bind MAC address. Then the user is forced to log out, so the user must log in again.
l The user MAC address can be bound only when a user logs in after the anti MAC spoofing
function is enabled.
Procedure
Step 1 Run the security anti-macspoofing enable command to enable the anti MAC spoofing function.
Step 2 Run the display security config command and you can find that the function is enabled.
----End

Example
To enable the anti MAC spoofing function, do as follows:
huawei(config)#security anti-macspoofing enable
huawei(config)#display security config
Anti-ipspoofing function : disable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
PPPoE Overall Aging Time(sec): 360

PPPoE Aging Period (sec): 90
DHCP Overall Aging Time(sec): 1560
Related Operations
Table 22-4 lists the related operations for enabling the anti MAC spoofing function.
Table 22-4 Related operations for enabling the anti MAC spoofing function
Disable the anti MAC spoofing security anti-macspoofing disable

function
Display the dynamically bound MAC display security bind mac

addresses
22.10 Enabling the Anti IP Spoofing

This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled,
unauthorized users are prevented from logging in to the device by forging legal IP addresses,
thus guaranteeing the user security.
l The anti IP spoofing function is implemented through dynamic IP address binding.
l By default, the dynamic IP address binding function is disabled.
l The system only binds the IP address of the user who obtains the IP address through DHCP.
l If a user has been online before the anti IP spoofing function is enabled, the system does
not bind IP address. Then the user is forced to log out, so the user must log in again.
l The user IP address can be bound only when a user logs in after the anti IP spoofing function
is enabled.
Procedure
Step 1 Run the security anti-ipspoofing enable command to enable the anti IP spoofing function
globally.

Step 2 Run the display security config command to query the configuration status of the anti IP
spoofing function.
----End
Examples
To enable the anti IP spoofing function, do as follows:
huawei(config)#security anti-ipspoofing enable
Anti-ipspoofing function : enable

Related Operations
Table 22-5 lists the related operations for enabling the anti MAC spoofing function.
Table 22-5 Related operations for enabling the anti MAC spoofing function
Disable the anti IP spoofing function security anti-ipspoofing disable
Display the dynamically bound IP display security bind ip

addresses

SmartAX MA5600T Multi-service Access Module 23 System Security Configuration
23 System Security Configuration
About This Chapter
This topic describes how to configure the system security on the MA5600T.
23.1 Overview
This topic describes the service description and service specification of system security.
23.2 Enabling the Anti DoS Attack
This topic describes how to enable the anti DoS attack function to prevent large amount of
packets sent by the access user from attacking the MA5600T.
23.3 Enabling the Anti IP Attack
This topic describes how to enable the anti IP attack function. This function prevents users from
maliciously sending IP packets to the IP address of the device to enhance the device security.
23.4 Enabling Anti ICMP Attack
This topic describes how to enable the anti ICMP attack function to prevent users from sending
malicious ICMP packets to the IP address of the device, thus protecting the device system.
23.5 Enabling the Source Route Filtering
This topic describes how to enable the function of source route filtering. This function filters
the IP packet containing the route option field.
23.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE Users
This topic describes how to set the time to detect exceptional disconnection of the PPPoE users.
23.8 Configuring the Black List
This topic describes how to configure a firewall black list, such as adding some IP addresses to
the firewall black list, so that the service packets from these IP addresses cannot pass the firewall.
23.9 Configuring the Firewall Function
This topic describes how to configure the firewall function to prohibit or allow the packets that
meet the criteria to pass the inband or outband management interface.
23.10 Configuring an Accessible Address Segment

23 System Security Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to configure the accessible address segment for the firewall of a
specified protocol type.
23.11 Configuring the Inaccessible Address Segment
This topic describes how to add the inaccessible address segment for the firewall of the specified
protocol type.

23.1 Overview
This topic describes the service description and service specification of system security.
Service Description
The MA5600T supports system security setting to prevent attacks initiated on the network or
user side. This helps to guarantee user or equipment stability.
For details on the system security, refer to "System Security" in the MA5600T Feature
Description.
To ensure stable operation, the MA5600T supports the following security features:
l Anti DoS attack
l Anti IP attack
l Anti ICMP attack
l Source route filtering
l MAC address filtering
l IP/MAC address binding
l Firewall function
l SSH
23.2 Enabling the Anti DoS Attack

This topic describes how to enable the anti DoS attack function to prevent large amount of
packets sent by the access user from attacking the MA5600T.
Procedure
Step 1 Run the security anti-dos enable command to enable the anti DoS attack.
Step 2 Run the display security config command to query the status of anti DoS attack.
----End
Example
To enable the anti DoS attack, do as follows:
huawei(config)#security anti-dos enable
Anti-ipspoofing function : disable
Anti-macspoofing function : disable


Related Operations
Table 23-1 lists the related operations for enabling the anti DoS attack.
Table 23-1 Related operations for enabling the anti DoS attack
Disable the anti DoS attack security anti-dos disable
Display the black list of anti DoS display security dos-blacklist

attackers
23.3 Enabling the Anti IP Attack

This topic describes how to enable the anti IP attack function. This function prevents users from
maliciously sending IP packets to the IP address of the device to enhance the device security.
Procedure
Step 1 Run the security anti-ipattack enable command to enable the anti IP attack function.
----End
Example
To enable the anti IP attack function, do as follows:
huawei(config)#security anti-ipattack enable
Anti-ipattack function : enable

Related Operation
Table 23-2 lists the related operation for enabling the anti IP attack function.
Table 23-2 Related operation for enabling the anti IP attack function
Disable the anti IP attack function security anti-ipattack disable

23.4 Enabling Anti ICMP Attack

This topic describes how to enable the anti ICMP attack function to prevent users from sending
malicious ICMP packets to the IP address of the device, thus protecting the device system.
Procedure
Step 1 Run the security anti-icmpattack enable command to enable the anti ICMP attack function.
----End
Example
To enable the anti ICMP attack function, do as follows:
huawei(config)#security anti-icmpattack enable
Anti-icmpattack function : enable

Related Operation
Table 23-3 lists the related operation for enabling the anti ICMP attack function.
Table 23-3 Related operation for enabling the anti ICMP attack function
Disable the anti ICMP attack function security anti-icmpattack disable
23.5 Enabling the Source Route Filtering

This topic describes how to enable the function of source route filtering. This function filters
the IP packet containing the route option field.
By default, the function of source route filtering is disabled.

Procedure
Step 1 Run the security source-route enable command to enable the function of source route filtering.
----End
Example
To enable the function of source route filtering, do as follows:
huawei(config)#security source-route enable
Anti-icmpattack function : enable
Source-route filter function : enable

Related Operation
Table 23-4 lists the related operation for enabling the function of source route filtering.
Table 23-4 Related operation for enabling the function of source route filtering
Disable source route filtering security source-route disable

The system supports up to four MAC addresses to be filtered.
Procedure
Step 1 Run the security mac-filter command to configure the MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End
Example
To filter the data packets with the source MAC address of 1000-0000-0000, do as follows:

huawei(config)#security mac-filter source 1000-0000-0000

huawei(config)#display security mac-filter
---------------------------------------------------------
Index MAC-Address Type
---------------------------------------------------------
1 1000-0000-0000 source
---------------------------------------------------------
Total: 1
Related Operation
Table 23-5 lists the related operation for configuring the MAC address filtering.
Table 23-5 Related operation for configuring the MAC address filtering
Delete the filtering MAC address undo security mac-filter
23.7 Setting the Time to Detect Exceptional Disconnection

of the PPPoE Users
This topic describes how to set the time to detect exceptional disconnection of the PPPoE users.
l For PPPoE users, the timeout time includes aging period and overall aging time.
– The system checks the online/offline status of a user every aging period. When the
offline period of a user exceeds the aging period but is less than the overall aging time,
the offline time of the user is accumulated.
– When the accumulated offline time exceeds the overall aging time, it is considered that
the user has been offline.
l By default, the PPPoE aging period is 90s, and the overall aging time is 360s.
Procedure
Step 1 Run the security timeout command to set the time to detect exceptional disconnection of the
PPPoE users.
Step 2 Run the display security config command and you can find the information about the time to
detect the exceptional disconnection of the PPPoE users.
----End
Examples
To set the timeout total time for PPPoE users to 1800s, do as follows:
huawei(config)#security pppoe timeout 1800
Anti-dos function : disable
Anti-macspoofing function : disable



huawei(config)#security dhcp timeout 1800
23.8 Configuring the Black List

This topic describes how to configure a firewall black list, such as adding some IP addresses to
the firewall black list, so that the service packets from these IP addresses cannot pass the firewall.
Prerequisite
The ACL applied to the firewall function exists.
l The system supports up to 2000 items in a firewall black list.
l You can use the ACL rule when enabling the firewall black list function. In this case, the
priority level of the firewall black list is higher than that of the ACL rule. That is, the system
checks the firewall black list first, and then matches the ACL rule.
l The ACL rule used when the black list function is enabled can only be the advanced ACL
rule.
l The firewall black list function only takes effect to the service packets that are sent from
the user side.
Procedure
Step 1 Run the firewall blacklist item command to add a firewall black list item.
Step 2 Run the firewall blacklist enable command to enable the firewall black list item.
Step 3 Run the display firewall blacklist item command to show the configuration of the firewall black
list.
----End
Example
To add IP address 10.10.10.10 to a firewall black list with the aging time of 100 minutes, enable
the firewall black list function and apply ACL 3000, do as follows:
huawei(config)#firewall blacklist item 10.10.10.10 timeout 100
huawei(config)#firewall blacklist enable acl-number 3000
huawei(config)#display firewall blacklist item
{ <cr>|ip_addr<X.X.X.X> }:
Command:
display firewall blacklist item
Firewall blacklist items :
Current manual insert items : 1
Current automatic insert items : 0
Need aging items : 1
IP Reason AgeTime
---------------------------------------

10.10.10.10 Manual 100
Related Operations
Table 23-6 lists the related operations for configuring the firewall black list function.
Table 23-6 Related operations for configuring the firewall black list function
Disable the firewall black list undo firewall blacklist enable

function
Delete an item from a firewall undo firewall blacklist item

black list
23.9 Configuring the Firewall Function

This topic describes how to configure the firewall function to prohibit or allow the packets that
meet the criteria to pass the inband or outband management interface.
Prerequisites
The ACL applied to the firewall function already exists.
NOTE
This topic takes the operation of enabling the outband firewall function as an example to describe how to enable
the firewall function.
l Only one ACL can be configured respectively for the egress and ingress directions of the
inband or outband management interface.
l The ACL applied to the firewall function can be the basic ACL or the advanced ACL.
l The priority level of the ACL rule is superior to the default operation of firewall. That is,
the packets matching the ACL rule are handled based on the ACL rule, and those not
matching the rule are handled based on the default operation of firewall.
Figure 23-1 shows the flowchart for configuring the firewall function.

Figure 23-1 Flowchart for configuring the firewall function
Start
Enable the firewall function
Set the default operation of firewall
Apply ACL to the GE or ETH

port of the SCU board
End
Procedure
Step 1 Run the firewall enable command to enable the firewall function.
Step 2 Run the firewall default command to set the default operation of the firewall as deny.
Step 3 Run the interface meth 0 command to enter interface config mode.
Step 4 Run the firewall packet-filter command to apply ACL 2000 to the maintenance network port.
Step 5 Run the display firewall packet-filter statistics command and you can find the configuration.
----End
Example
To enable the firewall function, set the default operation of the firewall as deny, and apply ACL
2000 to the outband management interface to filter packets, do as follows:
huawei(config)#firewall enable
huawei(config)#firewall default deny
huawei(config-if-meth0)#firewall packet-filter 2000 inbound
huawei(config)#display firewall packet-filter statistics all
Interface: meth0
In-bound Policy: acl 2000
From 2008-02-16 10:00:26 to 2008-02-16 10:02:43
0 packets, 0 bytes, 0% permitted,
0 packets, 0 bytes, 0% denied,
0 packets, 0 bytes, 0% permitted default,
0 packets, 0 bytes, 0% denied default,
Totally 0 packets, 0 bytes, 0% permitted,
Totally 0 packets, 0 bytes, 0% denied.
Related Operation
Table 23-7 lists the related operation for configuring the firewall function.

Table 23-7 Related operation for configuring the firewall function
Disable the firewall undo firewall enable

function
23.10 Configuring an Accessible Address Segment

This topic describes how to configure the accessible address segment for the firewall of a
specified protocol type.
l The specified protocol types include: Telnet, SSH, and SNMP.
l Each firewall can be added with up to 10 address segments.
l When one address segment is added, the first address cannot be the same as the existed
one.
l When deleting one address segment, you can only input the first address of the address
segment.
Procedure
Step 1 Run the sysman ip-access command to add an accessible address segment.
Step 2 Run the display sysman ip-access telnet command to query the configuration of the accessible
address segment.
----End
Example
To add a legal address segment the refuse list of the telnet type, do as follows:
huawei (config)#sysman ip-access telnet 1.1.1.1 10.10.10.10
huawei(config)#display sysman ip-access telnet
IP-Access Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.1 10.10.10.10
--------------------------------------------
Related Operations
Table 23-8 lists the related operations for configuring an accessible address segment.
Table 23-8 Related operations for configuring an accessible address segment
Delete an accessible address segment undo sysman ip-access

Display the firewall configuration display sysman
23.11 Configuring the Inaccessible Address Segment

This topic describes how to add the inaccessible address segment for the firewall of the specified
protocol type.
l The protocol type that can be configured with the inaccessible address segment includes:
Telnet, SSH, SNMP.
l Each firewall is allowed to add ten address segments.
l When you add an address segment, the start address cannot be the same as an existing one.
l To delete an address segment, input the start address of the address segment.
Procedure
Step 1 Run the sysman ip-refuse command to configure the inaccessible address segment.
Step 2 Run the display sysman ip-refuse command to query configuration of the accessible address
segment.
----End
Example
To add a address segment to the telnet IP-refuse table, do as follows:
huawei(config)#sysman ip-refuse telnet 1.1.1.10 10.10.10.1
huawei(config)#display sysman ip-refuse telnet
IP-Refuse Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.10 10.10.10.1
--------------------------------------------
Related Operations
Table 23-9 lists the related operations for configuring the inaccessible address segment.
Table 23-9 Related operations for configuring the inaccessible address segment
Delete the inaccessible address undo sysman ip-refuse

segment
Display the configuration of firewall display sysman

SmartAX MA5600T Multi-service Access Module 24 P2P Fiber Access Service Configuration
24 P2P Fiber Access Service Configuration
About This Chapter
This topic describes the P2P fiber access technology and the method of configuring the P2P fiber
access service on the MA5600T.
NOTE
(s) directly.
first.
24.1 Overview
This topic consists of the service description and specification of the fiber access service.
24.2 Configuration Example of Fiber Access Service-Single Port for Single Service
This topic provides an example for accessing the Internet through the fiber.
24.3 Configuration Example of Fiber Access Service-Single Port for Multi-service
This topic provides an example for configuring triple play (data, voice and video) through a
single port for multi-service.
24.4 Setting the Port Auto-negotiation Mode
This topic describes how to set the auto-negotiation mode of an Ethernet port.
24.5 Setting the Port Duplex Mode
This topic describes how to set the duplex mode of an Ethernet port.
24.6 Setting the Port Rate
This topic describes how to set the rate of an Ethernet port.

24 P2P Fiber Access Service Configuration SmartAX MA5600T Multi-service Access Module
24.1 Overview
This topic consists of the service description and specification of the fiber access service.
Service Description
The MA5600T supports P2P network topology for fiber access to enable Ethernet access
convergence. In fiber access, the MA5600T provides 100 Mbit/s bandwidth for the users, which
is sufficient for the integrated video, voice and data applications.
For details on the fiber access, refer to "P2P FE Optical Access" in the MA5600T
Commissioning Guide.
The MA5600T supports fiber access through the high-density FE optical access board (OPFA).
The OPFA board provides 16 FE optical ports for single-fiber bi-directional transmission of
Ethernet frames.
24.2 Configuration Example of Fiber Access Service-Single

Port for Single Service
This topic provides an example for accessing the Internet through the fiber.
Networking
Figure 24-1 shows an example network for the fiber access-single port for single service.
In this example network, the PC connects to a service port on the OPFA board of the
MA5600T through an optical access modem. The P2P fiber access service-single port for single
service is realized in this way. The user data packets are transmitted to the MA5600T through
the modem, and then to the upper layer network through the upstream port on the control board.

Figure 24-1 Example network for the fiber access service-single port for single service
Router
10.1.1.1/24
O CON
GE 0/19/0
ETH
P ESC
F
A
SCU MA5600T
Modem
PC
Data Plan
Table 24-1 provides the data plan for configuring the fiber access service-single port for single
service.
Table 24-1 Data plan for configuring the fiber access service-single port for single service
Item Data Remarks
OPFA Service port: 0/11/0 -
VLAN ID: 10 Must be the same as that of the

upper layer device.
Downstream bandwidth: 100 Mbit/s Must meet the user's requirements.
SCU Upstream port: 0/9/0 -
IP address of the gateway: -

10.1.1.1/24
Figure 24-2 shows the flowchart for configuring the fiber access service-single port for single
service.

Figure 24-2 Flowchart for configuring the fiber access service-single port for single service
Start
Create a VLAN and add an

upstream port to it
Configure a traffic profile
Add a service port to the VLAN
Save the data
End
Procedure
Step 1 Create a VLAN and add an upstream port to it.
Step 2 Configure a traffic profile.

Package
Step 3 Add a service port to the VLAN and use traffic profile 8 for the port.
huawei(config)#service-port vlan 10 eth 0/11/0 rx-cttr 8 tx-cttr 8

huawei(config)#save
----End
Result
After the configuration, the fiber access user can access the Internet.
24.3 Configuration Example of Fiber Access Service-Single

Port for Multi-service
This topic provides an example for configuring triple play (data, voice and video) through a
single port for multi-service.

Networking
Figure 24-3 shows an example network for the fiber access service-single port for multi-service.
In this example network, the PC, Ephone and TV connect to a service port on the OPFA board
of the MA5600T through an optical access modem. The fiber access service-single port for multi-
service is realized in this way. The user data packets are transmitted to MA5600T through the
modem, and then to the upper layer network through the upstream port on the control board.
NOTE
User 1 (LAN switch 1) and user 2 (LAN switch 2) adopt the triple play network.
Figure 24-3 Example network for the fiber access service-single port for multi-service
OSS&Radius
Multicast server
source
NMS
GW
IPTV DHCP server
BRAS Router VoIP DHCP server

LAN switch
O O CON
ETH GE 0/19/0
P P ESC
F F
A A
SCU MA5600T
Modem Modem
LAN switch 1 LAN switch 2
DHCP PPPoE DHCP DHCP PPPoE DHCP
STB
STB
Ephone Ephone PC
PC TV TV
Data Plan
Table 24-2 provides the data plan for configuring the fiber access service-single port for multi-
service.

Table 24-2 Data plan for configuring the fiber access service-single port for multi-service
Item Data
OPFA Service port: 0/11/0 and 0/12/0
Downstream bandwidth Internet service: 10 Mbit/s
VoIP service: 10 Mbit/s
IPTV service: No limit
Upstream port 0/9/0
Upstream VLAN Internet service: Smart VLAN 102
VoIP service: Smart VLAN 103
IPTV service: Smart VLAN 104
User VLAN Internet service: VLAN 2
VoIP service: VLAN 3
IPTV service: VLAN 4
DHCP VoIP: DHCP option60 domain is voice and the gateway is

10.1.1.1.
DHCP server group 1 with IP addresses of 20.1.1.2 and
20.1.1.3
IPTV: DHCP option60 domain of the STB is video and the

gateway is 10.2.2.1.
DHCP server group 2 with IP addresses of 20.2.2.2 and
20.2.2.3.
Program library For program BTV-1, the multicast address is 224.1.1.1, and
the program source IP address is 10.10.10.10.
For program BTV-2, the multicast address is 224.1.1.2, and

the program source IP address is 10.10.10.10.
Authority profile Set profile0 with the right to watch BTV-1.
IGMP user User 1 (port 0/2/0) can watch all programs.
User 2 (port 0/3/0) can watch only BTV-1.
Priority 802.1p priority is adopted, with the VoIP service priority of

6, IPTV service priority of 5, and Internet service priority
of 1.

NOTE
l In this example, services are differentiated by user VLANs.

l If service data is differentiated according to the encapsulation type (IPoE/PPPoE) of the frames transmitted
from the user ports, then the configuration procedure is the same as that for differentiating services by user
VLANs, except that the selection of the encapsulation types are different.
l DHCP option60 domain values of the Set Top Box (STB) and Ethernet Phone (Ephone) vary with the
terminals. In the actual application, refer to the user guides of the STB and the Ephone.
l Run the dhcp domain command to set the DHCP domain name. The domain name configured is a character
string containing no space.
Figure 24-4 shows the flowchart for configuring the fiber access service-single port for multi-
service.
Figure 24-4 Flowchart for configuring the fiber access service-single port for multi-service
Start
Internet VoIP IPTV
Configure the VLAN and its Configure the VLAN and its Configure the VLAN and its
upstream port upstream port upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
Configure DHCP Relay Configure DHCP Relay
Configure IGMP Proxy
End
Procedure
Step 1 Configure the Internet service.
1. Create the VLAN and add the upstream port to it.
2. Configure the traffic profile.

Because the VoIP, IPTV and Internet services are transmitted through the same port, it is
necessary to set the 802.1p priority for each service. In general, the VoIP service has the
highest priority, and the Internet service has the lowest priority. In this example, set the
traffic profile index as 7, and the priority of the Internet service as 1.
huawei(config)#traffic table ip index 7 cir 10240 priority 1 priority-policy
pvc-Setting

3. Add the service port to the VLAN, and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 102 eth 0/11/0 multi-service user-vlan 2 rx-
cttr 7 tx-cttr 7
cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save
Step 2 Configure the VoIP service.


In this example, set the traffic profile index as 8 and the priority of the VoIP service as 6.
pvc-Setting
3. Add the service port to the VLAN, and use the traffic profile created in the previous step.
cttr 8 tx-cttr 8
cttr 8 tx-cttr 8
4. Configure DHCP relay.

The VoIP service and video service adopt DHCP mode. The DHCP option60 domain is
used to differentiate the service type. In this example, set the DHCP option60 domain of
the VoIP service as voice.
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3
huawei(config)#dhcp domain voice//Refer to the actual DHCP option 60 domain.
huawei(config-dhcp-domain-voice)#dhcp-server 1
huawei(config-dhcp-domain-voice)#quit
huawei(config-if-vlanif103)#dhcp domain voice gateway 10.1.1.1
5. Save the data.

huawei(config)#save
Step 3 Configure the IPTV service.


In this example, set the traffic profile index as 9 and the priority of the IPTV service as 5.
huawei(config)#traffic table ip index 9 cir off priority 5 priority-policy pvc-
Setting
3. Add the service port to the VLAN.
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC does not take effect.
Add the service port to the VLAN, and use the traffic profile 9.

huawei(config)#service-port 20 vlan 104 eth 0/11/0 multi-service user-vlan 4

rx-cttr 9 tx-cttr 9
huawei(config)#service-port 20 vlan 104 eth 0/12/0 multi-service user-vlan 4
rx-cttr 9 tx-cttr 9

In this example, set the DHCP option60 domain of the IPTV service as video.
huawei(config)#dhcp domain video//Refer to the actual DHCP option 60 domain.
huawei(config-dhcp-domain-video)#dhcp-server 2
huawei(config-if-vlanif104)#dhcp domain video gateway 10.2.2.1
5. Set multicast data.

huawei(config)#multicast-vlan 104
huawei(config-mvlan104)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
huawei(config-mvlan4)#igmp uplink-port 0/9/0
huawei(config-mvlan4)#quit
huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode default
Are you sure to change the uplink port mode?(y/n)[n]:y
huawei(config-mvlan104)#igmp program add name BTV-1 ip 224.1.1.1 sourceip

10.10.10.10
huawei(config-mvlan104)#igmp program add name BTV-2 ip 224.1.1.2 sourceip
10.10.10.10
huawei(config)#btv
huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1 watch
huawei(config-btv)#igmp policy service-port 20 normal

huawei(config-btv)#igmp user add port 0/11/0 user-vlan 4 no-auth max-program 8

huawei(config-btv)#igmp user add port 0/12/0 user-vlan 4 auth
huawei(config-btv)#igmp user bind-profile port 0/12/0 profile-name profile0
huawei(config-btv)#multicast-vlan 104
huawei(config-mvlan104)#igmp multicast-vlan member port 0/11/0
6. Save the data.

huawei(config)#save
----End
Result
After the configuration of the corresponding upstream/downstream devices, the following three
services run in the normal state:
l The Internet user can access the Internet in PPPoE dial mode.
l The VoIP user can make a call.

l The IPTV user connected to port 0/11/0 can watch all programs, and the user connected to
0/12/0 can watch BTV-1 only.
24.4 Setting the Port Auto-negotiation Mode

This topic describes how to set the auto-negotiation mode of an Ethernet port.
By default, the auto-neg switch is disabled.
Procedure
Step 1 Run the interface opf command to enter OPF mode.
Step 2 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port.
Step 3 Run the display port state command to query the configuration of the Ethernet port.
----End
Example
To disable the auto-negotiation mode of Ethernet port 0/11/0 on the OPFA board, do as follows:
huawei(config)#interface opf 0/11
huawei(config-if-opf-0/11)#auto-neg 0 enable
huawei(config-if-opf-0/11)#display port state 0
Optics module status is absence
The port is active
Ethernet port is offline
Ethernet port duplex is auto-negotiation
Ethernet port rate is auto-negotiation
24.5 Setting the Port Duplex Mode

l The duplex of the Ethernet port on the OPFA board supports full duplex and auto-
negotiation. However even if the port duplex mode is set to auto-negotiation, the Ethernet
port on the OPFA board is also auto-negotiated to full duplex mode.
l When setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet
port must be the same as that of the interconnected port on the peer device.
l To change the duplex mode of a port, you need to run the auto-neg command to disable
the auto-negotiation mode of the port first.
l By default, the FE optical port is in full duplex mode.
Procedure

Step 2 Run the auto-neg command to disable the auto-negotiation mode.

Step 3 Run the duplex command to set the duplex mode of the Ethernet port.
----End
Example
To change the auto-negotiation mode of Ethernet port 0/11/0 to full duplex, do as follows:
huawei(config-if-opf-0/11)#auto-neg 0 disable
huawei(config-if-opf-0/11)#duplex 0 full
The port is active
Ethernet port is full duplex
Ethernet port rate is 100M
24.6 Setting the Port Rate

l When a port is in auto-negotiation state, you must run the auto-neg command to disable
the auto-negotiation mode before you set the port rate.
l The required rate of the Ethernet port on the OPFA board must be 100 Mbit/s. You can run
the speed command to set the rate to 100 Mbit/s directly, or set it to 100 Mbit/s by auto-
negotiation.
l By default, the rate of an Ethernet rate is 100 Mbit/s.
Procedure
Step 2 Run the auto-neg command to disable the auto-negotiation mode.
Step 3 Run the speed command to set the rate of the Ethernet port.
----End
Example
To set the rate of Ethernet port 0/11/0 to 100 Mbit/s, do as follows:
huawei(config-if-opf-0/11)#auto-neg 0 disable
huawei(config-if-opf-0/11)#speed 0 100
The port is active

Ethernet port duplex is auto-negotiation

Ethernet port rate is auto-negotiation

SmartAX MA5600T Multi-service Access Module 25 GPON Service Configuration
25 GPON Service Configuration
About This Chapter
This topic describes the GPON technology and the method of configuring the GPON service on
the MA5600T.
NOTE
(s) directly.
first.
25.1 Overview
This topic describes the GPON service and its specification.
25.2 Configuration Example of the GPON Service
This topic provides an example for configuring the MA5600T to provide users with high-speed
Internet services when the MA5600T connects to the remote ONTs through the GPON ports.
25.3 Adding a DBA Profile
This topic describes how to add a DBA profile. The DBA profile describes the traffic parameters
of the T-CONT. You can control the traffic of a T-CONT by binding the T-CONT with a
specified DBA profile.
25.4 Binding a DBA Profile
This topic describes how to bind a DBA profile with one or more T-CONTs. After this operation
is executed successfully, the system controls the traffic of the T-CONT according to the
parameters of the DBA profile.
25.5 Adding an Alarm Profile
This topic describes how to add an alarm profile which contains majority of performance
parameters of the ONT line. After an alarm profile is added and bound with an ONT, it can be
directly referenced to activate the ONT.
25.6 Adding a GEM Port

25 GPON Service Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to add a GEM port. The GEM port is contained in a T-CONT and is
used to carry service streams.
25.7 Configuring a GPON Port
This topic describes how to configure a GPON port.
25.8 Configuring a GPON ONT
This topic describes how to configure a GPON ONT.

25.1 Overview
This topic describes the GPON service and its specification.
Service Description
GPON is an access technology used to provide flexible broadband and narrowband access
services.
The GPON technology supports the following:
l Broadband access with ultra-high-bandwidth
l Multiple rate modes
l Multiple services, such as voice, data, and video services over a single fiber
For details on the GPON access, refer to "GPON Access" in the MA5600T Feature
Description.
The MA5600T provides the GPON service through the GPBC board. Each GPBC board can
provide four GPON ports. Each port supports a 1:64 split ratio. Therefore, a GPBC board can
support up to 256 ONTs.
25.2 Configuration Example of the GPON Service

This topic provides an example for configuring the MA5600T to provide users with high-speed
Internet services when the MA5600T connects to the remote ONTs through the GPON ports.
Prerequisites
l The VLAN of the interface of the upper layer device must be consistent with the VLAN
configured on the upstream port of the MA5600T.
There are multiple application scenarios for the GPON service, such as Fiber To The Home
(FTTH), Fiber To The Building (FTTB), and Fiber to the Curb (FTTC). The basic configuration
procedures for these application scenarios are the same and only the configuration data varies.
In this topic, the basic configuration of the Internet service in the FTTH scenario is considered
as an example. Table 25-1 lists the configurations of the GPON service in different application
scenarios.

Table 25-1 Configurations of the GPON service in different application scenarios

Application Network Mode Configuration
Scenario
FTTH The ONT is installed in the l In the triple play service application,
users' home to provide the configure different T-CONTs and GEM
Ethernet port and the phone ports for the three kinds of services to
port so that users can access isolate their traffic. Besides, configure
multiple services. user-side VLANs to differentiate
services.
l Whether the terminals, such as a PC and
an STB connected to the ONT support
VLAN tags determines the following:
– Whether to keep the port VLAN and
native VLAN consistent
– Whether to add VLAN tags to the
data packets received by the ONT
– Whether to remove VLAN tags from
the data packets sent by the ONT
FTTB The ONT is installed in the l To configure Internet services for home
corridor. It can be connected users, configure different VLANs for
to an L2 switch to provide each port of the ONT if the ONT
more Ethernet ports, thus connects to multiple users, the users
providing the access service cannot communicate with each other,
for more users. and each user is authenticated
independently. It is recommended to
configure different T-CONTs and GEM
ports for different users to isolate their
traffic.
l In the small office and home office
(SOHO) network, the L2 switch is
connected to the ONT. In this case, it is
recommended to configure different T-
CONTs and GEM ports for the services
of each port of the ONT.
l When the L2 switch is connected to the
ONT, the data received on a port of the
ONT carry VLAN tags. In this case, no
native VLAN needs to be configured
for the ONT port. However, the user-
side VLAN must be consistent with the
VLAN tag of the data.
FTTC The ONT and a mini DSLAM Configure the service ports on the
device or a mini DSLAM MA5600T according to the upstream
device with the GPON VLAN of the mini DSLAM device.
upstream transmission Because the traffic volume in each service
function are installed in the port is high, it is recommended to
street cabinet to provide the configure a unique T-CONT and a unique
access service for more users. GEM port for each service port.

Networking
Figure 25-1 shows an example network for configuring the GPON service.
In the networking, the PC connects to the FE port of the ONT, the user data frames are added
with the VLAN tag (user-side VLAN) on the FE port of the ONT, and the user data is transmitted
to different service channels based on the user-side VLAN. The MA5600T switches the user-
side VLAN tag to the upstream VLAN tag, and transmits the data out over the upstream port.
Figure 25-1 Example network for configuring the GPON service
Router
MA5600T SCU
G CON GE 0/19/0
ETH
P
ESC
B
C
Optical
splitter
ONT
Level-2 split ratio
1:32
PC
Figure 25-2 shows the flowchart for configuring the GPON service.

Figure 25-2 Flowchart for configuring the GPON service

Start
Create a VLAN
Add an upstream port
No
Is there an appropriate Add an ONT
ONT profile?
Add an ONT profile
Yes Bind the alarm profile
No Bind the DBA profile

Is there an appropriate
traffic profile?
Add a traffic profile Specify VLANs for ONT ports
Yes
Configure a GEM port

No
DBA profile? Bind the GEM port with ONT
T-CONT
Yes Add a DBA profile
Map the GEM port with
the service stream
No Add a service port

alarm profile?
Add an alarm profile Save the data

Yes
End
Data Plan
Table 25-2 provides the data plan for configuring the GPON service.
Table 25-2 Data plan for configuring the GPON service

Item Data
Smart VLAN VLAN ID: 100
Upstream port 0/9/0
DBA profile Index: 10
Profile type: type1

Item Data
Traffic profile Index: 8

CIR: 10 Mbit/s
Index: 5 (default)
CIR: 2 Mbit/s
ONT ONT ID: 0

ONT authentication mode: serial number + authentication
password (SN-auth)
l ONT serial number: hwhw-10101010
l ONT authentication password: huawei
ONT profile: 2 (default ONT capability set profile)
ONT port connected to the PC: FE port 0; user-side VLAN
10
GEM port Port: 0/11/1

GEM port ID: 150
T-CONT ID: 1
Procedure
Step 2 Add an upstream port.

Step 3 Add a traffic profile.

Packag
Step 4 Add a DBA profile.

huawei(config)#DBA-profile add profile-id 10 type1 fix 102400
Step 5 Configure an alarm profile.

l To configure the alarm threshold parameters for monitoring the performance statistics of an
activated ONT line, run the gpon alarm-profile add command to configure a GPON alarm
profile.
l The system has a default GPON alarm profile, namely alarm profile 1. Every alarm threshold
value of the profile is 0, which means that no alarm is reported.
l This example uses the default alarm profile. No configuration is needed.
Step 6 Add an ONT.

NOTE
l To add an ONT, you can run the ont add command to add it offline, or run the ont confirm command to
confirm an automatically found ONT.
l Run the port ont-auto-find command in GPON mode to enable the function of automatically finding an
ONT.
id 2
NOTE
In this example, the ONT uses the default capability set profile (profile 2). You can run the ont-profile add
command to configure an ONT capability set profile on demand.
Step 7 Bind the alarm profile.

huawei(config-if-gpon-0/2)#ont alarm-profile 1 0 profile-id 1
Step 8 Bind the DBA profile.


Step 10 Configure a GEM port.

huawei(config-if-gpon-0/2)#gemport add 1 gemportid 150 eth
Step 11 Bind the GEM port with an ONT T-CONT.

NOTE
If the ONT does not support the priority queue scheduling, you can adopt the CAR mode for rate limitation
when configuring the binding between a GEM port and an ONT T-CONT.
huawei(config-if-gpon-0/2)#ont gemport bind 1 0 150 1 priority-queue 3
Step 12 Map the GEM port with the service stream.

Step 13 Add a service port.


huawei(config)#save
----End
Result
After the configuration, the MA5600T can transmit user data at L2 and the user can access the
Internet.
25.3 Adding a DBA Profile

This topic describes how to add a DBA profile. The DBA profile describes the traffic parameters
of the T-CONT. You can control the traffic of a T-CONT by binding the T-CONT with a
specified DBA profile.

l The MA5600T supports up to 512 DBA profiles.
l DBA profiles 1–9 are the default DBA profiles that are configured with typical traffic
parameters. The default DBA profiles can be queried and modified, but they cannot be
added or deleted.
l When you add a DBA profile, the system adjusts the bandwidth value that you enter
downwards to a multiple of 64.
l The traffic value configured in the DBA profile is the traffic volume of GEM frames after
data encapsulation. The actual traffic value of data packets is less than the value configured
in the DBA profile.
Procedure
Step 1 Run the DBA-profile add command to add a DBA profile.
Step 2 Run the display DBA-profile command to query the information on the DBA profile.
----End
Example
To add a DBA profile with the ID of 30 and the fixed bandwidth of 100 Mbit/s, do as follows:
{ <cr>|bandwidth_compensate<K> }:
Command:
DBA-profile add profile-id 30 type1 fix 102400
huawei(config)#display DBA-profile profile-id 30

----------------------------------------------------------------------------
Profile-name : DBA-profile_30
Profile-ID: 30
type: 1
Bandwidth compensation: No
Fix(kbps): 102400
Assure(kbps): 0
Max(kbps): 0
bind-times: 0
----------------------------------------------------------------------------
Related Operations
Table 25-3 lists the related operations for adding a DBA profile.
Table 25-3 Related operations for adding a DBA profile
Delete a DBA profile DBA-profile delete l Only the DBA profile that is
not referenced can be
deleted.
l The default DBA profile
cannot be deleted.

Modify a DBA profile DBA-profile modify The bound profile cannot be

modified.
25.4 Binding a DBA Profile

This topic describes how to bind a DBA profile with one or more T-CONTs. After this operation
is executed successfully, the system controls the traffic of the T-CONT according to the
parameters of the DBA profile.
l You can bind a DBA profile with one or more T-CONTs only after an ONT is added.
l By default, T-CONT 0 of the ONT is reserved for the Optical Network Termination
Management and Control Interface (OMCI), and it is bound with DBA profile 1. For the
OMCI T-CONT, the recommendations are as follows:
– It is recommended not to modify the DBA profile bound with the T-CONT. To modify
it if necessary, make sure that the fixed bandwidth for the new profile is equal to or
larger than 5 Mbit/s.
– It is recommended not to bind any the GEM port with the T-CONT, that is, not to bear
no service on the T-CONT.
Procedure
Step 1 Run the tcont bind-profile command to bind a T-CONT with a profile.
Step 2 Run the display ont info command to query the information on the ONT.
----End
Example
To bind DBA profile 12 with T-CONT 7 on ONT 0 under port 0/3/0, do as follows:
huawei(config-if-gpon-0/3)#display ont info 0 0
------------------------------------------------------------------------------
F/S/P : 0/3/0
ONT-ID : 0
Control flag : active
Run state : down
Config state : initial
Match state : Initial
DBA type : NSR
Loop mode : disable
ONT RTD(us) : -
Ont Profile ID : 1
Authentic type : SN-auth
SN : hwhw-10101010
Description : ONT_NO_DESCRIPTION
------------------------------------------------------------------------------
----------------------------------------------
T-CONT-ID T-CONT profile Alloc-ID
----------------------------------------------
0 1 0

1 1 256
7 12 1792
----------------------------------------------
Related Operation
Table 25-4 lists the related operation for binding a DBA profile.
Table 25-4 Related operation for binding a DBA profile
Unbind one or more T- undo tcont bind-profile A T-CONT cannot be unbound

CONTs from a DBA profile when the
T-CONT is configured with
the GEM port.
25.5 Adding an Alarm Profile

This topic describes how to add an alarm profile which contains majority of performance
parameters of the ONT line. After an alarm profile is added and bound with an ONT, it can be
directly referenced to activate the ONT.
The ONT alarm profile consists of a series of alarm threshold parameters. It is used to monitor
the performance statistics of the ONT line. When a statistic reaches the related alarm threshold,
the host is notified of this information, and then the host reports an alarm to the log host and the
NMS.
l The MA5600T supports up to 50 alarm profiles.
l There is a default alarm profile (profile 1) in the system. It cannot be deleted but can be
modified.
Procedure
Step 1 Run the gpon alarm-profile add command to add an alarm profile.
Step 2 Run the display gpon alarm-profile command to query the information on the alarm profile.
----End
Example
To add alarm profile 2, do as follows:
huawei(config)#gpon alarm-profile add profile-id 2
{ <cr>|profile-name<K> }:
Command:
gpon alarm-profile add profile-id 2
> GEM port loss of packets threshold (0~100)[0]: 20
> GEM port misinserted packets threshold (0~100)[0]: 30
> GEM port impaired blocks threshold (0~100)0[0]: 40

> Ethernet FCS errors threshold (0~100)[0]: 50

> Ethernet excessive collision count threshold (0~100)[0]: 49
> Ethernet late collision count threshold (0~100)[0]: 22
> Too long Ethernet frames threshold (0~100)[0]: 22
> Ethernet buffer (Rx) overflows threshold (0~100)[0]: 22
> Ethernet buffer (Tx) overflows threshold (0~100)[0]: 22
> Ethernet single collision frame count threshold (0~100)[0]: 32
> Ethernet multiple collisions frame count threshold (0~100)[0]: 32
> Ethernet SQE count threshold (0~100)[0]: 33
> Ethernet deferred transmission count threshold (0~100)[0]: 33
> Ethernet internal MAC Tx errors threshold (0~100)[0]: 33
> Ethernet carrier sense errors threshold (0~100)[0]: 33
> Ethernet alignment errors threshold (0~100)[0]: 33
> Ethernet internal MAC Rx errors threshold (0~100)[0]: 33
> PPPOE filtered frames threshold (0~100)[0]: 33
> MAC bridge port discarded frames due to delay threshold (0~100)[0]: 33
> MAC bridge port MTU exceeded discard frames threshold (0~100)[0]: 33
> MAC bridge port received incorrect frames threshold (0~100)[0]: 33
> CES error time threshold(0~100)[0]: 33
> CES severely time threshold(0~100)[0]: 33
> CES bursty time threshold(0~100)[0]: 33
> CES controlled slip threshold(0~100)[0]: 33
> CES unavailable time threshold(0~100)[0]: 33
huawei(config)#display gpon alarm-profile profile-id 2
-----------------------------------------------------------------------
Profile ID: 2 Name: alarm-profile_2
-----------------------------------------------------------------------
Alarm Profile Bind Times: 1
GEM port loss of packets threshold: 20
GEM port misinserted packets threshold: 30
GEM port impaired blocks threshold: 40
Ethernet FCS errors threshold: 50
Ethernet excessive collision count threshold: 49
Ethernet late collision count threshold: 22
Too long Ethernet frames threshold: 22
Ethernet buffer (Rx) overflows threshold: 22
Ethernet buffer (Tx) overflows threshold: 22
Ethernet single collision frame count threshold: 32
Ethernet multiple collisions frame count threshold: 32
Ethernet SQE count threshold: 33
Ethernet deferred transmission count threshold: 33
Ethernet internal MAC Tx errors threshold: 33
Ethernet carrier sense errors threshold: 33
Ethernet alignment errors threshold: 33
Ethernet internal MAC Rx errors threshold: 33
PPPOE filtered frames threshold: 33
MAC bridge port discarded frames due to delay threshold: 33
MAC bridge port MTU exceeded discard frames threshold: 33
MAC bridge port received incorrect frames threshold: 33
CES error time threshold: 33
CES severely time threshold: 33
CES bursty time threshold: 33
CES controlled slip time threshold: 33
CES unavailable time threshold: 33
-----------------------------------------------------------------------
Related Operations
Table 25-5 lists the related operations for adding an alarm profile.
Table 25-5 Related operations for adding an alarm profile
Delete an alarm profile gpon alarm-profile delete The alarm profile bound with
an ONT cannot be deleted.

Modify an alarm profile gpon alarm-profile modify The alarm profile bound with
an ONT cannot be modified.
Bind/Unbind an alarm [undo] ont alarm-profile l To bind an ONT with an

profile with/from an ONT alarm profile, make sure that
the alarm profile exists.
l When a board is online, the
command is delivered to the
board. When a board is
offline, the board is
configured offline.
l When a board is prohibited
or being configured, binding
or unbinding an alarm
profile with/from the ONT
fails.
25.6 Adding a GEM Port

This topic describes how to add a GEM port. The GEM port is contained in a T-CONT and is
used to carry service streams.
l To add a GEM port, you must select the correct attribute based on the service type. For
example, when the GEM port is used to carry the TDM service, the attribute must be TDM.
l The ONT can bear services only after the mapping between GEM ports and T-CONTs, and
the mapping between GEM ports and service streams are configured on the ONT.
l The system supports up to 16K GEM ports, with up to 8K GEM ports for each board and
with up to 3872 GEM ports for each PON port.
l The system supports up to 16K service streams, with up to 8K service streams for each
board and with up to eight service streams for each GEM port.
l Each smart VLAN supports up to 256 service streams.
Procedure
Step 1 Run the interface gpon command to enter GPON mode.
Step 2 Run the gemport add command to add a GEM port.
Step 3 Run the display gemport command to query the information on the GEM port.
----End
Example
To add GEM port 140 to port 0/2/1, with service type eth and downstream encryption switch
on, do as follows:


huawei(config-if-gpon-0/2)#gemport add 1 gemportid 140 eth encrypt on
huawei(config-if-gpon-0/2)#display gemport 1 gemportid 140
-----------------------------------------
GEM port-ID Serv-Type Encrypt
-----------------------------------------
140 ETHERNET on
-----------------------------------------
Related Operations
Table 25-6 lists the related operations for adding a GEM port.
Table 25-6 Related operations for adding a GEM port

Delete a GEM port gemport delete The GEM ports that are bound with
service ports cannot be deleted.
Modify a GEM port gemport modify For a bound GEM port, the
encryption attribute can be modified,
but the GEM port type cannot be
modified.
25.7 Configuring a GPON Port

This topic describes how to configure a GPON port.
25.7.1 Enabling the FEC Function on a PON Port

This topic describes how to enable the FEC function on a PON port to perform FEC on data
frames and enhance the reliability of data transmission.
25.7.2 Disabling the Laser on a PON Port
This topic describes how to disable the laser on a PON port.
25.7.1 Enabling the FEC Function on a PON Port

This topic describes how to enable the FEC function on a PON port to perform FEC on data
frames and enhance the reliability of data transmission.
l By default, the FEC function on a PON port is disabled.
l FEC involves adding redundant data to normal packets to grant error tolerance to the line.
FEC, however, uses a lot of bandwidth resources.
l When multiple ONTs are online, enabling the FEC function on a PON port may cause
certain ONTs to go offline. Therefore, it is not recommended to enable the FEC function
on a PON port when some ONTs are online.

Procedure
Step 1 Run the port portid fec command to enable or disable the FEC function on a PON port.
Step 2 Run the display port info command to query the configuration of the port.
----End
Example
To enable the FEC function on PON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 fec enable
The command for port configuration is executed successfully, PORT = 0
Thuawei(config-if-gpon-0/2)#display port info 0
----------------------------------------
F/S/P 0/2/0
Min distance(km) 15
Max distance(km) 20
Left bandwidth(kb) 1223040
Number of T-CONTs 3
Autofind Enable
FEC check Enable
Laser switch Off
ONT secret key interval(h) Disable
----------------------------------------
25.7.2 Disabling the Laser on a PON Port

This topic describes how to disable the laser on a PON port.
By default, the laser on a PON port of the MA5600T is enabled.
NOTE
Before disabling the laser, ensure that the PON port bears no service.
Procedure
Step 1 Run the port portid laser-switch command to enable or disable the laser on a PON port.
Step 2 Run the display port info command to query the configuration of the port.
----End
Example
To disable the laser on PON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 laser-switch off
huawei(config-if-gpon-0/2)#display port info 0
----------------------------------------
F/S/P 0/2/0
Min distance(km) 15
Max distance(km) 20
Number of T-CONTs 3
Autofind Enable
FEC check Disable
Laser switch Off


----------------------------------------
25.8 Configuring a GPON ONT

This topic describes how to configure a GPON ONT.
25.8.1 Adding a GPON ONT

This topic describes how to add a GPON ONT.
25.8.2 Activating a GPON ONT
This topic describes how to activate a GPON ONT. The ONT can transmit service streams only
after it is activated.
25.8.3 Enabling the ONT Auto-find Function of a GPON Port
This topic describes how to enable the ONT auto-find function of a GPON port. After this
function is enabled, the board delivers the SN request periodically. The online ONT reports the
SN information to the board and the board then applies for an ONT address to the host.
25.8.4 Setting the Aging Time of the ONT Auto-find Function
This topic describes how to set the aging time of the ONT auto-find function. If an automatically
found ONT is not confirmed before the aging time expires, the registration information of the
ONT is deleted from the registration buffer.
25.8.5 Confirming an Automatically Found ONT
This topic describes how to confirm an ONT that is automatically found under a GPON port.
25.8.6 Setting the Minimum and Maximum Logical Reach
This topic describes how to set the minimum and maximum logical reach of an ONT under a
GPON port.
25.8.1 Adding a GPON ONT

This topic describes how to add a GPON ONT.
A GPON port supports up to 64 ONTs.
Procedure
Step 1 Run the ont add command to add a GPON ONT.
Step 2 Run the display ont info command to query the information on the GPON ONT.
----End
Example
l The SN of ONT 2: hwhw-66666666
l Authentication mode: password-auth
l Password: huawei

l ONT profile bound: 1

To add ONT 2 to port 0/2/0, do as follows:
id 1
huawei(config-if-gpon-0/2)#display ont info 0 2
------------------------------------------------------------------------------
F/S/P : 0/2/0
ONT-ID : 2
Control flag : active
Run state : down
Config state : initial
Match state : initial
DBA type : NSR
Loop mode : disable
ONT RTD(us) : -
Ont Profile ID : 1
Authentic type : password-auth
SN : hwhw-66666666
Password : huawei
Description : ONT_NO_DESCRIPTION
------------------------------------------------------------------------------
----------------------------------------------
T-CONT-ID T-CONT profile Alloc-ID
----------------------------------------------
0 1 2
----------------------------------------------
Related Operations
Table 25-7 lists the related operations for adding a GPON ONT.
Table 25-7 Related operations for adding a GPON ONT
Delete a GPON ONT ont delete l An ONT can be deleted only when it
has no service channel bound with a
T-CONT.
l If an ONT is deleted, the
configuration of the physical ports on
the ONT is also deleted.
Modify a GPON ont modify -

ONT
25.8.2 Activating a GPON ONT

This topic describes how to activate a GPON ONT. The ONT can transmit service streams only
after it is activated.
l By default, an ONT is in the activated state after it is added.
l When an ONT is deactivated, the service of the ONT is interrupted. To resume the service
of the ONT, activate the ONT.

l If the control flag of an ONT is active, or if the ONT is in the fault state, the activation
command fails to be delivered to activate the ONT.
l If a board is prohibited or is being configured, the activation command fails to be delivered
to activate an ONT connected to the board.
l If the board fails, it is configured offline.
Procedure
Step 1 Run the ont activate command to activate an ONT.
Step 2 Run the display ont info command to query the information on the ONT.
----End
Example
To activate ONT 0 under port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#ont activate 0 0
huawei(config-if-gpon-0/2)#display ont info 0 all
----------------------------------------------------------------------------
F/S/P ONT-ID SN Control Run Config Match DBA
Flag State State State Type
----------------------------------------------------------------------------
0/2/0 0 hwhw-00140000 active down initial Initial NSR
0/2/0 2 hwhw-66666666 active down initial Initial NSR
------------------------------------------------------------------------------
In port 0, the total of ONTs are: 2
Related Operation
Table 25-8 lists the related operation for activating a GPON ONT.
Table 25-8 Related operation for activating a GPON ONT

Command...
Deactivate a GPON ont deactivate Run the ont deactivate command to

ONT deactivate an ONT in the following cases:
l The ONT fails and you need to deactivate
the ONT to locate the fault.
l You need to prohibit services on the
ONT.
25.8.3 Enabling the ONT Auto-find Function of a GPON Port

This topic describes how to enable the ONT auto-find function of a GPON port. After this
function is enabled, the board delivers the SN request periodically. The online ONT reports the
SN information to the board and the board then applies for an ONT address to the host.

By default, the ONT auto-find function of a GPON port is disabled.
Procedure
Step 1 Run the port ont-auto-find command to configure the ONT auto-find function of a GPON port.
Step 2 Run the display port info command to query the information on the ONT.
----End
Example
To enable the ONT auto-find function of GPON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 ont-auto-find enable
----------------------------------------
F/S/P 0/2/0
Min distance(km) 0
Max distance(km) 20
Number of T-CONTs 1
Autofind Enable
FEC check Disable
Laser switch On
----------------------------------------
Related Operations
Table 25-9 lists the related operations for enabling the ONT auto-find function of a GPON port.
Table 25-9 Related operations for enabling the ONT auto-find function of a GPON port
Disable the ONT auto- port portid ont-autofind disable -

find function of a
GPON port
Set the aging time of ont autofind timeout Run the command in
the ONT auto-find global config mode.
function
Set the interval for ont autofind distance-time Run the command in
automatically finding global config mode.
an ONT
25.8.4 Setting the Aging Time of the ONT Auto-find Function

This topic describes how to set the aging time of the ONT auto-find function. If an automatically
found ONT is not confirmed before the aging time expires, the registration information of the
ONT is deleted from the registration buffer.

l By default, the aging time of the ONT auto-find function is 300 seconds.
l The aging time helps to prevent the ONT registration failure due to the full registration
buffer.
Procedure
Step 1 Run the ont autofind timeout command to set the aging time of the ONT auto-find function.
Step 2 Run the display ont autofind time command to query the aging time of the ONT auto-find
function.
----End
Example
To set the aging time of the ONT auto-find function to 150s, do as follows:
huawei(config)#ont autofind timeout 150
huawei(config)#display ont autofind time
Ageing time of the automatically found ONTs: 150
The value of auto-find interval: 5
Related Operations
Table 25-10 lists the related operations for setting the aging time of the ONT auto-find function.
Table 25-10 Related operations for setting the aging time of the ONT auto-find function
Set an interval for ont autofind distance-time Run the command in global
automatically finding config mode.
an ONT
Query the information display ont autofind all Run the command in global
on the ONTs config mode.
automatically found
by all ports
Query the information display ont autofind portid Run the command in GPON
on the ONTs mode.
automatically found
by a specified port
25.8.5 Confirming an Automatically Found ONT

This topic describes how to confirm an ONT that is automatically found under a GPON port.

l When the ONT auto-find function is enabled on a port, and if a new ONT gets online, the
system reports a message to the user to confirm the new ONT.
l An automatically found ONT is in the auto_find state and can work in the normal state only
after it is confirmed.
l You can confirm one or more ONTs that are automatically found under a port at a time.
Procedure
Run the ont confirm command to confirm the automatically found ONTs.
----End
Example
To confirm all ONTs that are automatically found under port 0/2/0 and bind capability profile
1 with them, do as follows:
huawei(config-if-gpon-0/2)#ont confirm 0 all profile-id 1
Related Operations
Table 25-11 lists the related operations for confirming an automatically found ONT.
Table 25-11 Related operations for confirming an automatically found ONT
Query the information display ont autofind all Run the command in global
on the ONTs config mode.
automatically found
by all ports
Query the information display ont autofind portid Run the command in GPON
on the ONTs mode.
automatically found
by a specified port
Clear the information ont cancel portid l Run the command in GPON
on the auto-found mode.
ONTs l You can clear the information
about the auto-found ONTs
that are not confirmed. The
information does not exist
after it is cleared. If the ONT
gets online next time, the
system saves its information
for the user to confirm it.

25.8.6 Setting the Minimum and Maximum Logical Reach

This topic describes how to set the minimum and maximum logical reach of an ONT under a
GPON port.
l By default, the minimum logical reach is 0 km, and the maximum logical reach is 60 km.
l The maximum logical reach must be larger than the minimum logical reach. The maximum
differential fiber distance between the farthest and the nearest ONTs is 20 km.
l The configuration granularity is 1 km.
Procedure
Step 1 Run the port range command to set the minimum and maximum logical reach.
Step 2 Run the display port info command to query the information on the port.
----End
Example
To set the minimum and maximum logical reach of the ONT under port 0/2/0 to 10 km and 15
km respectively, do as follows:
huawei(config-if-gpon-0/2)#port 0 range min-distance 10 max-distance 15
This command will result in the ONT's re-register in the port.
Are you sure to execute this command? (y/n)[n]:y
----------------------------------------
F/S/P 0/2/0
Min distance(km) 10
Max distance(km) 15
Number of T-CONTs 0
Autofind Disable
FEC check Disable
Laser switch On
----------------------------------------

SmartAX MA5600T Multi-service Access Module 26 Protection Configuration for Upstream Link
26 Protection Configuration for Upstream

Link
About This Chapter
This topic describes the mechanism of upstream link protection and the method of configuring
the upstream link protection on the MA5600T.
NOTE
(s) directly.
first.
26.1 Overview
This topic describes the service protection mechanism of the uplink on the MA5600T to enhance
the reliability of the service transmission.
26.2 Configuration Example of the Upstream Link Protection
This topic provides an example for configuring the upstream link protection to improve the
service transmission reliability.
26.3 Configuring a Protection Group
This topic describes how to configure a protection group. When the protection group is
configured, if the services are interrupted due to the physical disconnection to the upper layer
device, the MA5600T automatically uses the standby line to transmit the user data.

26 Protection Configuration for Upstream Link SmartAX MA5600T Multi-service Access Module
26.1 Overview
This topic describes the service protection mechanism of the uplink on the MA5600T to enhance
the reliability of the service transmission.
Service Description
l The broadband access service of Internet becomes more and more popular, and users
demand for both high performance and stable network access. As a result, carriers prefer
the broadband access equipment that runs stably and has better automatic protection and
self-healing capability.
l The MA5600T adopts the active/standby mechanism to ensure the normal operation of the
service. In addition, it is designed with the service protection mechanism of the upstream
port. When the MA5600T is disconnected with the upper layer device physically, the
MA5600T uses the standby line to transmit the user services so that the services can recover
quickly.
The MA5600T provides two detection modes of the active/standby switchover to achieve the
service protection of the upstream port.
l Port status detection mode: It means the two ports of a protection group, or the Tx ports of
the two boards are enabled. The port status determines whether to implement switchover.
l Delay detection mode: It means only one Tx port in a protection group is enabled, and the
other one is disabled. If the status of the enabled Tx port is DOWN, disable the port. Then,
enable the other Tx port. If the status of the other Tx port is UP, then switchover is
performed. Otherwise, detection proceeds.
26.2 Configuration Example of the Upstream Link

Protection
This topic provides an example for configuring the upstream link protection to improve the
service transmission reliability.
Two upstream ports can be in the same upstream board or in different upstream boards, but must
be of the same port type.
Networking
Figure 26-1 shows an example network for configuring the upstream link protection.
Configure the two upstream ports on the MA5600T as a protection group. In general, services
are transmitted on the active line. When the active line is faulty, the MA5600T automatically
switches the services to the standby line.

Figure 26-1 Example network for configuring the upstream link protection
Router
MA5600T
GE0/19/0
G CON
ETH
P ESC GE0/19/1
B
C
SCU GIU
Optical splitter
ONT
PC
Figure 26-2 shows the flowchart for configuring the upstream link protection.

Figure 26-2 Flowchart for configuring the upstream link protection
Start
Aggregate the upstream

ports
Configure the protection

group
Create a VLAN
Add the upstream port to

the VLAN
Add the service port to the

VLAN
Save the data
End
Data Plan
Table 26-1 provides the data plan for configuring the upstream link protection.
Table 26-1 Data plan for configuring the upstream link protection
Item Data
VLAN ID 10
Upstream port 0/9/0 and 0/9/1
Protection group mode Timedelay mode
Service port 0/11/0
Procedure
Step 1 Aggregate the upstream ports.
huawei(config)#link-aggregation 0/9 0 0/19 1 egress-ingress workmode lacp-static
Step 2 Configure the protection group.

huawei(config)#protect
huawei(config-protect)#protect-group first 0/9/0 second 0/9/1 eth workmode
timedelay enable


huawei(config-protect)#quit
Step 4 Add the VLAN to the upstream port.

huawei(config)#port vlan 10 0/9 0-1
Step 5 Add the service port to the VLAN.


huawei(config)#save
----End
Result
After the configuration, the user can access the Internet.
When the upstream link of upstream port 0/9/0 fails, the system automatically transfers the
service to the upstream link of upstream port 0/9/1. In this case, the user can still access the
Internet.
26.3 Configuring a Protection Group

This topic describes how to configure a protection group. When the protection group is
configured, if the services are interrupted due to the physical disconnection to the upper layer
device, the MA5600T automatically uses the standby line to transmit the user data.
l The two upstream ports in a protection group can be in the same upstream board or in
different upstream boards, but must be of the same port type.
l The two ports in the protection group must be the only two ports in the same aggregation
group.
NOTE
If the IGMP upstream port configurations exist for a protection group, make sure that the configurations are
consistent for the two ports in the protection group.
Procedure
Step 1 Run the protect-group command to configure a protection group.
Step 2 Run the display protect-group command to query the protection group.
----End
Example
To configure a protection group that consists of ports 0/9/0 and 0/9/1, do as follows:
huawei(config-protect)#protect-group first 0/9/0 second 0/9/1 eth workmode
timedelay enable

huawei(config-protect)#display protect-group
---------------------------------------------------------------------------
NO. FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode
---------------------------------------------------------------------------
0 0/9/0 0/9/1 Enable First ETH TimeDelay
---------------------------------------------------------------------------
Total : 1
Related Operations
Table 26-2 lists the related operations for configuring the protection group.
Table 26-2 Related operations for configuring the protection group

Delete a protection group undo protect-group
Switch over between the ports in a protection group protect-group switch-over

by force

SmartAX MA5600T Multi-service Access Module 27 Device Subtending Configuration
27 Device Subtending Configuration
About This Chapter
This topic describes the Ethernet technology and how to subtend the MA5600T.
NOTE
(s) directly.
first.
27.1 Overview
The MA5600T supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This topic describes the application of the MA5600T in a
subtending network.
27.2 Configuration Example of a Subtended Network Through the ETHA Board
This examples shows how to subtend two MA5600T devices through the Ethernet port on the
ETH board.
27.3 Configuring the Physical Attributes of an Ethernet Port
27.4 Enabling the Flow Control on an Ethernet Port
This topic describes how to enable the flow control on an Ethernet port.
27.5 Enabling the Traffic Suppression
This topic describes how to enable the traffic suppression on a port to guarantee the stable
network services.
27.6 Enabling the Ethernet Port Aggregation
This topic describes how to enable Ethernet port aggregation.
27.7 Mirroring an Ethernet Port
This topic describes how to enable the mirroring function of an Ethernet port. This helps analyze
the cause of a faulty port.
27.8 Adding an Ethernet Port to a VLAN

27 Device Subtending Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to add Ethernet ports to a VLAN.

27.9 Setting the Native VLAN for an Ethernet Port
This topic describes how to set the native VLAN for an Ethernet port to control whether the
packets out from the Ethernet port bear VLAN tags.

27.1 Overview
The MA5600T supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This topic describes the application of the MA5600T in a
subtending network.
Service Description
The MA5600T supports subtended through the Ethernet port. Multiple DSLAMs at different
tiers can be subtended through the GE/FE port to extend the network coverage and meet the
requirements for a large capacity.
For details on the subtended network, refer to "Subtended Network Configuration" in the
MA5600T Feature Description.
The MA5600T provides Ethernet ports through the SCU, GIU, ETH and OPFA boards. Where:
l The Ethernet ports provided by the SCU or the GIU board are used for upstream service
transmission and subtended network configuration.
l The ETH board functions as an extension of the SCU board to provide Ethernet ports for
upstream service transmission and subtended network configuration.
l The Ethernet ports provided by the OPFA board are used for P2P Ethernet optical service
access.
Table 27-1 lists the Ethernet ports of the MA5600T
Table 27-1 Ethernet ports of the MA5600T
Port Type Port Working Mode Rate
100 Base-FX 100M single-mode/ Full duplex 100 Mbit/s

multiple-mode optical
port
1000 Base-TX 1000M electrical port l Half duplex l 10 Mbit/s

l Full duplex l 100 Mbit/s
l Auto negotiation l 1000 Mbit/s
1000 Base-SX 1000M multiple-mode l Full duplex 1000 Mbit/s

optical port l Auto negotiation
1000 Base-LX 1000M single-mode l Full duplex 1000 Mbit/s

optical port l Auto negotiation
10 GBase-L 10GE optical port l Full duplex 10000 Mbit/s

l Auto negotiation

27.2 Configuration Example of a Subtended Network

Through the ETHA Board
This examples shows how to subtend two MA5600T devices through the Ethernet port on the
ETH board.
Networking
Figure 27-1 shows an example network for configuring a subtended network through the ETH
board.
MA5600T_B is subtended to MA5600T_A through port 0/6/0, and MA5600T_A transmits the
services of MA5600T_B to the upper layer network through port 0/9/0.
Figure 27-1 Example network for configuring a subtended network through the ETH board
Router
E CON GE 0/19/0
ETH
T ESC
H
A
SCU MA5600T_A
G CON
ETH GE 0/19/0
P ESC
B
C
SCU MA5600T_B
Optical splitter
ONT
PC

Prerequisites
l All boards of the MA5600T must be in the normal state.
l Ethernet port 0/6/0 on MA5600T_A and Ethernet port 0/9/0 on MA5600T_B are of the
same type, and the port rate and duplex mode is auto negotiation.
l The access user configuration on MA5600T_B is complete and it is not repeated here.
Figure 27-2 shows the flowchart for configuring a subtended network through the ETH board
Figure 27-2 Flowchart for configuring a subtended network through the ETH board
Start
Create a standard VLAN
Add an upstream port to the

VLAN
Add a subtending port to the

VLAN
Save the data
End
NOTE
The mentioned configuration is performed on MA5600T_A. No subtending port is needed to be configured
on MA5600T_B. For other configurations, they are the same on MA5600T_A and MA5600T_B. For
configurations on MA5600T_B, see "Procedure" in "25.2 Configuration Example of the GPON
Service."
Procedure
Step 1 Create a smart VLAN.

Step 3 Add a subtending port.



huawei(config)#save
----End
Result
After the configuration, the subtended devices can be configured with services and users
connected to MA5600T_B can access the Internet.
27.3 Configuring the Physical Attributes of an Ethernet Port

27.3.1 Setting the Auto-negotiation Mode of an Ethernet Port
This topic describes how to set the auto-negotiation mode of an Ethernet port. When an Ethernet
port works in auto-negotiation mode, the Ethernet port negotiates the parameters such as port
rate and duplex mode with the interconnected port. Manual configuration is not required.
27.3.2 Setting the Duplex Mode of an Ethernet Port
27.3.3 Setting the Rate of an Ethernet Port
27.3.4 Setting the Network Cable Type of an Ethernet Port
This topic describes how to set the network cable type of an Ethernet port.
27.3.1 Setting the Auto-negotiation Mode of an Ethernet Port

This topic describes how to set the auto-negotiation mode of an Ethernet port. When an Ethernet
port works in auto-negotiation mode, the Ethernet port negotiates the parameters such as port
rate and duplex mode with the interconnected port. Manual configuration is not required.
l By default, the auto-negotiation switch of the Ethernet electric port is enabled.
l By default, the auto-negotiation switch of the Ethernet optical port is disabled.
Procedure
Step 1 Run the interface scu command to enter SCU mode.
Step 2 Run the interface giu command to enter SCU mode.
Step 3 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port.
----End
Example
To disable the auto-negotiation mode of Ethernet port 0/9/1 on the SCU board, do as follows:
huawei(config-if-scu-0/9)#auto-neg 1 disable

huawei(config-if-scu-0/9)#display port state 1

The port is active
Native VLAN ID is 1
Ethernet port does not support flow control
Ethernet port does not support jumbo frame
Line-adaptive function of the ethernet port is auto-negotiation
Ethernet port network-role is uplink
27.3.2 Setting the Duplex Mode of an Ethernet Port

l The duplex of an Ethernet port can be full duplex, half duplex, or auto-negotiation. When
setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet port
must be the same as that of the interconnected port on the peer device. This prevents
communication failure.
l When a port is in auto-negotiation mode, to change its duplex mode to full duplex, disable
the auto-negotiation mode of the port first.
l By default:
– The FE electrical port is in auto-negotiation mode.
– The FE optical port is in full duplex mode.
Procedure
Step 2 Run the interface giu command to enter GIU mode.
Step 3 Run the auto-neg command to disable the auto negotiation mode of an Ethernet port.
Step 4 Run the duplex command to set the duplex mode of the Ethernet port.
Step 5 Run the display port state command to query the duplex mode of the port.
----End
Example
To change the auto-negotiation mode of Ethernet port 0/9/1 to full duplex, do as follows:
huawei(config-if-scu-0/9)#duplex 1 full
The port is active
Native VLAN ID is 1

27.3.3 Setting the Rate of an Ethernet Port

When setting the rate of an Ethernet port, make sure that the rate of the Ethernet port must be
the same as that of the interconnected port on the peer device. This prevents communication
failure.
By default:
l The rate of the GE electrical port is auto-negotiation.

l The rate of the GE optical port is 1000 Mbit/s.
l The rate of the 10GE optical port is 10000 Mbit/s.
l When a port is in auto-negotiation mode, to change its rate to a specific value, disable the
auto-negotiation mode first.
Procedure
Step 3 Run the auto-neg command to set the rate of an Ethernet port.
Step 4 Run the speed command to query the configured rate of the Ethernet port.
----End
Example
To set the rate of a GE electrical port to 100 Mbit/s, do as follows:
huawei(config-if-scu-0/9)#speed 1 100
The port is active
Native VLAN ID is 1
27.3.4 Setting the Network Cable Type of an Ethernet Port

This topic describes how to set the network cable type of an Ethernet port.
l The Ethernet electrical port uses a straight-through cable or a crossover cable. To set the
type of the network cable of the Ethernet port, run the mdi command.

l The default network cable type is auto (auto-adaptive).

l Such setting only applies to the Ethernet electrical port.
l When the Ethernet electrical port is not in auto-negotiation mode, the network cable type
cannot be configured as auto.
Procedure
Step 3 Run the mdi command to set the network cable type of an Ethernet port.
Step 4 Run the display port state command to query the configured network cable type.
----End
Example
To set the network cable type of Ethernet electrical port 0/9/1 as straight-through cable, do as
follows:
huawei(config-if-scu-0/9)#mdi 1 normal
The port is active
Native VLAN ID is 1
Line-adaptive function of the ethernet port is normal
Line-adaptive function of the ethernet port is normal
27.4 Enabling the Flow Control on an Ethernet Port

This topic describes how to enable the flow control on an Ethernet port.
l When the traffic exceeds a certain level (> 1 Gbit/s for the GE port or > 100 Mbit/s for the
FE port), the MA5600T sends PAUSE frames to inform the remote PC to reduce the traffic
to reduce the packet loss rate. The process involved is called flow control.
l It is required that both the MA5600T and the peer device support the flow control function.
In general, when the peer device supports the flow control function, enable the flow control
function of the MA5600T; when the peer device does not support the flow control function,
disable the flow control function of the MA5600T.
l By default, the flow control on the Ethernet port is disabled.
Procedure

Step 3 Run the flow-control command to enable the flow control on an Ethernet port.
Step 4 Run the display port state command to query the flow control information on the port.
----End
Example
To enable the flow control on all ports, do as follows:
huawei(config-if-scu-0/9)#flow-control all
huawei(config-if-scu-0/9)#display port state all
-----------------------------------------------------------------------------
Port Port Optic Native MDI Speed Duplex Flow- Active Link
Type Status VLAN (Mbps) Ctrl State
-----------------------------------------------------------------------------
0 GE absence 1 - 1000 full on active offline
-----------------------------------------------------------------------------
Related Operation
Table 27-2 lists the related operation for enabling the flow control of an Ethernet port.
Table 27-2 Related operation for enabling the flow control of an Ethernet port
To... Run the command...
Disable the flow control on the Ethernet port undo flow-control
27.5 Enabling the Traffic Suppression

This topic describes how to enable the traffic suppression on a port to guarantee the stable
network services.
There are three traffic suppression modes available:
l Broadcast storm suppression

Broadcast storm suppression refers to discarding broadcast traffic when it exceeds a preset
threshold to guarantee stable network services.
l Unknown unicast suppression
l Unknown multicast storm suppression
By default, the level of broadcast storm suppression, unknown unicast suppression, and unknown
multicast suppression is 7. It is suggested to enable broadcast storm suppression according to
network conditions.

When the IGMP proxy or the IGMP snooping is enabled, the unknown multicast packet is not
suppressed. When the IGMP proxy and the IGMP snooping are both disabled, (running the igmp
mode off command), the unknown multicast packet is suppressed.
l When IGMP Proxy or IGMP snooping is enabled, unknown multicast packets are not
suppressed. When IGMP proxy and IGMP snooping are disabled (running the igmp mode
off command), unknown multicast packets are suppressed. By default, the level of unknown
multicast suppression is 7.
l When the multicast service is accessed through the ETH board, to enable the multicast
transparent transmission, you must run the undo traffic-suppress portid multicast
command to disable the broadcast storm suppression for the unknown multicast packets on
the ETH board.
Procedure
Step 3 Run the traffic-suppress command to enable the traffic suppression on a port.
Step 4 Run the display traffic-suppress command to query the configuration of the traffic suppression.
----End
Examples
To set broadcast storm suppression for all ports on the control board to level 1, do as follows:
huawei(config-if-scu-0/9)#traffic-suppress all broadcast value 1
huawei(config-if-scu-0/9)#display traffic-suppress all
Traffic suppression ID definition:
---------------------------------------------------------------------
NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
---------------------------------------------------------------------
1 6 145 12
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
----------------------------------------------------------------
Current traffic suppression index of broadcast : 1
Current traffic suppression index of multicast : 7
Current traffic suppression index of unknown unicast : 7
----------------------------------------------------------------
To set unknown unicast suppression for port 0/9/0 to level 1, do as follows:

huawei(config-if-scu-0/9)#traffic-suppress 0 unicast value 1
huawei(config-if-scu-0/9)#display traffic-suppress 0
---------------------------------------------------------------------

---------------------------------------------------------------------
1 6 145 12
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
To set multicast suppression for port 0/9/0 to level 1, do as follows:

huawei(config-if-scu-0/9)#traffic-suppress 0 multicast value 1
huawei(config-if-scu-0/9)#display traffic-suppress 0
---------------------------------------------------------------------
---------------------------------------------------------------------
1 6 145 12
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
Related Operations
Table 27-3 lists the related operations for enabling traffic suppression.
Table 27-3 Related operations for enabling traffic suppression

Disable unknown unicast packet suppression undo traffic-suppress unicast
Disable unknown multicast packet suppression undo traffic-suppress multicast
Disable broadcast storm suppression undo traffic-suppress broadcast

27.6 Enabling the Ethernet Port Aggregation

This topic describes how to enable Ethernet port aggregation.
Port aggregation means aggregation of multiple ports together to expand the bandwidth. The
input and output load can be distributed among the member ports.
l The SCU board supports up to 4 port aggregation groups.
l One aggregation group supports up to 8 Ethernet ports.
l Multiple physical ports can be aggregated only if they meet the following conditions:
– All the ports must work in full duplex mode.
– The rates of all the ports must be the same, and the rates of the electrical ports cannot
be configured as auto-negotiation.
– The default VLAN (PVID) and VLAN attributes of all the ports must be the same.
– One port belongs to only one aggregation group.
– No mirror destination port is included.
– The port cannot be in the auto-negotiation state.
– The start port number must be smaller than the end port number.
Procedure
Step 1 Run the link-aggregation command to set the port aggregation.
Step 2 Run the display link-aggregation command to query the related information about the
aggregated ports.
----End
Example
To set the Ethernet port aggregation, do as follows:
huawei(config)#link-aggregation 0/9 0-1 ingress
huawei(config)#display link-aggregation all
Related Operation
Table 27-4 lists the related operation for enabling the Ethernet port aggregation.
Table 27-4 Related operation for enabling the Ethernet port aggregation
Delete the Ethernet port aggregation undo link-aggregation

27.7 Mirroring an Ethernet Port

This topic describes how to enable the mirroring function of an Ethernet port. This helps analyze
the cause of a faulty port.
l You can configure only one mirroring destination port in the system.
l You can mirror multiple ports to one destination port.
l The mirroring destination port cannot be the aggregated port.
Procedure
Step 3 Run the mirror port command to enable the mirroring function of an Ethernet port.
Step 4 Run the display mirror command to query the configuration of the Ethernet port.
----End
Example
To mirror the transmit and receive packets of port 0 to port 1, do as follows:
huawei(config-if-scu-0/9)#mirror port 0 1 all
huawei(config-if-scu-0/9)#display mirror
------------------------------------------------
Source port Direction Destination port
------------------------------------------------
0 all 1
------------------------------------------------
Related Operation
Table 27-5 lists the related operation for mirroring an Ethernet port.
Table 27-5 Related operation for mirroring an Ethernet port

Cancel the mirroring of an Ethernet port. undo mirror port
27.8 Adding an Ethernet Port to a VLAN

This topic describes how to add Ethernet ports to a VLAN.
Context
The VLAN must have been existed.

Procedure
Step 1 Run the port vlan command to add an Ethernet Port to a VLAN.
Step 2 Run the display port vlan command to query the VLAN of a specified upstream port.
----End
Example
To add Ethernet port 0/9/0 to VLAN 2, do as follows:
huawei(config)#display port vlan 0/9/0
---------------------------------------
1 10 20
---------------------------------------
Total: 3 Native VLAN: 1
Related Operation
Table 27-6 lists the related operation for adding an Ethernet Port to a VLAN.
Table 27-6 Related operation for adding an Ethernet Port to a VLAN

Delete a port from a VLAN undo port vlan
Query the configuration and the port of display vlan

a specified VLAN
27.9 Setting the Native VLAN for an Ethernet Port

This topic describes how to set the native VLAN for an Ethernet port to control whether the
packets out from the Ethernet port bear VLAN tags.
l The default Native VLAN of the Ethernet ports is VLAN 1.
l When the Ethernet port is used as the upstream port:
– If the native VLAN of the Ethernet port is the same as the VLAN to which this Ethernet
port belongs, the Ethernet port removes the VLAN Tag of the upstream packets.
– If the native VLAN of the Ethernet port is different from the VLAN to which this
Ethernet port belongs, the Ethernet port keeps the VLAN Tag of the upstream packets.
l Before specifying the native VLAN of an Ethernet port, the VLAN must be included in the
port.
l Whether the native VLAN must be set for the upstream port depends on the upper-layer
equipment connected to the port.
– If the upper-layer equipment supports the packets containing the VLAN tag, the native
VLAN of the upstream port of the MA5600T must be different from the VLAN to which
the upstream port belongs.

– If the upper-layer equipment does not support the packets containing the VLAN tag,
the native VLAN of the upstream port of the MA5600T must be the same as the VLAN
to which the upstream port belongs.
Procedure
Step 3 Run the native-vlan command to set the native VLAN of an Ethernet port.
Step 4 Run the display port state command to query the configuration of the Native VLAN.
----End
Example
To set the native VLAN of Ethernet port0/9/0 as VLAN 10, do as follows:
The port is active
Native VLAN ID is 10

SmartAX MA5600T Multi-service Access Module 28 VLAN Stacking Wholesale Service Configuration
28 VLAN Stacking Wholesale Service

Configuration
About This Chapter
This topic describes how to configure the VLAN stacking wholesale service supported by the
MA5600T.
NOTE
(s) directly.
first.
28.1 Overview
This topic describes how to use the VLAN stacking function to implement the multi-ISP
wholesale access and VLAN ID extension.
28.2 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access
This topic provides an example for configuring VLAN stacking multi-ISP wholesale access so
that the services provisioned by the ISP can be delivered to the specified user group.

28 VLAN Stacking Wholesale Service Configuration SmartAX MA5600T Multi-service Access Module
28.1 Overview
This topic describes how to use the VLAN stacking function to implement the multi-ISP
wholesale access and VLAN ID extension.
The MA5600T adds two layers of 802.1Q tags to the user packets. With the two layers of VLAN
tags, the packets are transmitted to the L2 switched network, and are forwarded according to the
outer VLAN tag.
l Multi-ISP wholesale access
Multiple internet service providers (ISP) exist in an L2 MAN. To quickly provision services
provided by the ISP to the specified user group, use the outer VLAN tag to identify the ISP
and use the inner VLAN tag to identify the user. With the wholesale service function, users
can be connected to different ISPs in batches based on the outer VLAN tag.
NOTE
In the wholesale service, the upper layer device must work in L2 mode to forward packets based on
the VLAN and the MAC addresses.
l VLAN ID extension
In the application of the VLAN ID extension, the outer and inner VLAN tags are used to
identify the user, or the outer VLAN tag is used to identify the access device and the inner
tag is used to identify the users that access the device. The BRAS identifies the access users
based on the L2 VLAN tag to increase the number of users identified by the VLAN ID,
thus increasing the number of users that access the BRAS.
NOTE
The application of the VLAN ID extension needs support from the BRAS.
For the details of the VLAN Stacking function and related features, refer to "VLAN" in the
MA5600T Feature Description.
Service Description
The MA5600T supports a maximum of 4000 VLAN stacking.
The following VLANs cannot be configured with the stacking attributes.
l Super VLAN
l Sub VLAN
l The VLAN that is configured with the L3 interface
l The default VLAN
l The reserved VLAN
28.2 Configuration Example of VLAN Stacking Multi-ISP

Wholesale Access
This topic provides an example for configuring VLAN stacking multi-ISP wholesale access so
that the services provisioned by the ISP can be delivered to the specified user group.

Networking
Figure 28-1 shows an example network for configuring the VLAN stacking multi-ISP wholesale
access.
Users 1 and 2 belong to one ISP, and users 3 and 4 belong to another ISP. Based on the VLAN
stacking feature, the MA5600T adds the outer VLAN tag to differentiate ISPs and the inner
VLAN tag to differentiate users, and forwards the user packets to the L2 network. Then the
switch at the L2 forwards the user packets to the specified ISP BRAS based on the outer VLAN
tag. The BRASs of the user's ISP identifies the users based on the inner VLAN tag and
authenticate the users. After the users pass the authentication, the BRASs terminate the two
VLAN tags and then the users can access the Internet.
Figure 28-1 Example network for configuring the VLAN stacking multi-ISP wholesale access
ISP1 ISP2
BRAS BRAS
MA5600T
G CON G
P ETH
P GE 0/19/0
ESC
B B
C C
SCU
Optical splitter Optical splitter
ONT1 ONT2 ONT3 ONT4
User 1 User 2 User 3 User 4
Data Plan
Table 28-1 provides the data plan for configuring the VLAN stacking multi-ISP wholesale
access.

Table 28-1 Data plan for configuring the VLAN stacking multi-ISP wholesale access
Item Data
User 1, user 2 Service provider: ISP1
Service VLAN of ISP1: 60
Service port: 0/11/1
GEM port IDs:

l User 1: 131
l User 2: 132
User-side VLANs:
l User 1: 21
l User 2: 22
Inner tags
l User 1: 11
l User 2: 12
User 3, user 4 Service provider: ISP2
Service VLAN of ISP2: 61
Service port: 0/14/0
GEM port IDs:

l User 3: 133
l User 4: 134
User-side VLANs:
l User 3: 23
l User 4: 24
Inner tags:
l User 3: 13
l User 4: 14
Figure 28-2 shows the flowchart for configuring the VLAN stacking multi-ISP wholesale
access.

Figure 28-2 Flowchart for configuring the VLAN stacking multi-ISP wholesale access
Start
Create VLANs
Set the VLAN attribute
Add the upstream port
Add service ports
Set the inner tags
Save the data
End
NOTE
l For the configuration of the GPON access service, see "25.2 Configuration Example of the GPON
Service."
l For the details on the stacking VLAN feature, refer to "VLAN" in the MA5600T Feature
Description.
Procedure
Step 1 Create the VLAN.
huawei(config)#vlan 60-61 smart
Step 2 Set the VLAN attribute.

huawei(config)#vlan attrib 60-61 stacking
Step 3 Add the upstream port to the VLAN.

huawei(config)#port vlan 60-61 0/9 0
Step 4 Add service ports to the VLAN. The default traffic profile 5 is applied.
Step 5 Set the inner VLAN tag.

huawei(config)#stacking label 0/2/1 gemport 131 user-vlan 21 11



huawei(config)#save
----End
Result
After the configuration, user 1 and user 2 can access the Internet through ISP 1, and user 3 and
user 4 can access the Internet through ISP 2.

SmartAX MA5600T Multi-service Access Module 29 QinQ VLAN Private Line Service Configuration
29 QinQ VLAN Private Line Service

Configuration
About This Chapter
This topic describes how to configure the QinQ VLAN leased line service supported by the
MA5600T.
NOTE
(s) directly.
first.
29.1 Overview
This topic describes the application of the QinQ feature to the private line service.
29.2 Configuration Example of the QinQ VLAN
This topic provides an example for configuring the private line service based on the QinQ feature
to provide security channel for data transmission between private networks of the enterprises.
29.3 Configuration Example of the QinQ VLAN Private Line Service
29.4 Enabling the Transparent Transmission of BPDUs
This topic describes how to enable the transparent transmission of Bridge Protocol Data Units
(BPDUs). The MA5600T supports that the BPDUs of private networks are transparently
transmitted based on the QinQ function of the public network.

29 QinQ VLAN Private Line Service Configuration SmartAX MA5600T Multi-service Access Module
29.1 Overview
This topic describes the application of the QinQ feature to the private line service.
Service Description
The QinQ feature is applied to the broadband private line service service. It utilizes the public
network resources to provide a transparent and safe data channel for the private networks of a
enterprise that are located at different places.
With the QinQ feature, the MA5600T adds a public network VLAN tag (QinQ VLAN) to the
tagged packet of the local private network. The packet with the private network VLAN tag is
forwarded to the peer MA5600T in the public network based on its outer VLAN tag. The peer
MA5600T removes the VLAN tag and transmits the packet to the peer private network of the
enterprise.
For details of the QinQ feature and related features, refer to "VLAN" in the MA5600T Feature
Description.
l Leased line access mode
The MA5600T adopts xDSL access mode to provide enterprise users with the symmetric
bandwidth of 2 Mbit/s in upstream and downstream.
l BPDU packet transparent transmission
The MA5600T supports the transmission of the BPDU packet of the private network to the
remote private network through the QinQ private line service.
l Leased line connection type
– Single PVC for single service
– Single PVC for multiple services (classified by the encapsulation type)
l QinQ VLAN application limit
The MA5600T supports a maximum of 4000 QinQ VLANs.
The following VLANs cannot be configured with the QinQ VLAN.
– Super VLAN
– Sub VLAN
– The VLAN that is configured with the L3 interface
– The default VLAN
– The reserved VLAN
29.2 Configuration Example of the QinQ VLAN


Prerequisites
l The service boards must be in the normal state.
l The upper layer network is in L2 mode, and forwards packets based on the VLAN and the
MAC address.
Networking
Figure 29-1 shows an example network for configuring the private line service.
The two branches of enterprise A are connected to the MAN through the MA5600T. On the
MA5600T, the attribute of the upstream VLAN of user packets is configured as QinQ. In this
way, services and BPDU packets from the private network of the enterprise can be transparently
transmitted to the peer private network.
Figure 29-1 Example network for configuring the private line service
L2/L3
L2/L3
CON CON
S ETH S ETH
H ESC H ESC
L L
B GE 0/9/0
B GE 0/9/0
SCU MA5600T_A SCU MA5600T_B

Modem Modem
LSW
LSW
Branch of enterprise A Branch of enterprise A
Data Plan
Table 29-1 lists data plan for configuring the private line service.
Table 29-1 Data plan for configuring the private line service
Item Data
MA5600T_A SHDA port: 0/12/0

Item Data
Up stream VLAN ID: 50

VLAN type: smart VLAN
VLAN attribute: QinQ
BPDU transparent function: enable
Traffic profile index: 5 (default), with the permitted access rate

of 2 Mbit/s
VPI/VCI: 0/35 (the same as that of the modem)
MA5600T_B The same as the data plan of MA5600T_A
Figure 29-2 shows the flowchart for configuring the private line service.
Figure 29-2 Flowchart for configuring the private line service
Start
Create a VLAN
Enable transparent
transmission of BPDUs

the VLAN

VLAN
Save the data
End
The configurations on both MA5600T_A and MA5600T_B are the same. The following
considers the configuration on MA5600T_A as an example, and describes how to configure the
QinQ VLAN private line service.

Procedure

Step 3 Enable transparent transmission of BPDUs.

huawei(config)#bpdu tunnel vlan 50 enable

huawei(config)#port vlan 50 0/9/0
Step 5 Add the service port to the VLAN by adopting the default traffic profile 5.
huawei(config)#service-port vlan 50 shdsl 0/12/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5

huawei(config)#save
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other, and
various services between private networks are implemented.
29.3 Configuration Example of the QinQ VLAN Private Line

Service
Networking
Figure 29-3 shows an example network of the QinQ VLAN private line service.
The two branches of enterprise A are connected to the MAN through the MA5600T. On the
MA5600T, the attribute of the upstream VLAN of user packets is configured as QinQ. In this
way, service data and VLAN tags from the private network of the enterprise can be transparently
transmitted to the peer private network.

Figure 29-3 Example network of the QinQ VLAN private line service
L2/L3 L2/L3
G CON G CON
ETH GE 0/19/0 ETH GE 0/19/0
P ESC P ESC
B B
C C
SCU MA5600T_A SCU MA5600T_B

Optical splitter Optical splitter
ONT ONT
LAN switch LAN switch
Branch of enterprise A Branch of enterprise A
Data Plan
Table 29-2 lists data plan for the QinQ VLAN private line service.
Table 29-2 Data plan for the QinQ VLAN private line service
Item Data
MA5600T_A Upstream port: 0/9/0
Service port: 0/2/1
User-side VLAN ID: 10
Outer VLAN ID: 50
ONT ID: 11
ONT port: FE port 0
GEM port ID: 131
MA5600T_B Upstream port: 0/9/0
Service port: 0/2/1
User-side VLAN ID: 10
Outer VLAN ID: 50

Item Data
ONT ID: 11
ONT port: FE port 0
GEM port ID: 130
NOTE
l The example is based on the configuration of MA5600T_A. The configuration procedure also applies
to MA5600T_B. Here only the configuration of MA5600T_A is described.
l The MA5600T supports the OMCI protocol. That is, the management and configuration data of the
MA5600T is transmitted to the ONT through the OMCI channel. If the ONT does not support the
OMCI protocol, you need to configure the ONT.
l For details on the GPON access, see "25.2 Configuration Example of the GPON Service."
Figure 29-4 shows the flowchart for configuring the private line service.
Figure 29-4 Flowchart for configuring the private line service
Start
Enable transparent
transmission of BPDUs
Create a VLAN
Add the upstream port to the

VLAN

VLAN
Save the data
Ebd
Procedure
Step 1 Enable transparent transmission of BPDUs.



huawei(config)#port vlan 50 0/9/0
Step 5 Add the service port to the VLAN.


huawei(config)#save
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other.
29.4 Enabling the Transparent Transmission of BPDUs

This topic describes how to enable the transparent transmission of Bridge Protocol Data Units
(BPDUs). The MA5600T supports that the BPDUs of private networks are transparently
transmitted based on the QinQ function of the public network.
l The transparent transmission of BPDUs is based on the VLAN, and is valid only to QinQ
VLAN.
l T• The BPDUs of the private network that can be transparently transmitted refer to the
upstream/downstream packets with the destination MAC address ranging from 01-80-
c2-00-00-00 to 01-80-c2-00-00-2f. Especially, the packets with the destination MAC
address of 01-80-c2-00-00-00, 01-80-c2-00-00-08, or 01-80-c2-00-00-11 that is in this
range cannot be transparently transmitted.
l When the transparent transmission of BPDUs is enabled, the L2 BPDUs under the QinQ
VLAN can be transparently transmitted.
l Otherwise, these BPDUs cannot be transparently transmitted.
Procedure
Step 1 Run the bpdu tunnel vlan command to enable the transparent transmission of BPDUs on a
specified VLAN.
Step 2 Run the display bpdu tunnel config command to display the transparent transmission status of
BPDUs.
----End
Example
To enable the transparent transmission of BPDUs on VLAN 20, do as follows:
huawei(config)#display bpdu tunnel config
The VLAN info of enable bpdu tunnel:
----------------------------------------------------------------------------

20, 100,
----------------------------------------------------------------------------
The VLAN number of enable bpdu tunnel: 2
Related Operation
Table 29-3 lists the related operation for enabling the transparent transmission of BPDUs.
Table 29-3 Related operation for enabling the transparent transmission of BPDUs
Disable the transparent transmission of bpdu tunnel vlan vlanid disable

BPDUs

SmartAX MA5600T Multi-service Access Module 30 Multicast Service Configuration
30 Multicast Service Configuration
About This Chapter
This topic describes how to configure the multicast service supported by the MA5600T.
NOTE
(s) directly.
first.
30.1 Overview
This topic describes the multicast service and its application on the MA5600T.
30.2 Configuration Example of the IGMP Proxy Multicast Service
This topic provides an example for realizing the IGMP proxy multicast service.
30.3 Configuration Example of the IGMP Snooping Multicast Service
This topic provides an example for configuring the IGMP snooping multicast service.
30.4 Configuration Example of the IGMP Snooping Multicast Service
This topic provides an example for realizing the IGMP snooping multicast service.
30.5 Configuration Example of the Multicast Service in Subtending Mode
This topic provides an example for configuring the multicast service in subtending mode.
30.6 Configuring the Multicast Service in MSTP Networking
This topic describes how to configure the multicast service in networking.
30.7 Configuration Example of the Multicast Service Through the PIM-SSM Protocol
This topic provides an example for realizing the multicast service through the Protocol
Independent Multicast Source Specific Multicast (PIM-SSM) protocol.
30.8 Setting the IGMP Mode
This topic describes how to set the IGMP mode, including IGMP proxy and IGMP snooping.
30.9 Configuring the IGMP Upstream Port

30 Multicast Service Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to add an IGMP upstream port and set its working mode and assigned
bandwidth rate.
30.10 Setting the Multicast Mode of an Upstream Port
This topic describes how to set the mode for an upstream port to interact with the upstream
devices. The modes can be IGMP or PIM-SSM.
30.11 Enabling the Multicast Routing Function
This topic describes how to enable the multicast routing function.
30.12 Specifying a Subtending Port
This topic describes how to specify a subtending port. To subtend the MA5600T to a slave shelf
with multicast service users, you need to define the port connecting to the slave shelf as a
subtending port.
30.13 Configuring a Program for a Static Subtending Port
This topic describes how to add a program for a static subtending port.
30.14 Configuring IGMP Global Parameters
This topic describes how to configure the IGMP global parameters.
30.15 Configuring the IGMP VLAN Parameters
This topic describes how to configure the IGMP VLAN parameters.
30.16 Configuring the PIM-SSM Protocol Parameters
This topic describes how to configure the PIM-SSM protocol parameters.
30.17 Managing Multicast Bandwidth
This topic describes how to manage multicast bandwidth.
30.18 Configuring an Authority Profile
This topic describes how to configure an authority profile.
30.19 Configuring Multicast Users
This topic describes how to configure multicast users.
30.20 Configuring the Preview Function
This topic describes how to configure the preview function.
30.21 Configuring the Logging Function
This topic describes how to configure the logging function.
30.22 Setting the Automatic CDR Reporting
This topic describes how to collect audience statistics by setting the auto call detailed record
(CDR) reporting.

30.1 Overview
This topic describes the multicast service and its application on the MA5600T.
Service Description
With the advent of the streaming medias such as multimedia video and data warehouse in the
IP network, the multicast service is becoming increasingly popular in service applications. It is
widely applied in streaming, remote learning, video conferencing, video on demand (VOD), net
gaming, Internet data center (IDC), and other point-to-multipoint data transmission applications.
For details on the multicast service, refer to "Multicast" in the MA5600T Feature Description.
Designed with the carrier-class multicast operability, the MA5600T supports multicast protocols
and controllable multicast, and a complete set of end-to-end (from the user side to the network
side) protocols. This lays a foundation for provisioning of the value-added broadband multicast
service and management of the multicast service. The MA5600T provides the operable,
manageable, and controllable multicast services by supporting IGMP V2/V3, IGMP proxy, and
IGMP snooping.
The MA5600T supports multicast service access through the ETH board and the SCU board.
The MA5600T supports the following:
l multicast groups
l Up to eight multicast groups for each multicast server
l Program preview, preview in a short time, and configuration of the preview count, preview
duration, and preview interval
l Audience statistics
l Controllable multicast to control users' access to multicast groups and programs
l Authority profile types including watch, preview, forbidden and idle.
30.2 Configuration Example of the IGMP Proxy Multicast

Service
This topic provides an example for realizing the IGMP proxy multicast service.
Prerequisites
l The multicast source is available in the network and its IP address is known.
l The related service boards must be in the normal state.

The MA5600T supports the function of delivering the OMCI configuration. That is, the
management and configuration data of the MA5600T is transmitted to the ONT through the
OMCI channel. If the ONT does not support the OMCI function, you need to configure the ONT.
Pay attention to the configuration on the ONT, and make sure that:
l The user-side VLAN must be the same as that of the OLT.
l The GEM port ID must be the same as that of the OLT.
l Alloc ID is 256×(T-CONT ID) + (ONT ID) or can be displayed by running the display ont
info command on the OLT. The Alloc ID of a PON port must be unique.
Networking
Figure 30-1 shows an example network for configuring the IGMP proxy multicast service.
Figure 30-1 Example network for configuring the IGMP proxy multicast service
Multicast source
Router
G CON
ETH
P ESC GE 0/19/1
B
C
MA5600T
Optical splitter
ONT1 ONT2
PC1 PC2
Data Plan
Table 30-1 provides the data plan for configuring the IGMP proxy multicast service.

Table 30-1 Data plan for configuring the IGMP proxy multicast service
Item Data

IP address of the interface: 10.0.0.254
Upstream port 0/9/1
DBA profile l Index: 6 (the default profile)

l Type: type 1
l Fixed bandwidth: 100 Mbit/s
Traffic profile l Profile index: 6 (the default traffic profile); CIR: no restriction.
l Profile index: 5 (the default traffic profile); CIR: 2 Mbit/s.
ONT1 l ONT ID: 0

l ONT authentication mode: serial number + authentication password
(SN-auth)
– ONT serial number (SN): hwhw-10101010
– ONT authentication password: huawei
l ONT port: FE port 0, VLAN 10
l ONT capability set profile: 2 (the default ONT profile)
ONT2 l ONT ID: 1

(SN-auth)
l ONT port: FE port 0, VLAN 11
GEM port l GPON port: 0/2/1

l GEM port ID: 150 (PC1), 151 (PC2)
l T-CONT ID: 1
l User-side VLAN: 10 (PC1), 11 (PC2)
Program The multicast server provides three programs. The IP address of the
library program ranges from 224.1.1.1 to 224.1.1.3. The source IP address of the
program is 10.10.10.10. Three programs use the default preview profile of
the system.
Authority In authority profile 0, the user is allowed to watch program1 (224.1.1.1)

profile and program2 (224.1.1.2) in the program library.
User l User 1 (PC1) is an auth user, and is bound with authority profile 0.
l User 2 (PC2) is a non-auth user.

Figure 30-2 shows the flowchart for configuring the IGMP proxy multicast service.
Figure 30-2 Flowchart for configuring the IGMP proxy multicast service
Start Select the IGMP mode
Create a VLAN Configure the IGMP

upstream port
Add the upstream port Configure the global

parameters (optional)
Add ONTs
Configure the program
library
BInd the T-CONT profile

Configure the preview
attributes (optional)
Specify ONTs for VLANs

Configure the authority
profile
Configure GEM ports
Configure multicast users
Add service ports
Save the data
End
Procedure
Step 1 Create a VLAN and specify the IP address of the interface.
Step 2 Add the upstream port.

Step 3 Add an ONT: First add an ONT capability set profile complying with the actual capability of
the HG810. Then add an ONT and bind it with the profile. The default ONT capability set profile
2 is bound.
id 2
id 2
Step 4 Bind a DBA profile.



Step 6 Configure GEM ports.

1. Add GEM ports 150 and 151 to PON port 1, with attribute ETH and no encryption.
huawei(config-if-gpon-0/2)#gemport add 1 gemport-id 150 eth
2. Bind GEM ports with ONT T-CONTs.

3. Map GEM ports to service streams.

Step 7 Add service ports.

huawei(config)#service-port vlan 100 gpon 0/11/1 gemport 150 multi-service user-
vlan 10 rx-cttr 5 tx-cttr 6
huawei(config)#service-port vlan 100 gpon 0/11/1 gemport 151 multi-service user-
vlan 11 rx-cttr 5 tx-cttr 6
Step 8 Select IGMP mode.

Step 9 Configure IGMP upstream port.

huawei(config)#btv
Step 10 Configure global parameters.

In the example, all global parameters adopt the default settings. If the parameters need to be
configured, refer to "30.15 Configuring the IGMP VLAN Parameters" and "30.14
Configuring IGMP Global Parameters."
Step 11 Configure the program library.
huawei(config-mvlan100)#igmp program add name program1 ip 224.1.1.1 sourceip
10.10.10.10
10.10.10.10
10.10.10.10
Step 12 Configure the authority profile.

Add watch access for profile0 to program 1 and program 2.
huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch
Step 13 Configure multicast users.

An auth-user must be bound with an authority profile, then the user gets the access configured
in the profile. Non-auth-user has access to all programs.

huawei(config-btv)#igmp user add port 0/11/1 gemport 150 user-vlan 10 auth max-
program 8
huawei(config-btv)#igmp user add port 0/11/1 gemport 151 user-vlan 11 no-auth max-
program 8
huawei(config-btv)#igmp user bind-profile port 0/11/1 gemport 150 profile-name
profile0
huawei(config-btv)#quit
huawei(config-mvlan100)#igmp multicast-vlan member port 0/11/1 gemport 150

huawei(config)#save
----End
Result
After the configuration:
l User 1 can watch program1 and program2, but cannot watch program3.
l User 2 can watch all programs.
30.3 Configuration Example of the IGMP Snooping

Multicast Service
This topic provides an example for configuring the IGMP snooping multicast service.
Prerequisites
Networking
Figure 30-3 shows an example network for configuring the IGMP snooping multicast service.

Figure 30-3 Example network for configuring the IGMP snooping multicast service
Multicast source
Router
A CON
ETH
D ESC
L
F
GE 0/9/1
SCU MA5600T
Modem Modem
PC PC
Data Plan
Table 30-2 provides the data plan for configuring the IGMP snooping multicast service.
Table 30-2 Data plan for configuring the IGMP snooping multicast service
Item Data
Upstream port 0/9/1
Program library The multicast server provides three programs.

program1: 224.1.1.1
program2: 224.1.1.2
program3: 224.1.1.3
Authority profile Profile0

In authority profile 0, the user is allowed to access program1
(224.1.1.1) and program2 (224.1.1.2) in the program library.

Item Data
User Multicast user 1, with service port of 0/11/0, VPI/VCI of 0/35,

and bound with authority profile 0.
Multicast user 2, with service port of 0/11/1, VPI/VCI of 0/35,
with no authentication.
IP address of the host IP address: 10.0.0.254

The IP address of the host should be in the same subnet as that of
the upper layer router.
Modem VPI/VCI of the modem connected to the port: 0/35
Figure 30-4 shows the flowchart for configuring the IGMP snooping multicast service.
Figure 30-4 Flowchart for configuring the IGMP snooping multicast service
Multicast service configuration
Start Set the IGMP mode
Configure IGMP upstream

Configure the xDSL port port
Configure the global

Create a Smart VLAN parameters (optional)

the VLAN Configure program library
Set native VLAN for the

port (optional) Configure preview
Configure the service port

Configure authority profile
VLAN configuration
Configure multicast user
End
Procedure
Step 1 Configure the xDSL port.

In this example, the default ADSL2+ line profile (line profile 1002) is used. Therefore, you do
not have to configure a line profile.
Step 2 Configure a VLAN.
1. Create a VLAN.
2. Add an upstream port to the VLAN.

3. Add service ports to the VLAN.

huawei(config)#service-port 100 vlan 2 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-
cttr 6
huawei(config)#service-port 101 vlan 2 adsl 0/11/1 vpi 0 vci 35 rx-cttr 6 tx-
cttr 6
Step 3 Configure the multicast service.

1. Set the IGMP mode.
2. Configure the IGMP upstream port.
3. Configure the global parameters.
In the example, all global parameters adopt the default settings. For details on the
configuration, refer to "30.15 Configuring the IGMP VLAN Parameters" and "30.14
Configuring IGMP Global Parameters."
4. Configure the program library.
5. Configure the authority profile.
huawei(config-btv)#igmp profile profile-name profile0 program-name program1
watch
watch
6. Configure the multicast users.

huawei(config-btv)#igmp user add port 0/11/1 no-auth max-program 8
huawei(config-btv)#igmp user add port 0/11/0 auth max-program 8

huawei(config)#save
----End
Result
30.4 Configuration Example of the IGMP Snooping

Multicast Service
This topic provides an example for realizing the IGMP snooping multicast service.

Prerequisites
The MA5600T supports the function of delivering the OMCI configuration. That is, the
management and configuration data of the MA5600T is transmitted to the ONT through the
OMCI channel. If the ONT does not support the OMCI function, you need to configure the ONT
separately.
Pay attention to the configuration of the ONT, and make sure that:
l The user-side VLAN must be the same as that of the OLT.

l The GEM Port ID must be the same as that of the OLT.
l Alloc ID is 256×(T-CONT ID) + (ONT ID) or can be displayed through the command
display ont info on the OLT. The Alloc ID of a PON port must be unique.
Networking
Figure 30-5 shows an example network for configuring the IGMP snooping multicast service.
Figure 30-5 Example network for configuring the IGMP snooping multicast service
Multicast source
Router
G CON
ETH
P ESC GE 0/19/1
B
C
MA5600T
Optical splitter
ONT1 ONT2
PC1 PC2

Data Plan
Table 30-3 provides the data plan for configuring the IGMP snooping multicast service.
Table 30-3 Data plan for configuring the IGMP snooping multicast service
Item Data
Upstream port 0/9/1
DBA profile l Index: 6 (the default profile)

l Type: type 1
l Fixed bandwidth: 100 Mbit/s
Traffic profile l Index: 6 (the default traffic profile); CIR: with no restriction
l Index: 5 (default profile); CIR: 2 Mbit/s
ONT1 l ONT ID: 0

(SN-auth)
l ONT port connected to PC: FE port 0, VLAN 10
ONT2 l ONT ID: 1

(SN-auth)
l ONT port connected to PC: FE port 0, VLAN 11
GEM port l Port: 0/11/1

l GEM port ID: 150 (PC1), 151 (PC2)
l T-CONT ID: 1
l User-side VLAN: 10 (PC1), 11 (PC2)
Program The multicast server provides three programs. The IP address of the
library program ranges from 224.1.1.1 to 224.1.1.3. The source IP address of the
program is 10.10.10.10. Three programs use the default preview profile of
the system.
Authority In authority profile 0, the user is allowed to access program1 (224.1.1.1)

profile and program2 (224.1.1.2) in the program library.

Item Data
User l User 1 (PC1) is an auth user, and is bound with authority profile 0.
l User 2 (PC2) is a non-auth user.
Figure 30-6 shows the flowchart for configuring the IGMP snooping multicast service.
Figure 30-6 Flowchart for configuring the IGMP snooping multicast service
Start Select the IGMP mode
Create a VLAN Configure the IGMP

upstream port
Add the upstream port Configure the global

Add ONTs
Configure the program
library
BInd the T-CONT profile

Specify ONTs for VLANs

profile
Configure GEM ports
Configure multicast users
Add service ports
Save the data
End
Procedure

Step 3 Add an ONT: First add an ONT capability set profile complying with the actual capability of
the HG810. Then add an ONT and bind it with the profile. The default ONT capability set profile
2 is bound.


id 2
id 2


Step 6 Configure GEM ports.

1. Add GEM ports with attribute ETH and no encryption.
2. Bind the GEM port with the ONT T-CONT.

3. Map GEM ports to service streams.

Step 7 Add service ports.

Step 8 Select the IGMP mode.

huawei(config-mvlan100)#igmp mode snooping
Step 9 Configure the IGMP upstream port.

huawei(config)#btv
Step 10 Configure the global parameters.

In the example, all global parameters adopt the default settings. For details on the configuration,
refer to "30.15 Configuring the IGMP VLAN Parameters" and "30.14 Configuring IGMP
Global Parameters."
Step 11 Configure the program library.
10.10.10.10
10.10.10.10
10.10.10.10
Step 12 Configure the authority profile.

Add watch access for profile0 to program1 and program2.


Step 13 Configure multicast users.

An auth-user must be bound with an authority profile, then the user gets the access configured
in the profile. Non-auth-user has access to all programs.
program 8
huawei(config-btv)#igmp user add port 0/11/1 gemport 151 user-vlan 11 no-auth max-
program 8
profile0

huawei(config)#save
----End
Result
l User 1 (PC1) can watch program1 and program2, but cannot watch program3.
l User 2 (PC2) can watch all programs.
30.5 Configuration Example of the Multicast Service in

Subtending Mode
This topic provides an example for configuring the multicast service in subtending mode.
Networking
Figure 30-7 shows an example network for configuring the subtended multicast service.

Figure 30-7 Example network for configuring the subtended multicast service
Multicast source
Router
CON
ETH
ESC
GE 0/9/0
GE 0/9/1
SCU MA5600T_ A
A CON
D ETH
ESC
L
F GE 0/9/0
SCU MA5600T_B
Modem Modem
PC PC
Data Plan
Table 30-4 provides the data plan for configuring the subtended multicast service.
Table 30-4 Data plan for configuring the subtended multicast service
Item Data
MA5600T_A SCU board

The SCU board provides an upstream port (0/9/0) to connect to the upper
layer multicast router (with IP address of 10.0.0.254) and a subtending port
(0/9/1) to connect to MA5600T_B.
VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
Add port 1 on the SCU board to VLAN 100 as the subtending port.

Item Data
The multicast server provides three programs. The source IP address of

the program is 10.10.10.10. Three programs use the default preview profile
of the system.
program1: 224.1.1.1
program2: 224.1.1.2
program3: 224.1.1.3
The IP address of the port of the upper layer router that is interconnected
with the MA5600T is 10.0.0.254.
MA5600T_B VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
The multicast server provides three programs. The source IP address of

the program is 10.10.10.10. Three programs use the default preview profile
of the system.
program1: 224.1.1.1
program2: 224.1.1.2
program3: 224.1.1.3
Authority profile
Set profile 0 as the authority profile. Based on this profile, users can watch
program1 (224.1.1.1) and program2 (224.1.1.2) in the program library.
Modem
The VPI/VCI of the modem connected to the ADSL port is 0/35.
Multicast user
l Multicast user 1: The service port is 0/11/0, the VPI/VCI is 0/35, and
the bound authority profile is profile0.
l Multicast user 2: The service port is 0/11/1, the VPI/VCI is 0/35, and
no authentication is required.
Figure 30-8 and Figure 30-9 show the flowchart for configuring the multicast service in
subtending mode.

Figure 30-8 Flowchart for configuring the multicast service in subtending mode
(MA5600T_A)
Set the IGMP mode
Configure the IGMP

Start upstream port
Configure the global

Create a Smart VLAN parameters (optional)
Add the upstream port Configure the program

library
Set the native VLAN for

the port (optional) Configure the multicast
subtending port
VLAN configuration
End
Figure 30-9 Flowchart for configuring the multicast service in subtending mode
(MA5600T_B)
Start Set the IGMP mode
Configure the xDSL port Configure the IGMP

upstream port
Create a VLAN Configure the global

Add an upstream port to

the VLAN Configure the program
library
Configure the native
VLAN of the port (optional)
attriobutes (optional)
Add service ports to the
VLAN
VLAN configuration profile
Configure the multicast

users
End

Procedure
l Procedure for configuring MA5600T_A
1. Configure a VLAN.
– Create a VLAN.
– Add upstream ports to the VLAN.

2. Configure the multicast service.

– Set the IGMP mode.
– Configure the IGMP upstream port.

huawei(config)#btv
– Configure the program library.

huawei(config-mvlan100)#igmp program add name program1 ip 224.1.1.1
sourceip 10.10.10.10
– Configure the multicast subtending port.

huawei(config)#btv
huawei(config-btv)#igmp cascade-port 0/9/1 static enable
3. Save the data.

huawei(config)#save
l Procedure for configuring MA5600T_B

1. Configure the xDSL port.
In this example, the ADSL2+ port is bound with the default line profile (profile 1002).
No configuration is needed.
2. Configure a VLAN.
– Create a VLAN.
– Add an upstream port to the VLAN.

– Set the native VLAN of the port.

– Add service ports to the VLAN.

huawei(config)#service-port vlan 100 adsl 0/11/0 vpi 0 vci 35 rx-cttr
6 tx-cttr 6
huawei(config)#service-port vlan 100 adsl 0/11/1 vpi 0 vci 35 rx-cttr
6 tx-cttr 6



huawei(config)#btv

– Configure the authority profile.

huawei(config-btv)#igmp profile profile-name profile0 program-name
program1 watch
program2 watch
– Configure the multicast user.

huawei(config-btv)#igmp user add port 0/11/1 no-auth
huawei(config-btv)#igmp user add port 0/11/0 auth
huawei(config-btv)#igmp user bind-profile port 0/11/0 profile-name
profile0
4. Save the data.

huawei(config)#save
----End
Result
30.6 Configuring the Multicast Service in MSTP

Networking
This topic describes how to configure the multicast service in networking.
Prerequisite
l There exists a multicast source in the network and its IP address is known.
Networking
Figure 30-10 shows the example network of the multicast service in MSTP networking.

Three MA5600T devices (MA5600T_A, MA5600T_B and MA5600T_C) form an ring network.
All services are transmitted upstream to the IP network through MA5600T_A. MA5600T_C
subtends MA5600T_D through the GE port.
Figure 30-10 Example network of the multicast service in MSTP networking
Multicast
source
Router
2 3 9
CON
ETH
A A ESC
D D 0
L L 1
F F 2
3
SCU MA5600T_A
2 3 9 2 9
CON
ETH
A A ESC A
D D D
L L 0 L 0
F F 1 F 1
2 2
3 3
MA5600T_B SCU MA5600T_C SCU
2 9
CON
ETH
A ESC
D
L 0
F 1
2
3
SCU MA5600T_D
ADSL2+ ADSL2+
modem modem
PC1 PC2
Data Plan
Table 30-5 provides the data plan for the example network of the multicast service in MSTP
networking.

Table 30-5 Data plan for the example network of the multicast service in MSTP networking
Item Data
MA5600T_ The SCU board:

A l Provides upstream port 0/9/0 to interconnect with the upper layer multicast
router (10.0.0.254).
l Provides subtending port 0/9/1 to connect to the MA5600T_B.
l Provides subtending port 0/9/2 to connect to the MA5600T_C.
VLAN:
Add ports 0/9/0, 0/9/1 and 0/9/2 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
The native VLAN of the port is set to VLAN 100.
The multicast server provides three programs.

program1: 224.1.1.1
program2: 224.1.1.2
program3: 224.1.1.3

B l Provides the port 0/9/0 to connect to the MA5600T_A.
l Provides the subtending port 0/9/1 to connect to the MA5600T_C.
VLAN:
l Add the ports 0/9/0 and 0/9/1 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
l The native VLAN of the port is set to 100.

program1: 224.1.1.1
program2: 224.1.1.2
program3: 224.1.1.3

C l Provides the upstream port 0/9/0 to connect to the MA5600T_A.
l Provides the subtending port 0/9/1 to connect to the MA5600T_B.
l Provides the subtending port 0/9/2 to connect to the MA5600T_D.
VLAN:
l Add the ports 0/9/0, 0/9/1 and 0/9/2 on the SCU board to VLAN 100, which
are used as the upstream port of the VLAN.
l The native VLAN of the port is set to 100.

program1: 224.1.1.1
program2: 224.1.1.2
program3: 224.1.1.3

Item Data
MA5600T_ VLAN:
D Add the port 0/9/0 on the SCU board to VLAN 100, which is used as the
upstream port of the VLAN.

program1: 224.1.1.1
program2: 224.1.1.2
program3: 224.1.1.3
Authority profile: Users bound with authority profile profile0 can watch
program1 and program2, and preview program3.
Modem: The VPI/VCI of the modem connected to the port is 0/35.
Multicast user:
l Multicast user 1: The service port is 0/11/0, VPI/VCI is 0/35, and authority
profile profile0 is bound.
l Multicast user 2: The service port is 0/11/1, VPI/VCI is 0/35, without
authentication.
Figure 30-11 and Figure 30-12 show the flowchart for configuring the multicast service in
networking mode.
Figure 30-11 Flowchart for configuring the multicast service in MSTP networking on
MA5600T_A, MA5600T_B and MA5600T_C
Multicast service
configuration
Start
Set IGMP mode
Enable the MSTP function Configure the IGMP

upstream port
Create the VLAN Configure IGMP global

Add the upstream port Configure the

program library
Set native VLAN for the Configure the IGMP

port subtending port
VLAN configuration
End

Figure 30-12 Flowchart for configuring the multicast service in MSTP networking on
MA5600T_D
Multicast service
configuration
Start Set IGMP Proxy mode
Configure IGMP
Enable the MSTP function upstream port
Configure IGMP global

Configure the xDSL port parameters (optional)
Create the VLAN Configure program

library
Add the upstream port Configure preview

Set native VLAN for the

port Configure authority
profile
Configure the virtual

port Configure multicast
user
VLAN configuration
End
Procedure
l Configuration of MA5600T_A.
1. Configure the VLAN.
– Create a VLAN.
– Add an upstream port.

huawei(config)#port vlan 100 0/90-2
– Set the native VLAN of the upstream port.


huawei(config-mvlan100)#igmp default uplink-port 0/9/0
huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode mstp



huawei(config)#btv
3. Save the data.

huawei(config)#save
l Configuration of MA5600T_B.
– Create a VLAN.




huawei(config)#btv


huawei(config)#btv
huawei(config-btv)#igmp cascade-port 0/9/1 quickleave enable
3. Save the data.

huawei(config)#save
l Configuration of MA5600T_C.
– Create a VLAN.






huawei(config)#btv

huawei(config)#btv

3. Save the data.

huawei(config)#save
l Configuration of MA5600T_D.
1. Configure the xDSL port.
In this example, the ADSL2+ port uses the system default line profile (profile 1002).
– Create a VLAN.


– Add a service port.

huawei(config)#service-port 100 vlan 100 adsl 0/11/0 vpi 0 vci 35 rx-
cttr 6 tx-cttr 6
huawei(config)#service-port 101 vlan 100 adsl 0/11/1 vpi 0 vci 35 rx-
cttr 6 tx-cttr 6


huawei(config)#btv



– Configure the authority profile.

program1 watch
program2 watch
program3 preview
– Configure the multicast user.

huawei(config-btv)#igmp user add port 0/11/0 auth
huawei(config-btv)#igmp user bind-profile port 0/11/0 profile-name
profile0
4. Save the data.

huawei(config)#save
----End
Result
l User 1 can watch program1 and program2, and can preview program3.
30.7 Configuration Example of the Multicast Service

Through the PIM-SSM Protocol
This topic provides an example for realizing the multicast service through the Protocol
Independent Multicast Source Specific Multicast (PIM-SSM) protocol.
Prerequisite
l The multicast source must be available in the network and its IP address must be known.
l The IP address and the unicast routing protocol of the routing interface must be configured.
In this way, the L3 intercommunication between the MA5600T and the upper layer router
must be realized, and the dynamic routes are updated based on the unicast routing protocols.

Networking
The MA5600T communicates with the multicast terminals through the IGMP protocol. At the
same time, the MA5600T communicates with the devices on the network side through the PIM-
SSM protocol. The PIM-SSM protocol allows the MA5600T to provide the multicast service in
an L3 network.
Figure 30-13 shows an example network for configuring the multicast service through the PIM-
SSM protocol.
Figure 30-13 Example network for configuring the multicast service through the PIM-SSM
protocol
Multicast
source
Internet
PIM-SSM-supported router
PIM-SSM interaction
CON
G ETH GE 0/19/0
P ESC
B
C
IGMP interaction
MA5600T
Optical splitter
ONT
PC
Data Plan
Table 30-6 provides the data plan for configuring the multicast service through the PIM-SSM
protocol.

Table 30-6 Data plan for configuring the multicast service through the PIM-SSM protocol
Item Data
Multicast l VLAN ID: 600

VLAN l IP address of VLAN interface 600: 10.10.10.2
l Protocol running on VLAN interface 600: IGMP
PIM-SSM l VLAN: 700

l IP address of VLAN interface 700: 10.10.20.1
l Protocol running on VLAN interface 700: PIM-SSM
Upstream port 0/19/0
Program l Program name: program1

library l IP address of the program: 224.1.1.1
l Source IP address of the program: 192.1.1.2
Authority profile0: It allows the users to watch program1 in the program library
profile
User l Service port: 0/11/0

l VPI/VCI: 0/35
l Authority profile: profile0
IP address of 10.0.0.254: It should be in the same subnet as the IP address of the upper
the host layer router.
Modem VPI/VCI of modem connected to the port: 0/35
Figure 30-14 shows the flowchart for configuring the multicast service through the PIM-SSM
protocol.

Figure 30-14 Flowchart for configuring the multicast service through the PIM-SSM protocol
Start PIM-SSM
configuration
Configure the multicast mode of Enable the multicast routing

the upstream port as PIM-SSM function
Create a VLAN Configure the multicast VLAN L3

interface and turn it into up state
Add the service port to the VLAN Enable the IGMP protocol on the
L3 interface of the multicast VLAN
Configure the IGMP proxy mode

Configure the L3 interface and
enable the PIM-SSM protocol
(Optional) Configure IGMP global
parameters and multicast VLAN (Optional) Configure the PIM-SSM
parameters parameters
Configure the program library

Save the data
Configure the authority profile

End
Configure the multicast user
IGMP configuration
Procedure
Step 1 Configure the multicast mode of the upstream port as PIM-SSM.
huawei(config)#multicast upstream-mode pim-ssm

Step 3 Add a service port to the VLAN.

Step 4 Configure the IGMP protocol.

1. Configure the IGMP proxy mode.
Are you sure to change IGMP mode?(y/n)
[n]:y
2. (Optional) Configure the IGMP global parameters and the multicast VLAN parameters.
In this example, the default values of the IGMP global parameters and multicast VLAN
parameters are used. To configure these parameters, see "30.14 Configuring IGMP Global
Parameters" and "30.15 Configuring the IGMP VLAN Parameters."
3. Configure the program library.


192.1.1.2 hostip 10.0.0.254
4. Configure the authority profile.

huawei(config)#btv
watch
5. Configure the multicast user.

l Create a multicast user: A multicast user can be created, provided that the related service
port exists. In this example, the service port created in step 3 is used.
huawei(config-btv)#igmp user add port 0/11/0 adsl 0 35 auth
l Bind the multicast user with the authority profile.

l Add the multicast user to the multicast VLAN.

Step 5 Configure the PIM-SSM protocol.

1. Enable the multicast routing function.
huawei(config)#multicast routing-enable
2. Configure the multicast VLAN L3 interface and turn it into up state.

l Add the upstream port to the multicast VLAN.
huawei(config-btv)#port vlan 600 0/19 0
l Create the L3 interface of the multicast VLAN and configure the interface IP. Make
sure that the IP address of the interface is not limited so that the L3 interface can be up.
3. Enable the IGMP protocol on the L3 interface of the multicast VLAN.

huawei(config-if-vlanif600)#igmp enable
4. Configure the L3 interface and enable the PIM-SSM protocol on the interface.
l Create a VLAN.
l Add the upstream port to the VLAN.

l Create the L3 interface and configure its IP address.

l Enable the PIM-SSM protocol on the interface.

huawei(config-if-vlanif700)#pim sm
5. (Optional) Configure the PIM-SSM parameters.

In this example, the default values of the PIM-SSM parameters are used. To configure the
parameters, see "30.16 Configuring the PIM-SSM Protocol Parameters."

huawei(config)#save
----End
Result
The users can watch program1.

30.8 Setting the IGMP Mode

l The configuration in IGMP snooping is the same as that in IGMP proxy. The difference
only lies in the internal protocol processing.
l In IGMP snooping mode, the host function, prejoin function, unsolicited report function
and static program adding function are not available.
Procedure
Step 1 Run the multicast-vlan command to enter MVLAN mode.
Step 2 Run the igmp mode command to set the IGMP mode.
Step 3 Run the display igmp config vlan command to query the current multicast mode.
----End
Example
To set the IGMP proxy mode, do as follows:
huawei(config-mvlan10)#display igmp config vlan 10
--------------------------------------------------------------------
IGMP mode : proxy
IGMP version : IGMP V3
Log switch : enable
Default uplink port : -
Report proxy switch : disable
Leave proxy switch : disable
Unsolicited report interval(s) : 10
IGMP priority : 6
Send global leave switch : enable
Program match mode : enable
Program match group : -
--------------------------------------------------------------------
30.9 Configuring the IGMP Upstream Port

This topic describes how to add an IGMP upstream port and set its working mode and assigned
bandwidth rate.
The working modes of the IGMP upstream port include default mode, MSTP mode and protect
mode. By default, the IGMP upstream port works in default mode.

l Default mode: The IGMP packet are sent through the specified VLAN in the upstream
direction, and the selection of the upstream port for the received multicast stream depends
on the upper layer device.
l MSTP mode: The IGMP upstream port is the root port used by MSTP or the default
upstream port.
l Protect mode: The IGMP upstream port is the activated upstream port in a protection group.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp uplink-port command to configure the IGMP upstream port.
Step 3 Run the quit command to exit multicast VLAN mode.
Step 4 Run the btv command to enter BTV mode.
Step 5 Run the igmp uplink-port-mode command to set the working mode of the upstream port.
Step 6 Run the display igmp uplink-port command to query the configuration of the IGMP upstream
port.
----End
Example
To set port 0/9/0 as the IGMP upstream port and to set it to work in MSTP mode, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp uplink-port all
---------------------------------------------
Port | Vlan | IGMP | V2 Router Present
| | version | Timer (s)
---------------------------------------------
0/9/0 2 IGMP V3 0
0/9/1 2 IGMP V3 0
---------------------------------------------
Total: 2
Related Operation
Table 30-7 lists the related operation for configuring the IGMP upstream port.
Table 30-7 Related operation for configuring the IGMP upstream port
Delete an IGMP upstream undo igmp uplink-port

port

30.10 Setting the Multicast Mode of an Upstream Port

This topic describes how to set the mode for an upstream port to interact with the upstream
devices. The modes can be IGMP or PIM-SSM.
Context
CAUTION
When the multicast mode of an upstream port is switched from IGMP to PIM-SSM, the IGMP
global parameters of the port are restored to the default value, but the subtending port and IGMP
user configurations remain the same.
l By default, the IGMP mode is adopted. In this way, the MA5600T interacts with the
upstream devices in the IGMP mode for the multicast service.
l The multicast mode of an upstream port can be switched from PIM-SSM to IGMP only
when the PIM-SSM function is not enabled on any VLAN interface in the MA5600T.
For how to disable the PIM-SSM function, refer to the related operation described in the
last part of this topic.
l The multicast mode of an upstream port can be switched only when all the multicast VLANs
are deleted. For how to delete a multicast VLAN, refer to the related operation described
in the last part of this topic.
Procedure
Step 1 Run the multicast upstream-mode command to set the multicast mode of an upstream port.
Step 2 Run the display multicast upstream-mode command to query the multicast mode of the
upstream port.
----End
Example
To set the multicast mode of the upstream port as PIM-SSM, do as follows:
huawei(config)#multicast upstream-mode pim-ssm
huawei(config)#display multicast upstream-mode
The current interactive mode of the upstream route is: PIM-SSM
Related Operations
Table 30-8 lists the related operations for setting the multicast mode of the upstream port.
Table 30-8 Related operations for setting the multicast mode of the upstream port
Disable the PIM-SSM function undo pim sm

Delete a multicast VLAN undo multicast-vlan
30.11 Enabling the Multicast Routing Function

This topic describes how to enable the multicast routing function.
Context
To configure the PIM-SSM function on an MA5600T, you must set the multicast mode of the
upstream port as PIM-SSM, enable the multicast routing function, and then enable the PIM-
SSM function on the VLAN L3 interface.
For the detailed configuration procedures, see "30.7 Configuration Example of the Multicast
Service Through the PIM-SSM Protocol."
Procedure
Run the multicast routing-enable command to enable the multicast routing function.
----End
Example
To enable the multicast routing function, do as follows:
huawei(config)#multicast routing-enable
Related Operations
Table 30-9 lists the related operations for enabling the multicast routing function.
Table 30-9 Related operations for enabling the multicast routing function
Disable the multicast routing undo multicast routing-enable

function
Enable the PIM-SSM function pim sm
Set the multicast mode of the multicast upstream-mode

upstream port
30.12 Specifying a Subtending Port

This topic describes how to specify a subtending port. To subtend the MA5600T to a slave shelf
with multicast service users, you need to define the port connecting to the slave shelf as a
subtending port.

l An upstream port cannot be specified as a subtending port.
l If a subtending port is configured with the static attribute, the MA5600T does not process
any leave packet because the programs added to the port are not subject to aging.
l If a subtending port is configured with the quick leave attribute, when receiving leave
packets, the MA5600T cuts off the video stream, instead of sending specific group queries.
l The priority of the static attribute is higher than that of the quick leave attribute. That is,
when a subtending port is configured with both the static attribute and the quick leave
attribute, the latter is invalid.
Procedure
Step 2 Run the igmp cascade-port command to configure a static subtending port.
Step 3 Run display igmp cascade-port command to query the IGMP subtending port.
----End
Example
To specify a subtending port of port 0/9/1, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp cascade-port 0/9/1
-------------------------------------------
Port : 0/9/1
Active program : 0
Static join : enable
Quick leave : disable
Mismatch process : transparent
-------------------------------------------------
Related Operations
Table 30-10 lists the related operations for specifying a subtending port.
Table 30-10 Related operations for configuring a subtending port
Delete an IGMP subtending port undo igmp cascade-port
Modify the attributes of an IGMP subtending igmp cascade-port modify

port
30.13 Configuring a Program for a Static Subtending Port

This topic describes how to add a program for a static subtending port.

l Programs can be added or deleted for a subtending port through the command line, provided
that the subtending port is configured with static attributes.
l The subtending port has been added to the multicast VLAN.
l Programs can be added for a subtending port only when the IGMP mode of the multicast
VLAN is IGMP proxy.
Procedure
Step 2 Run the igmp static-join cascade-port command to configure a program for a static subtending
port.
Step 3 Run the display igmp static-join cascade-port command to display the settings of the IGMP
subtending port, as well as the forwarded program list of the port.
----End
Example
To add program 224.1.1.1 to static subtending port 0/9/1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp static-join cascade-port 0/9/1 ip 224.1.1.1 vlan 10
huawei(config-btv)#display igmp static-join cascade-port
-------------------------------
Port VLAN IP
---------------------------------
0/9/1 10 224.1.1.1
---------------------------------
Total: 1
Related Operation
Table 30-11 lists the related operation for configuring a program for a static subtending port.
Table 30-11 Related operation for configuring a program for a static subtending port
Delete a program from the static subtending port undo igmp static-join cascade-port
30.14 Configuring IGMP Global Parameters

This topic describes how to configure the IGMP global parameters.
30.14.1 Enabling the IGMP Proxy Authorization

This topic describes how to enable the IGMP proxy authorization.
30.14.2 Setting the Robustness Variable
This topic describes how to set the robustness variable.
30.14.3 Setting the General Query Interval

This topic describes how to set the interval of the general query issued by the querier.
30.14.4 Setting the Maximum Response Time to the General Query
This topic describes how to set the maximum response time to the general query.
30.14.5 Setting the Number of Specific Queries
This topic describes how to set the number of specific queries.
30.14.6 Setting the Group-Specific Query Interval
This topic describes how to set the group-specific query interval.
30.14.7 Setting the Maximum Response Time to the Group-Specific Query
This topic describes how to set the maximum response time to a group-specific query. After the
system issues a group-specific query, the user must respond to the query within the maximum
response time.
30.14.8 Setting the TTL for a V2 Router
This topic describes how to set the time to live (TTL) for a V2 router. After receiving the query
packet of the V2 version from the upper layer router, the MA5600T enables an aging timer of
V2 router to the upstream port. Before the timer expires, the upstream port sends the V2 report
to the upstream.
30.14.9 Setting the Preview Recognition Time
This topic describes how to set the preview recognition time. When the preview recognition time
is set, any preview that is not exceeding this duration is not considered as valid, and is not saved.
The invalid preview is not journalized.
30.14.10 Enabling the User Action Report Function
This topic describes how to enable the user action report function.
30.14.11 Set the Permitted Encapsulation Mode of IGMP Packets
This topic describes how to set the permitted encapsulation mode of IGMP packets.
30.14.12 Enabling the IGMP Echo Function
This topic describes how to enable the IGMP echo function.
30.14.1 Enabling the IGMP Proxy Authorization

This topic describes how to enable the IGMP proxy authorization.
By default, the IGMP proxy authorization is enabled.
To enable authentication of the "auth" users, you need to enable the IGMP proxy authorization
first.
Procedure
Step 2 Run the igmp proxy authorization enable command to enable the IGMP proxy authorization.
Step 3 Run the display igmp config global command to check whether the IGMP proxy authorization
is enabled.
----End

Example
To enable the IGMP proxy authentication, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy authorization enable
huawei(config-btv)#display igmp config global
--------------------------------------------------------
Program number of license : 1024
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
V2 General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
V2 Specific query response time(0.1s) : 8
Specific query number : 2
V2 router present timeout(s) : 400
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Uplink port mode : default
Bandwidth management switch : enable
CDR auto report interval(s) : 600
CDR auto report number : 200
IGMP Packet encapsulation : all
IGMP ECHO switch : disable
V3 packet snooping process policy : firstmatch
---------------------------------------------------------
Related Operation
Table 30-12 lists the related operation for enabling the IGMP proxy authorization.
Table 30-12 Related operation for enabling the IGMP proxy authorization
Disable the IGMP proxy authentication igmp proxy authorization disable
30.14.2 Setting the Robustness Variable

This topic describes how to set the robustness variable.
l The robustness variable defines the reliability of a system. It determines the aging time of
a member and the packet retransmit count. If a subnet is unstable, and prone to packet loss,
you need to enhance the robustness.
l By default, the variable is 2.
Procedure

Step 2 Run the igmp proxy router robustness command to set the robustness variable of the system.
Step 3 Run the display igmp config global command to query the robustness variable.
----End
Example
To set the robustness variable of the system to 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router robustness 5
--------------------------------------------------------
---------------------------------------------------------
Related Operation
Table 30-13 lists the related operation for setting the robustness variable.
Table 30-13 Related operation for setting the robustness variable
Restore the default robustness variable undo igmp proxy router robustness
30.14.3 Setting the General Query Interval

This topic describes how to set the interval of the general query issued by the querier.
By default, the general query interval is 125s.

Procedure
Step 2 Run the igmp proxy router gen-query-interval command to set the interval of the general
query issued by the querier.
Step 3 Run the display igmp config global command to display the interval of the general query issued
by the querier.
----End
Example
To set the query interval to 200s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-query-interval 200
--------------------------------------------------------
---------------------------------------------------------
Related Operation
Table 30-14 lists the related operation for setting the general query interval.
Table 30-14 Related operation for setting the general query interval
Restore the default general query interval undo igmp proxy router gen-query-interval
30.14.4 Setting the Maximum Response Time to the General Query

This topic describes how to set the maximum response time to the general query.

l The maximum response time determines the time taken by a multicast user in responding
to a query packet. By increasing the maximum response time, you can reduce the burst of
response packet traffic.
l By default, the maximum response time is 100 in the unit of 0.1s, that is, 10s.
l The maximum response time to the general query must be smaller than the general query
interval.
l You can set the maximum response time to the group-specific query of the IGMP V2 and
V3 versions respectively.
Procedure
Step 2 Run the igmp proxy router gen-response-time command to set the maximum response time
to the general query.
Step 3 Run the display igmp config global command to display the maximum response time to the
general query.
----End
Example
To set the maximum response time to 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-response-time v3 200
--------------------------------------------------------
---------------------------------------------------------
Related Operation
Table 30-15 lists the related operation for setting the maximum response time to the general
query.

Table 30-15 Related operation for setting the maximum response time to the general query
Restore the default maximum response undo igmp proxy router gen-response-time
time for the general query
30.14.5 Setting the Number of Specific Queries

This topic describes how to set the number of specific queries.
After receiving a leave packet from a user, the MA5600T sends a query packet to the user, as
long as the attribute of such a leave packet is not "fast leave". With the set query number, the
MA5600T considers that the user has left if no response is received after it has queried the user
according to the set group-specific query count and has waited for a period equal to the maximum
response time.
By default, the set group-specific query count is 2.
Procedure
Step 2 Run the igmp proxy router sp-query-number command to set the number of specific queries.
Step 3 Run the display igmp config global command to display the number of specific queries.
----End
Example
To set the group-specific query count to 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-number 5
--------------------------------------------------------
User action report switch : enable


---------------------------------------------------------
Related Operation
Table 30-16 lists the related operation for setting the number of specific queries.
Table 30-16 Related operation for setting the number of specific queries
Restore the default number of specific undo igmp proxy router sp-query-number
queries
30.14.6 Setting the Group-Specific Query Interval

This topic describes how to set the group-specific query interval.
By default, the group-specific query interval is 10 in the unit of 0.1s, that is, 1s.
Procedure
Step 2 Run the igmp proxy router sp-query-interval command to set the group-specific query
interval.
Step 3 Run the display igmp config global command to display the group-specific query interval.
----End
Example
To set the group-specific query interval to 2s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-interval 20
--------------------------------------------------------


---------------------------------------------------------
Related Operation
Table 30-17 lists the related operation for setting the group-specific query interval.
Table 30-17 Related operation for setting the group-specific query interval
Restore the default group-specific query undo igmp proxy router sp-query-interval
interval
30.14.7 Setting the Maximum Response Time to the Group-Specific

Query
This topic describes how to set the maximum response time to a group-specific query. After the
system issues a group-specific query, the user must respond to the query within the maximum
response time.
l By default, the maximum response time to a group-specific query is 8 in the unit of 0.1s,
that is, 0.8s.
l The maximum response time to a group-specific query must be smaller than the group-
specific query interval.
l You can set the maximum response time to the group-specific query of the IGMP V2 and
V3 versions respectively.
Procedure
Step 2 Run the igmp proxy router sp-response-time command to set the maximum response time to
a group-specific query.
Step 3 Run the display igmp config global command to display the maximum response time to a group-
specific query.
----End
Example
To set the maximum response time for a group-specific query to 5 (0.5s), do as follows:
huawei(config)#btv

huawei(config-btv)#igmp proxy router sp-response-time V3 5

--------------------------------------------------------
---------------------------------------------------------
Related Operation
Table 30-18 lists the related operation for setting the maximum response time for the group-
specific query.
Table 30-18 Related operation for setting the maximum response time for the group-specific
query
Restore the default maximum response undo igmp proxy router sp-response-time
time for the group-specific query
30.14.8 Setting the TTL for a V2 Router

This topic describes how to set the time to live (TTL) for a V2 router. After receiving the query
packet of the V2 version from the upper layer router, the MA5600T enables an aging timer of
V2 router to the upstream port. Before the timer expires, the upstream port sends the V2 report
to the upstream.
l The TTL for a V2 router refers to the period between the time of receiving a V2 query and
sending an IGMP V2 report by the router.
l By default, the TTL for a V2 router is 400s.
Procedure

Step 2 Run the igmp proxy router timeout command to set the TTL for a V2 router.
Step 3 Run the display igmp config global command to query the TTL for the V2 router.
----End
Example
To set the TTL of the V2 router to 200s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router timeout v2 200
--------------------------------------------------------
---------------------------------------------------------
Related Operations
Table 30-19 lists the related operations for setting the TTL for a V2 router.
Table 30-19 Related operations for setting the TTL for a V2 router
Restore the default TTL for a V2 router undo igmp proxy router timeout
30.14.9 Setting the Preview Recognition Time

This topic describes how to set the preview recognition time. When the preview recognition time
is set, any preview that is not exceeding this duration is not considered as valid, and is not saved.
The invalid preview is not journalized.
By default, the recognition time is 30s.

Procedure
Step 2 Run the igmp proxy recognition-time command to preview recognition time.
Step 3 Run the display igmp config global command to display the preview recognition time.
----End
Example
To set the preview recognition time to 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy recognition-time 20
--------------------------------------------------------
---------------------------------------------------------
Related Operation
Table 30-20 lists the related operation for setting the preview recognition time.
Table 30-20 Related operation for setting the preview recognition time
Restore the default preview recognition undo igmp proxy recognition-time

time
30.14.10 Enabling the User Action Report Function

This topic describes how to enable the user action report function.

By default, the action report function for the BTV user is disabled.
Procedure
Step 2 Run the igmp user-action-report enable command to set the user action report function.
Step 3 Run the display igmp config global command to display the status of the user action report
function.
----End
Example
To enable the BTV user action report function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user-action-report enable
--------------------------------------------------------
---------------------------------------------------------
Related Operation
Table 30-21 lists the related operation for enabling the user action report function.
Table 30-21 Related operation for enabling the user action report function
Disable the user action report function igmp user-action-report disable

30.14.11 Set the Permitted Encapsulation Mode of IGMP Packets

This topic describes how to set the permitted encapsulation mode of IGMP packets.
l By default, the default encapsulation mode of IGMP packets is all, that is, the permitted
encapsulation modes of user-side packets are: PPPoE, IPoA and IPoE.
l When the permitted encapsulation mode of IGMP packets is PPP, the permitted
encapsulation mode of user-side packets is PPPoE.
l When the permitted encapsulation mode of IGMP packets is IP, the permitted encapsulation
mode of user-side packets is IPoA and IPoE.
Procedure
Step 2 Run the igmp encapsulation command to set the permitted encapsulation mode of IGMP
packets.
Step 3 Run the display igmp config global command to query the permitted encapsulation mode of
IGMP packets.
----End
Example
To set the permitted encapsulation mode of IGMP packets as ppp, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp encapsulation ppp
--------------------------------------------------------
IGMP Packet encapsulation : ppp
---------------------------------------------------------
30.14.12 Enabling the IGMP Echo Function

This topic describes how to enable the IGMP echo function.

l By default, the IGMP echo function is disabled.
l The IGMP echo function takes effect only in snooping mode.
– When the IGMP echo is enabled, the system sends IGMP over PPP message and IGMP
over IP message to the upper layer device.
– When the IGMP echo is disabled, the system sends only IGMP over PPP message to
the upper layer device.
Procedure
Step 2 Run the igmp echo command to enable the IGMP echo function.
Step 3 Run the display igmp config global command to query the state of the IGMP echo function.
----End
Example
To enable the IGMP echo function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp echo enable
--------------------------------------------------------
IGMP ECHO switch : enable
---------------------------------------------------------
30.15 Configuring the IGMP VLAN Parameters

This topic describes how to configure the IGMP VLAN parameters.
30.15.1 Setting the IGMP Mode

30.15.2 Configuring the IGMP Version

This topic describes how to configure the version of the IGMP protocol that runs on the multicast
VLAN. The MA5600T supports IGMP V2 and IGMP V3.
30.15.3 Configuring the Multicast Program
This topic describes how to add one or more programs to the program library.
30.15.4 Setting the Unsolicited Report Interval
This topic describes how to set the unsolicited report interval. When the IGMP proxy works in
unsolicited report mode, the report packet is sent to the upper layer router at the set interval.
30.15.5 Enabling the Proxy of the IGMP Leave Packet
This topic describes how to enable the proxy of the IGMP leave packet.
30.15.6 Enabling the Proxy of the IGMP Report Packet
This topic describes how to enable the proxy of the IGMP report packets.
30.15.7 Enabling the Function of Sending the Global-leave Packet
This topic describes how to send the global-leave packet.
30.15.8 Setting the Priority of the IGMP Packet
This topic describes how to set the priority of the IGMP packet.
30.15.9 Configuring the Multicast VLAN Member
This topic describes how to configure the multicast VLAN member.
30.15.10 Enabling the Logging Function
This topic describes how to enable the logging function of the multicast VLAN.
30.15.11 Setting the IP Address Range of the Multicast VLAN to Generate the Program Group
Dynamically
This topic describes how to set the address range of the multicast VLAN to generate the program
group dynamically.
30.15.12 Enabling the Program Matching Mode of the Multicast VLAN
This operations enables the program matching mode of the multicast VLAN.
30.15.13 Configuring the Virtual Upstream Port
This topic describes how to configure the virtual upstream port of the multicast VLAN.
30.15.1 Setting the IGMP Mode

l The configuration in IGMP snooping mode is the same as the configuration in IGMP proxy
mode. The difference, however, lies in the internal protocol processing.
l In IGMP snooping mode, the host function, prejoin function, unsolicited report function,
and the function of adding a program statically are not available.
Procedure
Step 2 Run the igmp mode command to set the IGMP mode.
Step 3 Run the display igmp config vlan command to query the current IGMP mode.
----End

Example
To set the IGMP mode as IGMP proxy, do as follows:
huawei(config-mvlan30)#display igmp config vlan
{ all<K>|vlanid<1,4093> }:30
Command:
display igmp config vlan 30
------------------------------------------------------------
IGMP mode : proxy
Log switch : enable
IGMP priority : 6
------------------------------------------------------------
Related Operation
Table 30-22 lists the related operation for configuring the IGMP mode.
Table 30-22 Related operation for configuring the IGMP mode
Query the IGMP global display igmp config global

configuration
30.15.2 Configuring the IGMP Version

This topic describes how to configure the version of the IGMP protocol that runs on the multicast
VLAN. The MA5600T supports IGMP V2 and IGMP V3.
By default, the multicast VLAN runs in IGMP V3version. The procedure for configuring the
IGMP version is as follows:
Procedure
Step 2 Run the igmp version command to configure the IGMP version.
Step 3 Run the display igmp config vlan command to query the IGMP version information about the
multicast VLAN.
----End

Example
To configure the IGMP version of multicast VLAN 30 as V2, do as follows:
huawei(config-mvlan30)#igmp version v2
huawei(config-mvlan30)#display igmp config vlan
{ all<K>|vlanid<1,4093> }:30
Command:
display igmp config vlan 30
------------------------------------------------------------
IGMP mode : proxy
Log switch : enable
IGMP priority : 6
------------------------------------------------------------
Related Operation
Table 30-23 lists the related operation for configuring the IGMP version.
Table 30-23 Related operation for configuring the IGMP version


configuration
30.15.3 Configuring the Multicast Program

This topic describes how to add one or more programs to the program library.
l When adding a program, configure the attributes of the program. The configurable
attributes include the program name, the multicast IP address, the bandwidth and the index
of a program, the index of the program preview profile, and the program source IP address.
l A program name contains up to 16 characters.
l The multicast IP address segment has the addresses ranging from 224.0.0.1 to 224.0.0.255.
These private addresses are used for transmitting the local protocol packets. The IP address
in this segment cannot be assigned to the multicast programs.
l The last 23 bits of the multicast IP address cannot be the same for different multicast
programs. Otherwise, a conflict of the mapping MAC addresses of the IP addresses occurs.

NOTE
l If the IGMP version of the multicast VLAN is V2, the program source information need not be entered when
you add a program in this VLAN.
l If the IGMP version of the multicast VLAN is V3, the program source information must entered when you
add a program in this VLAN.
Procedure
Step 2 Run the igmp program add command to add the multicast program.
Step 3 Run the display igmp program command to query the multicast program information.
----End
Examples
l Program name: BTV
l IP address of the program: 224.1.1.1
l Source IP address: 20.20.20.20
l Bandwidth of the program: 4 M
l Priority: 6
l Preview profile number: 2
l Other parameters: default settings
To add the program to multicast VLAN 10, do as follows:

huawei(config-mvlan10)#igmp program add name BTV ip 224.1.1.1 sourceip 20.20.20.20
bandwidth 4096 priority 6 preview-profile 2
huawei(config-mvlan10)#display igmp program name BTV
---------------------------------------------
Program index : 2
Create mode : static
Program name : BTV
IP address : 224.1.1.1
VLAN ID : 10
Host attribute : enable
Log attribute : enable
Prejoin attribute : disable
Unsolicited attribute : disable
Priority : 6
Host IP : 0.0.0.0
Bandwidth(kbps) : 4096
SourceIP : 20.20.20.20
Preview Profile : 2
Numbers of watching : 0
---------------------------------------------

l IP address range of the program: 224.10.10.10-224.10.10.20
l Source IP address: 10.10.10.10
l Priority: 3

l Preview profile number: 0

l Other parameters: default settings
To add the programs in batches to multicast VLAN 10, do as follows:

huawei(config-mvlan10)#igmp program add batch ip 224.10.10.10 to-ip 224.10.10.20
sourceip 10.10.10.10 priority 3 preview-profile 0
Operation is running, please waiting...
Success:11,failure:0
huawei(config-mvlan10)#display igmp program all
------------------------------------------------------------------------------
Index| Create | IP | Program |User |VLAN |Prejoin|Prio-
| Flag | Address | name |num | ID | |rity
------------------------------------------------------------------------------
0 S 224.1.1.1 zyy2 0 30 disable 7
1 S 224.2.2.2 BTV-1 0 10 disable 6
2 S 224.1.1.1 BTV 0 10 disable 6
3 S 224.10.10.10 PROGRAM-3 0 10 disable 3
------------------------------------------------------------------------------
Total: 14 program(s) (Static/Dynamic: 14/0)
Note : # The program data is valid, but it is no license or
the uplink port ID is beyond number of board port.
Related Operations
Table 30-24 lists the related operations for configuring the multicast program.
Table 30-24 Related operations for configuring the multicast program

Query the display igmp config global -

IGMP global
configuration
Query the display igmp config vlan -

configuration
of the multicast
VLAN
Rename a igmp program rename A program name uniquely identifies

program a program in the program library.
Delete a igmp program delete Deleting a program that a user is

program watching forces the user to go
offline.

Modify the igmp program modify l You can modify only one
program program attribute at a time.
attributes l Batch modification of the
program name and the
modification of the program IP
address are not allowed.
l Modifying the priority and the
preview profile of a program
causes the associated user to go
offline.
30.15.4 Setting the Unsolicited Report Interval

This topic describes how to set the unsolicited report interval. When the IGMP proxy works in
unsolicited report mode, the report packet is sent to the upper layer router at the set interval.
By default, the unsolicited report interval is 10s.
Procedure
Step 2 Run the igmp unsolicited-report interval command to set the unsolicited report interval.
Step 3 Run the display igmp config vlan command to query the value of the unsolicited report interval.
----End
Example
To set the unsolicited report interval of multicast VLAN 10 to 100s, do as follows:
huawei(config-mvlan10)#igmp unsolicited-report interval 100
------------------------------------------------------------
IGMP mode : off
Log switch : enable
IGMP priority : 6
------------------------------------------------------------
Related Operations
Table 30-25 lists the related operations for setting the unsolicited report interval.

Table 30-25 Related operations for setting the unsolicited report interval
Restore the unsolicited undo igmp unsolicited-report interval

report interval to the
default value

configuration
30.15.5 Enabling the Proxy of the IGMP Leave Packet

This topic describes how to enable the proxy of the IGMP leave packet.
By default, the proxy of the IGMP leave packet in the multicast VLAN is disabled.
l When the proxy is enabled, the MA5600T reconstructs and forwards the IPoE leave packets
of the BTV user.
l When the proxy is disabled, the MA5600T forwards all the IPoE packets of the BTV user.
NOTE
l The proxy of the IGMP leave packet has no effect on the PPPoE packets.
l The proxy of the IGMP leave packet takes effect only in IGMP snooping mode.
Procedure
Step 2 Run the igmp leave-proxy enable command to enable the proxy of the IGMP leave packet.
Step 3 Run the display igmp config vlan command to query the proxy status of the IGMP leave packet.
----End
Example
To enable the proxy of the IGMP leave packet in multicast VLAN 10, do as follows:
huawei(config-mvlan10)#igmp leave-proxy enable
------------------------------------------------------------
IGMP mode : off
Log switch : enable
Leave proxy switch : enable
IGMP priority : 6
------------------------------------------------------------

Related Operations
Table 30-26 lists the related operations for enabling the proxy of the IGMP leave packet.
Table 30-26 Related operations for Enabling the proxy of the IGMP leave packet
Disable the proxy of the igmp leave-proxy disable

IGMP leave packet

configuration
30.15.6 Enabling the Proxy of the IGMP Report Packet

This topic describes how to enable the proxy of the IGMP report packets.
l By default, the proxy of the IGMP report packet is disabled. With the proxy of the IGMP
report packet enabled, when the report packet of the user is sent, the system checks whether
this user is the first to order the program.
– If yes, the packet is forwarded to the upstream direction.
– If no, the packet is dropped.
l When the proxy is enabled, the proxy substitutes the user to create the IGMP report packet
in response to the upstream query packet, and only forwards the packet of adding the first
user.
l When the proxy is disabled, all the legal user's IGMP report packets are forwarded to the
upstream direction.
NOTE
l The proxy of the IGMP report packet takes effect only in IGMP snooping mode.
l The proxy can create and forward only the IPoE IGMP report packet.
Procedure
Step 2 Run the igmp report-proxy enable command to enable the proxy of the IGMP report packet.
Step 3 Run the display igmp config vlan command to query the proxy status of the IGMP report packet.
----End
Example
To enable the proxy of the IGMP report packet in multicast VLAN 10, do as follows:
huawei(config-mvlan10)#igmp report-proxy enable

------------------------------------------------------------
IGMP mode : snooping
Log switch : enable
Report proxy switch : enable
IGMP priority : 6
------------------------------------------------------------
Related Operations
Table 30-27 lists the related operations for enabling the proxy of the IGMP report packet.
Table 30-27 Related operations for enabling the proxy of the IGMP report packet
Disable the proxy of the igmp report-proxy disable

IGMP report packet

configuration
30.15.7 Enabling the Function of Sending the Global-leave Packet

This topic describes how to send the global-leave packet.
By default, the function of sending the global-leave packet is enabled.
l With this function enabled, when the MA5600T detects that the network topology changes,
the system sends the global-leave packet to the new upstream port.
l When this function is enabled and the multicast VLAN works in IGMP V2 version, if the
MA5600T detects that the network topology changes, the system sends the global-leave
packet to the new upstream port.
Procedure
Step 2 Run the igmp send global-leave enable command to enable the function of sending the global-
leave packet.
Step 3 Run the display igmp config vlan command to query the status of the function of sending the
global-leave packet.
----End

Example
To enable the function of sending the global-leave packet on multicast VLAN 10, do as follows:
huawei(config-mvlan10)#igmp send global-leave enable
------------------------------------------------------------
IGMP mode : off
Log switch : enable
IGMP priority : 6
------------------------------------------------------------
Related Operations
Table 30-28 lists the related operations for enabling the function of sending the global-leave
packet.
Table 30-28 Related operations for enabling the function of sending the global-leave packet
Disable the function of igmp send global-leave disable

sending the global-leave
packet

configuration
30.15.8 Setting the Priority of the IGMP Packet

This topic describes how to set the priority of the IGMP packet.
The priority range of the IGMP packet in the multicast VLAN is from 0 to 7. The greater the
value of the priority, the higher the priority level. By default, the priority of the IGMP packet in
the multicast VLAN is 6.
NOTE
Only in IGMP proxy mode, the IGMP packet sent to the network by the MA5600T is processed based on the
IGMP packet priority in the multicast VLAN. When the IGMP mode is IGMP snooping, the priority of the
IGMP packet forwarded to the network by the MA5600T adopts that of the IGMP service flow.
Procedure

Step 2 Run the igmp priority command to set the priority of the IGMP packet.
Step 3 Run the display igmp config vlan command to query the priority of the IGMP packet.
----End
Example
To set the priority of the IGMP packet in multicast VLAN 10 to 2, do as follows:
huawei(config-mvlan10)#igmp priority 2
------------------------------------------------------------
IGMP mode : off
Log switch : enable
IGMP priority : 2
------------------------------------------------------------
Related Operation
Table 30-29 lists the related operation for setting the priority of the IGMP packet.
Table 30-29 Related operation for setting the priority of the IGMP packet

configuration
30.15.9 Configuring the Multicast VLAN Member

This topic describes how to configure the multicast VLAN member.
You can add a member to the multicast VLAN, only if the VLAN exists, and the user accessing
the member port is a BTV user. You can delete a BTV user, only if the user is a multicast VLAN
member.
Procedure
Step 2 Run the igmp multicast-vlan member command to add the multicast VLAN member.

Step 3 Run the display igmp multicast-vlan member command to query the information about the
multicast VLAN member.
----End
Example
To add BTV user 0/2/0 (GEM Port ID: 130) as the member of multicast VLAN 10, do as follows:
huawei(config-mvlan10)#display igmp multicast-vlan member vlan 10
BTV user(s) join the multicast vlan :
------------------------------------------------------------------------
0/2/0/130
------------------------------------------------------------------------
Total: 1
Related Operations
Table 30-30 lists the related operations for configuring the multicast VLAN member.
Table 30-30 Related operations for configuring the multicast VLAN member
Delete the multicast undo igmp multicast-vlan member

VLAN member
Add a BTV user igmp user add
30.15.10 Enabling the Logging Function

This topic describes how to enable the logging function of the multicast VLAN.
This function involves recording the online and offline information of the multicast user in the
multicast VLAN. By default, the logging function is enabled.
Procedure
Step 2 Run the igmp log enable command to enable the logging function.
Step 3 Run the display igmp config vlan command to query the status of the logging function on the
multicast VLAN.
----End
Example
To enable the logging function on multicast VLAN 10, do as follows:

huawei(config-mvlan10)#igmp log enable
------------------------------------------------------------
IGMP mode : off
Log switch : enable
IGMP priority : 6
------------------------------------------------------------
Related Operation
Table 30-31 lists the related operation for enabling the logging function.
Table 30-31 Related operation for enabling the logging function


configuration
30.15.11 Setting the IP Address Range of the Multicast VLAN to

Generate the Program Group Dynamically
This topic describes how to set the address range of the multicast VLAN to generate the program
group dynamically.
After the IP address range of the multicast VLAN is configured to generate the program group
dynamically, only the multicast programs in this range can be generated dynamically when the
dynamic program generation mode is enabled.
Procedure
Step 2 Run the igmp match group command to set the IP address range of the multicast VLAN to
generate the program group dynamically.
Step 3 Run the display igmp config vlan command to query the IP address range of the multicast
VLAN to generate the program group dynamically.
----End
Example
To set the IP address range of multicast VLAN 10 to generate the program group dynamically
from 224.20.20.20 to 224.20.20.29, do as follows:

huawei(config-mvlan10)#igmp match group ip 224.20.20.20 to-ip 224.20.20.29
------------------------------------------------------------
IGMP mode : off
Log switch : enable
IGMP priority : 6
Program match group : 224.20.20.20 ~ 224.20.20.29
------------------------------------------------------------
Related Operations
Table 30-32 lists the related operations for setting the IP address range of the multicast VLAN
to generate the program group dynamically.
Table 30-32 Related operations for setting the IP address range of the multicast VLAN to
generate the program group dynamically
Delete the IP address undo igmp match group

range of the multicast
VLAN to generate the
program group
dynamically
Disable the program igmp match mode disable

matching mode of the
multicast VLAN
30.15.12 Enabling the Program Matching Mode of the Multicast

VLAN
This operations enables the program matching mode of the multicast VLAN.
l The programs must be pre-configured when the program matching mode of the multicast
VLAN is enabled.
l The programs need not be pre-configured when the program matching mode of the
multicast VLAN is disabled. The programs are generated automatically once the user orders
them.
NOTE
When the program matching mode of the multicast VLAN switches, all program data in the multicast VLAN
are deleted. If a BTV user is online at that time, the user is forced to go offline.

Procedure
Step 2 Run the igmp match mode command to enable the program matching mode of the multicast
VLAN.
Step 3 Run the display igmp config vlan command to query the status of the program matching mode
of the multicast VLAN.
----End
Example
To enable the program matching mode on multicast VLAN 10, do as follows:
huawei(config-mvlan10)#igmp match mode enable
------------------------------------------------------------
IGMP mode : off
Log switch : enable
IGMP priority : 6
Program match group : 224.20.20.20 ~ 224.20.20.29
------------------------------------------------------------
Related Operation
Table 30-33 lists the related operation for enabling the program matching mode of the multicast
VLAN.
Table 30-33 Related operation for enabling the program matching mode of the multicast VLAN
Disable the program igmp match mode disable

matching mode of the
multicast VLAN
30.15.13 Configuring the Virtual Upstream Port

This topic describes how to configure the virtual upstream port of the multicast VLAN.
The multicast upstream port can belong to different multicast VLANs, and a multicast VLAN
can be configured with multiple virtual upstream ports.

Procedure
Step 2 Run the igmp uplink-port command to configure the virtual upstream port of the multicast
VLAN.
Step 3 Run the display igmp uplink-port command to query the information about the virtual upstream
port of the multicast VLAN.
----End
Example
To configure port 0/9/0 as the virtual upstream port of multicast VLAN 10, do as follows:
huawei(config-mvlan10)#display igmp uplink-port all
---------------------------------------------
Port | Vlan | IGMP | V2 Router Present
| | version | Timer (s)
---------------------------------------------
0/9/0 10 IGMP V3 0
0/9/1 10 IGMP V3 0
---------------------------------------------
Total: 2
Note: # The port ID is beyond number of board port.
Related Operations
Table 30-34 lists the related operations for configuring the virtual upstream port.
Table 30-34 Related operations for configuring the virtual upstream port
Delete the virtual undo igmp uplink-port -

upstream port of the
multicast VLAN
Configure the igmp bandwidth uplink-port -

bandwidth of the
upstream port
Set the working mode igmp uplink-port-mode -

of the upstream port
Configure the default igmp default uplink-port When the MA5600T is

upstream port of the not enabled with the STP
multicast VLAN function or it functions
as the root bridge device
in the STP network, the
default upstream port of
the multicast VLAN
applies to the upstream
port of the MA5600T.

30.16 Configuring the PIM-SSM Protocol Parameters

This topic describes how to configure the PIM-SSM protocol parameters.
30.16.1 Enabling the PIM-SSM Function
This topic describes how to enable the PIM-SSM function on a VLAN L3 interface.
30.16.2 Setting the DR Priority of a PIM Router
This topic describes how to set the DR priority of a PIM router in PIM mode or VLAN interface
mode.
30.16.3 Setting the Interval for a PIM Router to Send Hello Messages
This topic describes how to set the interval for a PIM router to send Hello messages in PIM
mode or VLAN interface mode.
30.16.4 Setting the Holdtime for Receiving the Hello Messages
This topic describes how to set the holdtime for receiving the Hello messages in PIM mode or
VLAN interface mode.
30.16.5 Setting the Longest Delay for Triggering the Transmission of the Hello Message
This topic describes how to set the longest delay for triggering the transmission of Hello message.
30.16.6 Setting the Specifications of the Join/Prune Messages
This topic describes how to set the specifications of the Join/Prune messages. The specifications
involve the packet length, and the number of (S, G) entries contained in the packets sent every
second.
30.16.7 Setting the Interval for Sending the Join/Prune Messages
This topic describes how to set the interval for sending the Join/Prune messages in PIM mode
or VLAN interface mode.
30.16.8 Setting the Delay for a PIM Router to Perform Pruning
This topic describes how to set the delay for a PIM router to perform pruning in PIM mode or
30.16.9 Setting the Interval for a PIM Router to Override Pruning
This topic describes how to set the interval for a PIM router to override pruning in PIM mode
30.16.10 Setting the Holdtime for a PIM Router to Maintain the Join Status of a Downstream
Interface
This topic describes how to set the holdtime for a PIM router to maintain the join status of a
downstream interface in PIM mode or VLAN interface mode.
30.16.11 Setting the Range of the PIM-SSM Multicast Addresses
This topic describes how to set the range of the PIM-SSM multicast addresses.
30.16.1 Enabling the PIM-SSM Function

This topic describes how to enable the PIM-SSM function on a VLAN L3 interface.
Prerequisite
l The multicast mode of the upstream port must be PIM-SSM.
l The multicast routing function must be enabled.

l The related VLAN must be created.
Context
By default, the PIM-SSM function is disabled on the MA5600T. The following describes the
PIM-SSM function and its relationship with the PIM-SM function.
l Protocol Independent Multicast-Source Specific Multicast (PIM-SSM) applies to the
scenario where multiple multicast users share one multicast source, and the multicast users
know the source IP address of the multicast source in advance.
The designated router (DR) on the user side applies to the upper layer multicast router
through the protocols such as IGMP V3 for joining the specified multicast group towards,
and finally establishes the multicast distribution tree, namely the shortest path tree (SPT).
l PIM-SSM is implemented based on the Protocol Independent Multicast-Sparse Mode
(PIM-SM). PIM-SM is a multicast routing protocol in the sparse mode, and applies to the
large-scale network where the distribution of group members is sparse.
l PIM-SSM adopts only part of the PIM-SM technologies. It does not need to maintain the
rendezvous point (RP), establish the rendezvous point tree (RPT), or register the multicast
source. For PIM-SSM, the SPT can be directly established between the multicast sources
and the receivers.
The MA5600T supports the PIM-SSM protocol, but it does not support the PIM-SM
protocol.
Procedure
Step 2 Run the pim sm command to enable the PIM-SSM function on the VLAN L3 interface.
----End
Example
To enable the PIM-SSM function on VLAN interface 100, do as follows:
huawei(config-if-vlanif100)#pim sm
Related Operation
Table 30-35 lists the related operation for enabling the PIM-SSM function.
Table 30-35 Related operation for enabling the PIM-SSM function

Disable the PIM-SSM function undo pim sm
30.16.2 Setting the DR Priority of a PIM Router

This topic describes how to set the DR priority of a PIM router in PIM mode or VLAN interface
mode.

Prerequisite
Context
l According to the PIM-SSM protocol, a DR must be elected from the shared-media LAN
to manage the registration of local multicast sources and joining of receivers.
A DR is elected based on the priority and the IP address. The routers mutually send Hello
messages carrying the priority parameter for electing a DR. The router with the highest
priority is elected as the DR. If the DR priority is the same, the router with the largest IP
address is elected as the DR.
l For a PIM router, the larger the DR priority value, the higher the priority. The DR priority
value is in the range of 0–4294967295. By default, it is 1.
l The command used for configuring the priority of a router for DR election in PIM mode
functions in the same way as the command used in VLAN interface mode. The difference
is that the MA5600T prefers the DR priority set in VLAN interface mode.
When the DR priority set in interface mode does not exist, the MA5600T uses the DR
priority set in PIM mode.
Procedure
l In PIM mode, do as follows:
1. Run the pim command to enter PIM mode.
2. Run the hello-option dr-priority command to set the DR priority of a PIM router in
PIM mode.
3. Run the quit command to exit PIM mode.
4. Run the display pim interface command to query the PIM information on the
interface.
l In VLAN interface mode, do as follows:
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the pim hello-option dr-priority command to set the DR priority of a PIM router
on a specified interface.
3. Run the quit command to exit VLAN interface mode.
interface.
----End
Examples
To set the DR priority of a PIM router to 3 in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#hello-option dr-priority 3
huawei(config-pim)#quit
huawei(config)#display pim interface verbose
Vpn-instance: public net

Interface: vlanif500, 10.10.10.1

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
PIM DR Priority (configured): 3
PIM neighbor count: 0
PIM hello interval: 30 s
PIM LAN delay (negotiated): 500 ms
PIM LAN delay (configured): 500 ms
PIM hello override interval (negotiated): 2500 ms
PIM hello override interval (configured): 2500 ms
PIM neighbor tracking (configured): disabled
PIM neighbor tracking (negotiated): disabled
PIM generation ID: 0X212532C8
PIM hello hold interval: 105 s
PIM hello assert interval: 454545 s
PIM triggered hello delay: 5 s
PIM J/P interval: 60 s
PIM J/P hold interval: 210 s
PIM BSR domain border: disabled
Number of routers on network not using DR priority: 0
Number of routers on network not using LAN delay: 0
Number of routers on network not using neighbor tracking: 1
To set the DR priority of a PIM router to 4 on VLAN interface 500, do as follows:

huawei(config-if-vlanif500)#pim hello-option dr-priority 4

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
Related Operations
Table 30-36 lists the related operations for setting the DR priority of a PIM router.
Table 30-36 Related operations for setting the DR priority of a PIM router
Restore the DR priority of a PIM undo hello-option dr-priority

router to the default value in PIM
mode

Restore the DR priority of a PIM undo pim hello-option dr-priority

router to the default value in VLAN
interface mode
30.16.3 Setting the Interval for a PIM Router to Send Hello Messages
This topic describes how to set the interval for a PIM router to send Hello messages in PIM
mode or VLAN interface mode.
Prerequisite
Context
l The interval for a PIM router to send Hello messages must be less than the Hello holdtime
which is transmitted with the Hello messages sent by the router. For how to set the holdtime
for the PIM router to wait for the Hello messages, see "30.16.4 Setting the Holdtime for
Receiving the Hello Messages."
l The interval is in the range of 1–21474836s. By default, it is 30s.
l The command used for setting the interval for a PIM router to send Hello messages in PIM
mode functions in the same way as the command used in VLAN interface mode. The
difference is that the MA5600T prefers the interval set in VLAN interface mode.
When the interval set in VLAN interface mode does not exist, the MA5600T uses the
interval set in PIM mode.
Procedure
2. Run the timer hello command to set the interval for a PIM router to send Hello
messages in PIM mode.
interface.
2. Run the pim timer hello command to set the interval for a PIM router to send Hello
interface.
----End

Examples
To set the interval for a PIM router to send Hello messages to 50s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#timer hello 50

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
Number of routers on network not using DR priority:
0
To set the interval for a PIM router to send Hello messages to 80s on VLAN interface 500, do
as follows:
huawei(config-if-vlanif500)#pim timer hello 80

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
Number of routers on network not using DR priority:
0

Related Operations
Table 30-37 lists the related operations for setting the interval for a PIM router to send Hello
messages.
Table 30-37 Related operations for setting the interval for a PIM router to send Hello messages
Restore the interval for a PIM undo timer hello

router to send Hello messages to
the default value in PIM mode
Restore the interval for a PIM undo pim timer hello

router to send Hello messages to
the default value in VLAN
interface mode
30.16.4 Setting the Holdtime for Receiving the Hello Messages

This topic describes how to set the holdtime for receiving the Hello messages in PIM mode or
Prerequisite
Context
l The holdtime for receiving the Hello messages refers to the valid time for a PIM router to
receive the Hello messages sent from a PIM neighbor. If no Hello messages are received
before the holdtime times out, the PIM router considers that the neighbor fails or is
unreachable. Note that the holdtime must be greater than the interval for a PIM router to
send Hello messages.
For how to set the interval for a PIM router to send Hello messages, see "30.16.3 Setting
the Interval for a PIM Router to Send Hello Messages."
l The holdtime is in the range of 1–65535s. By default, it is 105s.
l The command used for setting the holdtime of the Hello messages sent from a PIM neighbor
in PIM mode functions in the same way as the command used in VLAN interface mode.
The difference is that the MA5600T prefers the holdtime set in VLAN interface mode.
When the holdtime set in VLAN interface mode does not exist, the MA5600T uses the
holdtime set in PIM mode.
Procedure
2. Run the hello-option holdtime command to set the holdtime for receiving the Hello
messages.


interface.
2. Run the pim hello-option holdtime command to set the holdtime for receiving the
Hello messages on a specified interface.
interface.
----End
Examples
To set the holdtime for receiving the Hello messages to 160s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#hello-option holdtime 160

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
To set the holdtime for receiving the Hello messages to 240s on VLAN interface 500, do as
follows:
huawei(config-if-vlanif500)#pim hello-option holdtime 240

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)


Related Operations
Table 30-38 lists the related operations for setting the holdtime for receiving the Hello messages.
Table 30-38 Related operations for setting the holdtime for receiving the Hello messages
Restore the holdtime for receiving undo hello-option holdtime

the Hello messages to the default
value in PIM mode
Restore the holdtime for receiving undo pim hello-option holdtime

the Hello messages to the default
value in VLAN interface mode
30.16.5 Setting the Longest Delay for Triggering the Transmission

of the Hello Message
This topic describes how to set the longest delay for triggering the transmission of Hello message.
Prerequisite
Context
l The longest delay is used to prevent multiple PIM routers from concurrently sending Hello
messages when they are powered on simultaneously. After the longest delay is set, the
MA5600T selects a random value less than the set value to delay the transmission of Hello
messages. After the delay, the MA5600T sends the Hello message.
For example, if the longest delay is N seconds (s), the MA5600T selects a random value
between 0–Ns as the delay, and sends the Hello message to the neighbor after this delay.
l The longest delay is in the range of 1–5s. By default, it is 5s.

Procedure
Step 2 Run the pim triggered-hello-delay command to set the longest delay for triggering the
transmission of the Hello message.
Step 4 Run the display pim interface command to query the PIM information on the interface.
----End
Examples
To set the longest delay for triggering the transmission of the Hello message to 4s on VLAN
interface 500, do as follows:
huawei(config-if-vlanif500)#pim triggered-hello-delay 4

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
Related Operation
Table 30-39 lists the related operation for setting the longest delay for triggering the transmission
of the Hello message.
Table 30-39 Related operation for setting the longest delay for triggering the transmission of
the Hello message
Restore the longest delay for undo pim triggered-hello-delay

triggering the transmission of the
Hello message to the default value

30.16.6 Setting the Specifications of the Join/Prune Messages

This topic describes how to set the specifications of the Join/Prune messages. The specifications
involve the packet length, and the number of (S, G) entries contained in the packets sent every
second.
Prerequisite
Context
l The length of the Join/Prune messages is in the range of 100–1500 bytes. By default, it is
1500 bytes.
l The number of (S, G) entries contained in the Join/Prune messages sent every second is in
the range of 1–4096. By default, it is 1020.
Procedure
l Set the length of the Join/Prune messages to be sent.
2. Run the jp-pkt-size command to set the size of the Join/Prune messages to be sent.
l Set the number of (S, G) entries contained in the packets sent every second.
2. Run the jp-queue-size command to set the number of (S, G) entries contained in the
packets sent every second.
----End
Examples
To set the size of the Join/Prune messages to be sent to 1100 bytes, do as follows:
huawei(config)#pim
huawei(config-pim)#jp-pkt-size 1100
To set the number of (S, G) entries contained in the packets sent every second to 1000, do as
follows:
huawei(config)#pim
huawei(config-pim)#jp-queue-size 1000
Related Operations
Table 30-40 lists the related operations for setting the specifications of the Join/Prune messages.

Table 30-40 Related operations for setting the specifications of the Join/Prune messages
Restore the size of the Join/Prune undo jp-pkt-size

messages to the sent to the default
value
Restore the number of (S, G) undo jp-queue-size

entries contained in the packets
sent every second to the default
value
Set the interval for sending the timer join-prune

Join/Prune messages in PIM mode
Set the interval for sending the pim timer join-prune

Join/Prune messages in VLAN
interface mode
30.16.7 Setting the Interval for Sending the Join/Prune Messages

This topic describes how to set the interval for sending the Join/Prune messages in PIM mode
Prerequisite
Context
l The interval is in the range of 1–2147483647s. By default, it is 60s.
l The command used for setting the interval for sending the Join/Prune messages in PIM
mode functions in the same way as the command used in VLAN interface mode. The
difference is that the MA5600T prefers the interval set in VLAN interface mode.
Procedure
2. Run the timer join-prune command to set the interval for sending the Join/Prune
interface.

2. Run the pim timer join-prune command to set the interval for sending the Join/Prune
messages in VLAN interface mode.
interface.
----End
Examples
To set the interval for sending the Join/Prune messages to 100s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#timer join-prune 100

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
To set the interval for sending the Join/Prune messages to 120s on VLAN interface 500, do as
follows:
huawei(config-if-vlanif500)#pim timer join-prune 120

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)


Related Operations
Table 30-41 lists the related operations for setting the interval for sending the Join/Prune
messages.
Table 30-41 Related operations for setting the interval for sending the Join/Prune messages
Restore the interval for sending the undo timer join-prune

Join/Prune messages to the default
value in PIM mode
Restore the interval for sending the undo pim timer join-prune
Join/Prune messages to the default
30.16.8 Setting the Delay for a PIM Router to Perform Pruning

This topic describes how to set the delay for a PIM router to perform pruning in PIM mode or
Prerequisite
Context
l The Hello messages sent by a PIM router carry the lan-delay (message transmission delay)
parameter and the override-interval (prune override interval) parameter. The lan-delay
parameter indicates the delay for message transmission in a LAN. If the lan-delay values
of all the routers along a link are different, the routers negotiate to select a maximum value.
l lan-delay + override-interval = PPT, where PPT indicates the delay for a current router to
perform pruning after it receives the Prune message from a downstream router. Pruning
suppresses the downstream interface forwarding. If the downstream Prune override
message is received during the PPT, the router cancels the pruning.
For how to configure the override-interval, see "30.16.9 Setting the Interval for a PIM
Router to Override Pruning."
l The delay is in the range of 1–32767 ms. By default, it is 500 ms.
l The command used for setting the delay for a PIM router to perform pruning in PIM mode
is that the MA5600T prefers the delay set in VLAN interface mode.

When the delay set in VLAN interface mode does not exist, the MA5600T uses the delay
set in PIM mode.
Procedure
2. Run the hello-option lan-delay command to set the delay for a PIM router to perform
pruning in PIM mode.
interface.
2. Run the pim hello-option lan-delay command to set the delay for a PIM router to
perform pruning on a specified interface.
interface.
----End
Examples
To set the delay for a PIM router to perform pruning to 600 ms in PIM mode, do as follows:
NOTE
The delay set in this operation is the PIM LAN delay (configured) displayed in the response to the display
pim interface command. The value is carried in the Hello messages for negotiation.
After the routers along a link complete the negotiation, a negotiated value is obtained, which is the PIM
LAN delay (negotiated) displayed in the response to the display pim interface command. This negotiated
value is the lan-delay that takes effect. The rule for negotiation is to choose the maximum value among the
delay values of all the PIM routers.
huawei(config)#pim
huawei(config-pim)#hello-option lan-delay 600

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)


To set the delay for a PIM router to perform pruning to 700 ms on VLAN interface 500, do as
follows:
huawei(config-if-vlanif500)#pim hello-option lan-delay 700

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
Related Operations
Table 30-42 lists the related operations for setting the delay for a PIM router to perform pruning.
Table 30-42 Related operations for setting the delay for a PIM router to perform pruning
Restore the delay for a PIM router undo hello-option lan-delay

to perform pruning to the default
value in PIM mode
Restore the delay for a PIM router undo pim hello-option lan-delay
to perform pruning to the default
30.16.9 Setting the Interval for a PIM Router to Override Pruning

This topic describes how to set the interval for a PIM router to override pruning in PIM mode

Prerequisite
Context
l The Hello messages sent by a PIM router carry the message transmission delay (lan-delay)
and the prune override interval (override-interval). The lan-delay parameter indicates the
delay for message transmission in a LAN.
The override-interval parameter indicates the interval for a downstream router to override
pruning. If the override-interval values of all the routers along a link are different, the routers
negotiate to select a maximum value.
l lan-delay + override-interval = PPT, where PPT indicates the delay for a current router to
perform pruning after it receives the Prune message from a downstream router. Pruning
suppresses the downstream interface forwarding. If the downstream Prune override
message is received during the PPT, the router cancels the pruning.
For how to configure the lan-delay, see "30.16.8 Setting the Delay for a PIM Router to
Perform Pruning."
l When a router receives a Prune message on the upstream interface, it indicates that other
downstream routers exist in this LAN. If this router still needs to receive the multicast data,
it must send the Prune override message to the upstream router during the override-interval.
l The interval is in the range of 1–65535 ms. By default, it is 2500 ms.
l The command used for setting the delay for a PIM router to override pruning in PIM mode
is that the MA5600T prefers the interval set in VLAN interface mode.
Procedure
2. Run the hello-option override-interval command to set the delay for a PIM router
to override pruning in PIM mode.
interface.
2. Run the pim hello-option override-interval command to set the interval for a PIM
router to override pruning on a specified interface.
interface.
----End

Examples
To set the interval for a PIM router to override pruning to 2800 ms in PIM mode, do as follows:
NOTE
The interval set in this operation is presented as the PIM hello override interval (configured) in the display
pim interface command. The value is carried in the Hello messages for negotiation. After the routers along
a link complete the negotiation, a negotiated value is obtained, which is presented as the PIM hello override
interval (negotiated) in the display pim interface command. This negotiated value is the override-interval
that takes effect. The rule for negotiation is to choose the maximum value among the interval values of all
the PIM routers.
huawei(config)#pim
huawei(config-pim)#hello-option override-interval 2800

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
To set the interval for a PIM router to override pruning to 3000 ms on VLAN interface 500, do
as follows:
huawei(config-if-vlanif500)#pim hello-option override-interval 3000

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)


Related Operations
Table 30-43 lists the related operations for setting the delay for a PIM router to override pruning.
Table 30-43 Related operations for setting the delay for a PIM router to override pruning
Restore the delay for a PIM router undo hello-option override-interval

to override pruning to the default
value in PIM mode
Restore the delay for a PIM router undo pim hello-option override-interval
to override pruning to the default
30.16.10 Setting the Holdtime for a PIM Router to Maintain the Join
Status of a Downstream Interface
This topic describes how to set the holdtime for a PIM router to maintain the join status of a
downstream interface in PIM mode or VLAN interface mode.
Prerequisite
Context
l The Join/Prune messages carry the holdtime. If a receiving router does not receive any Join
messages within the holdtime, it deletes the downstream interfaces. In general, the holdtime
is 3.5 times greater than the interval for sending the Join/Prune messages.
For how to configure the interval for sending the Join/Prune messages, see "30.16.7 Setting
the Interval for Sending the Join/Prune Messages."
l The holdtime is in the range of 1–65535s. By default, it is 210s.
l The command used for setting the holdtime for a PIM router to maintain the join status of
a downstream interface in PIM mode functions in the same way as the command used in
VLAN interface mode. The difference is that the MA5600T prefers the holdtime set in
When the holdtime set in VLAN interface mode does not exist, the MA5600T uses the
holdtime set in PIM mode.

Procedure
2. Run the holdtime join-prune command to set the holdtime for a PIM router to
maintain the joinf status of a downstream interface in PIM mode.
interface.
2. Run the pim holdtime join-prune command to set the holdtime for a PIM router to
maintain the join status of a downstream interface in VLAN interface mode.
interface.
----End
Examples
To set the holdtime for a PIM router to maintain the join status of a downstream interface to
220s in PIM mode, do as follows:
huawei(config)#pim
huawei(config-pim)#holdtime join-prune 220

PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
To set the holdtime for a PIM router to maintain the join status of a downstream interface to
215s on VLAN interface 500, do as follows:
huawei(config-if-vlanif500)#holdtime join-prune 215


PIM version: 2
PIM mode: Sparse
PIM DR: 10.10.10.1 (local)
Related Operations
Table 30-44 lists the related operations for setting the holdtime for a PIM router to maintain the
join status of a downstream interface.
Table 30-44 Related operations for setting the holdtime for a PIM router to maintain the join
status of a downstream interface
Restore the holdtime for a PIM undo holdtime join-prune

router to maintain the join status of
a downstream interface to the
default value in PIM mode
Restore the holdtime for a PIM undo pim holdtime join-prune

router to maintain the join status of
a downstream interface to the
default value in VLAN interface
mode
30.16.11 Setting the Range of the PIM-SSM Multicast Addresses

This topic describes how to set the range of the PIM-SSM multicast addresses.
Prerequisite

Context
l Perform this operation to specify the range of the PIM-SSM multicast addresses. All the
interfaces enabled with the PIM-SSM protocol consider that the multicast groups within
the range adopt the PIM-SSM mode.
l By default, the range of the PIM-SSM multicast addresses is 232.0.0.0/8.
Procedure
Step 1 Run the acl command to enter acl-basic mode.
NOTE
The ACL must be a basic ACL, which is in the range of 2000–2999.
Step 2 Run the rule permit source command to configure the ACL rule to define the permitted source
IP addresses as the PIM-SSM multicast addresses.
Step 3 Run the quit command to exit acl-basic mode.
Step 4 Run the pim command to enter PIM mode.
Step 5 Run the ssm-policy command to apply the configured ACL rule to specify the range of the PIM-
SSM multicast addresses.
----End
Example
To set the range of the PIM-SSM multicast addresses as 232.1.0.0/16, do as follows:
huawei(config-acl-basic-2000)#rule permit source 232.1.0.0 0.0.255.255
huawei(config)#pim
huawei(config-pim)#ssm-policy 2000
Related Operation
Table 30-45 lists the related operation for setting the range of the PIM-SSM multicast addresses.
Table 30-45 Related operation for setting the range of the PIM-SSM multicast addresses
Restore the range of the PIM-SSM undo ssm-policy

multicast addresses to the default
value
30.17 Managing Multicast Bandwidth

This topic describes how to manage multicast bandwidth.
30.17.1 Enabling the Bandwidth Management Function

This topic describes how to enable multicast bandwidth management.

30.17.2 Setting the Program Bandwidth

This topic describes how to set the program bandwidth. For details, see "30.15.3 Configuring
the Multicast Program."
30.17.1 Enabling the Bandwidth Management Function

This topic describes how to enable multicast bandwidth management.
l Only when the bandwidth management function is enabled that the bandwidth can be
managed.
l If the used bandwidth exceeds the allocated one, the system checks as follows.
– If the number of the programs being watched exceeds the maximum value, the system
delivers the group-specific query message to all the programs being watched. If there
are some programs which are not being watched (while the MA5600T has regarded
them being watched), the system deletes them from the user program list. In this case,
the number of programs being watched can be released.
– If the user's residual bandwidth is not enough, the system delivers the group-specific
query message to all the programs being watched. If there are some programs which
are not being watched while the MA5600T has regarded them being watched for some
reason, the system deletes them from the user program list. In this case, some occupied
bandwidth can be released.
Procedure
Step 2 Run the igmp bandwidthCAC command to enable the bandwidth management function.
Step 3 Run the display igmp config global command to display the bandwidth management function.
----End
Example
To enable bandwidth management of IGMP proxy, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp bandwidthcac enable
--------------------------------------------------------


IGMP ECHO switch : enable
---------------------------------------------------------
Related Operation
Table 30-46 lists the related operation for enabling the bandwidth management function.
Table 30-46 Related operation for enabling the bandwidth management function
Disable IGMP proxy bandwidth igmp bandwidthCAC disable

management
30.17.2 Setting the Program Bandwidth

This topic describes how to set the program bandwidth. For details, see "30.15.3 Configuring
the Multicast Program."
30.18 Configuring an Authority Profile

This topic describes how to configure an authority profile.
30.18.1 Modifying an Authority Profile

This topic describes how to modify an authority profile.
30.18.2 Renaming an Authority Profile
This topic describes how to rename an authority profile.
30.18.1 Modifying an Authority Profile

This topic describes how to modify an authority profile.
l By default, the system names the 2000 profiles as profile 1, profile 2, …, and profile N.
l The program authority can only be any one of watch, preview, forbidden and idle.
Procedure
Step 2 Run the igmp profile command to add the authority to watch program “BTV-1” to profile 1.
Step 3 Run the display igmp profile command to display the configuration of the authority profile.
----End

Example
To add program “BTV-1” with authority of watch to profile 1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp profile profile-name profile1 program-name BTV-1 watch
huawei(config-btv)#display igmp profile profile-name profile1
Profile index : 1
Profile name : Profile1
Program number : 1
User Reference Number : 0
-----------------------------------------------
Program name IP address Right
-----------------------------------------------
BTV-1 224.1.1.1 watch
-----------------------------------------------
Total:1
Related Operation
Table 30-47 lists the related operation for modifying an authority profile.
Table 30-47 Related operation for modifying an authority profile

Set the priority for user authorities igmp right-priority
30.18.2 Renaming an Authority Profile

This topic describes how to rename an authority profile.
l The new authority profile name cannot be identical to an existing one.
l The authority profile name is not case sensitive.
Procedure
Step 1 Run the igmp profile rename command to rename an authority profile.
Step 2 Run the display igmp profile command to display the authority profile.
----End
Example
To rename profile 1 as "VIP-channel", do as follows:
huawei(config-btv)#igmp profile rename profile1 VIP-channel
huawei(config-btv)#display igmp profile all
----------------------------------------------------------------------
index Profile name Program number User Reference Number
----------------------------------------------------------------------
0 Profile0 1 0
1 VIP-channel 0 0
2 Profile2 0 0

3 Profile3 0 0
4 Profile4 0 0
5 Profile5 0 0
6 Profile6 0 0
7 Profile7 0 0
8 Profile8 0 0
9 Profile9 0 0
10 Profile10 0 0
11 Profile11 0 0
12 Profile12 0 0
13 Profile13 0 0
14 Profile14 0 0
15 Profile15 0 0
16 Profile16 0 0
17 Profile17 0 0
18 Profile18 0 0
19 Profile19 0 0
30.19 Configuring Multicast Users

This topic describes how to configure multicast users.
30.19.1 Adding a BTV User

This topic describes how to add a BTV user.
30.19.2 Modifying the Attributes of a User
This topic describes how to modify the attributes of a user.
30.19.3 Blocking a BTV User
This topic describes how to block a BTV user. A blocked user cannot watch a program until the
user is unblocked.
30.19.4 Binding a User with an Authority Profile
This topic describes how to bind an auth user with an authority profile. An auth user can watch
programs of an authority profile only when the user is bound with the profile in authority profile
mode.
30.19.5 Enabling the Switch of Monitoring the BTV User
This topic describes how to enable the switch of monitoring the BTV user.
30.19.1 Adding a BTV User

This topic describes how to add a BTV user.
l When adding a BTV user, you must specify a PVC for carrying IGMP packets for this user.
l Each BTV user can watch up to eight programs at the same time. By default, a BTV user
can watch eight programs at the same time.
l An authentication (auth) user must be bound with some authority profiles to watch the
programs. The user who does not need authentication (no-auth) can watch all programs in
the multicast server. In this case, no authority needs to be configured for the user.
l You can add a user only when both the PVC for carrying IGMP packets and the PVC for
carrying the program stream exist.

Procedure
Step 2 Run the igmp user add command to add a BTV user.
Step 3 Run the display igmp user command to display the BTV user.
----End
Example
To add a user under port 0/11/0 as a BTV user (no-auth user), do as follows:
To add a user (GEM Port ID: 150) under port 0/11/0 as a BTV user (no-auth user), with quick
leave function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user add port 0/11/0 gemport 150 user-vlan 10 no-auth
quickleave enable
huawei(config-btv)#display igmp user port 0/11/0 gemport 150
{ <cr>|grant-program-list<K> }:
Command:
display igmp user port 0/11/0 gemport 150
User : 0/11/0
State : offline
Authentication : no-auth
Quick leave : enable
IGMP Interface : 150
IGMP flow Type : vlan
IGMP flow Parameter : 10
Video Interface :
Video flow Type : -
Video flow Parameter : -
Log switch : enable
Bind profiles : -
IGMP version : -
Available programs : 1
Mode : snooping
Process After Auth Fail : forward
Used bandwidth(kbps) : 0
The percentage of used
bandwidth to port rate(%) : 0
Gpon Max-bandwidth(kbps) : 10240
quick leave time(0.1s) : 0
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operations
Table 30-48 lists the related operations for adding a BTV user.
Table 30-48 Related operations for adding a BTV user
Delete a BTV user igmp user delete
Modify a BTV user igmp user modify

30.19.2 Modifying the Attributes of a User

This topic describes how to modify the attributes of a user.
The user attributes include authorization, quick leave, log switch, and maximum number of
channel programs to be watched.
You can modify only one attribute of a user at a time.
Procedure
Step 1 Run the btv to enter BTV mode.
Step 2 Run the igmp user modify command to modify the attributes of a user.
Step 3 Run the display igmp user command to query the multicast user information.
----End
Example
To modify user 0/2/0 as a user who needs authorization, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user modify port 0/11/0 auth
Are you sure to modify user by port?(y/n)[n]:y
huawei(config-btv)#display igmp user all
----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Log Available
profiles leave Interface switch programs
----------------------------------------------------------------------------
0/11/0 0 offline auth enable auto enable 8
----------------------------------------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID.
huawei(config-btv)#display igmp user all
-----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Video Log Available
profiles leave Interface Interface switch programs
-----------------------------------------------------------------------------
0/2/0/0 0 block auth enable 150 enable 1
0/2/1/0 1 offline auth enable 150 enable no-limit
-----------------------------------------------------------------------------
Total: 2
Related Operations
Table 30-49 lists the related operations for modifying the attributes of a user.

Table 30-49 Related operations for modifying the attributes of a user

Add a BTV user igmp user add
Delete a BTV user igmp user delete
30.19.3 Blocking a BTV User

This topic describes how to block a BTV user. A blocked user cannot watch a program until the
user is unblocked.
After a BTV user is blocked, the user is disconnected from the program that the user is watching.
l If the IP address or index of the program being watched is not specified, the system blocks
the user port. In addition, the user's access requests for any program after the user goes
offline are denied until the user is unblocked.
l If the IP address or index of the program being watched is specified, the system only blocks
the specified program. After the user gets offline, the user still can demand any program
except the blocked one.
Procedure
Step 2 Run the igmp user block command to block a BTV user.
Step 3 Run the display igmp user command to display the information on the BTV user.
----End
Example
To block user 0/11/0, do as follows:
To block a user (GEM Port ID: 150) under port 0/11/0, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user block port 0/11/0
huawei(config)#btv
huawei(config-btv)#igmp user block port 0/2/0 gemport 150
Are you sure to block user by port?(y/n)[n]:y
Command:
User : 0/11/0/0
State : block
Authentication : no-auth
Video Interface :

Video flow Type : -

Log switch : enable
Bind profiles : -
IGMP version : -
Available programs : 1
Mode : snooping
Related Operation
Table 30-50 lists the related operation for blocking a BTV user.
Table 30-50 Related operation for blocking a BTV user

Unblock a BTV user undo igmp user block
30.19.4 Binding a User with an Authority Profile

This topic describes how to bind an auth user with an authority profile. An auth user can watch
programs of an authority profile only when the user is bound with the profile in authority profile
mode.
l A user port can be bound with multiple profiles. However, "no-auth" user cannot be bound
with any profile.
l Up to 128 profiles can be bound to a user.
Procedure
Step 2 Run the igmp user bind-profile command to bind an authority profile.
Step 3 Run the display igmp user command to display the authority profile bound with the user.
----End
Example
To bind user 0/11/0 with "profile0", do as follows:
huawei(config)#btv
huawei(config)#btv
profile0


Command:
User : 0/11/0/0
State : offline
Authentication : auth
Video Interface :
Video flow Type : -
Log switch : enable
Bind profiles : 1
IGMP version : -
Available programs : no-limit
Mode : snooping
Bind profile list
---------------------------------------------
index Profile name Program number
---------------------------------------------
0 Profile0 1
---------------------------------------------
Total: 1
Related Operation
Table 30-51 lists the related operation for binding a user with an authority profile.
Table 30-51 Related operation for binding a user with an authority profile
Unbind an authority profile from a user undo igmp user bind-profile
30.19.5 Enabling the Switch of Monitoring the BTV User

This topic describes how to enable the switch of monitoring the BTV user.
Before enabling the switch of monitoring the BTV user, you must perform the following
operations:
l Run the terminal debugging command to enable the debugging information output switch.
l Run the debugging igmp all command to enable all the debugging switches in the system.

Procedure
Run the debugging igmp command to enable the switch of monitoring the BTV user.
----End
Example
To enable the switch of monitoring BTV user port 0/11/0, do as follows:
huawei(config)#debugging igmp port 0/11/0 gemport 150
Related Operation
Table 30-52 lists the related operation for enabling the switch of monitoring BTV users.
Table 30-52 Related operation for enabling the switch of monitoring BTV users
Disable the switch of monitoring BTV undo debugging igmp

users
30.20 Configuring the Preview Function

This topic describes how to configure the preview function.
30.20.1 Configuring the Preview Profile

This topic describes how to configure the preview profile.
30.20.2 Enabling the Preview Function
This topic describes how to enable the preview function.
30.20.3 Setting the Preview Auto Reset Time
This topic describes how to set the preview auto reset time. When the preview auto reset time
is set, the system clears the preview count to zero at the specified time.
30.20.4 Clearing the Preview Records Manually
This topic describes how to clear all preview records manually, including the record of the
preview logout time and count.
30.20.1 Configuring the Preview Profile

This topic describes how to configure the preview profile.
All parameters of the default preview profile with the index of 0 adopts the default settings:
l The maximum preview time is 120s.
l The maximum preview count is 8.
l The minimum preview interval is 120s.

Procedure
Step 2 Run the igmp preview-profile add command to configure the multicast preview profile.
Step 3 Run the display igmp preview-profile command to query the multicast preview profile.
----End
Example
To add preview profile with the index of 2, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview-profile add index 2 interval 60 duration 200 times
8
huawei(config-btv)#display igmp preview-profile index 2
Preview profile Index: 2
Preview duration(s): 200
Preview interval(s): 60
Preview count: 8
Program reference number: 3
Related Operations
Table 30-53 lists the related operation for configuring the preview profile.
Table 30-53 Related operation for configuring the preview profile
Modify the preview profile igmp preview-profile modify
Delete the preview profile igmp preview-profile delete
30.20.2 Enabling the Preview Function

This topic describes how to enable the preview function.
With the preview function disabled, users with preview authority cannot view any program.
Procedure
Step 2 Run the igmp preview enable command to enable the IGMP preview function.
Step 3 Run the display igmp config global command to check whether the preview function is enabled.
----End

Example
To enable the IGMP preview function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview enable
--------------------------------------------------------
---------------------------------------------------------
Related Operation
Table 30-54 lists the related operation for enabling the preview function.
Table 30-54 Related operation for enabling the preview function
Disable the IGMP preview function igmp preview disable
30.20.3 Setting the Preview Auto Reset Time

This topic describes how to set the preview auto reset time. When the preview auto reset time
is set, the system clears the preview count to zero at the specified time.
By default, the preview auto reset time is 04:00:00 am each day.
Procedure
Step 2 Run the igmp preview auto-reset-time command to set the preview auto reset time.

Step 3 Run the display igmp config global command to display the display the preview auto reset time.
----End
Example
To set the preview auto reset time as 05:00:00 am each day, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview auto-reset-time 05:00:00
--------------------------------------------------------
---------------------------------------------------------
Related Operations
Table 30-55 lists the related operations for setting the preview auto reset time.
Table 30-55 Related operations for setting the preview auto reset time
Restore the default preview auto reset undo igmp preview auto-reset-time
time
Reset the record of the preview logout igmp preview reset record
time manually
Reset the record of the preview logout igmp preview reset count
count manually
30.20.4 Clearing the Preview Records Manually

This topic describes how to clear all preview records manually, including the record of the
preview logout time and count.

The system records the previous preview logout time automatically. If a user previews a program
at an interval smaller than the value preset by running the igmp preview program command,
the user is not allowed to preview the program again.
Procedure
l Reset the record of the preview logout time manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset record command to clear all the records of the preview
logout time manually.
l Reset the record of the preview logout count manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset count command to clear all the records of the preview
logout count manually.
----End
Examples
To clear all the records of the preview logout time manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
To clear all the records of the preview logout count manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
Related Operation
Table 30-56 lists the related operation for resetting the preview record.
Table 30-56 Related operation for resetting the preview record

Set the preview auto reset igmp preview auto-reset-time

time
30.21 Configuring the Logging Function

This topic describes how to configure the logging function.
30.21.1 Enabling the Logging Function on the Multicast VLAN

This topic describes how to enable the logging function on the multicast VLAN. After the logging
function on the multicast VLAN is enabled, the system can log the activities of the users on the
multicast VLAN, including login time and logout time.
30.21.2 Setting the Logging Interval

This topic describes how to set the automatic log generation interval for a long-time online user.
30.21.3 Configuring the Log Reporting
This topic describes how to configure the log reporting function.
30.21.4 Collecting the Log Statistics
This topic describes how to collect the statistics on user logs for audience statistics.
30.21.1 Enabling the Logging Function on the Multicast VLAN

This topic describes how to enable the logging function on the multicast VLAN. After the logging
function on the multicast VLAN is enabled, the system can log the activities of the users on the
multicast VLAN, including login time and logout time.
By default, the logging function is enabled.
Procedure
Step 2 Run the igmp log enable command to enable the logging function on the multicast VLAN.
Step 3 Run the display igmp config vlan command to display the logging status on the multicast
VLAN.
----End
Example
To enable the IGMP proxy logging function on multicast VLAN 1, do as follows:
huawei(config-mvlan1)#igmp log enable
huawei(config-btv)#display igmp config vlan
{ all<K>|vlanid<1,4093> }:1
--------------------------------------------------------------------
IGMP mode : snooping
Log switch : enable
IGMP priority : 6
--------------------------------------------------------------------
Related Operations
Table 30-57 lists the related operations for enabling the logging function on the multicast
VLAN.

Table 30-57 Related operations for enabling the logging function on the multicast VLAN
Disable the IGMP proxy logging function igmp proxy log disable
Display the logs of IGMP users display igmp log
30.21.2 Setting the Logging Interval

This topic describes how to set the automatic log generation interval for a long-time online user.
The MA5600T can record the logs automatically. When a user watches a program for a long
time, and the time exceeds the time interval for generating the log, the system generates a log
automatically. This log can be used for billing in case that no log is generated when a user gets
offline abnormally after watching a program for a long time.
By default, the logging interval for the user is online of long duration is two hours.
Procedure
Step 2 Run the igmp proxy log-interval command to set the logging interval.
Step 3 Run the display igmp config global command to display the set logging interval.
----End
Example
To set the log generation interval as one hour, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy log-interval 1
--------------------------------------------------------


---------------------------------------------------------
Related Operation
Table 30-58 lists the related operation for setting the logging interval.
Table 30-58 Related operation for setting the logging interval

Restore the default logging interval undo igmp proxy log-interval
30.21.3 Configuring the Log Reporting

This topic describes how to configure the log reporting function.
The logs are reported based on the combination of port, program IP address, and time range.
Procedure
Step 2 Run the igmp log report command to configure the log report function.
----End
Example
To report the logs of program 225.1.1.1 under VLAN 1 generated during the period from
2006-1-10 9:00:00 to 2006-1-10 18:30:00, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp log report ip 225.1.1.1 vlan 1 time 2006-1-10 9:00:00 end
2006-1-10 18:30:00
Reporting log has finished
Reported log number: 50
Related Operations
Table 30-59 lists the related operations for configuring the log reporting.
Table 30-59 Related operations for configuring the log reporting

Stopping the log igmp log stop-report If the system is reporting the
reporting user log, the command stops
the log reporting. If not, the
system prompts errors.

Clear user logs igmp log reset -
Display the log statistics display igmp log statistic -
30.21.4 Collecting the Log Statistics

This topic describes how to collect the statistics on user logs for audience statistics.
The log statistics mainly include the programs ordered and related time parameters, can be
regarded as the dynamic on-demand information.
You can collect the statistics based on a pot, an IP address, or all users.
Procedure
Step 2 Run the display igmp log command to display the logs.
----End
Example
To collect the statistics on all user logs, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp log all
------------------------------------------------------------------------------
Port Program-IP Vlan Mode Join-time Leave-time
------------------------------------------------------------------------------
0/14/0 224.1.1.1 - N 2007-04-10 21:11:06 2007-04-10 21:11:06
0/14/0 224.1.1.1 - N 2007-04-10 21:10:54 2007-04-10 21:10:54
0/14/0 239.255.255.250 20 W 2007-04-10 10:57:38 2007-04-10 11:13:26
0/14/0 224.1.1.1 20 W 2007-04-10 11:06:45 2007-04-10 11:13:24
0/14/0 224.1.1.1 20 W 2007-04-10 11:05:25 2007-04-10 11:06:35
0/14/0 224.1.1.1 20 W 2007-04-10 10:57:38 2007-04-10 11:04:18
------------------------------------------------------------------------------
Total: 6
Note: P(Mode) indicates preview, W(Mode) indicates watch,
N(Mode) indicates no authority
30.22 Setting the Automatic CDR Reporting

This topic describes how to collect audience statistics by setting the auto call detailed record
(CDR) reporting.
The system can keep up to 10,240 multicast CDRs.
When configuring the servers, configure the primary server first. Make sure that the IP addresses
of the primary and secondary servers are different.

Automatic CDR reporting is enabled when either of the following conditions is met:
l No CDR is reported during the set time period (60–3600s), and there are some CDRs in
the system which need to be reported.
l The number of the CDRs in the system reaches the reporting threshold (100–200).
Procedure
Step 1 Run the backup-server cdr primary command to configure the primary server.
Step 2 Run the backup-server cdr secondary command to configure the secondary server.
Step 4 Run the igmp cdr-interval command to set the interval threshold for automatic CDR reporting.
Step 5 Run the igmp cdr-number command to set the quantity threshold for automatic CDR reporting.
Step 6 Run the display igmp config global command to display the thresholds for automatic CDR
reporting.
----End
Example
l The IP address of the primary server: 10.10.10.1
l The IP address of the secondary server: 10.10.10.2
l The user name: user1
l The password: no password 321
l The interval threshold for automatic CDR reporting: 500s
l The quantity threshold for auto CDR reporting: 140
To enable the automatic CDR reporting function, do as follows:
huawei(config)#backup-server cdr primary 10.10.10.1 ftp user1 nopassword
huawei(config)#backup-server cdr secondary 10.10.10.2 ftp user1 nopassword
huawei(config)#btv
huawei(config-btv)#igmp cdr-interval 500
huawei(config-btv)#igmp cdr-number 140
--------------------------------------------------------


CDR switch : enable
---------------------------------------------------------
Related Operations
Table 30-60 lists the related operations for setting the automatic CDR reporting.
Table 30-60 Related operations for setting the automatic CDR reporting
Delete a server undo backup-server -
Display the configuration display backup-server cdr -

of the server
Restore the default undo igmp cdr-number By default, the quantity is 200.
quantity threshold for
automatic CDR reporting
Restore the default undo igmp cdr-interval By default, the interval is 600s.
interval threshold for
automatic CDR reporting

SmartAX MA5600T Multi-service Access Module 31 Triple Play Service Configuration
31 Triple Play Service Configuration
About This Chapter
This topic describes how to configure the triple play service supported by the MA5600T.
NOTE
(s) directly.
first.
31.1 Overview
This topic describes the description and specifications of the triple play service.
31.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services
This topic provides an example for configuring the triple play service - multiple PVCs for
multiple services. Users connects to multiple terminals through the home gateway to implement
multiple services, such as Internet, VoIP and IPTV services.
31.3 Configuration Example of Triple Play -
This topic provides an example for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN). Users connects to multiple terminals through the home
gateway to implement multiple services, such as Internet, VoIP and IPTV services.
31.4 Configuration Example of Triple Play - Based on 802.1p
This operation shows how to configure the triple play - single PVC for multiple services (based
on 802.1p). Users connects to multiple terminals through the home gateway to implement
31.5 Configuration Example of Triple Play - Based on the Service Encapsulation Type
This operation shows how to configure the triple play service - single PVC for multiple services
(based on service encapsulation type). Users connects to multiple terminals through the home
31.6 Configuration Example of Triple Play

31 Triple Play Service Configuration SmartAX MA5600T Multi-service Access Module
This topic describes how to configure the triple play service. Users connects to multiple terminals
through the home gateway to implement multiple services, such as Internet, VoIP and IPTV
services.

31.1 Overview
This topic describes the description and specifications of the triple play service.
Service Description
With the rapid development of the broadband services, more and more users demand high
bandwidth for abundant services such as video service, voice service, and data service.
For details on the triple play service, refer to "Triple Play" in the MA5600T Feature
Description.
The MA5600T can support the triple play service.
In the triple play application, the VoIP, IPTV, and Internet services are transmitted over one
cable to the MA5600T through the home gateway or the optical access modem in a centralized
manner.
l The VoIP and IPTV services adopt DHCP method. The DHCP option60 domain is used to
identify different terminals. The MA5600T can identify different DHCP option60 domains,
and transmit packets of different terminals to different DHCP servers. In this way, the
terminals can obtain IP addresses from the corresponding DHCP servers.
l Point-to-Point over Ethernet (PPPoE) is used for Internet service access.
Table 31-1 shows the modes supported by the MA5600T to provide the triple player service.
Table 31-1 Modes to provide the triple play service
Mode Description
Multiple PVC for multiple It needs to configure the existing modem.

services It adopts different PVCs to differentiate the service traffic.
Single PVC for multiple It is unnecessary to configure the existing modem. The PVC
services resources are saved.
l When it differentiates the service traffic based on user-side
VLAN:
It differentiates the service traffic based on the VLAN

ID contained in the packets sent from the user port PVC.
The user packets are labeled with different upstream
VLAN IDs, and the previous VLAN IDs in the user
packets are removed.
l When it differentiates the service traffic based on user-side
encapsulation type:
It differentiates the service traffic based on the

encapsulation type (IPoE/PPPoE) of the user packets
sent from the user port PVC. The user packets are labeled
with different upstream VLAN IDs.

31.2 Configuration Example of Triple Play - Multiple PVCs

for Multiple Services
This topic provides an example for configuring the triple play service - multiple PVCs for
multiple services. Users connects to multiple terminals through the home gateway to implement
Prerequisites
l All kinds of boards of the device run in the normal state.
Networking
Figure 31-1 shows an example network for configuring the triple play service - multiple PVCs
for multiple services.
Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking.
Internet, VoIP and IPTV services are borne on one PVC of the service port respectively. Internet
service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP address
in DHCP standard mode from the DHCP server. After different service streams access to the
MA5600T, the device provides different QoS guarantee for service streams based on the traffic
priority in the PVC.

Figure 31-1 Example network for configuring the triple play service - multiple PVCs for
multiple services
Muticast source
OSS & RADIUS Server/RADIUS Proxy
NMS
GW
IPTV DHCP Server
Router VoIP DHCP Server

BRAS
LSW
A A CON
ETH
D D ESC
L L
F F
GE 0/9/0
SCU MA5600T
Home gateway 1 Home gateway 2
STB STB
Ephone PC TV Ephone PC TV
Data Plan
Table 31-2 provides the data plan for configuring the triple play service - multiple PVCs for
multiple services.
Table 31-2 Data plan for configuring the triple play service
Item Data
ADLF board Downstream ports 0/11/0 and 0/12/0. The ports use the default line
profile.
Internet: VPI/VCI 0/37
VoIP: VPI/VCI 0/36
IPTV: VPI/VCI 0/35
in the traffic profile Internet: 1 Mbit/s
VoIP: 1 Mbit/s

Item Data
IPTV: no restriction
Upstream port 0/9/0
VLAN Internet: smart VLAN 2
VoIP: smart VLAN 3
IPTV: smart VLAN 4
DHCP VoIP: obtaining IP address in standard DHCP mode, gateway

10.1.1.1
IP addresses of DHCP server group 1: 20.1.1.2 and 20.1.1.3
IPTV: obtaining IP address in standard DHCP mode, gateway

10.2.2.1
Program library
Authority profile Profile 0.

Profile 0 has the authority to watch BTV-1.
IGMP user User 1 connected to port 0/11/0 can watch all programs.
User 2 connected to port 0/12/0 can watch program BTV-1 only.
Priority 802.1p priority:

l VoIP: 6
l IPTV: 5
l Internet: 1
Figure 31-2 shows the flowchart for configuring the triple play service-multiple PVCs for
multiple services.

Figure 31-2 Flowchart for configuring the triple play service-multiple PVCs for multiple
services
Start
Internet IPTV
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and its upstream port.

Because VoIP, IPTV and Internet services are transmitted through the same port, it is
necessary to set the 802.1p priority for each service.
In general, the VoIP service has the highest priority, and the Internet service has the
lowest priority. In this example, set the traffic profile index as 7, and the priority of
the Internet service as 1.
3. Configure the service port.

Add the service port to the VLAN and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 2 adsl 0/11/0 vpi 0 vci 37 rx-cttr 7 tx-
cttr 7
cttr 7
4. Save the data.

huawei(config)#save

l Configure VoIP service.

1. Create the VLAN and its upstream port.

Set the traffic profile index as 8, and the priority of the VoIP service as 6.

Add the service port to the VLAN, and use the traffic profile created in the previous
step.
cttr 8
cttr 8

5. Save the data.

huawei(config)#save
l Configure IPTV service.

1. Create the VLAN and its upstream port.

In this example, set the traffic profile index as 9 and the priority of IPTV service as
5.
huawei(config)#traffic table ip index 9 cir off priority 5 priority-policy
local-Setting
CAUTION
packets borne by the PVC takes no effect.
Add the service port to the VLAN and use traffic profile 9.
huawei(config)#service-port 100 vlan 4 adsl 0/11/0 vpi 0 vci 35 rx-cttr 9
tx-cttr 9
huawei(config)#service-port 101 vlan 4 adsl 0/12/0 vpi 0 vci 35 rx-cttr 9
tx-cttr 9


5. Save the data.

huawei(config)#save
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can realize dial-up access to the Internet in the PPPoE mode.
l The VoIP user can make VoIP phones.
l IPTV user: The user connected to port 0/11/0 can watch all programs, and the user
connected to port 0/12/0 can watch program BTV-1 only.
31.3 Configuration Example of Triple Play -

This topic provides an example for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN). Users connects to multiple terminals through the home
Prerequisites
Networking
Figure 31-3 shows an example network for configuring the triple play service - single PVC for
multiple services (based on the user-side VLAN).
Internet, VoIP and IPTV service streams are borne on one PVC together. After different service
streams access to the MA5600T, the services are classified based on the user-side VLAN ID,
and the MA5600T provides different QoS guarantee for service streams based on the traffic
priority in the PVC. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP
mode and obtain IP addresses in DHCP standard mode from the DHCP server.

Figure 31-3 Example network for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN)
Muticast source
NMS
GW
IPTV DHCP Server

BRAS
LSW
A A CON
ETH
D D ESC
L L
F F
GE 0/9/0
SCU MA5600T
STB STB
Data Plan
Table 31-3 provides the data plan for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN).
Table 31-3 Data plan for configuring the triple play service - single PVC for multiple services
(based on the user-side VLAN)
Item Data
ADLF board Service ports 0/11/0 and 0/12/0. The ports use the default line
profile.
VPI/VCI: 0/35
in the traffic profile Internet: 1 Mbit/s

VoIP: 1 Mbit/s
Upstream port 0/9/0

Item Data
Upstream VLAN Internet: smart VLAN 102

VoIP: smart VLAN 103
IPTV: smart VLAN 104
User-side VLAN Internet: smart VLAN 2

VoIP: smart VLAN 3
IPTV: smart VLAN 4

10.1.1.1

10.2.2.1
Program library
Authority profile Sets profile 0 with the authority to watch program BTV-1.

l VoIP: 6
l IPTV: 5
l Internet: 1
Figure 31-4 shows the flowchart for configuring the triple play service - single PVC for multiple
services (based on the user-side VLAN).

Figure 31-4 Flowchart for configuring the triple play service - single PVC for multiple services
(based on the user-side VLAN)
Start
Internet IPTV
VoIP
End
Procedure

Because the VoIP, IPTV, and Internet services are transmitted through the same port,
it is necessary to set the 802.1p priority for each service.

step.
huawei(config)#service-port vlan 102 adsl 0/11/0 vpi 0 vci 35 multi-
service user-vlan 2 rx-cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save



Set the traffic profile index as 8 and the priority of the VoIP service as 6.

step.

5. Save the data.

huawei(config)#save


In this example, set the traffic profile index as 9, the priority of IPTV service as 5.
local-Setting

step.
huawei(config)#service-port 100 vlan 104 adsl 0/11/0 vpi 0 vci 35 multi-
CAUTION



5. Save the data.

huawei(config)#save
----End
Result
l The Internet user can realize dial-up access to the Internet in PPPoE mode.
l The VoIP user can make VoIP phones.
l IPTV user: The user connected to port 0/11/0 can watch all programs, and the user
31.4 Configuration Example of Triple Play - Based on 802.1p

This operation shows how to configure the triple play - single PVC for multiple services (based
on 802.1p). Users connects to multiple terminals through the home gateway to implement
Prerequisites
l All boards must be in the normal state.
Networking
Figure 31-5 shows an example network for configuring the triple play service by means of single
PVC for multiple services.
streams access to the MA5600T, the services are classified based on 802.1p, and the
MA5600T provides different QoS guarantee for service streams based on 802.1p. Internet
service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP addresses
in DHCP standard mode from the DHCP server.

services (based on 802.1p)
Muticast source
NMS
GW
IPTV DHCP Server

BRAS
LSW
A A CON
ETH
D D ESC
L L
F F
GE 0/9/0
SCU MA5600T
STB STB
Data Plan
Table 31-4 provides the data plan for configuring the triple play service - single PVC for multiple
services (based on 802.1p).
(based on 802.1p)
Item Data
ADLF Service ports 0/11/0 and 0/12/0 apply the default line profile.
VPI/VCI: 0/35
in the traffic profile Internet service: 1 Mbit/s

VoIP service: 1 Mbit/s
Upstream port 0/9/0

Item Data
Upstream VLAN Internet service: smart VLAN 102

VoIP service: smart VLAN 103
IPTV service: smart VLAN 104
User-side 802.1p Internet service: 2

VoIP service: 3
IPTV service: 4

10.1.1.1

10.2.2.1
Program library
Authority profile Sets profile 0 with the authority to watch program BTV-1.

l VoIP: 6
l IPTV: 5
l Internet: 1
Figure 31-6 shows the flowchart for configuring the triple play service - single PVC for multiple
services (based on 802.1p).

(based on 802.1p)
Start
Internet IPTV
VoIP
End
Procedure


step.
service user-8021p 2 rx-cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save


In this example, set the traffic profile index as 8 and the priority of the VoIP service
as 6.
step.
4. Set DHCP relay.

5. Save the data.

huawei(config)#save

as 5.
local-Setting
step.
CAUTION

4. Set DHCP relay.

5. Save the data.

huawei(config)#save
----End
Result
After the configuration, the triple play service (Internet, VoIP, and IPTV) is available.
l Internet users can access the Internet through PPPoE dial-up.
l VoIP users can set conversation to each other.
l IPTV users: The user connected on port 0/11/0 can watch all the programs, and the user
connected on port 0/12/0 can watch program BTV-1 only.
31.5 Configuration Example of Triple Play - Based on the

Service Encapsulation Type
This operation shows how to configure the triple play service - single PVC for multiple services
(based on service encapsulation type). Users connects to multiple terminals through the home
Prerequisite
Networking
Figure 31-7 shows an example network for configuring the triple play service - single PVC for
multiple services (based on service encapsulation type).
streams access to the MA5600T, the services are classified based on service encapsulation type,
and the MA5600T provides different QoS guarantee for service streams based on the traffic
priority in the PVC. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP
mode and obtain IP addresses in DHCP option60 mode from the DHCP server.

services (based on service encapsulation type)
Muticast source
NMS
GW
IPTV DHCP Server

BRAS
LSW
A A CON
ETH
D D ESC
L L
F F
GE 0/9/0
SCU MA5600T
STB STB
Data Plan
Table 31-5 shows a data plan for configuring the triple play service - single PVC for multiple
services (based on service encapsulation type).
(based on service encapsulation type)
Item Data
ADLF Service ports 0/11/0 and 0/12/0 apply the default line profile.
VPI/VCI: 0/35
in the traffic Internet service: 1 Mbit/s

profile VoIP service: 1 Mbit/s
Upstream 0/9/0
port

Item Data
Upstream Internet service: smart VLAN 102

VLAN VoIP/IPTV service: smart VLAN 104
Service Internet service: PPPoE

encapsulatio VoIP service: IPoE
n type
IPTV service: IPoE
DHCP VoIP:
DHCP option60 domain: voice
Gateway: 10.1.1.1
IP address of DHCP server group 1: 20.1.1.2 and 20.1.1.3
IPTV:
DHCP option60 domain for STB: video
Gateway: 10.2.2.1
Program
library
Authority Sets profile 0 with the authority to watch program BTV-1.

profile

l VoIP: 6
l IPTV: 5
l Internet: 1
Figure 31-8 shows a flowchart for configuring the triple play service - single PVC for multiple
services (based on service encapsulation type).

(based on service encapsulation type)
Start
Internet IPTV
VoIP
End
Procedure


step.
service user-encp pppoe rx-cttr 7 tx-cttr 7
service user-encp pppoe rx-cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save


2. Configure traffic profiles.
as 6.
step.
service user-encp ipoe rx-cttr 8 tx-cttr 8
service user-encp ipoe 3 rx-cttr 8 tx-cttr 8
The voice and the video services adopt DHCP access mode, and use the DHCP
option60 domain to classify different service types. In this example, set the DHCP
domain of the VoIP service as voice.
huawei(config)#dhcp domain voice
5. Save the data.

huawei(config)#save

as 5.
local-Setting
step.

CAUTION
Set the DHCP relay data of the video service and set the DHCP option60 domain as
video.
huawei(config)#dhcp domain video
huawei(config-dhcp-domain-video)# dhcp-server 2
5. Save the data.

huawei(config)#save
----End
Result
l The Internet user can access Internet in PPPoE dial-up mode.

l The VoIP user can make and receive a phone call.
l IPTV users: The user connected to port 0/11/0 can watch all the programs, and the user
31.6 Configuration Example of Triple Play

This topic describes how to configure the triple play service. Users connects to multiple terminals
through the home gateway to implement multiple services, such as Internet, VoIP and IPTV
services.
Prerequisites
l The service boards and the upstream board of the device are added correctly.
Networking
Figure 31-9 shows an example network for configuring the triple play service.
The ONT accesses the Internet, VoIP and IPTV services through the FE port. Traffic of different
services is transmitted to the MA5600T and then the MA5600T provides different QoS guarantee
to the traffic based on the service types. The priority of the VoIP service is the highest (with the
priority of 6), that of the IPTV service is the second highest (with the priority of 5), and that of
the Internet service is the lowest (with the priority of 0).

Figure 31-9 Example network for configuring the triple play service
OSS & RADIUS server/RADIUS proxy

Video
NMS
IPTV DHCP server

TG
Router VoIP DHCP server
BRAS
LSW
G CON
ETH GE 0/19/0
P ESC
B
C
SCU MA5600T
Optical splitter
ONT
DHCP PPPoE DHCP

STB
Ephone PC TV
Data Plan
Table 31-6 provides the data plan for configuring the triple play service.
Table 31-6 Data plan for configuring the triple play service
Item Data
GPON service board Port: 0/11/1

User-side VLAN: 10 (Internet), 11 (VoIP), 12 (IPTV)
Upstream port 0/9/0
Upstream VLAN Smart VLAN: 100 (Internet)
Smart VLAN: 101 (VoIP)

Item Data
Smart VLAN: 102 (IPTV), with the Interface IP address of

10.2.2.1/16
Traffic profile Internet:

Index: 5 (default profile)
CIR：2Mbit/s
Priority: 0
VoIP:
Index: 0 (default profile)
CIR: 1 Mbit/s
Priority: 6
IPTV:
Downstream:
Index: 8
CIR: no restriction
Priority: 5
Upstream:
Index: 9
CIR: 2 Mbit/s
Priority: 5
DBA profile Index: 6 (the default DBA profile)

Profile type: type1
ONT l ONT ID: 0

l ONT authentication mode: serial number + authentication
password (SN-auth)
l ONT profile: 2 (the default capability set profile)
l ONT FE port 0: Internet service
l ONT FE port 1: VoIP service
l ONT FE port 2: IPTV service
GEM port T-CONT ID: 1 (Internet), 2 (VoIP), 3 (IPTV)

GEM port ID: 150 (Internet), 151 (VoIP), 152 (IPTV)
DHCP VoIP:
DHCP option60 domain: voice
Gateway: 10.1.1.1

Item Data
IPTV:
DHCP option60 domain for STB: video
Gateway: 10.2.2.1
Program library Program BTV-1:

Multicast address: 224.1.1.1
Program source IP address: 10.10.10.10
Program BTV-2:
Multicast address: 224.1.1.2
Program source IP address: 10.10.10.10
Authority profile Sets profile 0 with the authority to watch program 1 (224.1.1.1)
and program 2 (224.1.1.2).
IGMP user User is bound with authority profile 0.
l DHCP option60 domain value of the Set Top Box (STB) and Ethernet Phone (Ephone)
varies with the terminals. In the actual application, refer to the user guides of the STB and
the Ephone.
l Run the dhcp domain command to set the DHCP domain name. The configured domain
name is a character string containing no space.
NOTE
The MA5600T supports the delivery of the OMCI configuration. The configuration and management
information on the MA5600T can be delivered to the ONT through OMCI. If the ONT does not support
OMCI function, you need to configure the ONT.
Figure 31-10 shows the flowchart for configuring the triple play service.

Figure 31-10 Flowchart for configuring the triple play service
Start
Internet IPTV
VoIP
Create a VLAN Create a VLAN Create a VLAN
Add the upstream Add the upstream Add the upstream

port port port
Configure traffic
Configure traffic profiles
Add an ONT
profiles
Bind the T-CONT
Bind the T-CONT Bind the T-CONT profile
profile profile
Specify VLANs for
Specify VLANs for ONT
Specify VLANs for
ONT ONT
Configure a GEM
port
Configure a GEM Configure a GEM
port port
Bind the GEM port
with ONT T-CONT
Bind the GEM port Bind the GEM port
with ONT T-CONT with ONT T-CONT
Map the GEM port to
Map the GEM port to the service stream
Map the GEM port to
the service stream
the service stream
Add the service port
Configure the DHCP
relay
Configure the DHCP
relay
Configure the IGMP
proxy
End
Procedure
Step 1 Configuring Internet service.
1. Create a VLAN.
2. Add the upstream port to the VLAN.

3. Add an ONT.
huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101010 password-auth huawei
profile-id 2

4. Bind a DBA profile.

5. Specify a VLAN for the ONT port.

6. Add a GEM port.

7. Map the GEM port to the T-CONT on the ONT.

8. Map the GEM port to the service stream on the ONT port.

huawei(config)#service-port vlan 100 gpon 0/11/1 gemport 150 multi-service
user-vlan 10 rx-cttr 5 tx-cttr 5
Step 2 Configuring VoIP service.

1. Create a VLAN.

3. Bind the DBA profile.


5. Add a GEM Port.



huawei(config)#service-port vlan 101 gpon 0/11/1 gemport 151 multi-service

In this example, set the DHCP domain of VoIP service as voice.
huawei(config)#dhcp domain voice //Refer to the actual DHCP option 60 domain
value setting

Step 3 Configuring IPTV service.

1. Create a VLAN and specify the IP address of the interface.
huawei#interface vlanif 102


tag-In-Package
tag-In-Package
4. Bind a DBA profile.


6. Add a GEM Port.

huawei(config-if-gpon-0/2)#gemport add 1 0 1 gemportid 152 eth


huawei(config)#service-port 100 vlan 102 gpon 0/11/1 gemport 152 multi-service

In this example, set the DHCP option60 domain as video.
huawei(config)#dhcp domain video
huawei(config-dhcp-domain-video)#dhcp-server 2
huawei(config-dhcp-domain-video)#quit
11. Set multicast data.

huawei(config)#btv


10.10.10.10
10.10.10.10
huawei(config)#btv
watch
watch
program 8
profile0
12. Save the data.

huawei(config)#save
----End
Result
l The Internet user can access Internet in PPPoE dial-up mode.
l The VoIP user can make and receive a phone call.
l The IPTV user can watch programs BTV-1 and BTV-2.

SmartAX MA5600T Multi-service Access Module 32 ONT Management
32 ONT Management
About This Chapter
This topic describes how to configure and manage GPON ONTs through the MA5600T.
NOTE
(s) directly.
first.
32.1 Overview
This topic describes how to manage and configure an ONT on the MA5600T side.
32.2 Configuration Example of the GPON ONT
This topic provides an example for performing the basic configuration on the ONT on the
MA5600T side. The configuration information can be delivered to the ONT through OMCI.
32.3 Configuring an GPON ONT Capability Set Profile
This topic describes how to configure an ONT capability set profile to specify the capability of
the ONT.
32.4 Configuring the Attributes of a GPON ONT Port
This topic describes how to configure the attributes of an ONT port.
32.5 Binding an ONT T-CONT with GEM Ports
This topic describes how to bind an ONT T-CONT with GEM ports on the OLT side.
32.6 Configuring the Mapping Between ONT Services and GEM Ports
This topic describes how to map the ONT services to GEM ports, so that the ONT services is
borne on the specified GEM port and then goes upstream.
32.7 Configuring a VLAN for a GPON ONT Port
This topic describes how to configure the Ethernet port on the ONT, specify the port to the
specified VLAN and configure the native VLAN for the port.
32.8 Managing the IP Address of a GPON ONT

32 ONT Management SmartAX MA5600T Multi-service Access Module
This topic describes how to configure the IP address of an ONT. The IP address of an ONT can
be a static one or you can configure the device to obtain the IP address dynamically through the
DHCP protocol.

32.1 Overview
This topic describes how to manage and configure an ONT on the MA5600T side.
Service Description
The MA5600T supports the ONT management to control the network and provision services.
The ONT Management and Control Interface (OMCI) protocol is applied to the OLT to support
the ONT management.
OMCI is a configuration and transmission channel that is defined in the GPON standard. It
establishes dedicated GEM ports between the OLT and ONTs to transmit the OMCI messages.
The OMCI channel is established after the ONT completes the process of registration. The OLT
controls the connected ONTs through the OMCI channel.
OMCI supports ONT configuration offline and the ONT configuration need not be saved in the
local server. Therefore, the service provisioning gets easier.
For details on the GPON terminal management, refer to "GPON Terminal Management" in
the MA5600T Feature Description.
Figure 32-1 shows the ONT management architecture of the MA5600T. The configuration
commands are delivered to CLI/NMS, the SCU ONT management module, the OMCI module
on the GPB board, the OMCI module on the ONT and finally to the ONT. In this way, the
configuration on the ONT is complete. The ONT status and alarm information is reported to the
MA5600T in the reverse direction.
Figure 32-1 ONT management architecture

SCU control board GPB interface board
C
L
I OMCI
User ONT
management Upper-layer management
N module protocol module
M
S
OMCI
message
OMCI
ONT
module
32.2 Configuration Example of the GPON ONT

This topic provides an example for performing the basic configuration on the ONT on the
MA5600T side. The configuration information can be delivered to the ONT through OMCI.

Prerequisites
l Boards of the MA5600T must have been added correctly.
Networking
Figure 32-2 shows an example network for configuring an ONT.
The GPON port (0/2/1) on the MA5600T is connected to 64 ONTs through a 2-level splitter.
On the MA5600T, you can configure ONTs at different locations in a centralized way. Here,
the basic configuration of one ONT (with ONT ID as 0) is taken as example.
Figure 32-2 Example network for configuring an ONT
Router
MA5600T SCU
G CON GE 0/19/0
ETH
P
ESC
B
C
Optical
splitter
ONT
Level-2 split ratio
1:32
PC
Data Plan
Table 32-1 provides the data plan for configuring an ONT.
Table 32-1 Data plan for configuring an ONT
Item Data
Service port 0/11/1
DBA Index: 12
Profile type: type1
Fixed bandwidth: 10240 kbit/s

Item Data
ONT capability set profile l Index: 20

l Number of POTS port: 1
l Number of FE port: 4
l Number of GE port: 1
l Number of T-CONTs: 8
Alarm threshold profile Index: 30
ONT l ONT ID: 0

l ONT authentication mode: serial number +
authentication password (SN-auth)
l IP address: 192.168.1.3/24
l Port VLANs: FE port-VLAN 20, GE port-VLAN 30
Figure 32-3 shows the flowchart for configuring an ONT.
Figure 32-3 Flowchart for configuring an ONT
Start
Add an ONT
Is there a right No Bind the alarm profile

ONT capability set profile?
Configure an ONT capability
Yes set profile Bind the DBA profile
Configure the IP address of

No the ONT
Is there a right
T-CONT profile?
Specify VLANs for ONT ports
Yes Configure a DBA profile
Save the data
Is there a right No
End
alarm profile?
Configure an alarm
Yes profile

Procedure
Step 1 Configure an ONT capability set profile.
The profile configuration must be compatible with the hardware capacity of the ONT that is to
be bound.
huawei(config)#ont-profile add gpon profile-id 20
Command:
ont-profile add gpon profile-id 20
Press 'Q' or 'q' to quit input
> Number of uplink PON ports<1-2> [1]:
> IP config mode<0-Nonsupport, 1-Support, 2-DHCP only, 3-Static only> [1]:
> The type of MAC bridge<1-Single,2-Multi> [1]:
> Number of GEM ports<1-32> [32]:32
> Is UNI configuration concerned?<1-not concern, 2-concern> [2]:
> Number of POTS ports<0-16> [0]:1
> Number of FE ports<0-32> [0]:4
> Number of GE ports<0-8> [0]:1
> TDM port type<1-E1,2-T1> [1]:
> TDM service type<1-TDMoGEM> [1]:
> Number of TDM ports<0-8> [0]:
> Number of MOCA ports<0-8> [0]:
> Number of CATV ANI ports<0-2> [0]:
> Number of CATV UNI ports<0-16> [0]:
> Mapping mode<1-VLANID, 2-802_1pPRI, 3-VLANID_802_1pPRI> [1]:
> Number of T-CONTs<1-8> [1]:8
> The type of flow control<1-PQ,2-CAR> [1]:
> Number of PQs in T-CONT 0<1-8> [4]:
Adding an ONT profile succeeded
Profile-ID : 20
Profile-Name : ont-profile_20
Step 2 Configure a DBA profile.

The fixed bandwidth and attributes of the DBA profile must be compatible with the service to
be borne.
Step 3 Configure an alarm profile.

The alarm of the profile must be set according to the line quality requirements and actual line
conditions.
huawei(config)#gpon alarm-profile add profile-id 30
<cr>|profile-name<K> }:
Command:
gpon alarm-profile add profile-id 30
> GEM port loss of packets threshold (0~100)[0]: 30
> GEM port misinserted packets threshold (0~100)[0]: 30
> GEM port impaired blocks threshold (0~100)0[0]: 30
> Ethernet FCS errors threshold (0~100)[0]: 30
> Ethernet excessive collision count threshold (0~100)[0]: 30
> Ethernet late collision count threshold (0~100)[0]: 30
> Too long Ethernet frames threshold (0~100)[0]: 30
> Ethernet buffer (Rx) overflows threshold (0~100)[0]: 30
> Ethernet buffer (Tx) overflows threshold (0~100)[0]: 30
> Ethernet single collision frame count threshold (0~100)[0]: 30
> Ethernet multiple collisions frame count threshold (0~100)[0]: 30

> Ethernet SQE count threshold (0~100)[0]: 30

> Ethernet deferred transmission count threshold (0~100)[0]: 30
> Ethernet internal MAC Tx errors threshold (0~100)[0]: 30
> Ethernet carrier sense errors threshold (0~100)[0]: 30
> Ethernet alignment errors threshold (0~100)[0]: 30
> Ethernet internal MAC Rx errors threshold (0~100)[0]: 30
> PPPOE filtered frames threshold (0~100)[0]: 30
> MAC bridge port discarded frames due to delay threshold (0~100)[0]: 30
> MAC bridge port MTU exceeded discard frames threshold (0~100)[0]: 30
> MAC bridge port received incorrect frames threshold (0~100)[0]: 30
> CES error time threshold(0~100)[0]: 30
> CES severely time threshold(0~100)[0]: 30
> CES bursty time threshold(0~100)[0]: 30
> CES controlled slip threshold(0~100)[0]: 30
> CES unavailable time threshold(0~100)[0]: 30
Step 4 Add an ONT and bind the ONT with capability set profile 20.
id 20
Step 5 Bind the alarm profile.

huawei(config-if-gpon-0/2)#ont alarm-profile 1 0 profile-id 30

The ONT capacity profile contains eight T-CONTs and these T-CONTs are available only after
the binding operation. Different T-CONTs are recommended for services of different types.
Step 7 Configure the IP address of the ONT.

The IP address is used for ONT management and the default IP address is 192.168.1.1/24.
huawei(config-if-gpon-0/2)#ont ipconfig 1 0 static ip-address 192.168.1.3 mask
255.255.255.0

huawei(config-if-gpon-0/2)#ont port vlan 1 0 fe 20 0-3
huawei(config-if-gpon-0/2)#ont port vlan 1 0 ge 30 0

huawei(config)#save
----End
32.3 Configuring an GPON ONT Capability Set Profile

This topic describes how to configure an ONT capability set profile to specify the capability of
the ONT.
l All ONTs must be bound with a capability set profile and the bound profile is specified in
the case of adding the ONT offline or confirming the auto discovery.
l By default, the system supports up to 16 capability set profiles. The profiles can be MDU
type, ONT type or others. The profile index ranges from 1 to 16.
l Currently, seven default ONT profiles are built and fixed in the system.

l The contents of the capability set profile restrict the port number that is referenced in
commands for GEM port mapping, T-CONT/PQ mapping and the ONT VLAN
management.
To add an ONT capability profile, you should configure the capability attributes of the ONT.
The attributes include:
l Number of uplink PON ports
l IP config mode
l The type of MAC bridge
l Number of GEM ports
l Is UNI configuration concerned?
l Number of POTS ports
l Number of FE ports
l Number of GE ports
l TDM port type
l TDM service type
l Number of TDM ports
l Number of MOCA ports
l Number of CATV ANI ports
l Number of CATV UNI ports
l Mapping mode
l Number of T-CONTs
l The type of flow control
l Number of PQs in T-CONT
For details, see Table 32-2.
Table 32-2 Attributes of an ONT capability set profile

Attribute Description
Number of uplink PON ports Options are: 1 and 2. By default, it is 1.
IP config mode Options are: 0-Nonsupport, 1-Support, 2-DHCP only, and

3-Static only. By default, it is 1-Support.
The type of MAC bridge Options are: Single and Multi. By default, it is Single. The
mapping of service stream to GEM ports varies with the
bridge modes.
Number of GEM ports It ranges from 1 to 32. By default, it is 32. It is a hardware

capacity.

Is UNI configuration Options are: not-concern and concern. By default, it is

concerned? concern. It is a hardware capacity. To ease the MDU
management, you can set this attribute to not-concern.
Then, you are not required to confirm the number and type
of various ports, and the configuration of commands that
is related to the ports is prohibited, such as commands for
the GEM port mapping configuration and the ONT VLAN
management.
Number of POTS ports It ranges from 0 to 16. By default, it is 0. It is a hardware

capacity.
Number of FE ports It ranges from 0 to 32. By default, it is 0. It is a hardware

capacity.
Number of GE ports It ranges from 0 to 8. By default, it is 0. It is a hardware

capacity.
TDM port type Options are: E1 and T1. By default, it is E1.
TDM service type It supports only TDMoGEM.
Number of TDM ports It ranges from 0 to 8. By default, it is 0. It is a hardware

capacity.
Number of MOCA ports It ranges from 0 to 8. By default, it is 0. It is a hardware

capacity.
Number of CATV ANI ports It ranges from 0 to 2. By default, it is 0. It is a hardware

capacity.
Number of CATV UNI ports It ranges from 0 to 16. By default, it is 0. It is a hardware

capacity.
Mapping mode It indicates the mapping mode of data service stream to

GEM ports.
If the type of MAC bridge is Single, the available options
are:
l VLANID
l 802_1PPRI
l VLANID+802_1PPRI
By default, it is VLANID.
If the type of MAC bridge is Multi, you can select the port
ID mapping mode. It is a hardware capacity. Each ONT can
be configured with only one mapping mode.
Number of T-CONTs The number of T-CONTs supported by the ONT. It ranges

from 1 to 8. By default, it is 1. It is a hardware capacity.

The type of flow control The type of the ONT flow control. Options are:
l PQ
l CAR
Number of PQs in T-CONT It indicates the number of priority queues (PQs) that are
supported by a T-CONT. It ranges from 1 to 8. By default,
it is 4. It is a hardware capacity. When multiple T-CONTs
exist, you can configure each T-CONT separately.
Procedure
Step 1 Run the ont-profile add command to configure an ONT capability set profile.
Step 2 Run the display ont-profile command to query the ONT capability set profile.
----End
Example
To configure a certain type of ONT capability set profile with the profile index as 20, do as
follows:
huawei(config)#ont-profile add profile-id 20
Command:
ont-profile add profile-id 20
Press 'Q' or 'q' to quit input
> Number of uplink PON ports<1-2> [1]:
> IP config mode<0-Nonsupport, 1-Support, 2-DHCP only, 3-Static only> [1]:1
> The type of MAC bridge<1-Single,2-Multi> [1]:
> Number of GEM ports<1-32> [32]:
> Is UNI configuration concerned?<1-not concern, 2-concern> [2]:
> Number of POTS ports<0-16> [0]:2
> Number of FE ports<0-32> [0]:4
> Number of GE ports<0-8> [0]:1
> TDM port type<1-E1,2-T1> [1]:
> TDM service type<1-TDMoGEM> [1]:
> Number of TDM ports<0-8> [0]:
> Number of MOCA ports<0-8> [0]:1
> Number of CATV ANI ports<0-2> [0]:1
> Number of CATV UNI ports<0-16> [0]:1
> Mapping mode<1-VLANID, 2-802_1pPRI, 3-VLANID_802_1pPRI> [1]:3
> Number of T-CONTs<1-8> [1]:2
> The type of flow control<1-PQ,2-CAR> [1]:
> Number of PQs in T-CONT 0<1-8> [4]:3
> Number of PQs in T-CONT 1<1-8> [4]:3
Adding an ONT profile succeeded
Profile-ID : 20
Profile-Name : ont-profile_20
huawei(config)#display ont-profile profile-id 20

--------------------------------------------------------------------------
profile-id : 20
profile-name: ont-profile_20
--------------------------------------------------------------------------
Number of uplink PON ports: 1
IP configuration: Support

MAC Bridge Type: Single-Bridge

Number of GEM ports: 32
UNI configuration concerned or not: Concerned
Number of POTS ports: 2
Number of FE ports: 4
Number of GE ports: 1
TDM port type: E1
TDM service type: TDMoGem
Number of TDM ports: 0
Number of MOCA ports: 1
Number of CATV ANI ports: 1
Number of CATV UNI ports: 1
Mapping mode: VLAN ID + 802.1p PRI
Number of T-CONTs: 2
The type of flow control: PQ
Number of PQs in T-CONT 0: 3
Number of PQs in T-CONT 1: 3
--------------------------------------------------------------------------
Binding times: 0
--------------------------------------------------------------------------
Related Operations
Table 32-3 lists the related operations for configuring an ONT capability set profile.
Table 32-3 Related operations for configuring an ONT capability set profile
Query the capability of an display ont capability You can query the ONT capability
ONT only when the ONT is online.
Delete an ONT capability ont-profile delete l Default profiles cannot be

set profile deleted.
l An ONT capability set profile
that is bound with others cannot
be deleted.
Modify an ONT capability ont-profile modify An ONT capability set profile that
set profile is bound with others cannot be
deleted.
32.4 Configuring the Attributes of a GPON ONT Port

This topic describes how to configure the attributes of an ONT port.
l By default, the coding mode of an E1 port is HDB3, and the status of a CATV port is on.
l The attributes of an ONT port can be configured only when the capability set profile bound
with the ONT has been configured with E1 or CATV ports.
Procedure
Step 1 Run the interface gpon command to enter GPON mode.

Step 2 Run the ont port attribute command to configure the attributes of the ONT port.
Step 3 Run the display ont port attribute command to query the attributes of the ONT port.
----End
Example
To configure the attributes of E1 port 0 on ONT 0 which is connected to GPON port0/2/0, do
as follows:
huawei(config)#interface gpon 0/2/0
huawei(config-if-gpon-0/2/0)#ont port attribute 0 0 e1 0 AMI
huawei(config-if-gpon-0/2/0)#
Setting E1 port attribute succeeded
huawei(config-if-gpon-0/2/0)#display ont port attribute 0 0 e1 0
------------------------------------------------------
ont-portid code
0 AMI
------------------------------------------------------
32.5 Binding an ONT T-CONT with GEM Ports

This topic describes how to bind an ONT T-CONT with GEM ports on the OLT side.
l If the T-CONT is set to SP scheduling mode, the PQ serial number stands for the SP priority
in ascending order with 0 as the lowest priority.
l Before the configuration, the ONT must have been added and the T-CONT has been bound
with a capability set profile.
l The MA5600T supports the rate limitation of the GEM port on the ONT side, provided that
the ONT supports this function and the bound ONT capability set profile is configured.
Procedure
Step 1 Run the ont gemport bind command to bind the GEM port and the T-CONT.
Step 2 Run the display ont gemport command to query the binding of the ONT GEM port.
----End
Examples
To bind T-CONT 1 on ONT 0 of port 0/11/0 with GEM ports 151 and 152, and set the priority-
queue to 0, do as follows:
huawei(config-if-gpon-0/2)#ont gemport bind 0 0 151,152 1 priority-queue 0
huawei(config-if-gpon-0/2)#display ont gemport 0 ontid 0
{ <cr>|tcont-id<K> }:
Command:
display ont gemport 0 ontid 0
----------------------------------------------------------------------------
F/S/P GEM port ONT T-CONT Service Encrypt Prio Average Max band
ID ID ID type queue band(kpbs) (kpbs)
----------------------------------------------------------------------------
0/11/0 151 0 1 ETHERNET off 0 - -
0/11/0 152 0 1 ETHERNET off 0 - -

----------------------------------------------------------------------------
The number of GEM ports is: 2
To bind T-CONT 1 on ONT 1 of port 0/11/0 with GEM port 130, and set the average and the
maximum bandwidth to 1 Mbit/s and 2 Mbit/s respectively, do as follows:
huawei(config-if-gpon-0/2)#ont gemport bind 0 1 130 1 car 1024 2048
The GEM port(s) bind the T-CONT successfully
huawei(config-if-gpon-0/2)#display ont gemport 0 ontid 1

{ <cr>|tcont-id<K> }:
Command:
display ont gemport 0 ontid 1
----------------------------------------------------------------------------
F/S/P GEM port ONT T-CONT Service Encrypt Prio Average Max band
ID ID ID type queue band(kpbs) (kpbs)
----------------------------------------------------------------------------
0/11/0 130 1 1 ETHERNET off - 1024 2048
----------------------------------------------------------------------------
The number of GEM ports is: 1
Related Operations
Table 32-4 lists the related operations for binding an ONT T-CONT with GEM ports.
Table 32-4 Related operations for binding an ONT T-CONT with GEM ports
Cancel the binding between an ONT T-CONT undo ont gemport bind
and GEM ports
Configure the mapping between ONT service ont gemport mapping

and GEM ports
32.6 Configuring the Mapping Between ONT Services and

GEM Ports
This topic describes how to map the ONT services to GEM ports, so that the ONT services is
borne on the specified GEM port and then goes upstream.
l Before the configuration, the binding between the GEM ports and the ONT T-CONT must
have been established.
l To map the TDM E1 port to a specified GEM port, the GEM port attribute must be TDM.
The exact mapping rule is related to the hardware capacity of the ONT. The MA5600T supports
four types of mapping rules:
l In ONT single bridge mode,

– Mapping by VLAN ID
– Mapping by 802.1p priority

– Mapping by VLAN ID + 802.1p priority

l In ONT multi-bridge mode,
– Mapping by port ID
Procedure
Step 1 Run the ont gemport mapping command to configure the mapping between ONT services and
GEM ports.
Step 2 Run the display ont gemport mapping command to query the GEM port mapping of the ONT.
----End
Example
To map the service stream with VLAN ID 1 to GEM port 150 on ONT 0 that is connected to
port 0/11/0, do as follows:
huawei(config-if-gpon-0/2)#display ont gemport mapping 0 ontid 0
----------------------------------------------------------------------------
F/S/P GEM port-ID ONT-ID ONT port-type ONT Port-ID Vlan-ID Vlan-Priority
----------------------------------------------------------------------------
0/11/0 150 0 - - 1 -
----------------------------------------------------------------------------
The number of mappings: 1
Related Operations
Table 32-5 lists the related operations for configuring the mapping between ONT services and
GEM ports.
Table 32-5 Related operations for configuring the mapping between ONT services and GEM
ports
Configure the mapping between ONT undo ont gemport mapping

services and GEM ports
Configure the mapping between GEM ports ont gemport bind

and PQ or T-CONT
32.7 Configuring a VLAN for a GPON ONT Port

This topic describes how to configure the Ethernet port on the ONT, specify the port to the
specified VLAN and configure the native VLAN for the port.
l Currently, the MA5600T supports the configuration of VLANs on the FE, GE, MoCA and
VoIP ports.

l Before configuring the Native VLAN, the port must have been added to the VLAN.
l If you configure the Native VLAN repeatedly, the configuration of the last time takes effect.
l When the native VLAN of an ONT port is configured, if the ingress data packets do not
have the VLAN tag, the ONT adds the VLAN tag to the untag packets; if the egress data
packets have the native VLAN tag, the ONT extracts the VLAN tag from the packets.
l If a VLAN added with ports is configured as the Native VLAN, the VLAN cannot be
deleted.
Procedure
Step 1 Run the ont port vlan command to add a VLAN to an ONT port.
Step 2 Run the ont port native-vlan command to configure the Native VLAN for the ONT port.
Step 3 Run the display ont port vlan command to query the configuration information on the ONT
port.
----End
Example
To add VLAN 100 to FE ports 1 and 2 on ONT 0 that is connected to port 0/11/0, and specify
the Native VLAN 100 for port 1, do as follows:
huawei(config-if-gpon-0/2)#ont port vlan 0 0 fe 100 1,2
huawei(config-if-gpon-0/2)#display ont port vlan 0 0 byport fe 1
------------------------------------------------------
port-type: FE
ont-portid: 1
vlan-list: 1,100
native-vlan: 100
priority: 0
------------------------------------------------------
Related Operation
Table 32-6 lists the related operation for configuring a VLAN on a GPON ONT port.
Table 32-6 Related operation for configuring a VLAN on a GPON ONT port
Delete an ONT port from a VLAN undo ont port vlan
32.8 Managing the IP Address of a GPON ONT

This topic describes how to configure the IP address of an ONT. The IP address of an ONT can
be a static one or you can configure the device to obtain the IP address dynamically through the
DHCP protocol.

l You can configure the static IP address, mask, gateway, and IP addresses of primary and
secondary DNS servers.
l It is recommended that you configure the device to obtain the IP address dynamically
through the DHCP protocol to save the IP address resource.
Procedure
Step 1 Run the ont ipconfig command to configure the IP address of an ONT.
Step 2 Run the display ont ipconfig command to query the IP address of the ONT.
----End
Example
To configure the ONT 0 that is connected to port 0/11/0 to obtain IP address dynamically through
the DHCP protocol, do as follows:
huawei(config-if-gpon-0/2)#ont ipconfig 0 0 dhcp
huawei(config-if-gpon-0/2)#display ont ipconfig 0 0
ONT 0 IP query result
ONT config type : DHCP

SmartAX MA5600T Multi-service Access Module 33 Ethernet OAM Configuration
33 Ethernet OAM Configuration
About This Chapter
This topic describes the Ethernet OAM technology and the method of configuring the Ethernet
OAM feature on the MA5600T.
NOTE
(s) directly.
first.
33.1 Overview
This topic describes Ethernet Operation Administration & Maintenance (OAM) and its
application on the MA5600T.
33.2 Configuration Example of Ethernet OAM
This topic provides an example for configuring the Ethernet OAM on the MA5600T.
33.3 Creating an MD
This topic describes how to create an Maintenance Domain (MD).
33.4 Creating an MA
This topic describes how to create a Maintenance Association (MA).
33.5 Creating an MEP
This topic describes how to create an Maintenance association End Point (MEP).
33.6 Creating an RMEP
This topic describes how to create a Remote Maintenance association End Point (RMEP).
33.7 Enabling the CFM Globally
This topic describes how to enable the Connectivity Fault Management (CFM) globally.
33.8 Enabling the CFM Alarm Globally
This topic describes how to enable the CFM alarm globally.

33 Ethernet OAM Configuration SmartAX MA5600T Multi-service Access Module
33.9 Enabling the Administration Function of an MEP

This topic describes how to enable the administration function of an MEP.
33.10 Enabling the CC Transmission of an MEP
This topic describes how to enable the Continuity Check (CC) transmission of an MEP.
33.11 Enabling the Global Detection Function of an RMEP
This topic describes how to enable the global detection function of a Remote Maintenance
association End Point (RMEP).
33.12 Enabling the RMEP Detection Function
This topic describes how to enable the detection function of the RMEP.
33.13 Configuring Priorities for Transmitting CCMs/LTMs
This topic describes how to configure priorities for transmitting Continuity Check Messages
(CCMs)/LinkTrace Messages (LTMs) of an MEP.
33.14 Configuring the Interval for an MA to Transmit a CC
This topic describes how to configure the interval for an MA to transmit a CC.
33.15 Configuring the Base Address of Multicast Destination MAC Addresses of CCMs/LTMs
This topic describes how to configure the base address of multicast destination MAC addresses
of CCMs/LTMs. To send CCMs/LTMs, an MEP must be specified with a multicast address.
Because the protocol does not specify the format of it, the multicast address is configurable to
enhance the intercommunication and compatibility of the MA5600T.
33.16 Configuring the Loop Detection Function
Loopback Message (LBM) helps an MEP to locate a fault in an MA. This topic describes how
to configure the loop detection function.
33.17 Configuring the Link Trace Function
LTMs are used to detect the Maintenance domain Intermediate Point (MIP) path between two
MEPs. This topic describes how to configure an LTM.

33.1 Overview
This topic describes Ethernet Operation Administration & Maintenance (OAM) and its
application on the MA5600T.
Service Description
OAM is a significant method for reducing the cost of network maintenance. The Ethernet OAM
technology provides end-to-end methods for monitoring, diagnosing and locating the faults on
the Ethernet links. The OAM management packets are initiated or terminated on the upstream
port of the MA5600T. When any Ethernet link fault is detected, an alarm is generated. You can
locate the fault based on the alarm information. You can also perform OAM configuration
management through the NMS. The NMS maintains the network based on the reported
information on OAM status and alarms.
For details on the Ethernet OAM protocol, refer to "Ethernet OAM" in the MA5600T Feature
Description.
IEEE P802.1ag CFM provides an end-to-end fault detection method.
CFM defines the process for diagnosing a fault in an Ethernet domain. CFM is a multipoint-to-
multipoint application scenario and it provides end-to-end fault detection and diagnosis for the
entire Ethernet network.
The MA5600T supports the Ethernet OAM mechanism of CFM protocol, including fault
detection and diagnosis methods, including connectivity check, loop detection and link trace.
33.2 Configuration Example of Ethernet OAM

This topic provides an example for configuring the Ethernet OAM on the MA5600T.
Networking
Figure 33-1 shows an example network for configuring Ethernet OAM.
In this example network, the Ethernet OAM mechanism is adopted for the link between
MA5600T_A and MA5600T_B for detecting link faults. The local MEP and remote MEP are
configured on both MA5600T_A and MA5600T_B. The ID of the local MEP on MA5600T_B
is the same as the ID of the remote MEP on MA5600T_A, and the ID of the remote MEP on
MA5600T_B is the same as the ID of the local MEP on MA5600T_A.

Figure 33-1 Example network for configuring Ethernet OAM
Router
0 / 19 / 0 0 / 19 / 1
MA5600T_A MA5600T_B
Data Plan
Table 33-1 provides the data plan for configuring Ethernet OAM.
Table 33-1 Data plan for configuring Ethernet OAM
Item Data
MA5600T_A Port: 0/9/0

Smart VLAN: 100
MEP: 2/6/0
MEP-id: 260
RMEP-id: 2260
CC-interval: 1m
MA5600T_B Port: 0/9/1

Smart VLAN: 200
MEP: 2/6/0
MEP-id: 2260
RMEP-id: 260
CC-interval: 1m
Before configuring the Ethernet OAM, make sure that:

l The router supports Ethernet OAM.
Figure 33-2 shows the flowchart for configuring Ethernet OAM.

Figure 33-2 Flowchart for configuring Ethernet OAM
Start
Create and configure a VLAN
Configure an MD
Configure an MA
Configure an MEP
Configure an RMEP
Set the interval for the MA to

transmit CCMs (Optional)
Enable the local CFM globally
Enable the remote CFM globally
Save the data
End
Procedure
Step 1 Create and configure a VLAN.
Step 2 Configure an MD.

huawei(config)#cfm md 2 name-format string huawei level 3
Step 3 Configure an MA.

huawei(config)#cfm ma 2/6 name-format string huawei-6 vlan 100
Step 4 Configure an MEP.

huawei(config)#cfm mep 2/6/0 mepid 260 direction outward port
0/9/0 priority 7
Step 5 Configure an RMEP.

huawei(config)#cfm remote-mep 2/6/0 remote-mepid 2260

Step 6 (Optional) Set the interval for the MA to transmit CCMs.

huawei(config)#cfm ma 2/6 cc-interval 1m
Step 7 Enable the local CFM globally.

huawei(config)#cfm enable
Step 8 Enable the remote MEP detection globally.

huawei(config)#cfm remote-mep-detect enable

huawei(config)#save
NOTE
Configuration on MA5600T_B is the same as that on MA5600T_A and it is not repeated here.
----End
Result
After the configuration, run the display cfm statistics mep command on MA5600T_A or
MA5600T_B and you can find packet statistics. Of the statistics, neither "CCM Sent Pkt Num"
nor "CCM Received Pkt Num" values zero.
33.3 Creating an MD
This topic describes how to create an Maintenance Domain (MD).
l Ethernet CFM provides a fault diagnosis process in an Ethernet domain. It divides the
network into up to eight levels. Multiple levels can exist on a bridge simultaneously to
manage different MDs.
l Up to three MDs can be created in the system.
l The administration domain of CFM comprises bridges while the maintenance domain is
combined by bridges and maintenance levels.
TIP
It is recommended to classify the administrator domain into three levels: customer domain (levels 7–5),
provider domain (levels 4–3), and operator domain (levels 2–0).
Procedure
Step 1 Run the cfm md command to create an MD.
Step 2 Run the display cfm md command to query the configuration state of the MD.
----End
Example
l MD index: 2
l Name type: string

l Name: huawei
l Level: 3
To create the MD, do as follows:
huawei(config)#cfm md 2 name-format string huawei level 3
huawei(config)#display cfm md
{ <cr>|mdindex<0,2> }:
Command:
display cfm md
-----------------------------------------------------------------------
MD MD MD MD
Index NameType Name Level
-----------------------------------------------------------------------
0 dns 1 7
1 dns feifei 6
2 string huawei 3
-----------------------------------------------------------------------
Total: 3
Related Operation
Table 33-2 lists the related operation for creating an MD.
Table 33-2 Related operation for creating an MD
Delete an MD undo cfm md The deleted MD must not be

configured with any MA.
33.4 Creating an MA
This topic describes how to create a Maintenance Association (MA).
l The created MA must belong to an existing MD and associate with an existing VLAN. The
VLAN must not associate with any other MA.
l By default, the interval for sending the Continuity Check (CC) protocol packets is one
minute.
l By default, the remote MEP detection of an MA is enabled, and the global remote MEP
detection is disabled.
l The MA5600T supports up to 48 MAs, and each MD can be configured with up to 48 MAs.
Procedure
Step 1 Run the cfm ma command to create an MA.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End

Example
l MA index: 2/47
l MA name type: string
l MA name: huawei-ma-10
l MA VLAN ID: 20
To create the MA, do as follows:
huawei(config)#cfm ma 2/10 name-format string huawei-ma-10 vlan 20
huawei(config)#display cfm ma 2/10
MA Index : 2/10
MA NameType : string
MA Name : huawei-ma-10
MA VlanID : 20
MA CC Interval : 1m
MA Remote-mep-detect : enable
Related Operations
Table 33-3 lists the related operations for creating an MA.
Table 33-3 Related operations for creating an MA
Delete an MA undo cfm ma The deleted MA must not be

configured with any MEP or
RMEP.
Configure the interval cfm ma cc-interval You can configure only the
for an MA to send CCMs created MA.
Enable the detection of cfm ma remote-mep-detect

remote MEP in an MA enable
33.5 Creating an MEP

This topic describes how to create an Maintenance association End Point (MEP).
l MA consists of Maintenance Points (MPs) and MP is defined to be on bridge ports.
Therefore, MP is a combination of bridge port, VLAN and maintenance level.
l MP can be an MEP or an MIP. MEP initiates and responds to CFM messages while MIP
does not initiate CFM messages but transparently transmits or responds to CFM messages.
l Currently, ports on the MA5600T can function only as MEP.
l Only one MEP can be created within an MA. By default, the administrative state of MEP
is enabled, the priority of CFM message is 7 and the transmission of CCMs is enabled.

l To create an MEP, the associated MD and MA must be created successfully. Moreover, on

the VLAN that associates with the MA, there must be a port to be associated with the created
MEP.
Procedure
Step 1 Run the cfm mep command to create an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
l MEP index: 2/4/0
l MEP ID: 100
l MEP direction: outward
l MEP port: 0/15/0
l MEP priority: 5
To create the MEP, do as follows:
huawei(config)#cfm mep 2/4/0 mepid 100 direction outward port 0/9/0 priority 5
huawei(config)#display cfm mep 2/4/0
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/9/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 5
MEP Alarm Status : -
Related Operation
Table 33-4 lists the related operation for creating an MEP.
Table 33-4 Related operation for creating an MEP
Delete an MEP undo cfm mep
33.6 Creating an RMEP

This topic describes how to create a Remote Maintenance association End Point (RMEP).
l Unique MEP IDs must exist in an MA.

l A local MEP can be associated with up to six RMEPs.

l MEPs that are mutually remote to each other must be in the same MA.
Procedure
Step 1 Run the cfm remote-mep command to create an RMEP.
----End
Example
To create RMEP 2/4/5 with remote-mepid of 200 for local MEP 2/4/0, do as follows:
huawei(config)#cfm remote-mep 2/4/5 remote-mepid 200
MA Index : 2/4
MA VlanID : 50
MA CC Interval : 1m
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/9/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-5 lists the related operation for creating an RMEP.
Table 33-5 Related operation for creating an RMEP
Delete an RMEP undo cfm remote-mep
33.7 Enabling the CFM Globally

This topic describes how to enable the Connectivity Fault Management (CFM) globally.
l When the CFM is enabled, the CFM packets are to be captured and the functions of
Continuity Check, loop detection and link trace are enabled.

l When the CFM is disabled, the CFM packets should not be captured and the functions of
Continuity Check, loop detection and link trace are enabled.
l By default, the CFM is disabled.
Procedure
Step 1 Run the cfm enable command to enable the CFM globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End
Example
To enable the CFM globally, do as follows:
huawei(config)#cfm enable
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-6 lists the related operation for enabling the CFM globally.
Table 33-6 Related operation for enabling the CFM globally

Disable CFM switch globally cfm disable
33.8 Enabling the CFM Alarm Globally

This topic describes how to enable the CFM alarm globally.
l When the CFM alarm is enabled, alarms detected by the CFM are reported.
l When the CFM is disabled, alarms detected by the CFM are not reported.
l By default, the CFM alarm is disabled globally.
Procedure
Step 1 Run the cfm alarm enable command to enable the CFM alarm globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End

Example
To enable the CFM alarm globally, do as follows:
huawei(config)#cfm alarm enable
Command:
display cfm
Related Operation
Table 33-7 lists the related operation for enabling CFM alarm globally
Table 33-7 Related operation for enabling CFM alarm globally

Disable the CFM alarm globally cfm alarm disable
33.9 Enabling the Administration Function of an MEP

This topic describes how to enable the administration function of an MEP.
l MEP administrative state identifies the availability of MEP function. When the
administrative function of an MEP is disabled, the MEP is unable to send and receive
CCMS. The loop detection and link trace functions are not permitted.
l By default, the administration function of an MEP is enabled.
Procedure
Step 1 Run the cfm mep enable command to enable the administration function of an MEP.
----End
Example
To enable the administration function of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 enable
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Port : 0/9/0


MEP Priority : 5
Related Operation
Table 33-8 lists the related operation for enabling the administration function of an MEP.
Table 33-8 Related operation for enabling the administration function of an MEP
Disable the administration function of cfm mep disable

an MEP
33.10 Enabling the CC Transmission of an MEP

This topic describes how to enable the Continuity Check (CC) transmission of an MEP.
By default, the CC transmission of an MEP is enabled.
Procedure
Step 1 Run the cfm mep cc enable command to enable the CC transmission of an MEP.
----End
Example
To enable the CC transmission of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 cc enable
MEP Index : 2/4/0
MEP ID : 100
MEP Port : 0/9/0
MEP Priority : 5
Related Operation
Table 33-9 lists the related operation for enabling the CC transmission of an MEP.

Table 33-9 Related operation for enabling the CC transmission of an MEP
Disable the CC transmission of an MEP cfm mep cc disable
33.11 Enabling the Global Detection Function of an RMEP

This topic describes how to enable the global detection function of a Remote Maintenance
association End Point (RMEP).
l The global detection function of an RMEP is used to prevent unnecessary alarm at the
period of network CFM configuration, due to that the CFM function is enabled on each
node at different times.
l By default, the global detection function of an RMEP is disabled.
l The system detects the RMEP configured in the MA of the MEP, and generates alarm on
the CC packet loss and RDI, when the following four conditions are met:
– CFM is enabled globally.
– The global detection function of the RMEP is enabled.
– MEP of each administrative state is enabled.
– The detection function of the remote MEP of the MA corresponding to each
administrative state is enabled.
Procedure
Step 1 Run the cfm remote-mep-detect enable command to enable the global detection function of
an RMEP.
Step 2 Run the display cfm command to query the configuration of the CFM.
----End
Example
To enable the global detection function of an RMEP, do as follows:
huawei(config)#cfm remote-mep-detect enable
Command:
display cfm
CFM Global Status : disable
Remote-mep-detect Status : enable
Related Operation
Table 33-10 lists the related operation for enabling the global detection function of an RMEP.

Table 33-10 Related operation for enabling the global detection function of an RMEP
Disable the global detection function of cfm remote-mep-detect disable

an RMEP
33.12 Enabling the RMEP Detection Function

This topic describes how to enable the detection function of the RMEP.
l When the detection function of the RMEP is enabled, the RMEP configured in the MA is
detected. Alarms are generated when the CC loss or RDI error occurs.
l When the detection function of the RMEP is disabled, the RMEP configured in the MA is
not detected.
l By default, the detection function of the RMEP is enabled.
Procedure
Step 1 Run the cfm ma remote-mep-detect enable command to enable the detection function of the
RMEP.
----End
Example
To enable the detection function of MA 2/4, do as follows:
huawei(config)#cfm ma 2/4 remote-mep-detect enable
MA Index : 2/4
MA VlanID : 50
MA CC Interval : 1m
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/0 100 outward 0/9/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1

Related Operation
Table 33-11 lists the related operation for enabling the detection function of the RMEP.
Table 33-11 Related operation for enabling the detection function of the RMEP
Disable the detection of the RMEP cfm ma remote-mep-detect disable
33.13 Configuring Priorities for Transmitting CCMs/LTMs

This topic describes how to configure priorities for transmitting Continuity Check Messages
(CCMs)/LinkTrace Messages (LTMs) of an MEP.
The priority for transmitting CCMs/LTMs of an MEP ranges 0-7. The smaller the priority value,
the higher priority. By default, the priority for transmitting CCMs/LTMs of an MEP is 7.
Procedure
Step 1 Run the cfm mep priority command to configure the priorities for transmitting CCMS/LTMs
of an MEP.
----End
Example
To set the priorities for transmitting CCMs/LTMs of MEP 2/4/0 to 3, do as follows:
huawei(config)#cfm mep 2/4/0 priority 3
MEP Index : 2/4/0
MEP ID : 100
MEP Port : 0/9/0
MEP Priority : 3
Related Operation
Table 33-12 lists the related operation for configuring the priorities for transmitting CCMs/
LTMs of an MEP.

Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of
an MEP
Enable the administration function of an cfm mep enable

MEP
33.14 Configuring the Interval for an MA to Transmit a CC

This topic describes how to configure the interval for an MA to transmit a CC.
Prerequisite
Before you configure the interval, the CC transmission state of MEPs in the MA must be disabled.
l By default, the interval for an MA management entity to transmit a CC is 1 minute.
l At present, the MA5600T supports intervals of 1 minute and 10 minutes.
Procedure
Step 1 Run the cfm ma cc-interval command to configure the interval for an MA to transmit a CC.
----End
Example
To set the interval for an MA to send a CC to 10 minutes, do as follows:
huawei(config)#cfm ma 2/4 cc-interval 10m
MA Index : 2/4
MA VlanID : 50
MA CC Interval : 10m
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/0 100 outward 0/9/0 enable disable 3 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1

Related Operation
Table 33-13 lists the related operation for configuring the interval for an MA to transmit a CC.
Table 33-13 Related operation for configuring the interval for an MA to transmit a CC
Configure CC transmission state of an cfm mep cc

MEP
33.15 Configuring the Base Address of Multicast

Destination MAC Addresses of CCMs/LTMs
This topic describes how to configure the base address of multicast destination MAC addresses
of CCMs/LTMs. To send CCMs/LTMs, an MEP must be specified with a multicast address.
Because the protocol does not specify the format of it, the multicast address is configurable to
enhance the intercommunication and compatibility of the MA5600T.
l By default, the base multicast destination MAC address is 0180-C200-0000.
l Currently, the format of the base MAC address is 0180-C2XX-XXX0. The part of 0180-
C2 is specified in the protocol and the "X"s in the part of C2XX-XX cannot be all 0s.
NOTE
The base address of multicast destination MAC addresses refers to the addresses of MEPs in different MDs. The
multicast addresses used for sending the CCMs/LTMs are derived from the base multicast destination MAC
address by changing the last digit of it. The last digit of the multicast address used by MEP to send CCMs should
be consistent with the MD level (0–7)to which it belongs, while that used by the MEP to LTMS match the MD
level plus 8 (8–F).
Procedure
Step 1 Run the cfm base-mac-address command to configure the base multicast destination MAC
address.
Step 2 Run the display cfm command to query the configuration status of the CFM.
----End
Example
To configure the base multicast destination MAC address as 0180-C211-1110, do as follows:
huawei(config)#cfm base-mac-address 0180-C211-1110
Command:
display cfm

33.16 Configuring the Loop Detection Function

Loopback Message (LBM) helps an MEP to locate a fault in an MA. This topic describes how
to configure the loop detection function.
Prerequisite
Before enabling the MEP loop detection function, you must enable the CFM function globally
and enable the administrative state of the corresponding MEP.
l LBM is a unicast message and the unicast MAC address is the address of MEP or MIP
discovered by CC or link trace (LT). The MEP at the source end generates an LBM and
the index of destination MEP is added into the LBM. By generating an LBM, the MEP
activates the timer to calculate the time. When the destination MEP receives the LBM, it
sends a Loopback Reply (LBR) to the source MEP. The loopback is successful.
l By default, the count of LBMs to be sent is 4; the interval for sending LBMs is 1 x 100 ms;
the priority of LBM is the same as that of CCM.
Procedure
Step 1 Run the cfm loopback command to configure the loop detection function.
Step 2 Run the display cfm statistics command to query the statistics of CFM.
----End
Example
l Count of LBMs: 5
l Interval: 1000 ms
l Priority: 6
To configure that LBM from MEP 2/4/0 is sent to the equipment with the MAC address
0000-0000-0009, do as follows:
huawei(config)#cfm loopback mep 2/4/0 dst-mac-address 0000-0000-0009 count 5
interval 10 priority 6
LBR Lost : Sequence-Num = 1
LB Operation: LBM-Sent = 4 , LBR-Received = 0 , LBR-Lost = 4
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0

LBM DstMac Mismatch Drop Num : 0

LBR Sent Pkt Num : 0
LBR Received Pkt Num : 0
LBR Out of Order Num : 0
LBR Wrong Pattern Drop Num : 0
LBR Not Work Drop Num : 0
LBR DstMAC Mismatch Drop Num : 0
LBR SrcMAC Mismatch Drop Num : 0
LBR Wrong TransID Drop Num : 0
LBR Level Mismatch Drop Num : 0
LTM Sent Pkt Num : 0
LTM Received Pkt Num : 0
Related Operations
Table 33-14 lists the related operations for configuring the loop detection function.
Table 33-14 Related operations for configuring the loop detection function
Configure the link trace function cfm link-trace
Enable the administration function of cfm enable

CFM globally
Enable the administration of an MEP cfm mep enable
33.17 Configuring the Link Trace Function

LTMs are used to detect the Maintenance domain Intermediate Point (MIP) path between two
MEPs. This topic describes how to configure an LTM.
Prerequisite
Before enabling the loop detection of an MEP, you must enable the CFM function globally and
enable the administration of the corresponding MEP.
l An LTM is the message with a known multicast address. But LTM is not multicasted and
additional information on the message indicates the destination MAC address of the MEP.
When the LTM is forwarded by MPs to the destination MEP in a unicast way, each MP
along the path responds an LTR to the source MEP. In this way, the source MEP obtains
the information on MPs along the transmission path and records the MAC addresses of
these MPs.
l By default, the priority of an LTM is the same as that of a CCM.
Procedure
Step 1 Run the cfm link-trace command to configure the Link trace function.
Step 2 Run the display cfm statistics command to query the statistics of CFM packets.
----End

Example
To set that LT packet from MEP 0/2/4 is sent to the equipment with MAC address
0000-0000-0001 and the priority is 6, do as follows:
huawei(config)#cfm link-trace mep 2/4/0 dst-mac-address 0000-0000-0001 priority
6
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0
LBM DstMac Mismatch Drop Num : 0
LBR Sent Pkt Num : 0
LBR Received Pkt Num : 0
LBR Out of Order Num : 0
LBR Wrong Pattern Drop Num : 0
LBR Not Work Drop Num : 0
LBR DstMAC Mismatch Drop Num : 0
LBR SrcMAC Mismatch Drop Num : 0
LBR Wrong TransID Drop Num : 0
LBR Level Mismatch Drop Num : 0
LTM Sent Pkt Num : 1
LTM Received Pkt Num : 0
Related Operations
Table 33-15 lists the related operations for configuring the Link trace function.
Table 33-15 Related operations for configuring the Link trace function
Configure the loop detection function cfm loopback
Enable the administration of CFM cfm enable

globally
Enable the administration of an MEP cfm mep enable

SmartAX MA5600T Multi-service Access Module 34 Environment Monitoring Configuration
34 Environment Monitoring Configuration
About This Chapter
This topic describes how to configure the environment monitoring units (EMUs) supported by
the MA5600T.
NOTE
(s) directly.
first.
34.1 Overview
This topic describes environment monitoring application on the MA5600T.
34.2 Configuration Example of the H801ESC
The example shows how to configure the built-in analog parameters and digital parameters of
the H801ESC.
34.3 Configuration Example of FAN
The example shows how to configure a FAN.
34.4 Adding an EMU
This topic describes how to add an EMU.
34.5 Configuring a POWER4845 EMU
This topic describes how to configure the environment and the power environment parameters
of a POWER4845 EMU.
34.6 Configuring the H801ESC Analog Parameters
This topic describes how to configure the extended analog parameters or modify the default
analog parameters.
34.7 Configuring H801ESC Digital Parameters
This topic describes how to configure the extended digital parameters or modify the default
digital parameters.

34 Environment Monitoring Configuration SmartAX MA5600T Multi-service Access Module
34.8 Configuring the FAN Alarm Report

This topic describes how to enable the report of the FAN running alarms to the EMU.
34.9 Setting the FAN Speed Adjustment Mode
This topic describes how to set the fan speed adjustment mode.
34.10 Configuring the FAN Speed Level
This topic describes how to configure the FAN speed level.

34.1 Overview
This topic describes environment monitoring application on the MA5600T.
Service Description
The MA5600T provides an environment monitor serial port to connect the serial port on a
monitored device. By running master-slave node protocol or access network protocol between
the two serial ports, you can monitor the environment of the device from a remote end.
The environment parameters such as temperature, humidity, and power supply can be monitored
to guarantee that the MA5600T can work reliably in a suitable environment.
To perform environment monitoring on a device, the environment monitoring functional

modules must be provided, such as H801ESC. These functional modules are referred to as
environment monitor unit (EMU), no matter whether they are built in or not.
Monitoring the environment of a device involves two aspects:
l Environment parameters:
Environment parameters refer to factors that may cause failure or even damage to the
device. The parameters include: temperature, humidity, door-status switch, smoke, water,
MDF, and door status sensor.
l Power supply status:
Power supply status covers the status of the mains input, the DC distribution, the rectifier
module, and the battery.
The environment monitor module of the MA5600T comprises multiple EMUs, such as:
l Environment monitoring board H801ESC: It monitors the environment parameters such as

the ambient temperature, humidity, smog, water penetration, fire, voltage, and power
supply alarms through various sensors.
l FAN EMU (FAN): It monitors the running of the fans, and adjusts the running speed of
the fans.
Hardware Connection Between the H801ESC and the Shelf

NOTE
Before the delivery, the EMU has been connected to the shelf. Do not change the connection. To install
the EMU into other shelves or to connect EMU again, refer to the following description.
Figure 34-1 shows the connection between the H801ESC and the shelf.
The H801ESC connects to the environment monitoring serial port (ESC) on the board through
its COM2. The environmental information collected by the H801ESC is reported to the control
board through the CITA board.

Figure 34-1 Connection between the H801ESC and the shelf
COM1
COM2
DC distribution box H801ESC
CON
ETH
ESC
SCU MA5600T
CAUTION
The H801ESC and the MA5600T shelf communicate with each other in master/salve node mode.
The slave node setting must be the same as the DIP switch setting of the EMU. The slave node
is numbered 0–31 but cannot be 30. By default, the slave node is numbered 15.
Table 34-1 depicts the correspondence between the H801ESC DIP switch and the slave node
number. ON means 0 and OFF means 1.
Table 34-1 Correspondence between the H801ESC DIP switch and the slave node number
DIP Switch Setting Meaning
SW101-5 SW101-4 SW101-3 SW101-2 SW101-1 Slave Node

Number
ON ON ON ON ON 0
ON ON ON ON OFF 1
ON ON ON OFF ON 2
…… …… …… …… …… ……
OFF OFF OFF OFF ON 30
OFF OFF OFF OFF OFF 31

Hardware Connection Between the FAN and the Shelf

NOTE
The FAN connects to the backplane through the RS-485 interface on the rear panel and
communicates with the control board through the backplane.
CAUTION
The FAN and the MA5600T shelf communicate with each other in master/salve node mode. The
slave node setting must be the same as the DIP switch setting of the EMU. The slave node is
numbered 0-7.
Table 34-2 depicts the correspondence between the FAN DIP switch and the slave node number.
On means 0 and OFF means 1.
Table 34-2 Correspondence between the FAN DIP switch and the slave node number
SW2-3 SW2-2 SW2-1 Slave Node

Number
ON ON ON 0
ON ON OFF 1
ON OFF ON 2
ON OFF OFF 3
OFF ON ON 4
OFF ON OFF 5
OFF OFF ON 6
OFF OFF OFF 7
Hardware Connection Between the POWER4845 and the Shelf

NOTE
Figure 34-2 shows the connection between the POWER4845 and the shelf. The COM port of
the POWER4845 is connected to the ESC port of the board. The environmental information
collected by the POWER4845 is reported to the control board.

Figure 34-2 Connection between the POWER4845 and the shelf
COM
POWER4845
CON
ETH
ESC
SCU MA5600T
CAUTION
The POWER4845 and the shelf communicate with each other in master/salve node mode. The
setting of the slave node must be the same as that of the DIP switch of the EMU. The slave node
ranges from 0 to 31. By default, the slave node is numbered 0.
Table 34-3 depicts the correspondence between the POWER4845 DIP switch and the slave node
number. On means 1 and OFF means 0.
Table 34-3 Correspondence between the POWER4845 and the slave node number
S1-4 S1-3 S1-2 S1-1 Slave Node

Number
OFF OFF OFF OFF 0
OFF OFF OFF ON 1
OFF OFF ON OFF 2
…… …… …… …… ……
ON ON ON ON 15
34.2 Configuration Example of the H801ESC

The example shows how to configure the built-in analog parameters and digital parameters of
the H801ESC.

Prerequisites
l The ESC board communicates with the host through an RS485 serial port cable.
l The setting of the H801ESC DIP switch is consistent with that of the slave node of EMU.
The baud rate is set as 19200 bit/s.
Data Plan
Table 34-4 provides the data plan for configuring the H801ESC.
Table 34-4 Data plan for configuring the H801ESC

Item Data Remarks
EMU Type: H801ESC -
Serial number: 0 -
Slave node: 15 It corresponds to the DIP

switch setting of the
H801ESC, and cannot be
identical with the slave node of
the FAN or POWER4845.
Analog parameters ID: 0 The built-in analog

parameters, monitoring the
environmental temperature
when the device is running.
Alarm threshold (upper limit): 54 -
Alarm threshold (lower limit): 6 For other parameters, use the

default.
Digital parameters ID: 1 The built-in digital

parameters, monitoring the
door sensor.
Actual level: high For other parameters, use the

default.
Figure 34-3 shows the flowchart for configuring the H801ESC.

Figure 34-3 Flowchart for configuring the H801ESC
Start
Add an H801ESC EMU
Configure the analog environment

parameters
Configure the digital environment

parameters
Save the data
End
Procedure
Step 1 Add an EMU.
Add an EMU with the type of H801ESC.
huawei(config)#emu add 0 h801esc 0 15
Step 2 Configure the analog environment parameters.

huawei(config)#interface emu 0
huawei(config-if-h801esc-0)#esc analog 0 alarm-upper-limit 54 alarm-lower-limit 6
Step 3 Configure the digital environment parameters.

huawei(config-if-h801esc-0)#esc digital 1 available-level high-level
Step 4 Query the configured environment information.

huawei(config-if-h801esc-0)#display esc environment info
EMU ID: 0 ESC environment state
---------------------------Analog environment info--------------------------
ID Name State Value AlmUpper AlmLower Unit
0 Temperature Normal 27.00 54 6 C
1 Input_-48V_0 Normal 38.00 57 38 Volt
5 - Normal -128.00 127 -128 -
6 - Normal -128.00 127 -128 -
7 - Normal -128.00 127 -128 -
8 - Normal -128.00 127 -128 -
---------------------------Digital environment info---------------------------
ID Name State Value |ID Name State Value
0 Wiring Normal 1 |1 Door0 Normal 1
2 - Normal 1 |3 - Normal 1
8 - Normal 1 |9 Water_Alarm Normal 1
10 Arrester 0 Normal 0 |11 Arrester 1 Normal 0
12 Arrester 2 Normal 0 |13 Arrester 3 Normal 0
14 SW_A1 Normal 0 |15 SW_A2 Normal 0

16 SW_B1 Normal 0 |17 SW_B2 Normal 0

18 SW_C1 Normal 0 |19 SW_C2 Normal 0
20 SW_D1 Normal 0 |21 SW_D2 Normal 0
22 Outer Sensor Power Normal 0
----------------------------------------------------------------------------

huawei(config-if-h801esc-0)#quit
huawei(config)#save
----End
Result
After the configuration, the H801ESC works in the normal state.
34.3 Configuration Example of FAN

The example shows how to configure a FAN.
Prerequisite
The DIP switch setting of FAN is consistent with that of the slave node of EMU. The baud rate
is set as 19200 bit/s.
Data Plan
Table 34-5 provides the data plan for configuring the FAN.
Table 34-5 Data plan for configuring the FAN
Item Data Remarks
EMU Type: FAN -
Serial number: 1 -
Slave node: 6 It corresponds to the DIP switch

setting of the FAN, and cannot be
identical with the slave node of the
H801ESC.
Name: test -
FAN FAN speed adjustment mode: -

automatic
FAN alarm: permit By default, the alarms are reported.
Figure 34-4 shows the flowchart for configuring the FAN.

Figure 34-4 Flowchart for configuring a FAN
Start
Add a FAN EMU
Automatic
Set the FAN speed
adjustment mode
Manual
Set the fan speed
Configure the FAN alarm

switch
Save the data
End
Procedure
Step 1 Add a FAN EMU.
huawei(config)#emu add 1 fan 0 6 test
Step 2 Configure the FAN speed adjustment mode.

huawei(config-if-fan-1)#fan speed mode automatic
Step 3 Configure the FAN alarm switch.

huawei(config-if-fan-1)#fan alarmset block permit
huawei(config-if-fan-1)#fan alarmset read-tem-fault permit
huawei(config-if-fan-1)#fan alarmset tem-high permit
huawei(config-if-fan-1)#fan alarmset fault permit
Step 4 Query the information about the FAN.

huawei(config-if-fan-1)#display fan system parameter
EMU ID: 1
FAN configration parameter:
----------------------------------------------------------------
FAN timing mode: Auto timing
----------------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Permit
Temperature high Permit
Power fault Permit
----------------------------------------------------------------

huawei(config-if-fan-1)#quit
huawei(config)#save
----End

Result
After the configuration, the Fan EMU can work in the normal state.
34.4 Adding an EMU

This topic describes how to add an EMU.
There are several types of EMUs, such as H801ESC and FAN.
l The slave nodes of the H801ESC ranges from 0 to 31.

l The slave node of the FAN is numbered 0-7.
l The slave node of the POWER4845 ranges from 0 to 31.
l The slave node of the H801ESC cannot be the same as that of FAN.
l The serial port of the H801ESC and FAN is RS485.
l The serial port of the POWER4845 is RS232.
Procedure
Step 1 Run the emu add command to add an EMU.
Step 2 Run the display emu command to query the EMU state.
----End
Example
To add an H801ESC, do as follows:
huawei(config)#emu add 0 h801esc 0 15 test
huawei(config)#display emu 0
EMU ID: 0
--------------------------------------------------------
EMU name : test
EMU type : H801ESC
Used or not : Used
EMU state : Normal
Frame ID : 0
Subnode : 15
--------------------------------------------------------
NOTE
If the EMU state is fault, follow the steps to check the configuration:
l Make sure that the EMU is normal.
l Make sure that the physical connection is correct.
l Make sure that the EMU type, frame ID, slave node and the serial port are correct.
Related Operation
Table 34-6 lists the related operation for adding an EMU.

Table 34-6 Related operation for adding an EMU
Delete an EMU emu del l The EMU type cannot be changed

after you configure it. If you need to
change the EMU type, first delete
the EMU, and then add a new one.
l If an EMU in the shelf is replaced,
delete the EMU, and then add a new
EMU.
34.5 Configuring a POWER4845 EMU

This topic describes how to configure the environment and the power environment parameters
of a POWER4845 EMU.
Table 34-7 lists the commands for configuring a POWER4845 EMU.
Table 34-7 Commands for configuring a POWER4845 EMU
Set the POWER4845 power battery parameter This command is used to set the
battery parameters battery charging current-limit
coefficient, equalized-charging
time, the number of the battery
group and the battery capacity.
Set the POWER4845 power environment This command is used to set the
environment parameters upper/lower alarm thresholds and
upper/lower test limits for the
environment humidity or
temperature, to ensure the power
to generate an alarm when it
works in an environment that
does not match the set conditions.
Set the number of the power module-num Power 4845 supports up to 3

POWER4845 modules rectifier modules.
Set the POWER4845 power module-parameter This command is used to set the
module parameters switch-on and switch-off control
of the POWER4845 module. By
default, the power modules are
switched on, which means the
modules supply power for the
system.

Set the POWER4845 power off This command is used to

power-off parameters configure the load/battery power
off threshold.
l Power off occurs in two cases:
load power off and battery
power off.
l When the mains input stops
working, the batteries provide
the power for the shelves.
l When the output voltage from
the batteries drops below the
load power off threshold, the
system stops providing the
power for the loads.
l When the output voltage from
the batteries drops below the
battery power off threshold,
the power supply stops
providing the power for the
batteries.
Set the POWER4845 power supply-parameter This command is used to enable

supply parameters the rectifier module to power off
automatically when the AC
voltage or DC voltage is
abnormal.
The power supply parameters are
as follows:
l AC over-voltage alarm
threshold
l AC under-voltage alarm
threshold
l DC over-voltage alarm
threshold
l DC under-voltage alarm
threshold
Set the extended digital power outside-digital This command is used to set such
parameters of the extended digital parameters as
POWER4845 valid level, name to identify the
digit and self-defined alarm to
monitor the device digits timely.
Set the battery charging power charge This command is used to set the
parameters charging mode and charging
voltage for batteries connected to
POWER4845.

Set the POWER4845 power battery-test This command is used to set the
test parameters battery auto-test period
parameters and the discharging
end-voltage to implement the
battery auto-discharging test.
Set the high temperature power temperature-off This command is used to set the
power-off parameter load or battery high temperature
power-off parameters and then to
protect the load or battery.
Make sure that these conditions are met in the configuration:
l DC overvoltage > battery even charging voltage > battery float charging voltage > DC
undervoltage > loading power-off voltage > battery power-off voltage.
l DC overvoltage > (float charging voltage + 2 V).
l Float charging voltage > (DC undervoltage + 2 V).
NOTE
You can run the following commands to configure the parameters:

l Run the power charge command to set the battery equalized-charging voltage or the battery float
charging voltage.
l Run the power battery parameter command to set the DC undervoltage or the DC overvoltage.
l Run the power temperature-off command to set the battery power-off voltage or the battery group
power-off voltage.
Procedure
Step 1 Run the interface emu command to enter POWER4845 mode.
Step 2 Run the commands listed in Table 34-7 to configure a POWER4845 EMU.
----End
Example
To run the power battery parameter command to set the battery charging current-limit
coefficient as 0.2, the equalized-charging time as 60d, the number of the battery group as 1, and
the battery capacity as 130 AH, do as follows:
huawei(config-if-power4845-3)#power battery parameter 0.2 60 1 130
Related Operations
Table 34-8 lists the related operations for configuring a POWER4845 EMU.

Table 34-8 Related operations for configuring a POWER4845 EMU

Query the POWER4845 alarms display power alarm
Query the POWER4845 environment display power environment info

information
Query the POWER4845 environment display power environment parameter

configuration
Query the POWER4845 running display power run info

information
Query the POWER4845 configuration display power system parameter
Query the POWER4845 battery test display power battery-test info

parameters
34.6 Configuring the H801ESC Analog Parameters

This topic describes how to configure the extended analog parameters or modify the default
analog parameters.
The MA5600T is installed with the internal analog sensor to monitor the temperature and the
power. The analog parameters related to the internal analog sensor are the default configurations
in the system and they do not need to be configured. The analog parameters need modification
only when they do not meet the requirements.
The MA5600T provides the extended analog monitoring port for connecting the analog sensor
externally if users have special requirements for monitoring. The analog parameters related to
the external sensor must be configured by the user.
When you set the extended analog parameters, you must get the information about the hardware
relationship between the extended monitoring port and the sensor related to the analog
parameters. Because one extended analog parameter ID corresponds to one monitoring port that
the sensor is connected to.
Prerequisite
The H801ESC EMU is in the position and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter H801ESC mode.
Step 2 Run the esc analog command to configure the extended analog parameters of the H801ESC or
modify the default analog parameters of the H801ESC.
Step 3 Run the display esc system parameter command to query the ESC parameters settings.
----End

Examples
To set the temperature thresholds of the default analog parameter (with analog ID as 0) to
55℃ (upper limit) and 5℃ (lower limit), do as follows:
huawei(config-if-h801esc-0)#display esc system parameter
EMU ID: 0 ESC system parameter

----------------------------------------------------------------------------
AnalogID Name AlmUpper AlmLower TestUpper TestLower Unit Type
0 Temperature 55 5 127 -128 C Voltage
1 Input_-48V_0 72 38 127 -128 Volt Voltage
5 - 127 -128 127 -128 - Voltage
6 - 127 -128 127 -128 - Voltage
7 - 127 -128 127 -128 - Voltage
8 - 127 -128 127 -128 - Voltage
----------------------------------------------------------------------------
DigitalID Name Level |DigitalID Name Level
0 Wiring 1 | 1 Door0 0
2 - 1 | 3 - 1
4 - 1 | 5 - 1
6 - 1 | 7 - 1
8 - 1 | 9 Water_Alarm 1
10 Arrester 0 0 | 11 Arrester 1 0
14 SW_A1 0 | 15 SW_A2 0
16 SW_B1 0 | 17 SW_B2 0
18 SW_C1 0 | 19 SW_C2 0
20 SW_D1 0 | 21 SW_D2 0
22 Outer Sensor Power 0
----------------------------------------------------------------------------
Assume that the analog parameter name is Power, the upper limit threshold is 72 V, the lower
limit threshold is 38 V and the (voltage) alarm index is 3. To configure an extended analog
parameter (with the analog ID as 5) to monitor the power supply, do as follows:
analog-alarm 3 name power

----------------------------------------------------------------------------
5 Power 72 38 127 -128 - Voltage
6 - 127 -128 127 -128 - Voltage
7 - 127 -128 127 -128 - Voltage
8 - 127 -128 127 -128 - Voltage
----------------------------------------------------------------------------
2 - 1 | 3 - 1
4 - 1 | 5 - 1
6 - 1 | 7 - 1
14 SW_A1 0 | 15 SW_A2 0

16 SW_B1 0 | 17 SW_B2 0
18 SW_C1 0 | 19 SW_C2 0
20 SW_D1 0 | 21 SW_D2 0
----------------------------------------------------------------------------
Related Operations
Table 34-9 shows the related operations for configuring H801ESC analog parameters.
Table 34-9 Related operations for configuring H801ESC analog parameters
Query the environment display esc environment H801ESC environment

information info monitor mode
Query alarm information display esc alarm H801ESC environment

monitor mode
Query use defined analog display outside-analog H801ESC environment

alarms private-alarm monitor mode
Query H801ESC version display version H801ESC environment

number monitor mode
34.7 Configuring H801ESC Digital Parameters

This topic describes how to configure the extended digital parameters or modify the default
digital parameters.
The MA5600T is installed with the internal digital sensor to monitor the door status sensor and
water penetration. The digital parameters related to the internal digital sensor are the default
configurations in the system and they do not need to configured. The digital parameters need
modification only when they do not meet the requirements.
The MA5600T provides the extended digital monitoring port to connect the external digital
sensor if users have special requirements for monitoring. The digital parameters related to the
external sensor must be configured by the user.
When you set the extended digital parameters, you must get the information about the hardware
relationship between the extended monitoring port and the sensor related to the digital
parameters. Because one extended digital parameter ID corresponds to one monitoring port that
the sensor is connected to.
Prerequisite
The H801ESC EMU is in the position and works in the normal state.

Procedure
Step 1 Run the interface emu command to enter H801ESC mode.
Step 2 Run the esc digital command to configure the extended digital parameters or modify the default
digital parameters.
Step 3 Run the display esc system parameter command to query the ESC parameter settings.
----End
Example
l Digital parameter ID: 2
l Digital parameter name: room_door
l Valid level: high level
l Alarm index: 9 (door status sensor in the equipment room)
To set such an extended digital parameter for monitoring the door status sensor, do as follows:
huawei(config-if-h801esc-0)#esc digital 2 available-level high-level digital-alarm
9 name room_door
--------------------------------------------------------------------------------
5 - 127 -128 127 -128 - Voltage
6 - 127 -128 127 -128 - Voltage
7 - 127 -128 127 -128 - Voltage
8 - 127 -128 127 -128 - Voltage
--------------------------------------------------------------------------------
2 room_door 1 | 3 - 1
4 - 1 | 5 - 1
6 - 1 | 7 - 1
14 SW_A1 0 | 15 SW_A2 0
16 SW_B1 0 | 17 SW_B2 0
18 SW_C1 0 | 19 SW_C2 0
20 SW_D1 0 | 21 SW_D2 0
--------------------------------------------------------------------------------
Related Operations
Table 34-10 lists the related operations for configuring H801ESC digital parameters.

Table 34-10 Related operations for configuring H801ESC digital parameters

Query the environment display esc environment H801ESC environment

information info monitor mode
Query the alarm information display esc alarm H801ESC environment

monitor mode
Query the user defined display outside-digital H801ESC environment

digital alarms private-alarm monitor mode
Query H801ESC version display version H801ESC environment

number monitor mode
34.8 Configuring the FAN Alarm Report

This topic describes how to enable the report of the FAN running alarms to the EMU.
Prerequisite
The FAN EMU has existed and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan alarmset command to configure the FAN alarm report.
Step 3 Run the display fan system parameter command to query information about FAN alarm.
----End
Example
To disable the report of FAN block alarm, do as follows:
huawei(config-if-fan-1)#fan alarmset block forbid
EMU ID: 0
--------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 4
--------------------------------------------------------
Fan block Forbid
Power fault Permit
--------------------------------------------------------
Related Operations
Table 34-11 lists the related operations for configuring the FAN alarm report.

Table 34-11 Related operations for configuring the FAN alarm report
Query the running information display fan environment FAN environment monitor
about the fans info mode
Query the alarm information display fan alarm FAN environment monitor
about the fans mode
34.9 Setting the FAN Speed Adjustment Mode

This topic describes how to set the fan speed adjustment mode.
Prerequisite
The FAN EMU is in the position and works in the normal state.
There are two fan speed adjustment modes:
l Automatic
l Manual
By default, the mode is manual with the fan speed level of 5. It is recommended that you change
the mode to automatic.
If the mode is not set to automatic, a large amount of redundant air is generated at low or normal
temperature.
Procedure
Step 2 Run the fan speed command to set the fan speed adjustment mode.
Step 3 Run the display fan system parameter command to query the parameter setting.
----End
Example
To set the fan speed adjustment mode as automatic, do as follows:
huawei(config-if-fan-0)#fan speed mode automatic
EMU ID: 0
----------------------------------------------------------------
FAN timing mode: Auto timing
----------------------------------------------------------------
Fan block Permit


Power fault Permit
----------------------------------------------------------------
Related Operations
Table 34-12 lists the related operations for setting the fan speed adjustment mode.
Table 34-12 Related operations for setting the fan speed adjustment mode
To... Run the command... Remarks
Set the fan speed fan speed adjust Set the fan speed in manual
mode, use this command.
Set the fan alarm report to fan alarmset -

EMU
Query the alarm information display fan alarm -

about fans
34.10 Configuring the FAN Speed Level

This topic describes how to configure the FAN speed level.
Prerequisite
The FAN EMU has existed and works in the normal state.
FAN speed level ranges from 0 to 5. Level 0 refers to the lowest and level 5 refers to the highest
fan speed level.
l The nominated fan speed is enough for heat dissipation when the system works in the
permitted highest temperature.
l Low-speed running of fans can prolong the lifetime of the fans.
l When abnormality occurs or one of the fans fails, other fans can run at high speed to
compensate the air flow.
l Low-speed running of fans can reduce dust concentration in the air filter.
l Set the fan speed in manual mode.
Procedure
Step 2 Run the fan speed command to configure the FAN speed level.
Step 3 Run the display fan system parameter command to query the setting of the FAN speed.
----End

Example
To set the FAN speed level as 3, do as follows:
huawei(config-if-fan-0)#fan speed adjust 3
EMU ID: 0
--------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 3
--------------------------------------------------------
Fan block Forbid
Power fault Permit
-------------------------------------------------------
Related Operations
Table 34-13 lists the related operations for setting the FAN speed level.
Table 34-13 Related operations for setting the FAN speed level
Set the fan speed adjustment mode fan speed mode
Set the fan alarm report to EMU fan alarmset
Query the alarm information about fans display fan alarm

SmartAX MA5600T Multi-service Access Module 35 Acronyms and Abbreviations
35 Acronyms and Abbreviations
A
AAA Authentication, Authorization and Accounting
ABR Area Border Router
ACL Access Control List
ADSL Asymmetrical Digital Subscriber Line
AES Advanced Encryption Standard
AG Access Gateway
ARP Address Resolution Protocol
AS Autonomous System
ASBR Autonomous System Border Router
ATM Asynchronous Transfer Mode
B
BDR Backup Designated Router
BGP Border Gateway Protocol
BMS HUAWEI iManager N2000 broadband integrated
network management system
BPDU Bridge Protocol Data Unit
BRAS Broadband Remote Access Server
BTV Broadcast TV
C
CAR Committed Access Rate
CBS Committed Burst Size

35 Acronyms and Abbreviations SmartAX MA5600T Multi-service Access Module
CC Connection Confirm
CFM Connectivity Fault Management
CIDR Classless Inter-Domain Routing
CIR Committed Information Rate
CIST Common and Internal Spanning Tree
CLI Command Line Interface
CoS Class of Service
CPE Customer Premises Equipment
CRC Cyclic Redundancy Code
D
DES Data Encryption Standard
DHCP Dynamic Host Configuration Protocol
DHCP option82 DHCP relay agent option 82
DNS Domain Name Server
DoD Downstream on Demand
DoS Denial of Service
DR Designated Router
DSLAM Digital Subscriber Line Access Multiplexer
DSP Digital Signal Processor
DTMF Dual-Tone Multifrequency
DU Downstream Unsolicited
D-V Distance Vector Routing Algorithm
E
EMU Environment Monitoring Unit
ES End System
F
FE Fast Ethernet
FEC Forward Error Correction
FoIP Fax over IP
FSK Frequency Shift Keying
FTP File Transfer Protocol

FIFO First In First Out
G
GE Gigabit Ethernet
GEM GPON Encapsulation Method
GPON Gigabit-capable Passive Optical Networks
I
Internet Control Message Protocol Label
ICMP
Distribution Protocol
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPoA Internet Protocol Over ATM
IPoE IP over Ethernet
IS Intermediate System
IS-IS Intermediate System-to-Intermediate System
ISP Internet Service Provider
IST Internal Spanning Tree
L
LAN Local Area Network
LDP Label Distribution Protocol
LSA Link State Advertisement
LSDB Link State Database
LSP Label Switched Path
M
MA Maintenance Association
MAC Medium Access Control
MBS Maximum Burst Size
MD Maintenance Domain
MD5 Message-Digest Algorithm 5
MDU Multi-dwelling unit
MED Multi-Exit-Disc

MEP Maintenance association End Point

MG Media Gateway
MGC Media Gateway Controller
MGCP Media Gateway Control Protocol
MIB Management Information Base
MIP Maintenance association Interspace Point
MoIP modem over IP
MRU Maximum Receive Unit
MSAN Multi-service Access Node
MSTP Multiple Spanning Tree Protocol
MTU Maximum Transmission Unit
N
NAS Network Access Server
NBMA Non Broadcast MultiAccess
NGN Next Generation Network
NHLFE Next Hop Label Forwarding Entry
NIC Network Information Center
NPDU Network Protocol Data Unit
NMS Network Management System
NSAP Network Service Access Point
O
OAM Operation And Maintenance
OLT Optical Line Terminal
ONT Optical Network Terminal
ONU Optical Network Unit
OMCI ONT Management and Control Interface
OSPF Open Shortest Path First
P
PBS Peek Burst Size
PIR Peek Information Rate
PITP Policy Information Transfer Protocol

POTS Plain Old Telephone Service

PPPoA Point-to-Point Protocol Over ATM
PPPoE Point-to-Point Protocol Over Ethernet
PQ Priority Queuing
PPP Peer-Peer Protocol
PSN Packet Switched Network
PSTN Public Switched Telephone Network
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RARP Reverse Address Resolution Protocol
RD Routing Domain
RFC Remote Feature Control
RIP Routing Information Protocol
RMON Remote Network Monitoring
RSVP Resource Reservation Protocol
RTP Real Time Protocol
RTCP Real Time Control Protocol
S
SHDSL Single-pair High-speed Digital Subscriber Line
SNMP Simple Network Management Protocol
SSH Secure Shell
STB Set Top Box
STP Spanning Tree Protocol
T
T-CONT Transmission Container
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP Trivial File Transfer Protocol
TOS Type of Service
TTL Time To Live

U
UDP User Datagram Protocol
V
VAG Virtual Access Gateway
VDSL Very High Speed DSL
VLAN Virtual LAN
VOD Video On Demand
VoIP Voice over IP
VT Virtual Terminal
VTP VLAN Trunk Protocol
VTY Virtual Type Terminal
W
WRR Weighted Round Robin
X
xDSL x Digital Subscriber Line

MA5600T Configuration Guide V800R005C06 02

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

MA5600T Configuration Guide V800R005C06 02

Hochgeladen von

Copyright:

Verfügbare Formate

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Copyright © Huawei Technologies Co., Ltd. 2008. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

About This Document.....................................................................................................................1

2 Getting Started With CLI..........................................................................................................2-1

Issue 02 (2008-04-25) Huawei Proprietary and Confidential i

2.3.13 Querying the CPU Usage...................................................................................................................2-20

3 Network Management Configuration....................................................................................3-1

4 Log Host Configuration............................................................................................................4-1

5 User Management...................................................................................................................... 5-1

ii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

5.4.5 Modifying the Permitted Number of Reenters.....................................................................................5-12

7 Remote User Authentication Configuration.........................................................................7-1

Issue 02 (2008-04-25) Huawei Proprietary and Confidential iii

7.6.7 Specifying an Authentication Scheme.................................................................................................7-33

9 DHCP Relay Configuration.....................................................................................................9-1

10 ARP & ARP Proxy Configuration.......................................................................................10-1

iv Huawei Proprietary and Confidential Issue 02 (2008-04-25)

10.3 Adding a Static ARP Entry.........................................................................................................................10-5

11 RIP Routing Protocol Configuration..................................................................................11-1

12 OSPF Routing Protocol Configuration..............................................................................12-1

Issue 02 (2008-04-25) Huawei Proprietary and Confidential v

12.3.5 Entering OSPF Area Config Mode..................................................................................................12-10

13 IS-IS Routing Protocol Configuration...............................................................................13-1

vi Huawei Proprietary and Confidential Issue 02 (2008-04-25)

13.5.2 Configuring the Level of an IS-IS Interface.....................................................................................13-22

14 BGP Routing Protocol Configuration................................................................................14-1

Issue 02 (2008-04-25) Huawei Proprietary and Confidential vii

viii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

16.8 Configuring the NTP Broadcast Mode......................................................................................................16-20

17 System Clock Configuration................................................................................................17-1

18 MAC Address Management.................................................................................................18-1

19 TCP/IP Connection Configuration......................................................................................19-1

Issue 02 (2008-04-25) Huawei Proprietary and Confidential ix

20.12 Creating a Customized ACL Rule...........................................................................................................20-18

22 User Security Configuration................................................................................................22-1

23 System Security Configuration...........................................................................................23-1

x Huawei Proprietary and Confidential Issue 02 (2008-04-25)

23.8 Configuring the Black List..........................................................................................................................23-8

24 P2P Fiber Access Service Configuration............................................................................24-1

25 GPON Service Configuration..............................................................................................25-1

26 Protection Configuration for Upstream Link...................................................................26-1

27 Device Subtending Configuration......................................................................................27-1

Issue 02 (2008-04-25) Huawei Proprietary and Confidential xi

27.5 Enabling the Traffic Suppression..............................................................................................................27-10

28 VLAN Stacking Wholesale Service Configuration......................................................... 28-1

29 QinQ VLAN Private Line Service Configuration............................................................29-1

30 Multicast Service Configuration.........................................................................................30-1

xii Huawei Proprietary and Confidential Issue 02 (2008-04-25)

30.15.1 Setting the IGMP Mode.................................................................................................................30-53

Issue 02 (2008-04-25) Huawei Proprietary and Confidential xiii

30.20.4 Clearing the Preview Records Manually......................................................................................30-103

31 Triple Play Service Configuration......................................................................................31-1

33 Ethernet OAM Configuration..............................................................................................33-1

xiv Huawei Proprietary and Confidential Issue 02 (2008-04-25)

34 Environment Monitoring Configuration ..........................................................................34-1

35 Acronyms and Abbreviations..............................................................................................35-1

Issue 02 (2008-04-25) Huawei Proprietary and Confidential xv

Issue 02 (2008-04-25) Huawei Proprietary and Confidential xvii

Figure 4-2 Flowchart for configuring a log host..................................................................................................4-3

xviii Huawei Proprietary and Confidential Issue 02 (2008-04-25)