Layer 3 12-Port 10G SFP+ + 8-Port 10/100/1000T Managed Switch with Dual 100~240V AC Redundant Power XGS-6350-12X8TR
Users Manual of XGS-6350-12X8TR Trademarks Copyright © PLANET Technology Corp. 2019. Contents are subject to revision without prior notice. PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners.
Users Manual of XGS-6350-12X8TR Energy Saving Note of the Device This power required device does not support Standby mode operation. For energy saving, please remove the power cable to disconnect the device from the power circuit. In view of saving the energy and reducing the unnecessary power consumption, it is strongly suggested to remove the power connection for the device if this device is not intended to be active.
Users Manual of XGS-6350-12X8TR Contents Chapter 1. INTRODUCTION 18 Packet Contents ...................................................................................................................................... 18 Product Features .................................................................................................................................... 21 Product Specifications ..............................................................................................................
Users Manual of XGS-6350-12X8TR Chapter 5. Network Management Configuration 69 Network Management Configuration ...................................................................................................... 69 5.1.1 SNMP Configuration ...................................................................................................................... 69 5.1.2 Overview ................................................................................................................................
Users Manual of XGS-6350-12X8TR 6.3.1 6.3.2 6.3.3 6.3.4 Chapter 7. Web Authentication Configuration ........................................................................................................... 97 Overview ........................................................................................................................................ 97 Configuring Web Authentication...................................................................................................
Users Manual of XGS-6350-12X8TR 7.10.1 7.10.2 7.10.3 7.10.4 7.10.5 Chapter 8. User Management ....................................................................................................................... 141 Log Management ......................................................................................................................... 142 Managing the Configuration Files ................................................................................................
Users Manual of XGS-6350-12X8TR 12.1.2 Chapter 13. Displaying Port Mirroring Information .......................................................................................... 159 Configuring MAC Address Attribute 160 MAC Address Configuration Task List ................................................................................................... 160 MAC address Configuration Task.......................................................................................................... 160 13.
Users Manual of XGS-6350-12X8TR Chapter 17. GVRP Configuration 175 Configuring GVRP ................................................................................................................................ 175 Introduction ........................................................................................................................................... 175 Configuring Task List ................................................................................................................
Users Manual of XGS-6350-12X8TR Chapter 21. Link Aggregation Configuration 222 Configuring Port Aggregation ................................................................................................................ 222 21.1.1 Overview ...................................................................................................................................... 222 21.1.2 Port Aggregation Configuration Task List ................................................................................
Users Manual of XGS-6350-12X8TR MEAPS Introduction .............................................................................................................................. 248 27.1.1 MEAPS Overview ........................................................................................................................ 248 27.1.2 Basic Concepts of MEAPS .......................................................................................................... 249 27.1.3 Types of EAPS Packets ...........
Users Manual of XGS-6350-12X8TR 33.1.4 Chapter 34. Configuration Example ................................................................................................................ 318 CFM and Y1731 Configuration 322 Overview ............................................................................................................................................... 322 34.1.1 Stipulations ............................................................................................................
Users Manual of XGS-6350-12X8TR 39.1.4 Chapter 40. Configuration Example ................................................................................................................ 348 QoS Configuration 350 QoS Configuration ................................................................................................................................ 350 40.1.1 QoS Overview ............................................................................................................................
Users Manual of XGS-6350-12X8TR 44.1.1 Chapter 45. Applying ACL on Ports ................................................................................................................. 406 Routing Configuration 407 Configuring RIP ..................................................................................................................................... 407 45.1.1 Overview ........................................................................................................................
Users Manual of XGS-6350-12X8TR MCE Configuration Example ................................................................................................................. 465 48.3.1 Configuring S11 ........................................................................................................................... 465 48.3.2 Configuring MCE-S1 .................................................................................................................... 466 48.3.3 Configuring PE ...............
Users Manual of XGS-6350-12X8TR Configuring PIM-SM .............................................................................................................................. 503 50.5.1 PIM-SM Introduction .................................................................................................................... 503 50.5.2 Configuring PIM-SM .................................................................................................................... 505 50.5.3 Configuration Example .....
Users Manual of XGS-6350-12X8TR Overview ............................................................................................................................................... 537 BFD Configuration Tasks ...................................................................................................................... 537 55.2.1 Activating Port BFD ..................................................................................................................... 537 55.2.
Users Manual of XGS-6350-12X8TR Chapter 1. INTRODUCTION Thank you for purchasing PLANET L3 10G Managed Switch, XGS-6350-12X8TR. The description of this model is as follows: Layer 3 12-Port 10G SFP+ + 8-Port 10/100/1000T Managed Switch with Dual 100~240V XGS-6350-12X8TR AC Redundant Power The term “Managed Switch” mentioned in this user’s manual refers to the XGS-6350-12X8TR. Packet Contents Open the box of the Managed Switch and carefully unpack it.
Users Manual of XGS-6350-12X8TR Dual AC Redundant Power to Ensure Continuous Operation The XGS-6350-12X8TR is equipped with two 100~240V AC power supply units for redundant power supply installation. A redundant power system is also provided to enhance the reliability with dual AC power supply units. The redundant power system is specifically designed to handle the demands of high-tech facilities requiring the highest power integrity.
Users Manual of XGS-6350-12X8TR Thus, the XGS-6350-12X8TR empowers enterprises and campuses to take full advantage of the limited network resources and guarantees the best performance in VoIP and video conferencing transmission. Robust Layer 2 Features The XGS-6350-12X8TR can be programmed for basic switch management functions such as port speed configuration, port aggregation, VLAN, Spanning Tree Protocol, WRR, bandwidth control and IGMP snooping. It also supports 802.
Users Manual of XGS-6350-12X8TR Product Features Physical Ports 12 10GBASE-SR/LR SFP+ slots, compatible with 1000BASE-SX/LX/BX SFP 8 10/100/1000BASE-T RJ45 ports RJ45 to DB9 console interface for switch basic management and setup IP Routing Features Supports maximum 128 static routes and route summarization Supports dynamic routing protocol: RIP and OSPF Layer 2 Features Auto-MDI/MDI-X detection on each RJ45 port Prevents packet loss flow control - IEEE 802.
Users Manual of XGS-6350-12X8TR Quality of Service 8 priority queues on all switch ports Supports strict priority and WRR (Weighted Round Robin) CoS policies Traffic classification - IEEE 802.1p CoS/ToS - IPv4/IPv6 DSCP - Port-based WRR Strict priority and WRR CoS policies Multicast Supports IPv4 IGMP snooping v1, v2 and v3, and IPv6 MLD v1 and v2 snooping Querier mode support Supports Multicast VLAN Register (MVR) Security IEEE 802.
Users Manual of XGS-6350-12X8TR Syslog server for IPv4 and IPv6 Four RMON groups 1, 2, 3, 9 (history, statistics, alarms and events) Supports ping, trace route function for IPv4 and IPv6 23
Users Manual of XGS-6350-12X8TR Product Specifications Product XGS-6350-12X8TR Hardware Specifications Ethernet Ports SFP+ Slots 8 1000BASE-T RJ45 auto-MDI/MDI-X ports 12 10GBASE-SR/LR SFP+ interfaces Compatible with 1000BASE-SX/LX/BX SFP transceiver Console 1 x RJ45-to-DB9 serial port (9600, 8, N, 1) Reset Button Reset to factory default Switch Architecture Store-and-forward Switch Fabric 256Gbps/non-blocking Switch Throughput 180Mpps Address Table 32K MAC address table with auto learning f
Users Manual of XGS-6350-12X8TR password Supports IPv4/IPv6 SSH The right configuration for users to adopt RADIUS server’s shell management Supports CLI, console, Telnet Supports SNMPv1, v2c and v3 Supports Security IP safety net management function: avoid unlawful landing at non-restrictive area Supports Syslog server for IPv4 and IPv6 Supports TACACS+ Layer 3 Function Routing Protocol Static routing, RIP and OSPF Routing Table 128 DHCP DHCP client DHCP server, defaultroute Configure VRRP in interfa
Users Manual of XGS-6350-12X8TR Supports strict priority and Weighted Round Robin (WRR) CoS policies Traffic classification: - IEEE 802.
Users Manual of XGS-6350-12X8TR RFC 2465 IPv6 MIB RFC 2466 ICMP6 MIB RFC 2573 SNMPv3 notification RFC 2574 SNMPv3 VACM RFC 2674 Bridge MIB Extensions Standard Conformance Regulatory Compliance FCC Part 15 Class A, CE IEEE 802.3 10BASE-T IEEE 802.3u 100BASE-TX IEEE 802.3z Gigabit 1000BASE-SX/LX IEEE 802.3ab Gigabit 1000BASE-T IEEE 802.3ae 10Gb/s Ethernet IEEE 802.3x flow control and back pressure IEEE 802.3ad port trunk with LACP IEEE 802.1D Spanning Tree Protocol IEEE 802.
Users Manual of XGS-6350-12X8TR Relative Humidity: 5 ~ 95% (non-condensing) 28
Users Manual of XGS-6350-12X8TR Chapter 2. INSTALLATION This section describes how to install your Managed Switch and make connections to the Managed Switch. Please read the following topics and perform the procedures in the order being presented.To install your Managed Switch on a desktop or shelf, simply complete the following steps. In this paragraph, we will describe how to install the Managed Switch and the installation points attended to it. Hardware Description 2.1.
Users Manual of XGS-6350-12X8TR on the power. 2.1.2 LED Indications The front panel LEDs indicates instant status of port links, data activity, system operation, stack status and system power. XGS-6350-12X8TR LED Indication Figure 2-2 XGS-6350-12X8TR LED Panel ■ System LED PWR SYS Color Green Off Green Function Lights to indicate that the Switch has power. Power is off. Blinks to indicate the system diagnosis is completed; lights to indicate the system is normally starting up.
Users Manual of XGS-6350-12X8TR ■ AC Power Receptacle For compatibility with electric service in most areas of the world, the Managed Switch’s power supply automatically adjusts to line power in the range of 100-240VAC and 50/60 Hz. Plug the female end of the power cord firmly into the receptacle on the rear panel of the Managed Switch. Plug the other end of the power cord into an electric service outlet and then the power will be ready.
Users Manual of XGS-6350-12X8TR the package. Figure 2-4 shows how to attach brackets to one side of the Managed Switch. Figure 2-4 Attach brackets to the Managed Switch. You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws would invalidate the warranty. Step 3: Secure the brackets tightly. Step 4: Follow the same steps to attach the second bracket to the opposite side.
Users Manual of XGS-6350-12X8TR Approved PLANET SFP/SFP+ Transceivers PLANET Managed Switch supports both single mode and multi-mode SFP/SFP+ transceivers. The following list of approved PLANET SFP/SFP+ transceivers is correct at the time of publication: Gigabit Ethernet Transceiver (1000BASE-XSFP) Model Speed (Mbps) Connector Interface Fiber Mode Distance Wavelength (nm) Operating Temp.
Users Manual of XGS-6350-12X8TR 10Gbps SFP+ (10G Ethernet/10GBASE) Connector Model Speed (Mbps) Fiber Mode Distance Wavelength (nm) Operating Temp. Interface MTB-SR 10G LC Multi Mode Up to 300m 850nm 0 ~ 60 degrees C MTB-LR 10G LC Single Mode 10km 1310nm 0 ~ 60 degrees C 10Gbps SFP+ (10GBASE-BX, Single Fiber Bi-directional SFP) Connector Model Speed (Mbps) Fiber Mode Distance Wavelength (TX) Wavelength (RX) Operating Temp.
Users Manual of XGS-6350-12X8TR 2. Remove the Fiber-optic Cable gently. 3. Lift up the lever of the MGB module and turn it to a horizontal position. 4. Pull out the module gently through the lever. Figure 2-6: How to Pull Out the SFP/SFP+Transceiver Never pull out the module without lifting up the lever of the module and turning it to a horizontal position. Directly pulling out the module could damage the module and the SFP/SFP+ module slot of the Managed Switch.
Users Manual of XGS-6350-12X8TR Chapter 3. Switch Management Management Options After purchasing the switch, the user needs to configure the switch for network management. Switch provides two management options: in-band management and out-of-band management. 3.1.1 Out-Of-Band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
Users Manual of XGS-6350-12X8TR Open the HyperTerminal included in Windows after the connection is established. The example below is based on the HyperTerminal included in Windows XP. 1) Click Start menu -- All Programs -- Accessories -- Communication -- HyperTerminal. Figure 3-2 Opening Hyper Terminal 2) Type a name for opening HyperTerminal, such as “Switch”.
Users Manual of XGS-6350-12X8TR Figure 3-3 Opening HyperTerminal 3) In the “Connect using” drop-list, select the RS-232 serial port used by the PC, e.g., COM1, and click “OK”. Figure3-4 Opening HyperTerminal 4) COM1 property appears and select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”, “1” for stop bit and “none” for traffic control; or you can also click “Restore default” and click “OK”.
Users Manual of XGS-6350-12X8TR Figure3-5 Opening HyperTerminal Step 3: Entering switch CLI interface Power on the switch and the following appears in the HyperTerminal windows, that is the CLI configuration mode for Switch. Jan 18 21: 48: 00 User admin logout on console 0 System Bootstrap, Version 0.4.3, Serial No: Copyright (c) 2017 PLANET 20014013899 PLANET Technology Corporation XGS-6350-12X8TR Current time: 1970-1-1 0: 00: 00 SDRAM Fast Test...........................
Users Manual of XGS-6350-12X8TR Jan 1 00: 06: 12 User default logout on console 0 User Access Verification Username: admin Password: Welcome to PLANET XGS-6350-12X8TR Ethernet Switch Switch> The user can now enter commands to manage the switch. For a detailed description of the commands, please refer to the following chapters. 3.1.
Users Manual of XGS-6350-12X8TR Figure3-6 Manage the Switch by Telnet Step 1: Configure the IP addresses for the switch and start the Telnet Serverfunction on the switch.First is the configuration of host IP address. This should be within the same network segment as the switch VLAN1 interface IP address. Suppose the switch VLAN1 interface IP address is 10.1.128.251/24. Then, a possible host IP address is 10.1.128.252/24. Run “ping 10.1.128.251” from the host and verify the result.
Users Manual of XGS-6350-12X8TR Figure3-7 Run telnet client program included in Windows Step 3: Log in to the switch. Log in to the Telnet configuration interface. Valid login name and password are required, otherwise, the switch will reject Telnet access. This is the method to protect the switch from unauthorized access. Enter valid login name and password in the Telnet configuration interface, Telnet user will be able to enter the switch’s CLI configuration interface.
Users Manual of XGS-6350-12X8TR 3) If 2) is not met, HTTP client should connect to an IPv4/IPv6 address of the switch via other devices, such as a router. Similar to management the switch via Telnet, as soon as the host succeeds to ping/ping6 an IPv4/IPv6 address of the switch and to type the right login password, it can access the switch via HTTP. The configuration list is shown below: Step 1: Configure the IP addresses for the switch and start the HTTP server function on the switch.
Users Manual of XGS-6350-12X8TR Step 3: Log in to the switch. Logging to the Web configuration interface. Valid login name and password are required, otherwise, the switch will reject HTTP access. This is the method to protect the switch from unauthorized access. The Web login interface of XGS-6350-12X8TR is shown below: Figure3-10Web Login Interface Input the right username and password and then the main Web configuration interface is shown below.
Users Manual of XGS-6350-12X8TR 2) The IP address of the client host and that of the VLAN interface on the switch it subordinates to should be in the same segment; 3) If 2) is not met, the client should be able to reach an IP address of the switch through devices like routers; 4) SNMP should be enabled.
Users Manual of XGS-6350-12X8TR Pay attention to the changes of the interface prompt and the relative command mode in the following case: Switch> enter Password: Switch# config Switch_config# interface f0/1 Switch_config_f0/1# quit Switch_config# quit Switch# 3.1.3 Help Function Use the question mark (?) and the direction mark to help you enter commands: Enter a question mark. The currently available command list is displayed.
Users Manual of XGS-6350-12X8TR Chapter 4. Basic Configuration System Management Configuration 4.1.1 File Management Configuration 4.1.1.1 Managing the file system The filename in flash is no more than 20 characters and filenames are case insensitive. 4.1.1.2 Commands for the file system The boldfaces in all commands are keywords. Others are parameters. The content in the square brakcet “[ ]” is optional. Command Description format Formats the file system and delete all data.
Users Manual of XGS-6350-12X8TR 4.1.1.4 Updating software User can use this command to download switch system software locally or remotely to obtain version update or the custom-made function version (like data encryption and so on). There are two ways of software update in monitor mode. a) Through TFTP monitor#copy tftpflash [ip_addr] The previous commad is to copy file from the tftp server to the flash in the system.
Users Manual of XGS-6350-12X8TR Parameter description Parameter Description local_filename Filename stored in the flash Users must enter the filename. Example The terminal program can be the Hyper Terminal program in WINDOWS 95, NT 4.0 or the terminal emulation program in WINDOWS 3.X. monitor#download c0 switch.bin Prompt: speed [9600]?115200 Then, modify the rate to 115200. After reconnection, select send file in the transfer menu of hyper terminal (terminal emulation).
Users Manual of XGS-6350-12X8TR 4.1.1.6 Using ftp to perform the update of software and configuration config #copy ftpflash [ip_addr|option] Use ftp to perform the update of software and configuration in formal program management. Use the copy command to download a file from ftp server to switch, also to upload a file from file system of the switch to ftp server. After you enter the command, the system will prompt you to enter the remote server name and remote filename.
Users Manual of XGS-6350-12X8TR Prompt: Remote-server ip address[]?192.168.20.1 Prompt: Destination file name[main.bin]?switch.bin or config#copy ftp: //login-nam: login-password@192.168.20.1/main.bin flash: switch.bin ###################################################################### ###################################################################### FTP: successfully receive 3377 blocks ,1728902 bytes config# 1. When the ftp server is out of service, the wait time is long.
Users Manual of XGS-6350-12X8TR monitor#ip route default 192.168.1.1 4.1.2.3 Using ping to test network connection state monitor#ping This command is to test network connection state. Parameter description Parameter Description ip_address Destination IP address Example monitor#ping 192.168.20.100 PING 192.168.20.100: 56 data bytes 64 bytes from 192.168.20.100: icmp_seq=0. time=0. ms 64 bytes from 192.168.20.100: icmp_seq=1. time=0. ms 64 bytes from 192.168.20.100: icmp_seq=2.
Users Manual of XGS-6350-12X8TR Ip http port number Modifies the port number of the http service. c) Configuring the access passward of the http service Http uses enable as the access password. You need to set the password enable if you want to perform authentication for http access. The password enable is set in global configuration mode using the following command: d) Command Function Enable password {0|7} line Sets the password enable.
Users Manual of XGS-6350-12X8TR Line Type CON(CTY) Interface Console Description Numbering To log in to the system for configuration. 0 To connect Telnet, X.25 PAD, VTY Virtual and asynchronous HTTP and Rlogin of synchronous ports (such as Ethernet and serial port) on 32 numbers starting from 1 the system 4.2.2.1 Relationship between line and interface a) Relationship between synchronous interface and VTY line The virtual terminal line provides a synchronous interface to access to the system.
Users Manual of XGS-6350-12X8TR management side and agent. SNMP management side can be part of the network management system (NMS, like CiscoWorks). Agent and MIB are stored on the system. You need to define the relationship between network management side and agent before configuring SNMP on the system. SNMP agent contains MIB variables. SNMP management side can check or modify value of these variables. The management side can get the variable value from agent or stores the variable value to agent.
Users Manual of XGS-6350-12X8TR SNMPv1 uses group-based security format. Use IP address access control list and password to define the management side group that can access to agent MIB. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are: Message integrity—Ensuring that a packet has not been tampered with in-transit. Authentication—Determining the message is from a valid source.
Users Manual of XGS-6350-12X8TR [exclude | include] MIB to the name of the SNMP view, and specifies the access right of the object identifier in the name of the SNMB view. Exclude: decline to be accessed Include: allow to be accessed The subsets that can be accessed in the SNMP view are the remaining objects that “include” MIB objects are divided by “exclude” objects. The objects that are not configured are not accessible by default.
Users Manual of XGS-6350-12X8TR packet. Use the following command in global configuration mode: Command Function snmp-server packetsizebyte-count Sets the maximum length of the data packet. e) Monitoring SNMP state You can run the following command in global configuration mode to monitor SNMP output/input statistics, including illegal community character string items, number of mistakes and request variables. f) Command Function show snmp Monitores the SNMP state.
Users Manual of XGS-6350-12X8TR snmp-server trap-source Specifies the source interface where traps interface originate and sets the source IP address for the message. snmp-server queue-length Creates the queue length of the message for length each host that has traps. Default value: 10 snmp-server Defines the frequency to resend traps in the trap-timeoutseconds resending queue.
Users Manual of XGS-6350-12X8TR remote control station, a remote user has to be configured if the control station performs ID authentication. Username and password of the remote user must be the same as those on the control station. Otherwise, the control station cannot receive traps. Command Function snmp-server user username Configures a remote SNMPv3 user.
Users Manual of XGS-6350-12X8TR snmp-server user notifier getter remote 90.0.0.3 v3 auth md5 abcdefghi snmp-server host 90.0.0.3 informs version v3 auth notifier snmp-server view v-write internet included The above example shows how to use SNMPv3 to manage devices. Group getter can browse device information, while group setter can set devices. User get-user belongs to group getter while user set-user belongs to group setter.
Users Manual of XGS-6350-12X8TR absolute is used to directly monitor the value of MIB object. delta is used to monitor the value change of the MIB objects between two sampling. value is the threshold value when an alarm is generated. eventnumber is the index of an event that is generated when a threshold is reached. eventnumber is optional. owner string is to describe the information about the alarm. exit Enter the management mode again. write Save the configuration.
Users Manual of XGS-6350-12X8TR to the log table. If the trap attribute is set to the rMon event, a trap message is sent out in name of community. If you run rmon event many times to configure event items with the same index, only the last configuration is effective. You can run no rmon event index to cancel event items whose indexes are index. c) Configuring rMon statistics for switch The rMon statistics group is used to monitor the statistics information on every port of the device.
Users Manual of XGS-6350-12X8TR seconds. owner string is used to describe some information about the history item. 4. exit Enter the global office mode again. 5. exit Enter the management mode again. 6. write Save the configuration. After a rMon history item is added, the device will obtain statistics values from the specified port every second seconds. The statistics value will be added to the history item as a piece of information.
Users Manual of XGS-6350-12X8TR Our switches can detect neighboring devices through PDP, but cannot require neighboring devices through SNMP. Therefore, these switches have to be located at the verge of networks. Otherwise, the complete network topology cannot be obtained. PDP on switches can be configured on all SANPs, such as Ethernet. 4.3.3.
Users Manual of XGS-6350-12X8TR pdp run e) Enables the PDP on the switch. Enabling PDP on the port of the switch PDP is not enabled in the default configuration. You can run the following command in interface configuration mode to enable PDP on the port after PDP is enabled on the switch. f) Command Purpose pdp enable Enables PDP on the port of the switch.
Users Manual of XGS-6350-12X8TR including des, 3des and blowfish. 4.3.4.2 SSH client SSH client is an application running under the ssh protocol. SSH client can provide authentication and encryption, so SSH client gurantees secure communication between communication devices or devices supporting SSH server even if these devices run in unsafe network conditions. SSH client supports the encryption algorithms including des, 3des and blowfish. 4.3.4.3 Function SSH server and SSH client supports version 1.5.
Users Manual of XGS-6350-12X8TR Run the following command in global configuration mode to configure the maximum times for retrying authentication: Command Purpose Ip sshd auth-retries <0-65535> Configures the maximum times for retrying authentication. 4.3.5.5 Enabling SSH server SSH server is disabled by default. When SSH server is enabled, the device will generate a rsa password pair, and then listen connection requests from the client. The process takes one or two minutes.
Users Manual of XGS-6350-12X8TR Chapter 5. Network Management Configuration Network Management Configuration 5.1.1 SNMP Configuration 5.1.2 Overview The SNMP system includes the following 3 parts: SNMP management server (NMS) SNMP agent (agent) MIB SNMP is a protocol for the application layer.It provides the format for the packets which are transmitted between NMS and agent. SNMP management server is a part of the network management system, such as CiscoWorks.
Users Manual of XGS-6350-12X8TR Setting the acknowledgement time-delay Setting the maximum numbers of acknowledgement Showing LLC2 link information Debugging LLC2 link information LLC2 Configuration Tast 5.2.1 Configuring Idle Time Value The command is used for controlling the frequency of query at the idle time (no data exchanged) The command “no” can be used for restoring to the default value.
Users Manual of XGS-6350-12X8TR Configuration mode: Interface configuration When the local end sends I frame, it will wait for remote acknowledgement. If no acknowledgement is received within a given time, the I-frame will be resent. The relative big value should be set on the network where the data is transmitted at a slow rate. Example: Setting 12 seconds as the time value of waiting for acknowledgement. int ethernet1/1 llc2 t1-time 12 5.2.
Users Manual of XGS-6350-12X8TR default is 1 second. Configuration Mode: Interface Configuration A LLC2 connective end sometimes needs to know the status of opposite end. For this purpose, a command frame that requires a response from the opposite end needs to be sent. When the opposite end receives the command frame, it will reply a response frame. If the error occurs in the process, the send end will keep waiting. In order to avoid the situation, a clock needs to be enabled.
Users Manual of XGS-6350-12X8TR 5.2.6 Configuring the Redial Times The command is Command Purpose [no] llc2 n2 retry-count Used for controlling the times of re-sending the frame. The command “no” can be used for restoring to the default value. retry-count: The times of resending frame. The maximum is 255, the minimum is 1 and the default is 8. Configuration mode: Interface configuration When one end of LLC2 sends the data to the opposite end, it will wait for the acknowledgement of the opposite end.
Users Manual of XGS-6350-12X8TR Example: Setting the size of send window as 12. int ethernet 1/1 llc2 local-window 12 5.2.8 Configuring the Size of Accumulated Data Packet The command is Command Purpose [no] llc2 holdqueue Used for controlling the maximum local [packet-count] accumulated size of data packet when I frame (the remote end is busy) cannot be sent. The command “no” can be used for restoring to the default value.
Users Manual of XGS-6350-12X8TR clearing the network timeout perceived by the opposite end. The command below can be used for setting the value. Command Purpose llc2 ack-maxnumber Setting the acknowledgement time-delay. 5.2.11 Showing LLC2 Link Information Command Purpose show llc interface [type number] Used for showing the related information of LLC2 link connection. Configuration Mode: Interface, configuration and global Showing the related information of LLC2 link connection.
Users Manual of XGS-6350-12X8TR response will be transmitted as the time-delay timer is activated. interface interface e1/1 llc2 ack-max 3 llc2 ack-delay-time 800 In this connection, as it is told that all the frames are received, the counter that calculates the maximum number of information frame is reset as 0. 5.2.14 Configuring SDLC as Two-Way and Concurrent Mode SDLC two-way and concurrent mode allows master SDLC link station to use a full duplex serial circuit.
Users Manual of XGS-6350-12X8TR sdlc n2retry-count Configuring the times of software of retrying a timeout operation. 5.2.16 Configuring the Number of SDLC Frame and Information Frame The maximum length of input frame and the maximum number of the information frame (or the size of window) received before router sends response to the receive end can be configured. When the configured value is relative big, the network overhead can be reduced.
Users Manual of XGS-6350-12X8TR unnecessary polling frames sent from the slave station, which takes the extra CPU time for dealing with them. The communication efficiency between master station and single slave station can be improved by increasing the limit value of polling, but it may delay the polling to other slave stations.
Users Manual of XGS-6350-12X8TR The maximum value supported by the software must be smaller than the maximum frame value of LLC2 defined at the time of configuring the maximum length of LLC2 information frame. The command below can be used under interface configuration mode for configuring the maximum value of SDLC information frame: Command Purpose sdlc sdlc-largest-frameaddress Configuring the maximum length of information size frame that can be sent or received by the designated SDLC station. 5.2.
Users Manual of XGS-6350-12X8TR Chapter 6. Security Configuration AAAConfiguration 6.1.1 AAA Overview Access control is the way to control access to the network and services. Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which you set up access control on your router or access server. 6.1.1.1 AAA Security Service AAA is an architectural framework for configuring a set of three independent security functions in a consistent manner.
Users Manual of XGS-6350-12X8TR be defined through AAA. As with authentication, you configure AAA authorization by defining a named list of authorization methods, and then applying that list to various interfaces. For information about configuring authorization using AAA, refer to the chapter "Configuring Authorization.
Users Manual of XGS-6350-12X8TR a listed authentication method or the authentication method list is exhausted, in which case authentication fails. The software attempts authentication with the next listed authentication method only when there is no response from the previous method.
Users Manual of XGS-6350-12X8TR 6.1.2.1 Overview of the AAA Configuration Process Configuring AAA is relatively simple after you understand the basic process involved. To configure security on a Cisco router or access server using AAA, follow this process: If you decide to use a separate security server, configure security protocol parameters, such as RADIUS, TACACS+, or Kerberos. Define the method lists for authentication by using an AAA authentication command.
Users Manual of XGS-6350-12X8TR list-name}method1 [method2...] line [ console | vty ] line-number [ending-line-number] Enters line configuration mode for the lines to which you want to apply the authentication list. login authentication {default | Applies the authentication list to a line list-name} or set of lines. The list-name is a character string used to name the list you are creating. The method argument refers to the actual method the authentication algorithm tries.
Users Manual of XGS-6350-12X8TR (3) Login Authentication Using Local Password Use the aaa authentication login command with the local method keyword to specify that the Cisco router or access server will use the local username database for authentication.
Users Manual of XGS-6350-12X8TR line Uses the line password for authentication. none Uses no authentication. 6.1.4.3 Configuring Message Banners for AAA Authentication AAA supports the use of configurable, personalized login and failed-login banners. You can configure message banners that will be displayed when a user logs in to the system to be authenticated using AAA and when, for whatever reason, authentication fails. 6.1.4.
Users Manual of XGS-6350-12X8TR aaa authentication username-prompt text-string String of text that will be displayed when the user is prompted to enter an username. 6.1.4.8 AAA authentication password-prompt To change the text displayed when users are prompted for a password, use the aaa authentication password-prompt command in global configuration mode. To return to the default password prompt text, use the no form of this command.
Users Manual of XGS-6350-12X8TR enable password { [encryption-type] encrypted-password} [level level] no enable password [level level] 6.1.5 AAA Authentication Configuration Example 6.1.5.1 RADIUS Authentication Example This section provides one sample configuration using RADIUS.
Users Manual of XGS-6350-12X8TR Command Purpose aaa authorization exec {default | list-name}method1 [method2...] line [console | vty ] line-number [ending-line-number] Establishes global authorization list. Enters the line configuration mode for the lines to which you want to apply the authorization method list. Applies the authorization list to a line login authorization {default | list-name} or set of lines(in line configuration mode).
Users Manual of XGS-6350-12X8TR username exec1 password 0 abc privilege 15 username exec2 password 0 abc privilege 10 username exec3 nopassword username exec4 password 0 abc user-maxlinks 10 username exec5 password 0 abc autocommand telnet 172.16.20.1 ! The lines in this sample RADIUS authorization configuration are defined as follows: : The aaa authentication login default local command defines the default method list of login authentication.
Users Manual of XGS-6350-12X8TR aaa accounting connection {default | list-name} {start-stop | stop-only | Establishes global accounting list. none} group groupname The keyword list-name is used to name any character string of the establishing list. The keyword method specifies the actual method adopted during accounting process. The following table lists currently supported connection accounting methods: Keyword Description group WORD Enables named server group for accounting.
Users Manual of XGS-6350-12X8TR 6.1.10.3 AAA Accounting Update To enable periodic interim accounting records to be sent to the accounting server, use the aaa accounting update command in global configuration mode. To disable interim accounting updates, use the no form of this command. Command aaa accounting update [newinfo] [periodicnumber] Purpose Enables AAA accounting update.
Users Manual of XGS-6350-12X8TR server that contains all user authentication and network service access information. RADIUS has been implemented in a variety of network environments that require high levels of security while maintaining network access for remote users. Use RADIUS in the following network environments that require access security: : Networks with multiple-vendor access servers, each supporting RADIUS.
Users Manual of XGS-6350-12X8TR password. The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or network authorization. You must first complete RADIUS authentication before using RADIUS authorization. The additional data included with the ACCEPT or REJECT packets consists of the following: Services that the user can access, including Telnet, rlogin, or local-area transport (LAT) connections, and PPP, Serial Line Internet Protocol (SLIP), or EXEC services.
Users Manual of XGS-6350-12X8TR To configure RADIUS to use the AAA security commands, you must specify the host running the RADIUS server daemon and a secret text (key) string that it shares with the router.
Users Manual of XGS-6350-12X8TR 6.2.4.3 Specifying RADIUS Authentication After you have identified the RADIUS server and defined the RADIUS authentication key, you must define method lists for RADIUS authentication. Because RADIUS authentication is facilitated through AAA, you must enter the aaa authentication command, specifying RADIUS as the authentication method. For more information, refer to the chapter "Configuring Authentication." 6.2.4.
Users Manual of XGS-6350-12X8TR radius-server host command defines the IP address of the RADIUS server host.; radius-server key command defines the shared secret text string between the network access server and the RADIUS server host. aaa authentication login admins group radius local command defines the authentication method list "dialins," which specifies that RADIUS authentication and then (if the RADIUS server does not respond) local authentication will be used on serial lines using PPP.
Users Manual of XGS-6350-12X8TR The roles that the network devices take during the Web authentication are shown in Figure 6-2: Client: It is ausercomputer that accesses network through the switch. The user computer need be configured the network browser, the function of DHCP client and the function to originate DNS query. DHCP server: It is to distribute the IP address for users. AAA server: Switch: It is a switch having Web authentication.
Users Manual of XGS-6350-12X8TR online notification. If the notification is not received in the preset time, the switch considers that the user abnormally logs off, notifies the AAA server to stop charging and withdraws the network access right from the user. The above steps may vary a little with configuration strategies and user’s operations. For example, if user directly accesses the portal server of the switch before the authentication is approved, DNS-related processes will not be enabled.
Users Manual of XGS-6350-12X8TR Different operation strategies adopt different authentication modes. The supported maximum number of users that simultaneously access the network varies with the authentication mode. For the username/password authentication mode, the switch supports simultaneously accessed users as many as its performance permits. For the VLAN ID authentication mode, the maximum number of simultaneously accessed users equals the number of VLAN that the switch supports. 2.
Users Manual of XGS-6350-12X8TR Run the following command in global configuration mode to configure the authentication duration (Unit: second): 3. Run... To... web-auth authtime <60-65535> Configure the authentication duration. Configuring the transmission period of the online notification Through the online notification sent by the browser, the switch checks whether the user is online. Run the following command in global configuration mode to configure the transmission period (unit: second): Run...
Users Manual of XGS-6350-12X8TR list named default is applied on each interface. Run the following command in interface configuration mode to configure the authentication method list: 3. Run... To... web-auth authentication WORD Configure the authentication method list. Configuring the accounting method list Different accounting method lists can be applied on each interface. By default, the accounting method list named default is applied on each interface.
Users Manual of XGS-6350-12X8TR Run... To... web-auth kick-out user-IP Mandatorily kick out a user. 6.3.4 Web Authentication Configuration Example Network topology See Figure 6-5: i nt er net DNS ser ver DHCP ser ver AAA ser ver ( 192. 168. 20. 1) ( 192. 168. 20.
Users Manual of XGS-6350-12X8TR Configuration of the layer-2 interface interface FastEthernet0/1 switchport pvid 1 ! interface FastEthernet0/2 switchport pvid 2 ! interface FastEthernet0/3 switchport pvid 3 ! interface FastEthernet0/4 switchport pvid 4 Configuration of the routing interface interface VLAN1 no ip directed-broadcast ip helper-address 192.168.20.1 web-auth accounting acct-weba web-auth authentication auth-weba web-auth mode vlan-id web-auth enable ! interface VLAN2 ip address 192.168.20.
Users Manual of XGS-6350-12X8TR Chapter 7. Web Configuration HTTP Switch Configuration 7.1.1 HTTP Configuration Switch configuration can be conducted not only through command lines and SNMP but also through Web browser. The switches support the HTTP configuration, the abnormal packet timeout configuration, and so on. 7.1.1.1 Choosing the Prompt Language Up to now, switches support two languages, that is, English and Chinese, and the two languages can be switched over through the following command.
Users Manual of XGS-6350-12X8TR Command Purpose ip http http-access enable Sets the HTTP access mode. 7.1.1.5 Setting the Maximum Number of VLAN Entries on Web Page A switch supports at most 4094 VLANs and in most cases Web only displays parts of VLANs, that is, those VLANs users want to see. You can use the following command to set the maximum number of VLANs. The default maximum number of VLANs is 100.
Users Manual of XGS-6350-12X8TR Configuration Preparation 7.2.1 Accessing the Switch through HTTP When accessing the switch through Web, please make sure that the applied browser complies with the following requirements: HTML of version 4.0 HTTP of version 1.1 JavaScriptTM of version 1.5 What's more, please ensure that the main program file, running on a switch, supports Web access and your computer has already connected the network in which the switch is located. 7.2.1.
Users Manual of XGS-6350-12X8TR 1. Connect the console port of the switch with the accessory cable, or telnet to the management address of the switch through the computer. 2. Enter the global configuration mode of the switch through the command line, the DOS prompt of which is similar to “Switch_config#”. 3. If the management address of the switch is not configured, please create the VLAN interface and configure the IP address. 4.
Users Manual of XGS-6350-12X8TR Figure 2: Web homepage The whole homepage consists of the top control bar, the navigation bar, the configuration area and the bottom control bar. 7.2.3.1 Top Control Bar Figure 3: Top control bar Save All Write the current settings to the configuration file of the device. It is equivalent to the execution of the write command. The configuration that is made through Web will not be promptly written to the configuration file after validation.
Users Manual of XGS-6350-12X8TR 7.2.3.2 Navigation Bar Figure 4 Navigation bar The contents in the navigation bar are shown in a form of list and are classified according to types. By default, the list is located at “Runtime Info”. If a certain item need be configured, please click the group name and then the sub-item. For example, to browse the flux of the current port, you have to click “Interface State" and then “Interface Flow”.
Users Manual of XGS-6350-12X8TR 7.2.3.4 Bottom Control Bar Figure 6: Bottom control bar If you click the About button on the top control bar, the bottom control bar appears. The main function of the bottom control bar is to realize the automatic refreshing of the configuration display area. For example, if you click “Interface Flow” in the navigation bar and then click “Refresh”, the flow of the interface can be continuously monitored.
Users Manual of XGS-6350-12X8TR 7.3.1 Hostname Configuration If you click Basic Config -> Hostname Config in the navigation bar, the Hostname Configuration page appears, as shown in figure 2. Figure 2 Hostname configuration The hostname will be displayed in the login dialog box. The default name of the device is “Switch”. You can enter the new hostname in the text box shown in figure 8 and then click “Apply”. 7.3.
Users Manual of XGS-6350-12X8TR Configuration of the Physical Interface Figure 1: Physical port configuration list 7.4.1 Configuring Port Description If you click Physical port config -> Port description Config in the navigation bar, the Port description Configuration page appears, as shown in figure 2. Figure 2: Port description configuration You can modify the port description on this page and enter up to 120 characters. The description of the VLAN port cannot be set at present. 7.4.
Users Manual of XGS-6350-12X8TR Figure 3: Configuring the port attributes On this page you can modify the on/off status, rate, duplex mode, flow control status and medium type of a port. 1. The Web page does not support the speed and duplex mode of the fast-Ethernet port. 2. After the speed or duplex mode of a port is modified, the link state of the port may be switched over and the network communication may be impaired. 7.4.
Users Manual of XGS-6350-12X8TR Click the drop-down list on the right side of "Mirror Port" and select a port to be the destination port of mirror. Click a checkbox and select a source port of mirror, that is, a mirrored port. RX The received packets will be mirrored to the destination port. TX The transmitted packets will be mirrored to a destination port. RX & TX The received and transmitted packets will be mirrored simultaneously. 7.4.
Users Manual of XGS-6350-12X8TR way, the MAC address that is allowed to visit the port will be limited. Figure 10: Setting the binding of the source MAC address 7.4.6.3 Setting the Static MAC Filtration Mode If you click Physical port Config -> Port Security -> Static MAC filtration mode in the navigation bar, the Configure the static MAC filtration mode page appears, as shown in figure 11. Figure 11: Setting the static MAC filtration mode On this page you can set the static MAC filtration mode.
Users Manual of XGS-6350-12X8TR 7.4.7 Storm control In the navigation bar, click Physical port Config -> Storm control. The system then enters the page, on which the broadcast/multicast/unknown unicast storm control can be set. 7.4.7.1 Broadcast Storm Control Figure 15: Broadcast storm control Through the drop-down boxes in the Status column, you can decide whether to enable broadcast storm control on a port. In the Threshold column you can enter the threshold of the broadcast packets.
Users Manual of XGS-6350-12X8TR control on a port. In the Threshold column you can enter the threshold of the multicast packets. The legal threshold range for each port is given behind the threshold. 7.4.7.3 Unknown Unicast Storm Control Figure 17: Unknown unicast storm control In the Threshold column you can enter the threshold of the broadcast packets. The legal threshold range for each port is given behind the threshold.
Users Manual of XGS-6350-12X8TR Layer 2 Configuration Figure 1: Layer-2 configuration list 7.5.1 VLAN Settings 7.5.1.1 VLAN List If you click Layer 2 Config -> VLAN Config in the navigation bar, the VLAN Config page appears, as shown in figure 2. Figure 2: VLAN configuration The VLAN list will display VLAN items that exist in the current device according to the ascending order. In case of lots of items, you can look for the to-be-configured VLAN through the buttons like “Prev”, “Next” and “Search”.
Users Manual of XGS-6350-12X8TR You can click “New” to create a new VLAN. You can also click “Edit” at the end of a VLAN item to modify the VLAN name and the port’s attributes in the VLAN. If you select the checkbox before a VLAN and then click “Delete”, the selected VLAN will be deleted. By default, a VLAN list can display up to 100 VLAN items.
Users Manual of XGS-6350-12X8TR shown in figure 4. Figure 4: Configuring the global attributes of PDP You can choose to enable PDP or disable it. When you choose to disable PDP, you cannot configure PDP. The “HoldTime” parameter means the time to be saved before the router discards the received information if other PDP packets are not received. The protocol version cannot be read currently through the command line “show run”, so the protocol version is not handled on the Web. 7.5.2.
Users Manual of XGS-6350-12X8TR You can choose to enable LLDP or disable it. When you choose to disable LLDP, you cannot configure LLDP. The “HoldTime” parameter means the ttl value of the packet that is transmitted by LLDP, whose default value is 120s. The “Reinit” parameter means the delay of successive packet transmission of LLDP, whose default value is 2s. 7.5.3.
Users Manual of XGS-6350-12X8TR Figure 9: Setting the member port of the aggregation group An aggregation group is selectable when it is created but is not selectable when it is modified. When a member port exists on the aggregation group, you can choose the aggregation mode to be static, LACP active or LACP passive. You can click “>>” and “<<” to delete and add a member port in the aggregation group. 7.5.5 STP Configuration 7.5.5.
Users Manual of XGS-6350-12X8TR The change of the STP mode may lead to the interruption of the network. 7.5.5.2 Configuring the Attributes of the STP Port If you click the "Configure RSTP Port" option, the “Configure RSTP Port” page appears. Figure 11: Configuring the attributes of RSTP The configuration of the attributes of the port is irrelative of the global STP mode.
Users Manual of XGS-6350-12X8TR Figure 13: IGMP-snooping VLAN list If you click New, IGMP snooping VLAN configuration can be done. Through Web up to 8 physical ports can be set on each IGMP snooping VLAN. If you click Cancel, a selected IGMP snooping VLAN can be deleted; if you click Edit, you can modify the member port, running status and immediate-leave of IGMP snooping VLAN.
Users Manual of XGS-6350-12X8TR Click “Refresh” to refresh the contents in the list. 7.5.6.4 Multicast List Click the Multicast List Info option on the top of the page and the Multicast List Info page appears. Figure 16: Multicast List On this page the multicat groups, which exist in the current network and are in the statistics of IGMP snooping, as well as port sets on which members in each group are belong to are dislayed. Click “Refresh” to refresh the contents in the list.
Users Manual of XGS-6350-12X8TR 7.5.8 Ring Protection Configuration 7.5.8.1 EAPS Ring List If you click Layer 2 Config -> Ring protection Config, the EAPS ring list page appears. Figure 19: EAPS Ring List In the list shows the currently configured EAPS ring, including the status of the ring, the forwarding status of the port and the status of the link. Click “New” to create a new EAPS ring. Click the “Operate” option to configure the “Time” parameter of the ring. 1. The system can support 8 EAPS rings.
Users Manual of XGS-6350-12X8TR ring must be the same. The dropdown box on the right of “Node Type” is used to select the type of the node. Please note that only one master node can be configured on a ring. Enter a value between 1 and 4094 in the text box on the right of “Control VLAN” as the control VLAN ID. When a ring is established, the control VLAN will be automatically established too.
Users Manual of XGS-6350-12X8TR Only layer-3 switches have the layer-3 configuration. 7.6.1 Configuring the VLAN Interface If you click Layer 3 Config -> VLAN interface Config, the Configuring the VLAN interface page appears. Figure 2: Configuring the VLAN interface Click New to add a new VLAN interface. Click Cancel to delete a VLAN interface. Click Modify to modify the settings of a corresponding VLAN interface.
Users Manual of XGS-6350-12X8TR Figure 4: Displaying the static route Click Create to add a static route. If you click Edit, you can modify the current static route. If you click Cancel, you can cancel the chosen static route. Figure 5: Setting the static route 7.6.3 IGMP Proxy 7.6.3.1 Enabling the IGMP Proxy If you click Layer-3 Config -> IGMP proxy, the IGMP proxypage appears. Figure 6: Enabling the IGMP agent On this page you can enable or disable the IGMP proxy.
Users Manual of XGS-6350-12X8TR 7.6.3.2 Setting the IGMP Proxy If you click Layer-3 Config -> IGMP proxy-> IGMPproxy Config, the IGMP proxy configuration page appears. Click New to create a new IGMP agent. Figure 7: Setting the IGMP agent Advanced Configuration Figure 1: A list of advanced configuration 7.7.1 QoS Configuration 7.7.1.1 Configuring QoS Port If you click Advanced Config -> QoS -> Configure QoS Port, the Port Priority Config page appears.
Users Manual of XGS-6350-12X8TR Figure 2: Configuring the QoS Port You can set the CoS value by clicking the dropdown box on the right of each port and selecting a value. The default CoS value of a port is 0, meaning the lowest priority. If the CoS value is 7, it means that the priority is the highest. 7.7.1.2 Global QoS Configuration If you click Advanced Config -> QoS Config -> Global QoS Config, the Port’s QoS parameter configuration page appears.
Users Manual of XGS-6350-12X8TR 7.7.2 MAC Access Control List 7.7.2.1 Setting the Name of the MAC Access Control List If you click Advanced Config -> MAC access control list -> MAC access control list Config, the MAC ACL configuration page appears. Figure 4: MAC access control list configuration Click New to add a name of the MAC access control list. Click Cancel to delete a MAC access control list. Figure 5: Setting the name of MAC access control list 7.7.2.
Users Manual of XGS-6350-12X8TR Figure 8: Applying the MAC access control list 7.7.3 IP Access Control List 7.7.3.1 Setting the Name of the IP Access Control List If you click Advanced Config -> IP access control list -> IP access control list Config, the IP ACL configuration page appears. Figure 9: IP access control list configuration Click New to add a name of the IP access control list. Click Cancel to delete an IP access control list.
Users Manual of XGS-6350-12X8TR Figure 12: Setting the Rules of the standard IP access control list Extended IP access control list Figure 13: Extended IP access control list Click New to add a rule of the IPaccess control list. Click Cancel to delete a rule of the IP access control list. If you click Modify, the corresponding IP access control list appears and you can set the corresponding rules for the IP access control list. Figure 14: Setting the Rules of the extended IP access control list 7.
Users Manual of XGS-6350-12X8TR Figure 15: Applying the IP access control list Network Management Configuration Figure 1: Network management configuration list 7.8.1 SNMP Configuration If you click Network management Config -> SNMP management in the navigation bar, the SNMP management page appears, as shown in figure 2. 7.8.1.1 SNMP Community Management Figure 2: SNMP community management On the SNMP community management page, you can know the related configuration information about SNMP community.
Users Manual of XGS-6350-12X8TR switch to the configuration page of SNMP community. Figure 3: SNMP community management settings On the SNMP community management page you can enter the SNMP community name, select the attributes of SNMP community, which include Read only and Read-Write. 7.8.1.2 SNMP Host Management Figure 4: SNMP host management On the SNMP community host page, you can know the related configuration information about SNMP host.
Users Manual of XGS-6350-12X8TR Figure 6: Configuring the RMON statistic information You need to set a physical port to be the reception terminal of the monitor data. The index is used to identify a specific interface; if the index is same to that of the previous application interface, it will replace that of the previous application interface. At present, the monitor statistic information can be obtained through the command line “show rmon statistics”, but the Web does not support this function. 7.8.2.
Users Manual of XGS-6350-12X8TR Figure 8: Configuring the RMON alarm information The index is used to identify a specific alarm information; if the index is same to the previously applied index, it will replace the previous one. The MIB node corresponds to OID. If the alarm type is absolute, the value of the MIB object will be directly minitored; if the alarm type is delta, the change of the value of the MIB object in two sampling will be monitored.
Users Manual of XGS-6350-12X8TR "Enable log" means to add an item of information in the log table when the event is triggered. “Enable trap” means a trap will be generated if the event is triggered. Diagnosis Tools Figure 1: Diagnosis tool list 7.9.1 Ping 7.9.1.1 Ping If you click Diagnosis Tools -> Ping, the Ping page appears. Figure 2: Ping Ping is used to test whether the switch connects other devices.
Users Manual of XGS-6350-12X8TR result. “Source IP address” is used to set the source IP address which is carried in the Ping packet. “Size of the PING packet” is used to set the length of the Ping packet which is transmitted by the device. System Management Figure 1: Navigation list of system management 7.10.1 User Management 7.10.1.1 User List If you click System Manage -> User Manage, the User Management page appears. Figure 2: User list You can click “New” to create a new user.
Users Manual of XGS-6350-12X8TR 1. Please make sure that at least one system administrator exists in the system, so that you can manage the devices through Web. 2. The limited user can only browse the status of the device. 7.10.1.2 Establishing a New User If you click “New” on the User Management page, the Creating User page appears. Figure 3: Creating new users In the “User name” text box, enter a name, which contains letters, numbers and symbols except “?”, “\”, “&”, “#” and the "Space".
Users Manual of XGS-6350-12X8TR the cached log in the “Grade of the cache log information” dropdown box. 7.10.3 Managing the Configuration Files If you click System Manage -> Configuration file, the Configuration file page appears. 7.10.3.1 Exporting the Configuration Information Figure 5: Exporting the configuration file The current configuration file can be exported, saved in the disk of PC or in the mobile storage device as the backup file.
Users Manual of XGS-6350-12X8TR 7.10.4 Software Management If you click System Manage -> Software Upgrade, the software managementpage appears. 7.10.4.1 Backing up the IOS Software Figure 7: Backing up IOS On this page the currently running software version is displayed. If you want to backup IOS, please click “Backuping IOS”; then on the browser the file download dialog box appears; click “Save” to store the IOS file to the disk of the PC, mobile storage device or other network location.
Users Manual of XGS-6350-12X8TR 7.10.5 Rebooting the Device If you click System Manage -> Reboot Device, the Rebooting page appears. Figure 9: Rebooting the device If the device need be rebooted, please first make sure that the modified configuration of the device has already been saved, and then click the “Reboot” button.
Users Manual of XGS-6350-12X8TR Chapter 8. Interface Configuration Introduction This section helps user to learn various kinds of interface that our switch supports and consult configuration information about different interface types. For detailed description of all interface commands used in this section, refer to Interface configuration command. For files of other commands appeared in this section, refer to other parts of the manual.
Users Manual of XGS-6350-12X8TR null interface aggregation interface vlan interface 8.1.2 Interface Configuration Introduction The following description applies to the configuration process of all interfaces. Take the following steps to perform interface configuration in global configuration mode. (1) Run the interface command to enter the interface configuration mode and start configuring interface.
Users Manual of XGS-6350-12X8TR interface GigaEthernet0/1 The switch prompts “config_g1/1”. There is no need to add blank between interface type and interface number. For example, in the above line, g 1/1 or g 1/1 is both rights. (1) You can configure the interface configuration commands in interface configuration mode. Various commands define protocols and application programs to be executed on the interface.
Users Manual of XGS-6350-12X8TR The bandwidth is just a routing parameter, which doesn’t influence the communication rate of the actual physical interface. 8.2.1.3 Configuring Time Delay The upper protocol uses time delay information to perform operation decision. Use the following command to configure time delay for the interface in the interface configuration mode. Command Description delaytensofmicroseconds Configures time delay for the currently configured interface.
Users Manual of XGS-6350-12X8TR via dynamic routing protocol. Use the following command to shutdown or enable an interface in the interface configuration mode: Command Description shutdown Shuts down an interface. no shutdown Enables an interface. You can use the show interface command and the show running-config command to check whether an interface has been shut down. An interface that has been shut down is displayed as ‘administratively down’ in the show interface command display.
Users Manual of XGS-6350-12X8TR interface can be re-routed to the switch and be handled locally. For messages that are routed to the loopback interface but whose destination is not the IP address of the loopback interface, they will be dropped. This means that the loopback interface functions as the null interface.
Users Manual of XGS-6350-12X8TR no means to delete Super VLAN interface. [no] subvlan[setstr] [add Configure SubVLAN in Super VLAN. The added Sub VLAN cannot addstr][removeremstr] possess a management interface or cannot belong to other Super VLANs. In original state, Super VLAN does not contain any Sub VLAN. Only one sub command can only be used every time. setstr means to set the Sub VLAN list. For example, List 2,4-6 indicate VLAN 2, 4, 5 and 6.
Users Manual of XGS-6350-12X8TR Chapter 9. Interface Range Configuration Interface Range Configuration Task 9.1.1 Understanding Interface Range In the process of configuring interface tasks, there are cases when you have to configure the same attribute on ports of the same type. In order to avoid repeated configuration on each port, we provide the interface range configuration mode. You can configure ports of the same type and slot number with the same configuration parameters. This reduces the workload.
Users Manual of XGS-6350-12X8TR Chapter 10. Port Physical Characteristics Configuration Configuring the Ethernet Interface The section describes how to configure the Ethernet interface. The switch supports the10Mbps Ethernet and the 100Mbps fastEthernet. The detailed configuration is shown as follows. The step described in section 1.1.1 is mandatory. Steps described in other sections are optional. 10.1.
Users Manual of XGS-6350-12X8TR 802.3X. When the interface is in half-duplex mode, the flow control is achieved through back pressure. Run… To… flow-control on/off Enable or disable the flow control on the interface. no flow-control Resume the default settings. The default settings have no flow control.
Users Manual of XGS-6350-12X8TR Chapter 11. Port Additional Characteristics Configuration Interface Configuration Configuring the Ethernet Interface The switch supports the 10Mbps/100Mbps Ethernet interfaces. See the following content for detailed configuration. Among the configuration, the first step is mandatory while others are optional. 11.1.1 Configuring Flow Control for the Port You can control the flow rate on the incoming and outgoing ports through configuration.
Users Manual of XGS-6350-12X8TR The storm control mechanism of the port is therefore generated. Command Purpose storm-control {broadcast | multicast | Performs the storm control to the unicast} threshold count broadcast/multicast/unicast message. no storm-control {broadcast | Cancels the storm control. multicast | unicast} threshold Secure Port Configuration 11.2.
Users Manual of XGS-6350-12X8TR interface g0/1 Enters the to-be-configured port. [no] switchport port-security Configures the secure port mode. mode static {accept | reject} exit Goes back to the global configuration mode. exit Goes back to the EXEC mode. write Saves the configuration. 11.3.
Users Manual of XGS-6350-12X8TR Chapter 12. Configuring Port Mirroring Configuring Port Mirroring Task List Configuring port mirroring Displaying port mirroring information Configuring Port Mirroring Task 12.1.1 Configuring Port Mirroring Through configuring port mirroring, you can use one port of a switch to observe the traffic on a group of ports.
Users Manual of XGS-6350-12X8TR Chapter 13. Configuring MAC Address Attribute MAC Address Configuration Task List Configuring Static Mac Address Configuring Mac Address Aging Time Configring VLAN-shared MAC Address Displaying Mac Address Table Clearing Dynamic Mac Address MAC address Configuration Task 13.2.1 Configuring Static Mac Address Static MAC address entries are MAC address entries that do not age by the switch and can only be deleted manually.
Users Manual of XGS-6350-12X8TR 0 indicates no-age of the MAC address. Valid value is from 10 to 1000000 in seconds. exit Returns to the management mode. write Saves configuration. 13.2.3 Displaying MAC Address Table Since debugging and management are required in operation process, we want to know content of the switch MAC address table. Use the show command to display content of the switch MAC address table.
Users Manual of XGS-6350-12X8TR Chapter 14. Configuring MAC List MAC List Configuration Task 14.1.1 Creating MAC List To apply the MAC list on the port, you must first create the MAC list. After the MAC list is successfully created, you log in to the MAC list configuration mode and then you can configure items of the MAC access list. Perform the following operations to add and delete a MAC list in privilege mode: Run… To… configure Log in to the global configuration mode. Add or delete a MAC list.
Users Manual of XGS-6350-12X8TR exit Enter the management mode again. write Save configuration. MAC list configuration example Switch_config#mac acce 1 Switch-config-macl#permit host 1.1.1 any Switch-config-macl#permit host 2.2.2 any The above configuration is to compare the source MAC address, so the mask is the same. The configuration is successful. Switch_config#mac acce 1 Switch-config-macl#permit host 1.1.1 any Switch-config-macl#permit any host 1.1.
Users Manual of XGS-6350-12X8TR Chapter 15. Configuring 802.1x 802.1x Configuration Task List Configuring 802.1x port authentication Configuring 802.1x multiple port authentication Configuring maximum times for 802.1x ID authentication Configuring 802.1x re-authentication Configuring 802.1x transmission frequency Configuring 802.1x user binding Configuring authentication method for 802.1x port Selecting authentication type for 802.1x port Configuring 802.
Users Manual of XGS-6350-12X8TR Run the following command to start up the 802.1x authentication: Run… To… dot1x port-control auto Configure the 802.1x protocol control method on the port. aaa authentication dot1x {default Configure the AAA authentication of |list name} method 802.1x. Run one of the following commands in port configuration mode to select 802.1x control method: Run… To… dot1x port-control auto Start up the 802.1x authentication method on the port.
Users Manual of XGS-6350-12X8TR Run the following command in interface configuration command to set the maximum times for ID authentication request: Run… To dot1x max-req count Set the maximum times for ID authentication request. 15.2.4 Configuring 802.1x Re-authentication After first authentication is approved, the client will be authenticated every a certain time to ensure the legality of the client. In this case, the re-authentication function needs to be enabled.
Users Manual of XGS-6350-12X8TR authentication: Run… To… dot1x authentication method yyy Configure the method of the 802.1x authentication. 15.2.8 Selecting Authentication Type for 802.1x Port You can select the type for the 802.1x authentication. The 802.1x authentication type determines whether AAA uses Chap authentication or Eap authentication. Eap authentication supports the md5-challenge mode and the eap-tls mode.
Users Manual of XGS-6350-12X8TR the accounting method: Run… To… dot1xaccounting enable Enable the dot1x accounting. dot1x accounting method {method Configure the accounting method. Its name} default value is default. 15.2.10 Configuring 802.1x guest-vlan Guest-vlan gives releavant ports some access rights (such as downloading client software) when the client does not respond. Guest-vlan can be any configured vlan in the system.
Users Manual of XGS-6350-12X8TR 15.2.13 Monitoring 802.1x Authentication Configuration and State To monitor the configuration and state of 802.1x Authentication and decide which 802.1x parameter needs to be adjusted, run the following command in management mode: Run… To… show dot1x {interface ….} Monitor the configuration and state of 802.1x authentication. 802.1x Configuration Example Host A connects port F0/10 of the switch. Host B connects port F0/12.
Users Manual of XGS-6350-12X8TR dot1x port-control auto dot1x authentication method TST-F0/12 dot1x authentication type eap 170
Users Manual of XGS-6350-12X8TR Chapter 16. VLAN Configuration VLAN Introduction Virtual LAN (VLAN) refers to a group of logically networked devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. In 1999 IEEE established IEEE 802.1Q Protocol Standard Draft used to standardize VLAN realization project.
Users Manual of XGS-6350-12X8TR Run the following command to configure VLAN Run… To… vlan vlan-id Enter the VLAN configuration mode. name str Name in the vlan configuration mode. Exit Exit vlan configuration mode, and establish vlan. vlan vlan-range Establish multiple VLANs at the same time. no vlan vlan-id | vlan-range Delete one or multiple VLANs. Vlan can perform dynamic addtion and deletion via vlan management protocol GVRP. 16.3.
Users Manual of XGS-6350-12X8TR The command to globally enable dot1q-tunnel is as follows: Command Description double-tagging Globally enables double-tagging feature of the switch. 16.3.3 Creating/Deleting VLAN Interface Vlan interface can be established to realize network management or layer 3 routing feature. The vlan interface can be used to specify ip address and mask. Run the following command to configure vlan interface: Run… To… [no] interface vlan vlan-id Create/Delete a VLAN interface. 16.
Users Manual of XGS-6350-12X8TR 16.3.5 Monitoring Configuration and State of VLAN Run the following commands in EXEC mode to monitor configuration and state of VLAN: Run… To… show vlan [ idx | interfaceintf ] Display configuration and state of VLAN. show interface {vlan | supervlan} x Display the states of vlan ports. Configuration Examples Users PC1~PC6 connect the switch through ports 1~6. The IP addresses of these PCs belong to the network section 192.168.1.0/24.
Users Manual of XGS-6350-12X8TR Chapter 17. GVRP Configuration Configuring GVRP Introduction GVRP (GARP VLAN Registration Protocol GARP VLAN) is a GARP (GARP VLAN Registration Protocol GARP VLAN) application that provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports.
Users Manual of XGS-6350-12X8TR 17.4.3 Monitoring and Maintenance of GVRP Perform the following operations in EXEC mode: Command Description show gvrp statistics [interface Displays GVRP statistics. port_list] show gvrp status Displays GVRP global state information. [ no ] debug gvrp [ packet | event ] Enables/disables GVRP data packet and event debug switches. All debug switches will be enabled/disabled if not specified the concrete switch.
Users Manual of XGS-6350-12X8TR (4) Configure VLAN 10, Vlan 20 and Vlan30 on Switch A Switch_config#vlan 10 Switch_config#vlan 20 Switch_config#vlan 30 (5) Configure the interface 9 that Switch A connects to Switch B to trunk: Switch_config_g0/9# switchport mode trunk (6) Enable global GVRP of switch B: Switch_config#gvrp (7) Enable GVRP of interface 9 of Switch B Switch_config_g0/9#gvrp (8) Configure VLAN 40, Vlan 50 and Vlan60 on Switch B Switch_config#vlan 40 Switch_config#vlan 50 Switch_config
Users Manual of XGS-6350-12X8TR Chapter 18. Private VLAN Settings Private VLAN Settings Overview of Private VLAN Private VLAN has settled the VLAN application problems facing ISPs: If ISP provides each user with a VLAN, the support by each device of 4094 VLANs will restrict the total of ISP-supported users.
Users Manual of XGS-6350-12X8TR the same community VLAN can conduct L2 communication each other or with the promiscuous port, but not with the community ports of other VLANs and the isolated ports in the isolated VLANs. 18.3.4 Modifying the Fields in VLAN TAG This functionality supports to modify the VLAN ID and priority in VLAN tag and decides whether the egress packets of private VLAN carry the tag or not.
Users Manual of XGS-6350-12X8TR Command Purpose vlan vlan-id Enters the primary VLAN configuration mode. private-vlan association Sets the to-be-associated secondary VLAN. {svlist| addsvlist| removesvlist} no private-vlan association Clears all associations between the current primary VLAN and all secondary VLANs. exit Exits the VLAN configuration mode. 18.5.
Users Manual of XGS-6350-12X8TR 18.5.5 Modifying Related Fields of Egress Packets in Private VLAN Run the following commands to modify related fields of the egress packets in private VLAN: Command Purpose Interface interface Enters the interface configuration mode. switchport private-vlan tag-pvid vlan-id Sets the VLAN ID field in the tag of egress packet. switchport private-vlan tag-pripri Sets the priority field in the tag of egress packet.
Users Manual of XGS-6350-12X8TR G0/1 and host ports of all sub-VLAN domains, so it is between host ports G0/2 and G0/3 of community VLAN 3, but they cannot conduct L2 communication with other host ports of secondary VLANs. L2 communication cannot go on between ports G0/5 and G0/6 in Isolated VLAN 5, but the two ports can conduct L2 communication with promiscuous port G0/1.
Users Manual of XGS-6350-12X8TR Switch_config_vlan3#private-vlan community Switch_config#vlan 4 Switch_config_vlan4#private-vlan community Switch_config#vlan 5 Switch_config_vlan5#private-vlan isolated Switch_config#show vlan private-vlan Primary Secondary Type Ports 2 3 community g0/1, g0/2, g0/3 2 4 community g0/1, g0/4 2 5 isolated g0/1, g0/5, g0/6 183
Users Manual of XGS-6350-12X8TR Chapter 19. STP Configuration Configuring STP 19.1.1 STP Introduction The standard Spanning Tree Protocol (STP) is based on the IEEE 802.1D standard. A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack.
Users Manual of XGS-6350-12X8TR (2) Path cost of each port (3) Port identifier for each port of the bridge The bridge with highest priority (the identifier value is the smallest) is selected as the root. Ports of each bridge have the attribute Root Path Cost, that is, the minimum of path cost summation of all ports from the root to the bridge. The designated port of each network segment refers to the port connecting to the network segment and having the minimum path cost.
Users Manual of XGS-6350-12X8TR network topology. Follow these steps to disable spanning-tree: Command Purpose no spanning-tree Disables STP. To enable spanning-tree, use the following command: Command Purpose spanning-tree Enables default mode STP (SSTP). spanning-tree mode {sstp | rstp} Enables a certain mode STP. 19.1.3.
Users Manual of XGS-6350-12X8TR 19.1.3.6 Configuring the Forward Delay Time Configure sstp forward delay to determine the number of seconds an interface waits before changing from its spanning-tree learning and listening states to the forwarding state. Use the following command to configure sstp forward delay: Command Purpose spanning-tree sstpforward-time Configures sstp Forward time. no spanning-tree sstp forward-time Returns forward time to default value (15s). 19.1.3.
Users Manual of XGS-6350-12X8TR function. no spanning-tree designated-auto Disables the auto-designated port function. 19.1.3.10 Monitoring STP State To monitor the STP configuration and state, use the following command in management mode: Command Purpose show spanning-tree Displays spanning-tree information on active interfaces only. show spanning-tree detail Displays a detailed summary of interface information.
Users Manual of XGS-6350-12X8TR no spanning-tree vlan-list priority Resumes the STP priority in the VLAN to the default configuration. spanning-tree vlan vlan-list Configures Forward Delay for the forward-time value designated no spanning-tree vlan vlan-list Resumes Forward Delay of the forward-time designated VLAN. VLAN to the default configuration. spanning-tree vlan vlan-list max-age Configures Max-age for the designated value VLAN.
Users Manual of XGS-6350-12X8TR Configuring the Port Priority Enabling Protocol Conversation Check 19.1.6 RSTP Configuration Task 19.1.6.1 Enabling/Disabling Switch RSTP Follow these configurations in the global configuration mode: Command Purpose spanning-tree mode rstp Enables RSTP no spanning-tree mode Returns STP to default mode (SSTP) 19.1.6.
Users Manual of XGS-6350-12X8TR value (15s). If you configure the Forward Delay Time to a relatively small value, it may leads to a temporary verbose path. If you configure the Forward Delay Time to a relatively big value, the system may not resume connecting for a long time. We recommend user to use the default value. The Forward Delay Time of the bridge is 15 seconds. 19.1.6.
Users Manual of XGS-6350-12X8TR values to interfaces that you want selected first and higher cost values to interfaces that you want selected last. If all interfaces have the same cost value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Beginning in interface configuration mode, follow these steps to configure the cost of an interface: Command Purpose spanning-tree rstp costvalue Configures the cost for an interface.
Users Manual of XGS-6350-12X8TR Both STP and RSTP only can create sole STP topology. All VLAN messages are forwarded through the only STP. STP converges too slow, so RSTP ensures a rapid and stable network topology through the handshake mechanism. MSTP inherits the rapid handshake mechanism of RSTP. At the same time, MST allows different VLAN to be distributed to different STPs, creating multiple topologies in the network.
Users Manual of XGS-6350-12X8TR Figure 2.1 MSTP topology 1. CIST Common and Internal Spanning Tree (CIST) means the spanning tree comprised by all single switches and interconnected LAN. These switches may belong to different MST regions. They may be switches running traditional STP or RSTP. Switches running STP or RSTP in the MST regions are considered to be in their own regions. After the network topology is stable, the whole CIST chooses a CIST root bridge.
Users Manual of XGS-6350-12X8TR Root port stands for the path between the current switch and the root bridge, which has minimum root path cost. 2. Alternate port Figure 2.3 Alternate port The alternate port is a backup path between the current switch and the root bridge. When the connection of root port is out of effect, the alternate port can promptly turn into a new root port without work interruption. 3. Designated port Figure 2.
Users Manual of XGS-6350-12X8TR Figure 2.5 Backup port When two switch ports directly connect or both connect to the same LAN, the port with lower priority is to be the backup port, the other port is to be the designated port. If the designated port breaks down, the backup port becames the designated port to continue working. 5. Master port Figure 2.6 Master port The Master port is the shortest path between MST region and CIST root bridge.
Users Manual of XGS-6350-12X8TR 7. Edge port In the RSTP protocol or MSTP protocol, edge port means the port directly connecting the network host. These ports can directly enter the forwarding state without causing any loop in the network. Figure 2.7 Edge port In original state, MTSP and RSTP do not take all ports as edge ports, ensuring the network topology can be rapidly created. In this case, if a port receives BPDU from other switches, the port is resumed from the edge state to the normal state.
Users Manual of XGS-6350-12X8TR CIST Root Identifier 6 – 13 CIST External Root Path 14 – 17 Cost CIST Regional Root 18 – 25 Identifier CIST Port Identifier 26 – 27 Message Age 28 – 29 Max Age 30 – 31 Hello Time 32 – 33 Forward Delay 34 – 35 Version 1 Length 36 Version 3 Length 37 – 38 Format Selector 39 Configuration Name 40 – 71 Revision 72 – 73 Configuration Digest 74 – 89 CIST Internal Root Path 90 – 93 Cost CIST Bridge Identifier 94 – 101 CIST Remaining Hops 102 MSTI C
Users Manual of XGS-6350-12X8TR root. (4) Each MSTI can independently choose a switch as the MSTI regional root. (5) Each switch in the region and the LAN segment can decide the minimum cost path to the MSTI root. (6) The root port of CIST provides the minimum-cost path between the CIST regional root and the CIST root. (7) The designated port of the CIST provided its LAN with the minimum-cost path to the CIST root.
Users Manual of XGS-6350-12X8TR Configuring secondary root Configuring bridge priority Configuring time parameters of STP Configuring network diameter Configuring maximum hop count Configuring port priority Configuring path cost for port Configuring port connection type Activating MST-compatible mode 19.2.2.1 Activating MST-Compatible Mode The MSTP protocol that our switches support is based on IEEE 802.1s.
Users Manual of XGS-6350-12X8TR 19.2.3 MSTP Configuration Task 19.2.3.1 Default MSTP Configuration Attribute Default Settings STP mode SSTP (PVST, RSTP and MSTP is not started) Area name Character string of MAC address Area edit level 0 MST configuration list All VLANs are mapped in CIST (MST00).
Users Manual of XGS-6350-12X8TR address, switches that run MSTP are in different areas in original state. You can run spanning-tree mstp instance instance-id vlan vlan-list to create a new MSTI and map the designated VLAN to it. If the MSTI is deleted, all these VLANs are mapped to the CIST again. Run the following command to set the MST area information: Command Purpose spanning-tree mstp namestring Configures the MST configuration name. string means the character string of the configuration name.
Users Manual of XGS-6350-12X8TR selected as the network root. MSTP can set the switch to the network switch through configuration. You can run the command Spanning-tree mstpSpanning-tree mstpinstance-idrootroot to modify the priority value of the switch in a spanning tree instance from the default value to a sufficiently small value, ensuring the switch turns to be the root in the spanning tree instance.
Users Manual of XGS-6350-12X8TR or multiple switches to the secondary roots or the backup roots. If the root does not function for certain reasons, the secondary roots will become the network root. Different from the primary root configuration, after the command to configure the primary root is run, MSTP sets the spanning tree priority of the switch to 28672. In the case that the priority value of other switches is the default value 32768, the current switch can be the secondary root.
Users Manual of XGS-6350-12X8TR value represents the priority of the bridge. It can be one of the following values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 no spanning-tree mstpinstance-idpriority Resumes the bridge priority of the switch to the default value. instance-id means the number of the spanning tree instance, ranging from 0 to 15. 19.2.3.
Users Manual of XGS-6350-12X8TR ranging from 6 to 40 seconds. Its default value is 20 seconds. no spanning-tree mstp max-age Resumes Max Age to the default value. It is recommended to modify STP time parameters by setting root or network diameter, which ensures correct modification of time parameters. The newly-set time parameters are valid even if they do not comply with the previous formula’s requirements. Pay attention to the notification on the console when you perform configuration. 19.2.3.
Users Manual of XGS-6350-12X8TR spanning-tree Sets the priority of the STP port. mstpinstance-idport-prioritypriority instance-id stands for the number of the spanning tree instance, ranging from 0 to 15. priority stands for the port priority. It can be one of the following values: 0, 16, 32, 48, 64, 80, 96, 112 128, 144, 160, 176, 192, 208, 224, 240 spanning-tree port-priorityvalue Sets the port priority in all spanning tree instances. value stands for the port priority.
Users Manual of XGS-6350-12X8TR no spanning-tree mstpinstance-idcost Resumes the path cost of the port to the default value. no spanning-tree cost Resumes the path cost of the port to the default value in all spanning tree instances. 19.2.3.12 Configuring Port Connection Type If the connection between MSTP-supported switches is the point-to-point direct connection, the switches can rapidly establish connection through handshake mechanism.
Users Manual of XGS-6350-12X8TR The main function of the compatible mode is to create the MST area for switches and other MSTP-running switches. In actual networking, make sure that the switch has the same configuration name and the same edit number. It is recommended to configure switches running other MSTP protocols to the CIST root, ensuring that the switch enters the compatible mode by receiving message.
Users Manual of XGS-6350-12X8TR Command Purpose show spanning-tree Checks MSTP information. (Information about SSTP, PVST, RSTP and MSTP can be checked) show spanning-tree detail Checks the details of MSTP information. (Information about SSTP, PVST, RSTP and MSTP can be checked)) show spanning-tree interface interface-id Checks the STP interface information. (Information about SSTP, PVST, RSTP and MSTP can be checked)) show spanning-tree mstp Checks all MST instances.
Users Manual of XGS-6350-12X8TR Chapter 20. STP Optional Characteristic Configuration Configuring STP Optional Characteristic 20.1.1 STP Optional Characteristic Introduction The spanning tree protocol module of the switch supports seven additional features (the so-called optional features). These features are not configured by default.
Users Manual of XGS-6350-12X8TR Figure 1.1 Port Fast Instruction: For the rapid convergent spanning tree protocol, RSTP and MSTP, can immediately bring an interface to the forwarding state, and therefore there is no need to use Port Fast feature. 20.1.1.2 BPDU Guard The BPDU guard feature can be globally enabled on the switch or can be enabled per port, but the feature operates with some differences.
Users Manual of XGS-6350-12X8TR 20.1.1.3 BPDU Filter The BPDU filtering feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences. In SSTP/PVST mode, if a Port Fast port with BPDU filter configured receives the BPDU, the features BPDU Filter and Port Fast at the port will be automatically disabled, resuming the port as a normal port. Before entering the Forwarding state, the port must be in the Listening state and Learning state.
Users Manual of XGS-6350-12X8TR Figure 1.3 Uplink Fast The Uplink Fast feature adjusts to the slowly convergent SSTP and PVST. In RSTP and MSTP mode, new root port can rapidly enter the Forwarding state without the Uplink Fast function. 20.1.1.5 Backbone Fast The Backbone Fast feature is a supplement of the Uplink Fast technology.
Users Manual of XGS-6350-12X8TR Figure 1.4 Backbone Fast Suppose the bridge priority of switch C is higher than that of switch B. When L1 is disconnected, switch B is selected to send BPDU to switch C because the bridge priority is used as root priority. To switch C, the information contained by BPDU is not prior to information contained by its own. When Backbone Fast is not enabled, the port between switch C and switch B ages when awaiting the bridge information and then turns to be the designated port.
Users Manual of XGS-6350-12X8TR 20.1.1.6 Root Guard The Root Guard feature prevents a port from turning into a root port because of receiving high-priority BPDU. The Layer 2 network of a service provider (SP) can include many connections to switches that are not owned by the SP. In such a topology, the spanning tree can reconfigure itself and select a customer switch as the root switch, as shown in Figure 17-8.
Users Manual of XGS-6350-12X8TR block a port, which is provided with the designated role due to receiving the lower level BPDU. 20.1.2 Configuring STP Optional Characteristic 20.1.2.1 STP Optional Characteristic Configuration Task Configuring Port Fast Configuring BPDU Guard Configuring BPDU Filter Configuring Uplink Fast 20.1.2.
Users Manual of XGS-6350-12X8TR Fast-enabled port means an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state. When this happens, the switch shuts down the entire port on which the violation occurred. To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred.
Users Manual of XGS-6350-12X8TR Command Purpose spanning-tree portfast bpdufilter Globally enables bpdu filter feature. It is valid to all interfaces. no spanning-tree portfast bpdufilter Globally disables bpdu filter feature. Instruction: Globally enabling port fast feature may result in broadcast storm. The BPDU Guard or BPDU Filter should be configured for protection sake.
Users Manual of XGS-6350-12X8TR Follow these steps to globally enable BackboneFast.: Command Purpose spanning-tree backbonefast Enables backbone fast feature. no spanning-tree backbonefast Disables backbone fast feature. 20.1.2.7 Configuring Root Guard Root guard enabled on an interface applies to all the VLANs to which the interface belongs. Do not enable the root guard on interfaces to be used by the UplinkFast feature.
Users Manual of XGS-6350-12X8TR no spanning-tree loopguard default Globally disables loop guard. Follow these steps to enable loop guard in the interface configuration mode.: Command Purpose spanning-tree guard loop Enables loop guard feature on the interface. no spanning-tree guard Disables root guard and loop guard feature on the interface. spanning-tree guard none Disables root guard and loop guard on the interface.
Users Manual of XGS-6350-12X8TR Chapter 21. Link Aggregation Configuration Configuring Port Aggregation 21.1.1 Overview Link aggregation, also called trunking, is an optional feature available on the Ethernet switch and is used with Layer 2 Bridging. Link aggregation allows logical merge of multiple ports in a single link. Because the full bandwidth of each physical link is available, inefficient routing of traffic does not waste bandwidth. As a result, the entire cluster is utilized more efficiently.
Users Manual of XGS-6350-12X8TR Command Description interface port-aggregator id Configures aggregated logical channel. 21.1.3.2 Aggregation of Physical Port To aggregate multiple physical ports into a logical channel, you can use static aggregation or LACP protocol for negotiation.
Users Manual of XGS-6350-12X8TR address attributes is to get through a physical port. dst-mac It is to share the data traffic according to the destination MAC address, that is, the message with same MAC address attributes is to get through a physical port. both-mac It is to share the data traffic according to source and destination MAC addresses, that is, the message with same MAC address attributes is to get through a physical port.
Users Manual of XGS-6350-12X8TR Chapter 22. PDP Configuration PDP Overview 22.1.1 Overview PDP is specially used to discover network equipment, that is, it is used to find all neighbors of a known device. Through PDP, the network management program can use SNMP to query neighboring devices to acquire network topology. Our company’s switches can discover the neighboring devices but they do not accept SNMP queries.
Users Manual of XGS-6350-12X8TR 22.1.2.3 Setting the PDP Version To set the PDP version, you can run the following command in global configuration mode. Command Purpose pdp version {1|2} Setts the PDP version. 22.1.2.4 Starting PDP on a Switch To enable PDP, you can run the following commands in global configuration mode. Command Purpose pdp run Starts PDP on a switch. 22.1.2.5 Starting PDP on a Port To enable PDP on a port by default, you can run the following command in port configuration mode.
Users Manual of XGS-6350-12X8TR Device-ID Local-Intf Switch Fas0/1 169 Hldtme Port-ID Gig0/1 Platform COMPANY, RISC Capability RS 227
Users Manual of XGS-6350-12X8TR Chapter 23. LLDP Configuration LLDP 23.1.1 LLDP Introduction The 802.1ABlink layer discovery protocol (LLDP) at 802.1AB helps to detect network troubles easily and maintain the network topology. LLDP is a unidirectional protocol. One LLDP agent transmits its state information and functions through its connected MSAP, or receives the current state information or function information about the neighbor.
Users Manual of XGS-6350-12X8TR 23.1.3.2 Configuring holdtime You can control the timeout time of transmitting the LLDP message through modifying holdtime: Run the following command in global configuration mode to configure holdtime of LLDP: Command Purpose lldpholdtimetime Configures the timeout time of LLDP. nolldpholdtime Resumes the timeout time to the default value, 120 seconds. 23.1.3.
Users Manual of XGS-6350-12X8TR system-capabilities system-description system-name no lldptlv-selecttlv-type Tlvs or tlv-types which needs to be deleted include: macphy-confg management-address port-description port-vlan system-capabilities system-description system-name 23.1.3.6 Configuring the Transmission or Reception Mode LLDP can work under three modes: transmit-only, receive-only and transmit-and-receive. By default, LLDP works under the transmit-and-receive mode.
Users Manual of XGS-6350-12X8TR showlldpneighborsdetail Displays the detailed information about the neighbor. showlldptraffic Displays all received and transmitted statistics information. 23.1.3.8 Configuring the Deletion Commands You can delete the received neighbor lists and all statistics information by running the following command in EXEC mode. Command Purpose clearlldpcounters Deletes all statistics data. clearlldptable Deletes all received neighbor information. 23.1.3.
Users Manual of XGS-6350-12X8TR Chapter 24. FlexLinkLite Configuration FlexLinkLite Configuration 24.1.1 FlexLinkLite Overview FlexLinkLite is used in a network environment to easily construct two uplink links, which back up each other. If STP is not enabled in this network environment, FlexLinkLite can avoid the loop and conduct fast switchover when a link is out of effect. Figure 1: FlexLinkLite-enabled network FlexLinkLite includes a pair of ports that back up each other.
Users Manual of XGS-6350-12X8TR 24.1.2 FlexLinkLite Configuration 24.1.2.1 Run the following commands to set the backup port: Run the following commands to set the FlexLinkLite backup port: Command Purpose Switch# configure Enters the global configuration mode of the switch. Switch_config# interface intf-name Enters the interface configuration mode. Intf-name: stands for the name of a port, such as G0/1 or F0/10.
Users Manual of XGS-6350-12X8TR time-sec: means the delay of preempt, whose unit is second. The default value is three seconds. The value ranges between 1 and 600 seconds. switchport backup interface preempt mode role is deemed as the default settings of each backup port pair. 24.1.2.3 Setting the Transmission and Reception of TCN Packets Command Purpose Switch_config_intf# switchport bakcup Allows a port to transmit the TCN interface tcn transmit packets.
Users Manual of XGS-6350-12X8TR Switch_config_g0/1# switchport backup interface preempt delay 15 Make the following settings to enable the TCN packets to be transmitted: Switch_config_g0/1# switchport backup interface tcn transmit Switch_config_g0/1# interface g0/2 Switch_config_g0/2# switchport backup interface tcn transmit Switch_config_g0/2# exit Browse the state of the port: Switch_config# show backup interfaces Backup interface pairs: Active Backup State Preemption G0/1 G0/2 Active Up/Backup
Users Manual of XGS-6350-12X8TR Chapter 25. BackupLink Configuration BackupLink Overview 25.1.1 Overview Link aggregation, also called trunking, is an optional feature available on the Ethernet switch and is used with Layer 2 Bridging. Link aggregation allows logical merge of multiple ports in a single link. Because the full bandwidth of each physical link is available, inefficient routing of traffic does not waste bandwidth. As a result, the entire cluster is utilized more efficiently.
Users Manual of XGS-6350-12X8TR 25.1.2.2 Aggregation of Physical Port To aggregate multiple physical ports into a logical channel, you can use static aggregation or LACP protocol for negotiation.
Users Manual of XGS-6350-12X8TR It is to share the data traffic according to the destination MAC address, that is, the message with same MAC address attributes is to get through a physical port. both-mac It is to share the data traffic according to source and destination MAC addresses, that is, the message with same MAC address attributes is to get through a physical port.
Users Manual of XGS-6350-12X8TR Chapter 26. EAPS Configuration Introduction of Fast Ethernet Ring Protection 26.1.1 Overview The Ethernet ring protection protocol is a special type of link-layer protocol specially designed for constructing the ring Ethernet topology. The Ethernet protection protocol can shut down one link in a complete ring topology, preventing the data loop from forming the broadcast storm. If a link is broken, the protocol immediately resumes the link that is previously shut down.
Users Manual of XGS-6350-12X8TR as transit nodes. Master node: It positively knows whether the ring’s topology is complete, removes loopback, control other switches to update topology information. Transit node: It only checks the state of the local port of the ring, and notifies the master node of the invalid link. The role of each node can be specified by user through configuration. The thing is that each switch in the same ring can be set to only one kind of node. In figure 1.
Users Manual of XGS-6350-12X8TR VLAN is established, the IP address of the VLAN port cannot be pinged through other devices. The VLANs except the control VLAN are all data VLANs, which are used to transmit the packets of normal services or the management packets. The data VLAN can be used for normal L2/L3 communication. For example, you can establish a VLAN port corresponding to data VLAN and configure dynamic routing protocols. 26.1.2.
Users Manual of XGS-6350-12X8TR 26.1.4 Fast Ethernet Ring Protection Mechanism 26.1.4.1 Ring Detection and Control of Master Node The master node transmits the HEALTH packets to the control VLAN through the primary port in a configurable period. In normal case, the HEALTH packets will pass through all other nodes of the ring network and finally arrive at the secondary port of the master node. The secondary port blocks all data VLANs in primitive condition.
Users Manual of XGS-6350-12X8TR If a transit mode does not receives the notification of aging address table from the master node, it thinks that the link to the master node is already out of effect, the transit node will automatically set the pre-forwarding port to be a forwarding one. You can configure the related commands through the pre-forward-time node to modify the time for the transit port to keep the pre-forwarding state. Fast Ethernet Ring Protection Configuration 26.2.
Users Manual of XGS-6350-12X8TR triggered. The physical interface, the fast-Ethernet interface, the gigabit-Ethernet interface and the aggregation interface can all be set to be the ring's interfaces. If link aggregation, 802.1X or port security has been already configured on a physical interface, the physical interface cannot be set to be a ring’s interface any more. The versions of switch software prior to version 2.0.1L and the versions of hi-end switch software prior to version 4.0.
Users Manual of XGS-6350-12X8TR node configuration mode. Remarks: The no ether-ring id command is used to delete the node settings and port settings of the Ethernet ring. 26.2.4.2 Configuring the Transit Node Configure a switch to be the transit node of a ring network according to the following steps: Command Purpose Switch#config Enters the switch configuration mode. Switch_config#ether-ring id Sets a node and enters the node configuration mode.
Users Manual of XGS-6350-12X8TR 26.2.4.4 Browsing the State of the Ring Protection Protocol Run the following command to browse the state of the ring protection protocol: Command Purpose show ether-ring id Browses the summary information about the ring protection protocol and the port of Ethernet ring. id: ID of Ethernet ring show ether-ring id detail Browses the detailed information about the ring protection protocol and the port of Ethernet ring.
Users Manual of XGS-6350-12X8TR The following commands are used to set the time related parameters: S1_config_ring1#hello-time 2 S1_config_ring1#fail-time 6 Exits from the node configuration mode: S1_config_ring1#exit Configures the primary port and the secondary port: S1_config#interface gigaEthernet 0/1 S1_config_g0/1#ether-ring 1 primary-port S1_config_g0/1#exit S1_config#interface gigaEthernet 0/3 S1_config_g0/3#ether-ring 1 secondary-port S1_config_g0/3#exit Establishes the control VLAN: S1_config#
Users Manual of XGS-6350-12X8TR Chapter 27. MEAPS Settings MEAPS Introduction 27.1.1 MEAPS Overview EAPS is a protocol specially applied on the link layer of the Ethernet ring. When the Ethernet ring is complete, you should prevent the broadcast storm from occurring on the data loopback. But when a link of an Ethernet ring is broken, you should enable the backup link rapidly to resume the communication of different nodes in the ring. The role of switch is specified by you through configuration.
Users Manual of XGS-6350-12X8TR 27.1.2 Basic Concepts of MEAPS 27.1.2.1 Domain The domain specifies the protection range of the Ethernet loopback protection protocol and is marked by ID, which consists of integers; A group of switches that support the same protection data and have the same control VLAN can form a domain after they are connected with each other. One domain may include only one ring or multiple rings that intersect each other. See the following figure.
Users Manual of XGS-6350-12X8TR 27.1.2.5 Control VLAN The control VLAN is a concept against the data VLAN, and in MEAPS, the control VLAN is just used to transmit the MEAPS packets. Each MEAPS has two control VLANs, that is, the main control VLAN and the sub control VLAN. You need to specify the main control VLAN when configuring the major ring or the sub ring.
Users Manual of XGS-6350-12X8TR 27.1.2.8 Transit Node All switches on the Ethernet except the master node can be called as the transit nodes. The transit node only checks the state of the local port of the ring, and notifies the master node of the invalid link. See the following figure, in which S1, S2, S5 and S6 are all transit nodes. 27.1.2.
Users Manual of XGS-6350-12X8TR only the control packets, and blocks the data VLAN. After the transit node receives the notification of the aging address table, it enters the forwarding state. Remarks: A port can be set as the primary port or the transit port of a node and it cannot be reset. 27.1.2.12 Common Port and Edge Port The edge node and the assistant node are the places where the sub ring and the major ring intersect.
Users Manual of XGS-6350-12X8TR 27.1.2.14 Complete Flag of Ring Both the master node and the transit node can show whether the current ring network is complete through the state symbol “COMPLETE”. On the master node, only when all links of the ring network are normal, the primary port is in forwarding state and the secondary port is in blocking state can the "COMPLETE” symbol be real; on the transit node, only when its two transit ports are in forwarding state can the “COMPLETE” symbol be true.
Users Manual of XGS-6350-12X8TR notify other nodes. If the master node receives the HEALTH packets at the secondary port that is open to data VLANs, the ring network is resumed. In this case, the master node immediately blocks data VLANs on the secondary port, updates the local topology information and reports other nodes to age the MAC address table through RING-UP-FLUSH-FDB packets. As shown in the following figure, the master node, S4, transmits the HELLO packets periodically.
Users Manual of XGS-6350-12X8TR packets, holds that the trouble occurs on the loopback, and decides not to wait for the fail-time any more. LINK_DOWN P-Primary port S-Secondary port B-Block port LINK_DOWN S2:Transit S1:Transit S3:Transit x LINK_DOWN S B P S4:Master LINK_DOWN LINK_DOWN S5:Transit S6:Transit Figure 4: Link status change notification After the transit port is resumed, it does not immediately transmit the packets of data VLANs, but enters the Pre-Forwarding state.
Users Manual of XGS-6350-12X8TR S B Sub HELLO P S2:Assistant S1:Transit Major HELLO Major Ring P-Primary port S-Secondary port B-Block port S S3:Master Sub Ring B P S4:Master S5:Edge S6:Transit Figure 5: Intersection of the major ring and the sub ring When trouble occurs on the link of the major ring, and when the channel of the sub-ring protocol packets between the edge node and the assistant node are interrupted, the master node of the sub ring cannot receive the HELLO packets that the mas
Users Manual of XGS-6350-12X8TR solve the problem about the dual homing ring. This mechanism is to monitor the status of the channel link on the major ring between the edge node and the assistant node, which requires the help of the edge node and the assistant node. The purpose of this mechanism is to keep the data loop from happening by blocking the edge port of the edge node before the secondary port of the master node on the sub ring opens.
Users Manual of XGS-6350-12X8TR Figure 8. Check the channel status on the major ring between the edge node and the assistant node. 2. The edge node blocks the edge port at the interruption of the channel.
Users Manual of XGS-6350-12X8TR eP x eP B Assistant Transit Major Ring Transit S x S Sub Ring I P Master Sub Ring II P P-Primary port S-Secondary port Master B-Block port Edge eP-EdgePreforwarding port EDGE-HELLO P Transit S B LINK-DOWN Master Figure 9: The edge node blocks the edge port at the interruption of the channel. 3.
Users Manual of XGS-6350-12X8TR P-Primary port S-Secondary port B-Block port Transit S B Assistant Transit x Major Ring S Sub Ring I P Master Sub Ring II P P Transit Master S Edge B EDGEHELLO Sub Ring I HELLO Sub Ring II HELLO Master Figure 10: Channel recovery Fast Ethernet Ring Protection Configuration 27.2.
Users Manual of XGS-6350-12X8TR By default, Pre-Forward-Time of the transit node is triple longer than Hello-time of the master node so that it is ensured that the master node can detect the recovery of the ring network before the transit port enters the pre-forwarding state. If Hello-time configured on the master node is longer than Fre-Forward-Time of the transit node, loopback is easily generated and broadcast storm is then triggered.
Users Manual of XGS-6350-12X8TR establishes VLAN “id” and VLAN “id-1”. vlan-id: ID of the control VLAN This step is optional. Configures the cycle for the master node to transmit the HEALTH packets. value: Switch_config_ring1#hello-timevalue It is a time value ranging from 1 to 10 seconds and the default value is 3 seconds. This step is optional. Configures the time for the secondary port to wait for the HEALTH packets.
Users Manual of XGS-6350-12X8TR establishes VLAN “id” and VLAN “id-1”. vlan-id: ID of the control VLAN This step is optional. Configures the time of maintaining the pre-forward state on the transit port. Switch_config_ring1#pre-forward-timeva value: It is a time value ranging from 3 to 30 lue seconds and the default value is 9 seconds. Switch_config_ring#exit Saves the current settings and exits the node configuration mode. Switch_config# 27.2.3.
Users Manual of XGS-6350-12X8TR Command Purpose Switch# config Enters the switch configuration mode. Sets a node and enters the node configuration mode. id1: instance ID of a node id2: instance ID of a domain (omitted when it is Switch_config#mether-ring id1 domainid2 0) Switch_config_ring1#edge-node[assistant- It is an obligatory step. Sets the node type to be node] an edge node. This step can be omitted. The edge node must Switch_config_ring1#sub-ring be the sub-ring node.
Users Manual of XGS-6350-12X8TR | transit-port | common-port | edge-port ] id2: instance ID of a domain (omitted when it is 0) Switch_config_intf#exit Exits from interface configuration mode. Remarks: The command, no mether-ring id1domain id2primary-port [ secondary-port | transit-port | common-port | edge-port ], can be used to cancel the settings of the ring’s port. 27.2.3.
Users Manual of XGS-6350-12X8TR block its secondary port. At the same time, the master node will periodically transmit the Hello packets from its primary port. These hello packets will pass through the transit node in sequence and finally return to the master node from its secondary port. The ring in complete state is shown in the following figure. The major ring and two sub rings are all in complete state.
Users Manual of XGS-6350-12X8TR x S B Edge Transit S B Sub Ring II Assistant Major Ring P P P-Primary port S-Secondary port B-Block port Master Sub Ring I x Master(Assistant) Master x S B P Edge Transit Major Ring Sub Ring II LINK DOWN LINK DOWN Figure 12: Ring transmitting the trouble and notifying the master node After the master node receives the link-down packet, its state will be changed to the Failed state and at the same time the secondary port will be opened, the FDB table wi
Users Manual of XGS-6350-12X8TR through; similarly, the transit node on sub ring 2 also changes into the Preforwarding state; when the hello packet on sub ring 1 arrives the edge node, due to the fact that the resumed transit node only allows the control packet of the major to pass through and that the hell packet of sub ring 1 is just like the data packet of the major ring, the hello packet cannot be forwarded.
Users Manual of XGS-6350-12X8TR Figure 15: Ring recovery Of course, if the transit node in Preforwarding state does not receive the RING-UP-FLUSH-FDB packet and Fail Time also exceeds, the transit node will open the blocked transit port and resume data communication. 27.3.3 MEAPS configuration 27.3.3.1 Configuration Example MEAPS configuration As shown in figure 2.1, master node S1 and transit node S2 are configured as follows. As to the settings of other nodes, they are the same as S2's settings.
Users Manual of XGS-6350-12X8TR Switch_config_ring2#sub-ring Switch_config_ring2#control-vlan 2 The following commands are used to set the time related parameters: Switch_config_ring2#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring2#quit The following commands are used to set the transit port of node 2: Switch_config#interface gigaEthernet 0/1 Switch_config_g0/1#mether-ring 2 domain 1 transit-port Switch_config_g0/1#switchport mode trunk Switch_config_g0/1#quit Switch_conf
Users Manual of XGS-6350-12X8TR Switch_config_ring2#control-vlan 2 The following commands are used to set the time related parameters: Switch_config_ring2#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring2#quit The following commands are used to set the common port and edge port of node 2: Switch_config#interface gigaEthernet 0/2 Switch_config_g0/2#mether-ring 2 domain 1 common-port Switch_config_g0/2#quit Switch_config#interface gigaEthernet 0/3 Switch_config_g0/3#mether-ri
Users Manual of XGS-6350-12X8TR Switch_config_ring4#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring4#quit The following commands are used to set the common port and edge port of node 2: Switch_config#interface gigaEthernet 0/2 Switch_config_g0/2#mether-ring 4 domain 1 common-port Switch_config_g0/2#quit Switch_config#interface gigaEthernet 0/3 Switch_config_g0/3#mether-ring 4 domain 1 edge-port Switch_config_g0/3#switchport mode trunk Switch_config_g0/3#quit Configuring sw
Users Manual of XGS-6350-12X8TR Switch_config_ring2#hello-time 4 Switch_config_ring2#fail-time 12 Exits from the node configuration mode: Switch_config_ring2#quit The following commands are used to set the primary port and secondary port of node 2: Switch_config#interface gigaEthernet 0/1 Switch_config_g0/1#mether-ring 2 domain 1 primary-port Switch_config_g0/1#switchport mode trunk Switch_config_g0/1#quit Switch_config#interface gigaEthernet 0/2 Switch_config_g0/2#mether-ring 2 domain 1 secondary-port S
Users Manual of XGS-6350-12X8TR The following commands are used to set the time related parameters: Switch_config_ring2#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring2#quit The following commands are used to set the common port and edge port of node 2: Switch_config#interface gigaEthernet 0/2 Switch_config_g0/2#mether-ring 2 domain 1 common-port Switch_config_g0/2#quit Switch_config#interface gigaEthernet 0/3 Switch_config_g0/3#mether-ring 2 domain 1 edge-port Switch_confi
Users Manual of XGS-6350-12X8TR Exits from the node configuration mode: Switch_config_ring4#quit The following commands are used to set the common port and edge port of node 4: Switch_config#interface gigaEthernet 0/2 Switch_config_g0/2#mether-ring 4 domain 1 common-port Switch_config_g0/2#quit Switch_config#interface gigaEthernet 0/3 Switch_config_g0/3#mether-ring 4 domain 1 edge-port Switch_config_g0/3#switchport mode trunk Switch_config_g0/3#quit Configuring switch S8: The following commands are used
Users Manual of XGS-6350-12X8TR create the sub-ring edge node or sub-ring assistant node, prompt information will appear (in this case, you can use the show command to browse the MEAPS state; if you find the basic information is complete but the state is init, it indicates that the configuration of the ring’s node has not finished).
Users Manual of XGS-6350-12X8TR Chapter 28. ELPS Configuration ELPS Overview 28.1.1 Overview If DHCP snooping is enabled in a VLAN, the DHCP packets which are received from all distrusted physical ports in a VLAN will be legally checked. The DHCP response packets which are received from distrusted physical ports in a VLAN will then be dropped, preventing the faked or mis-configured DHCP server from providing address distribution services.
Users Manual of XGS-6350-12X8TR distrusted ports in a VLAN. no ip arp inspection vlan vlanid Disables dynamic ARP monitoring on all distrusted ports in a VLAN. Setting an Interface to an ARP-Trusting Interface ARP monitoring is not enabled on those trusted interfaces. The interfaces are distrusted ones by default. Run the following commands in interface configuration mode. Command Purpose arp inspection trust Sets an interface to an ARP-trusting interface.
Users Manual of XGS-6350-12X8TR no Ip-source trust Resumes an interface to the one with a distrusted source IP address. Configuring the TFTP Server for Backing up Interface Binding After the switch configuration is rebooted, the previously-configured interface binding will be lost. In this case, there is no binding relationship on this interface. After source IP address monitoring is enabled, the switch rejected forwarding all IP packets.
Users Manual of XGS-6350-12X8TR no ip dhcp-relay snooping write Resumes the interval of checking interface binding backup to the default settings. Configuring Interface Binding Manually If a host does not obtain the address through DHCP, you can add the binding item on an interface of a switch to enable the host to access the network. You can run no ip source binding MAC IP to delete items from the corresponding binding list.
Users Manual of XGS-6350-12X8TR show ip dhcp-relay snooping binding all Displays all binding items which are generated by DHCP snooping. [ no ] debug ip dhcp-relay [ snooping | binding | Enables or disables the switch of DHCP relay event ] snooping.
Users Manual of XGS-6350-12X8TR DHCPR: send packet continue DHCPR: receive l2 packet from vlan 3, diID: 3 DHCPR: DHCP packet len 289 DHCPR: send packet continue DHCPR: receive l2 packet from vlan 3, diID: 1 DHCPR: DHCP packet len 300 DHCPR: update binding on interface FastEthernet0/3 DHCPR: IP address: DHCPR: 192.2.2.
Users Manual of XGS-6350-12X8TR Chapter 29. UDLD Configuration Unidirectional Link Detection (UDLD) 29.1.1 UDLD Overview UDLD is a L2 protocol that monitors the physical location of the cable through the devices which are connected by optical cable or twisted-pair, and detects whether the unidirectional link exists. Only when the connected device supports UDLD can the unidirectional link be detected and shut down. The unidirectional link can cause a lot of problems, including the STP topology ring.
Users Manual of XGS-6350-12X8TR completeness of a link in the physical layer and the logical link layer can be checked. UDLD can provide some functions that FEFI and automatic negotiation cannot conduct, such as checking and caching the neighbor information, shutting down any mis-configured port and checking the faults and invalidation on the logical ports except the point-to-point logical ports. UDLD adopts two basic mechanisms: learn the information about neighbors and save it in the local cache.
Users Manual of XGS-6350-12X8TR another synchronization request from an asynchronous neighbor, it will start or restart the detection window of the local terminal and transmit an echo message for full agreement. Because all neighbors are demanded a corresponding action, the echo sender expects an echos message. If the checkup window is over before a legal echo is received, this link is thought to be a unidirectional one.
Users Manual of XGS-6350-12X8TR udld port Enables the UDLD module of an interfaces in some [aggressive] mode. If the aggressive parameter is not entered, the UDLD function of the interface is enabled in normal mode; if the aggressive parameter is entered, the UDLD function of the interface is enabled in aggressive mode. In interface configuration mode, run the following command to disable the UDLD function of an interface.
Users Manual of XGS-6350-12X8TR It is used to display the running states of the UDLD modules of the current interfaces.
Users Manual of XGS-6350-12X8TR …………………… It is used to display the operational state of the UDLD module of the current interface.
Users Manual of XGS-6350-12X8TR 29.1.4.2 Network Topology Figure 2 Network topology 29.1.4.
Users Manual of XGS-6350-12X8TR Switch_config#show udld interface f0/1 Interface FastEthernet0/1 --Port enable administrative configuration setting: Port enable operational state: Current bidirectional state: Current operational state: Enabled Enabled Unknown Advertisment Message interval: 15 Time out interval: 7 Entry 1 --Expiration time: 43 Cache Device index: 1 Device ID: Port ID: XGS-6350-12X8TR FastEthernet0/1 Neighbor echo 1 device: Neighbor echo 1 port: XGS-6350-12X8TR FastEthernet0/1 Mes
Users Manual of XGS-6350-12X8TR Neighbor echo 1 port: FastEthernet0/1 Message interval: 15 Time out interval: 15 UDLD Device name: XGS-6350-12X8TR Switch_config# From the information above, you can find the three phases of the link state which UDLD detects: Detection phase: In this phase, the UDLD packets are transmitted every other second. Unknown phase: In this phase, the UDLD packets are transmitted every eight seconds.
Users Manual of XGS-6350-12X8TR Chapter 30. IGMP-Snooping Configuration IGMP-snooping Configuration 30.1.1 IGMP-snooping Configuration Task The task of IGMP-snooping is to maintain the relationships between VLAN and group address and to update simultaneously with the multicast changes, enabling layer-2 switches to forward data according to the topology structure of the multicast group.
Users Manual of XGS-6350-12X8TR In the default configuration, IGMP-snooping of all VLANs is enabled, just as the ip igmp-snooping command is configured. IGMP-snooping can run on up to 16 VLANs. To enable IGMP-snooping on VLAN3, you must first run no ip IGMP-snooping to disable IGMP-snooping of all VLANs, then configure ipIGMP-snooping VLAN 3 and save configuration. 30.1.1.
Users Manual of XGS-6350-12X8TR chip through igmp-snooping), the default process method is to send message on all ports of VLAN.Through configuration, you can change the process method and all multicast messages whose destination addresses are not registered to any port will be dropped. Command Description ip igmp-snooping Drops multicast message whose destination fails to be dlf-framesfilter found. no ip igmp-snooping Resumes the fault configuration (forward).
Users Manual of XGS-6350-12X8TR response-timetimer_value of no ip igmp-snooping timer response-time Resumes the default value of IGMP-snooping. Response Time of IGMP-snooping. The timer value cannot be too small. Otherwise, the multicast communication will be unstable. The value of Response Time of IGMP-snooping is set to ten seconds. 30.1.1.
Users Manual of XGS-6350-12X8TR show ip igmp-snooping statistics Displays statistics information about IGMP-snooping. [ no ] debug ip igmp-snooping [ packet | Enables and disables packet/clock timer | event | error ] debug/event/mistake print switch of IGMP-snooping. If the debug switch is not specified, all debug switches will be enabled or disabled.
Users Manual of XGS-6350-12X8TR v3_packets: 0 IGMP v3 packet number general_query_packets: 5 General query of the packet number special_query_packets: 0 Special query of the packet number join_packets: 6 leave_packets: Number of report packets 0 Number of Leave packets send_query_packets: err_packets: 0 0 Rserved statistics option Number of incorrect packets Debug the message timer of IGMP-snooping: switch#debug ip igmp-snooping packet rx: s_ip: type: rx: s_ip: type: rx: s_ip: type: rx:
Users Manual of XGS-6350-12X8TR Configuring Switch (1) Enable IGMP-snooping of VLAN 1 connecting Private Network A. Switch_config#ip igmp-snooping vlan 1 (2) Enable IGMP-snooping of VLAN 2 connecting Private Network B.
Users Manual of XGS-6350-12X8TR Chapter 31. IGMP-Proxy Configuration IGMP-proxy Configuration 31.1.1.1 IGMP-proxy Configuration Tasks The IGMP Proxy allows the VLAN where the multicast user is located to receive the multicast source from other VLANs. The IGMP Proxy runs on layer 2 independently without other multicast routing protocols.
Users Manual of XGS-6350-12X8TR 31.1.1.3 Adding/Deleting VLAN Agent Relationship Run the following commands in global configuration mode. Command Purpose ip igmp-proxyagent-vlan avlan_map Adds the agent VLAN (avlan_map) to client-vlan map manage the represented vlan cvlan_map (cvlan_map). Deletes the agent relationship.
Users Manual of XGS-6350-12X8TR nonsync: display those entries that have been processed but not yet synchronized to the hardware cache.. Sync: display those entries already in the hardware cache. All entries are to be displayed if no filtration conditions are specified. static: only display the entries of static multicast cache. [ no ] debug ip igmp-proxy [error | event | Enables or disables the IGMP-proxy debug packet] switch.
Users Manual of XGS-6350-12X8TR (1) Enable IGMP snooping and IGMP proxy. Switch_config#ip igmp-snooping Switch_config#ip igmp-proxy enable (2) Add VLAN 2 as the agent VLAN of the represented VLAN 3.
Users Manual of XGS-6350-12X8TR Chapter 32. MLD-Snooping Configuration MLD-Snooping Configuration 32.1.1 IPv6 Multicast Overview The task of MLD snooping is to maintain the forwarding relationship of IPv6 group addresses in VLAN and synchronize with the change of the multicast group, enabling the data to be forwarded according to the topology of the multicast group.
Users Manual of XGS-6350-12X8TR 32.1.2.2 Enabling/Disabling the Solicitation of Hardware Forward of Multicast Group Run the following commands in global configuration mode. Command Purpose ipv6 mld-snooping solicitation Enables the solicitation of hardware forward of multicast group. no ipv6 mld-snooping Disables the solicitation of hardware solicitation forward of multicast group. 32.1.2.
Users Manual of XGS-6350-12X8TR response-timetimer_value Resumes the default response time of no ipv6 mld-snooping timer response-time MLD-Snooping. The value of the timer cannot be set too small, or the multicast communication may be unstable. The default response time of MLD snooping is 15 seconds. 32.1.2.6 Setting the Port of the Static Multicast Router Run the following commands in global configuration mode.
Users Manual of XGS-6350-12X8TR show ipv6 mld-snooping vlan Displays the configuration of MLD-Snooping in VLAN. show ipv6 mld-snooping mac Displays the multicast MAC addresses recorded by MLD snooping.
Users Manual of XGS-6350-12X8TR #show ipv6 mld-snooping timers vlan 1 Querier on port 0 : 251 # Querier on port 0: 251 meaning the router age timer times out. vlan 2 multicast address 3333.0000.0005 response time : This shows the time period from receiving a multicast query packet to the present; if there is no host to respond when the timer times out, the port will be canceled.
Users Manual of XGS-6350-12X8TR FF02: : 1 3333: FF02: ff32: : 2 3333: FF02: 1 3333: 1 1: 1: ff00: : 1: ff00: FF13: 647D 1b9b 1 0 FF32: 1B9B 0002 1 0 FF00: 2 0001 1 2 3333: ff8e: 7000 12 308
Users Manual of XGS-6350-12X8TR Chapter 33. OAM Configuration OAM Configuration 33.1.1 OAM Overview EFM OAM of IEEE 802.3ah provides point-to-point link trouble/performance detection on the single link. However, EFM OAM cannot be applied to EVC and so terminal-to-terminal Ethernet monitoring cannot be realized. OAM PDU cannot be forwarded to other interfaces. Ethernet OAM regulated by IEEE 802.3ah is a relatively slow protocol.
Users Manual of XGS-6350-12X8TR frame the defined threshold in the designated M second. Remote trouble indication It is difficult to check troubles in the Ethernet, especially the case that the network performance slows down while physical network communication continues. OAM PDU defines a flag domain to allow Ethernet OAM entity to transmit the trouble information to the peer.
Users Manual of XGS-6350-12X8TR Table 2 Comparing device capacity in active and passive modes Capacity Active Mode Passive Mode Initializing the Ethernet OAM discovery process Yes No Responding to the OAM discovery initialization process Yes Yes Transmitting the Information OAM PDU packet Yes Yes Permitting to transmit the Event Notification OAM PDU Yes Yes Yes No Allowing to transmit Variable Response OAM PDU packet Yes Yes Allowing to transmit the Loopback Control OAM PDU Yes No
Users Manual of XGS-6350-12X8TR Source address: Source MAC address of the Ethernet OAM packet It is the MAC address of the transmitter terminal's port and also a unicast MAC address. Length/Type: Always adopts the Type encoding. The protocol type of the Ethernet OAM packet is 0x8809. Subtype: The subtype of the protocol for Ethernet OAM packets is 0x03.
Users Manual of XGS-6350-12X8TR Procedure Command Purpose Step1 config Enters the global configuration mode. Step2 interface intf-type intf-id Enters the interface configuration mode. Step3 ethernet oam Enables Ethernet OAM on an interface. Step4 ethernet oam [max-rate Configures optional OAM parameters: oampdus | The max-rate parameter is used to min-rate seconds | mode configure the maximum number of {active | passive} | timeout OAMPDUs transmitted per second.
Users Manual of XGS-6350-12X8TR default. The timeout parameter is used to configure the timeout time of remote loopback. It ranges between 1 and 10 and its default value is 2. Step4 exit Exits from interface configuration mode. Step5 exit Exits from the global configuration mode. Step6 ethernet oam Enables or disables remote loopback on an remote-loopback {start | interface.
Users Manual of XGS-6350-12X8TR case, while the window size ranges between 1 and 60 on a 100M Ethernet interface and its default value is 1 in this case. Step5 ethernet oam link-monitor Sets the high and low thresholds of the error frame {threshold {high frame event, which triggers the link events { symbols |none} | low of error frame. {symbols}} | window The threshold high parameter is used to symbols} configure the high threshold. Its unit is signal number.
Users Manual of XGS-6350-12X8TR Step7 ethernet oam link-monitor Sets the high and low thresholds of the frame-seconds {threshold second event of error frame, which triggers {high { symbols |none} | low the link events of error frame’s second. {symbols}} | window The threshold high parameter is used to symbols} configure the high threshold. Its unit is signal number. It ranges between 1 and 900 and its default value is none. The threshold low parameter is used to configure the low threshold.
Users Manual of XGS-6350-12X8TR 2. The remote interface which connects the local interface enters the errdisabled state. 3. The OAM function on the remote interface which connects the local interface is shut down by the administrator. The procedure to configure the remote OAM trouble indication on an interface is shown in the following table: Procedure Command Purpose Step1 config Enters the global configuration mode. Step2 interface intf-type intf-id Enters the interface configuration mode.
Users Manual of XGS-6350-12X8TR show ethernet oam statistics {pdu | Displays the OAM statistics information on all link-monitor | remote-failure} interfaces or a designated interface. interface [intf-type intf-id] The pdu parameter is used to classify and count the OAM packets according to the code-domain value of the OAM packet. The link-monitor parameter is used to display the detailed statistics information of normal link events.
Users Manual of XGS-6350-12X8TR Admin state : Mode : enabled passive PDU max rate : PDU min rate 10 packets/second : Link timeout 1 seconds/packet : 1 seconds High threshold action: no action Remote Failure -------------Link fault action : no action Dying gasp action : Critical event action: no action no action Remote Loopback --------------Is supported : not supported Loopback timeout :2 Link Monitoring --------------Negotiation Status : : supported on Errored Symbol Perio
Users Manual of XGS-6350-12X8TR Low threshold High threshold : : 1 error second(s) none Errored CRC Frames Event Window : 1 seconds Low threshold High threshold : : 10 error frame(s) none Configuring switch B: Switch_config_g0/1#ethernet oam Switch_config_g0/1#show ethernet oam statistics link-monitor int g0/1 GigaEthernet0/1 Local Link Events: ------------Errored Symbol Period Event: No errored symbol period event happened yet. Errored Frame Event: No errored frame event happened yet.
Users Manual of XGS-6350-12X8TR Errored Frame Seconds Summary Event: No errored frame seconds summary event happened yet. Errored CRC Frames Event: No errored CRC frame event happened yet.
Users Manual of XGS-6350-12X8TR Chapter 34. CFM and Y1731 Configuration Overview 34.1.1 Stipulations 34.1.1.1 Format Stipulation in the Command Line Syntax Meaning Stands for the keyword in the command line, which stays unchanged and must be entered without Bold any modification. It is presented as a bold in the command line. Stands for the parameter in the command line, which must be replaced by the actual value. It must be {italic} presented by the italic in the brace.
Users Manual of XGS-6350-12X8TR 34.2.3 CFM Configuration 34.2.3.1 Adding the Maintenance Domain Configuration mode: Global Command Purpose ethernet cfm md mdnf {string} Adds a maintenance domain whose mdn [level<0-7> | name is char_string. creation | Note: sit | The system enters the maintenance ip] domain configuration mode after the maintenance domain is added. 34.2.3.
Users Manual of XGS-6350-12X8TR 34.2.3.5 Starting CFM Configuration mode: Global Command Purpose ethernet cfm {enable} Starts CFM. 34.2.4 CFM Maintenance 34.2.4.1 Using the Loopback Function Configuration mode: EXEC Command Purpose ethernet cfm loopback mdnf {string} Uses a designated MEP to conduct mdn manf {string} man loopback towards itself. mepid <1-8191> mac number <1-64> 34.2.4.
Users Manual of XGS-6350-12X8TR Switch_config#ethernet cfm enable Y1731 Configuration 34.3.1 Configuration Task List Specifying an MEP to Forward AIS Frame Enabling Frame Delay Measurement Displaying the Information About OAM Protocol 34.3.1.1 Specifying an MEP to Forward AIS Frame Run the following commands specify an MEP to transmit AIS frames: Procedure Command Purpose Step1 config Enters the global configuration mode.
Users Manual of XGS-6350-12X8TR MEPID is the symbol of to-be-displayed MEP. show ethernet y1731 interface Displaying MEP and MIP Configurations on interface-name a Port interface-namestands for port identifier. show ethernet y1731 meglist The above-mentioned command is used to [MEGID ] display the configuration of all MEG or the detailed configuration about a certain MEG. MEGID is the name of to-be-displayed MEG.
Users Manual of XGS-6350-12X8TR Chapter 35. DHCP-Snooping Configuration DHCP-Snooping Configuration 35.1.1 DHCP-Snooping Configuration Tasks DHCP-Snooping is to prevent the fake DHCP server from providing the DHCP service by judging the DHCP packets, maintaining the binding relationship between MAC address and IP address. The L2 switch can conduct the DAI function and the IP source guard function according to the binding relationship between MAC address and IP address.
Users Manual of XGS-6350-12X8TR 35.1.1.2 Enabling DHCP-Snooping in a VLAN If DHCP snooping is enabled in a VLAN, the DHCP packets which are received from all distrusted physical ports in a VLAN will be legally checked. The DHCP response packets which are received from distrusted physical ports in a VLAN will then be dropped, preventing the faked or mis-configured DHCP server from providing address distribution services.
Users Manual of XGS-6350-12X8TR 35.1.1.5 Setting an Interface to an ARP-Trusting Interface ARP monitoring is not enabled on those trusted interfaces. The interfaces are distrusted ones by default. Run the following commands in interface configuration mode. Command Purpose arp inspection trust Sets an interface to an ARP-trusting interface. Resumes an interface to an no arp inspection trust ARP-distrusting interface. 35.1.1.
Users Manual of XGS-6350-12X8TR 35.1.1.8 Configuring the TFTP Server for Backing up Interface Binding After the switch configuration is rebooted, the previously-configured interface binding will be lost. In this case, there is no binding relationship on this interface. After source IP address monitoring is enabled, the switch rejected forwarding all IP packets.
Users Manual of XGS-6350-12X8TR write backup to the default settings. 35.1.1.11 Configuring Interface Binding Manually If a host does not obtain the address through DHCP, you can add the binding item on an interface of a switch to enable the host to access the network. You can run no ip source binding MAC IP to delete items from the corresponding binding list. Note that the manually-configured binding items have higher priority than the dynamically-configured binding items.
Users Manual of XGS-6350-12X8TR on an interface. show ip dhcp-relay snooping binding all Displays all binding items which are generated by DHCP snooping. [ no ] debug ip dhcp-relay [ snooping | Enables or disables the switch of DHCP binding | event ] relay snooping.
Users Manual of XGS-6350-12X8TR DHCPR: DHCP packet len 300 DHCPR: send packet continue DHCPR: receive l2 packet from vlan 3, diID: 3 DHCPR: DHCP packet len 289 DHCPR: send packet continue DHCPR: receive l2 packet from vlan 3, diID: 1 DHCPR: DHCP packet len 300 DHCPR: update binding on interface FastEthernet0/3 DHCPR: IP address: DHCPR: send packet continue 192.2.2.101, lease time 86400 seconds 35.1.1.14 Example of DHCP-Snooping Configuration The network topology is shown in figure 1.
Users Manual of XGS-6350-12X8TR Chapter 36. MACFF Configuration MACFF Settings 36.1.1 Configuration Tasks MACFF is to isolate downlink ports of the same VLAN in a switch from exchanging inter-access packets, enabling these packets to be allocated to the default gateway of client through DHCP server and then to downlink ports.
Users Manual of XGS-6350-12X8TR packets will also be dropped. The VLAN on which MACFF is enabled must be configured to have a management address. DHCP snooping shall also be enabled on this VLAN. Run the following commands in global configuration mode. Command Purpose macffvlanvlan_id enable Enables MACFF in a VLAN. no macffvlanvlan_id enable Disables MACFF in a VLAN. 36.1.1.
Users Manual of XGS-6350-12X8TR not be listened. Run the following commands in physical interface configuration mode. Command Operation macff disable Specifies a physical port to shut down MACFF. no macff disable Specifies a physical port to enable MACFF (it is enabled by default). In default settings, the ports are allowed to enable MACFF. 36.1.1.6 Opening MACFF Debugging Run the following commands in global configuration mode. Command Operation debug macff Opens MACFF debugging.
Users Manual of XGS-6350-12X8TR Switch_config#macff vlan 1 enable (2) Enable MACFF in VLAN2, which connects private network B. The default gateway allocated by DHCP server is 192.168.2.2 (If necessary, the default gateway can also be 192.168.2.1). Switch_config#arp 192.168.2.2 a8: f7: e0: ea: 74: ee Switch_config#ip dhcp-relay snooping vlan 2 Switch_config#macff vlan 2 enable (3) Sets the ports that connect DHCP server, default gateway and other ARs respectively to be trusted.
Users Manual of XGS-6350-12X8TR Chapter 37.
Users Manual of XGS-6350-12X8TR 37.3.1 Creating the Transparent Clock Port The transparent clock can include multiple PTP ports to connect the master and slave clock respectively. Run the following commands in port configuration mode to create the PTP ports: Command Purpose ptp start l2 Creates the PTP L2 port. Ptp start l3 Creates the PTP L3 port. Run the following command in port configuration mode to delete the PTP ports: Command Purpose no ptp start Delete the PTP port. 37.3.
Users Manual of XGS-6350-12X8TR Run the following command in global configuration mode to configure an authentication mode: Command Purpose ptp sync-mechanism store-forward Sets the forwarding method of Sync packets to store-forward. To switch the forwarding mode over to straight forwarding, run the following command in global configuration mode: Command Purpose ptp sync-mechanism Sets the forwarding method of Sync straight-forward packets to store-forward. 37.3.
Users Manual of XGS-6350-12X8TR transmission interval is 1 second. PTP TC Configuration Example See the following figure: MASTER TC G0/12 SLAVE G0/10 MASTER here stands for the master clock, which is a L2 PTP device. SLAVE here stands for the master clock, which is a L3 PTP device. TC stands for a switch that supports transparent clock. The master clock connects port g0/12 of the switch, while the slave clock connects port g0/10 of the switch. MASTER, TC and SLAVE are all working in P2P mode.
Users Manual of XGS-6350-12X8TR Chapter 38. Layer 2 Tunnel Protocol Configuration Configuring Layer-2 Protocol Tunnel 38.1.1 Introduction Layer-2 protocol tunnel allows users between two sides of the switch to transmit the specified layer 2 protocol on their own network without being influenced by the relevant layer 2 software module of the switch. The switch is a transparent media for users. 38.1.
Users Manual of XGS-6350-12X8TR (1) The f0/2 of Switch A1, f0/1 and f0/2 of Gather, f0/1 of A2 should be configured to trunk mode. (2) The f0/1 of switch A1, f0/2 of A2 should be configured to Access, and enables tunnel function of the STP protocol.
Users Manual of XGS-6350-12X8TR Chapter 39. Loopback Detection Configuration Setting Loopback Detection 39.1.1 Introduction of Loopback Detection The loopback in a network may trigger the repeated transmission of broadcast, multicast or unicast packets, wasting network resources and even leaving network breakdown.
Users Manual of XGS-6350-12X8TR Length 2 0x0008, length of the header of loopback detection packet RESERVE 2 Reserved field SYSMAC 6 MAC address of the switch SEQUENCE 4 Sequence ID of packet, which is generated randomly by the system before the packet is transmitted DiID 4 Port ID, which is the ID of the global port of 85 Series End 2 0x0000, end character 39.1.
Users Manual of XGS-6350-12X8TR One point to be noted is that the port must exist in the specified VLAN, or the configuration takes no effect. If loopback detection happens in VLAN2 to VLAN8, ports are configured to be in trunk mode, and trunk vlan-allowed is vlans 5-8, the packets with tags 2-4 transmitted by the switch cannot pass through this port and the configuration hence takes no effect.
Users Manual of XGS-6350-12X8TR conduct MAC address learning any more and at the same time the MAC address table of this port ages. shutdown: Means to close the port. When loopback is detected, except that trap message will be transmitted and the port’s MAC address table ages, the port will be automatically closed and it cannot forward packets any more until the err-disable-recover time. Trap: It means that the port only reports alarm.
Users Manual of XGS-6350-12X8TR 39.1.3.9 Displaying the Configuration of Port Loopback Detection Command Purpose show loopback-detection interface intf Displays the configuration of port loopback detection. This command is mainly used to display port loopback detection, including the port timer and the information about transmitted and received packets. 39.1.4 Configuration Example Figure 1.1 Loopback detection configuration As shown in figure 1.
Users Manual of XGS-6350-12X8TR switchport mode trunk Configuration of interface GigaEthernet0/2: switchport mode trunk Configuration of interface GigaEthernet0/3: switchport mode trunk Global Configuration vlan1-3 Switch S3: Configuration of interface GigaEthernet0/1: switchport pvid 3 If loopback exists in the network that S3 connects and the PVID of the interface, on which loopback exists, is 3, the packets will be transmitted to interface g0/1 of S1 and S1 will block interface g0/1 after finding loopb
Users Manual of XGS-6350-12X8TR Chapter 40. QoS Configuration If you care to use your bandwidth and your network resources efficiently, you must pay attention to QoS configuration. QoS Configuration 40.1.1 QoS Overview 40.1.1.1 40.1.1.1 QoS Concept In general, the switch works in best-effort served mode in which the switch treats all flows equally and tries its best to deliver all flows. Thus if congestion occurs all flows have the same chance to be discarded.
Users Manual of XGS-6350-12X8TR and first served (FCFS). 2. Differentiated service As to the differentiated service, if a special service is to be transmitted in a network, each packet should be specified with a corresponding QoS tag. The switch uses this QoS rule to conduct classification and complete the intelligent queuing. The QoS of the switch provides Strict Priority (SP), Weighted Round Robin (WRR), Deficit Round Robin (DRR) and First-Come-First-Served (FCFS). 40.1.1.
Users Manual of XGS-6350-12X8TR 40.1.1.4 Weighted Random Early Detection Congestion avoidance and traditional packet loss mechanism Excessive congestion may inflict damage on network resources, so network congestion should be resolved through some measures. Congestion avoidance is a sort of flow control method of positively dropping packets and regulating network flows to solve network overload via network resource monitoring.
Users Manual of XGS-6350-12X8TR 40.1.2 QoS Configuration Task List In general, ONU will try its best to deliver each packet and when congestion occurs all packets have the same chance to be discarded. However, in reality different packets have different importance and the comparatively important packets should get the comparatively good service.
Users Manual of XGS-6350-12X8TR 40.1.3.2 Setting the Bandwidth of the CoS Priority Queue The bandwidth of priority queue means the bandwidth distribution ratio of each priority queue, which is set when the schedule policy of the CoS priority queue is set to WRR/DRR. This series of switches has 8 priority queues in total. If this command is run, the bandwidth of all priority queues on all interfaces are affected. This command validates only when the queue schedule policy is set to WRR or DRR.
Users Manual of XGS-6350-12X8TR 40.1.3.4 Configuring the Minimum and Maximum Bandwidths of CoS Priority Queue The minimum and maximum bandwidths of CoS priority queue can be modified through configuration. All the flows with a bandwidth less than the configured minimum bandwidth shall not be dropped, but the flows with a bandwidth bigger than the configured maximum bandwidth shall all be dropped. Enter the privileged mode. Command Purpose config Enters the global configuration mode.
Users Manual of XGS-6350-12X8TR interface g0/1 Enters the to-be-configured port. [no] cos default cos Sets the CoS value of the received untagged frames. cos stands for the corresponding CoS value. exit Goes back to the global configuration mode. exit Goes back to the EXEC mode. write Saves the settings. 40.1.3.
Users Manual of XGS-6350-12X8TR 40.1.3.9 Establishing the QoS Policy Mapping Flow classification means to identify a class of packets with certain attributes by applying a certain regulation and take designated actions towards to these packets. Enter the privileged mode and then run the following commands to establish a new QoS policy mapping. Command Purpose config Enters the global configuration mode. [no]policy-mapname Enters the configuration mode of the QoS policy map.
Users Manual of XGS-6350-12X8TR [no]policy-map name Enters the configuration mode of the QoS policy map. name stands for the name of the policy. description description-text Sets the description of the QoS policy. description-text stands for the text to describe the policy. classify {any | cos cos | Matches up with any packet. icosicos | vlanvlanid | Configures the matched COS value which ivlanivlanid | ranges between 0 and 7.
Users Manual of XGS-6350-12X8TR Enter the privileged mode and run the following commands to set the action of a policy, matching up the data flow. The action will replace the previous settings. Command Purpose config Enters the global configuration mode. [no]policy-map name Enters the configuration mode of the QoS policy map. name stands for the name of the policy. action{bandwidth max-band | {cir max-band stands for the occupied maximum commit-band {bc bandwidth.
Users Manual of XGS-6350-12X8TR queue, which ranges from 1 to 8. Redirects the egress port of the matched flow. stat-packet stands for the number of packets under statistics. stat-byte means the number of bytes under statistics. vlanID is used to replace or add the outer vlan ID, which ranges from 1 to 4094. exit Goes back to the global configuration mode. exit Goes back to the EXEC mode. 40.1.3.
Users Manual of XGS-6350-12X8TR 40.1.4 QoS Configuration Example 40.1.4.1 Example for Applying the QoS Policy on a Port The following example shows how to set packet’s cos to 2 on port g0/2: ip access-list extended ipacl permit ip 192.168.20.2 255.255.255.255 192.168.20.210 255.255.255.
Users Manual of XGS-6350-12X8TR Chapter 41. DoS Attack Prevention Configuration DoS Attack Prevention Configuration 41.1.1 DoS Attack Overview 41.1.1.1 Concept of DoS Attack The DoS attack is also called the service rejection attack. Common DoS attacks include network bandwidth attacks and connectivity attacks. DoS attack is a frequent network attack mode triggered by hackers. Its ultimate purpose is to break down networks to stop providing legal users with normal network services.
Users Manual of XGS-6350-12X8TR service address). The SYN message causes the server to send the SYN-ACK message to the sever itself, hence this address also sends the ACK message and creates a null link. Each of this kinds of links will keep until the timeout time, so the server will break down. Landattack can be classified into IPland and MACland. 41.1.
Users Manual of XGS-6350-12X8TR Saves the settings. write 41.1.3.2 Displaying All DoS Attack Prevention Configurations You can display the Dos attack prevention configurations through the show command. Run the following command in EXEC mode to display the configured DoS attack prevention functions. Command Purpose show dos Displays Dos attack prevention configuration. 41.1.
Users Manual of XGS-6350-12X8TR Chapter 42. Attack Prevention Configuration Attack Prevention Configuration 42.1.1 Overview To guarantee the reasonable usage of network bandwidth, our 6508 series switches provide the function to prevent vicious traffic from occupying lots of network bandwidth. In light of current attack modes, our 6508 series switches can limit the hosts that send lots of ARP, IGMP or IP message in a period of time and do not provide any service to these hosts.
Users Manual of XGS-6350-12X8TR at slot X. filter arp Detects the arp attack. The ARP attack takes the host’s MAC address and the source port as the attack source, that is, message from the same MAC address but different ports cannot be calculated together. Both the IGMP attack and IP attack take the host’s IP address and source port as the attack source. Remember that the IGMP attack prevention and the IP attack prevention cannot be started up together. 42.1.3.
Users Manual of XGS-6350-12X8TR Chapter 43. Network Protocol Configuration Configuring IP Addressing 43.1.1 IP Introduction 43.1.1.1 IP Internet Protocol (IP) is a protocol in the network to exchange data in the text form. IP has the functions such as addressing, fragmenting, regrouping and multiplexing. Other IP protocols (IP protocol cluster) are based on IP. As a protocol working on the network layer, IP contains addressing information and control information which are used for routing.
Users Manual of XGS-6350-12X8TR Network traffic Safety requirements Reliability requirements Strategy Others Details of the above items are not described in the section. We just want to remind you that your network requirements must be satisfied when you choose the routing protocols. 43.1.1.4 IGRP Interior Gateway Routing Protocol (IGRP) is used for network targets in an autonomous system. All IP IGRPs must be connected with networks when they are started up.
Users Manual of XGS-6350-12X8TR 43.1.3 Configuring IP Address 43.1.3.1 Configuring IP Address at Network Interface The IP address determines the destination where the IP message is sent to. Some IP special addresses are reserved and they cannot be used as the host IP address or network address. Table 1 lists the range of IP addresses, reserved IP addresses and available IP addresses. Type A B C D E Address or Range State 0.0.0.0 Reserved 1.0.0.0 to 126.0.0.0 Available 127.0.0.0 Reserved 128.
Users Manual of XGS-6350-12X8TR needed to connect the physical network. In this case, you can configure the subordinate IP address on the switch or the server, enabling two logical subnets to use the same physical subnet. Most of early-stage networks which are based on the layer-2 bridge are not divided into multiple subnets. You can divide the early-stage network into multiple route-based subnets by correctly using the subordinate IP addresses.
Users Manual of XGS-6350-12X8TR ARP is used to map IP addresses to media or MAC address. When the IP address is known, ARP will find the corresponding MAC address. When the MAC address is known, the mapping relationship between IP address and MAC address is saved in ARP cache for rapid access. The IP message is then packaged in the message at the link layer and at last is sent to the network.
Users Manual of XGS-6350-12X8TR To activate the proxy ARP, run the following command in interface configuration mode: Run… To… ip proxy-arp Activate the proxy ARP on the interface. Configuring free ARP function The switch can know whether the IP addresses of other devices collide with its IP address by sending free ARP message. The source IP address and the destination IP address contained by free ARP message are both the local address of the switch.
Users Manual of XGS-6350-12X8TR identify the broadcast message through special address. Some protocols, including some important Internet protocols, frequently use the broadcast message. One primary task of the IP network administrator is to control the broadcast message. The system supports the directed broadcast, that is, the broadcast of designated network. The system does not support the broadcast of all subnets in a network. Some early-stage IP’s do not adopt the current broadcast address standard.
Users Manual of XGS-6350-12X8TR Run the following command in global configuration mode to specify protocols to be forwarded: Run… To… ip forward-protocol udp [port] Specify which interfaces’ UDP protocols will be forwarded. 43.1.3.6 Detecting and Maintaining IP Addressing Perform the following operations to detect and maintain the network: 1. Clearing cache, list and database You can clear all content in a cache, list or the database. When you think some content is ineffective, you can clear it.
Users Manual of XGS-6350-12X8TR Configuring NAT 43.2.1 Introduction The Internet faces two key problems: insufficient IP address space and route measurement. Network Address Translation (NAT) is an attribute. You can find that a group of IP networks with this attribute use different IP address spaces, but you cannot find the actual address space used by the group of networks.
Users Manual of XGS-6350-12X8TR message indicating the host cannot be reached. The switch with NAT configured should not publish the local network. However, the routing information that NAT receives from the outside can be published in the single-connection domain. 43.2.1.3 NAT Terms As said above, the term “inside” means those networks which are possessed by organizations and have to be transformed. In this domain, the host has an address in one address space.
Users Manual of XGS-6350-12X8TR Translating inside source address Reloading inside global address Translating the overlapping address Providing TCP load balance Changing translation timeout time and limiting the number of connections Monitoring and maintaining NAT 43.2.3 NAT Configuration Task 43.2.3.
Users Manual of XGS-6350-12X8TR host 1.1.1.1. (5) When the routing switch receives message of the inside global IP address, it takes the inside global address as a keyword to query the NAT table, translates the address to the inside local address of host 1.1.1.1, and forwards message to host 1.1.1.1. (6) Host 1.1.1.1 receives the message and continues the session. The routing switch is to perform step 2 and step 5 for each message. 1.
Users Manual of XGS-6350-12X8TR Only those transferable addresses can be contained in the access list (remember that an implicit item “deny all” exists at the end of each access list). The random access list may lead to unexpected results. Refer to section 2.4.1 “Dynamic Inside Source Address Transfer Example” for details. 43.2.3.2 Reloading Inside Global Address Multiple local addresses use one global address through the routing switch. All the addresses can be stored in the inside global address pool.
Users Manual of XGS-6350-12X8TR inside global address, outside address and port as the keywords to search the NAT table. After that, it transfers the address to the inside local address 1.1.1.1 and forwards the packet to host 1.1.1.1. (6) Host 1.1.1.1 receives the packet and continues the session. The routing switch performs step 2 and step 5 for each packet.
Users Manual of XGS-6350-12X8TR Figure 43-3 Network Condition Where NAT Translates Overlapping Addresses The routing switch performs the following steps when translating the overlapping addresses: (1) The user of host 1.1.1.1 uses domain name to send instructions for connecting host C. Host 1.1.1.1 requires DNS server to perform a checkup from domain name to address. (2) The DNS server responds the request and returns the address 1.1.1.1 of host C.
Users Manual of XGS-6350-12X8TR outside network. 2. Configuring dynamic transfer Run the following commands in global configuration mode to configure dynamic outside source address transfer: Run… To… ip nat poolname start-ip end-ip Define a to-be-distributed local address netmask pool according to requirements. ip access-list Define a standard access list.
Users Manual of XGS-6350-12X8TR Figure 43-4 NAT TCP load balance When translating the cycle address, the routing switch performs the following steps: (1) The user of host B (9.6.7.3) sends instructions for connecting the virtual host 1.1.1.127 in the inside network. (2) The routing switch receives the connection request and creates a new translation item to allocate the next host 1.1.1.1 for the inside local IP address.
Users Manual of XGS-6350-12X8TR ip nat inside Label the interface as one to connect the inside network. interface type number Specify the outside interface. ip nat outside Label the interface as one to connect the outside interface. Only those transferable addresses can be contained in the access list (remember that an implicit item “deny all” exists at the end of each access list). The random access list may lead to unexpected results. For details, refer to section “TCP Load Configuration Example”.
Users Manual of XGS-6350-12X8TR Run... To... ip nat translation Set the maximum number of the max-entriesnumbers translation items (the default value is 4000). ip nat translation max-links Limit the maximum number of the NAT A.B.C.Dnumbers connection items that the designated inside IP address creates. There is no default value. ip nat translation max-links all Limit the maximum number of the NAT numbers connection items that a single IP address creates.
Users Manual of XGS-6350-12X8TR ip nat inside source list a1 pool net-208 ! interface vlan10 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface vlan11 ip address 192.168.1.94 255.255.255.0 ip nat inside ! ip access-list standard a1 permit 192.168.1.0 255.255.255.0 ! 43.2.4.2 Inside Global Address Reloading Example An address pool named net-208 is created in the following example. The address pool contains all addresses from 171.69.233.208 to 171.69.233.233.
Users Manual of XGS-6350-12X8TR IP address pool. The sentence ip nat outside source list 1 pool net-10 transfer the host addresses of the outside overlapping network to the address in the net-10 address pool. ip nat pool net-208 171.69.233.208 171.69.233.223 255.2555.255.240 ip nat pool net-10 10.0.1.0 10.0.1.255 255.255.255.0 ip nat inside source list a1 pool net-208 ip nat outside source list a1 pool net-10 ! interface vlan10 ip address 171.69.232.192 255.255.255.
Users Manual of XGS-6350-12X8TR Configuring DHCP 43.3.1 Introduction The Dynamic Host Configuration Protocol (DHCP) provides some parameters of network configuration fro hosts in the Internet. DHCP will be described in RFC 2131. The most important function of DHCP is to distribute IP addresses on the interface. DHCP supports three mechanisms of distributing IP addresses. Automatic distribution The DHCP server automatically distributes a permanent IP address to a client.
Users Manual of XGS-6350-12X8TR As described above, the lease time is a concept appearing in the procedure of DHCP dynamic distribution. Lease time an effective period of an IP address since its distribution. When the effective period is over, the IP address is to be recycled by the DHCP server. To continuously use the IP address, the DHCP client requires re-applying the IP address. 43.3.2 Configuring DHCP Client 43.3.2.
Users Manual of XGS-6350-12X8TR ip dhcp client select seconds Specify the interval for SELECT. The command is optional when you perform operations to obtain an IP address. 4. Monitoring DHCP To check information about DHCP-server currently found by switch, run the following command in management mode: Run... To... show dhcp server Display information about the DHCP server known by the routing switch.
Users Manual of XGS-6350-12X8TR 43.3.3.2 Configuring DHCP Server 43.3.3.3 Enabling DHCP server To enable the DHCP server and distribute parameters such as IP address for the DHCP client, run the following command in global configuration mode (the DHCP server also supports the relay operation. For the addresses that the DHCP server cannot distribute, the port where ip helper-address is configured is to forward the DHCP request): Run... To... ip dhcpd enable Enabling DHCP server. 43.3.3.
Users Manual of XGS-6350-12X8TR 43.3.3.7 Configuring DHCP server address pool Run the following command in global configuration mode to add the address pool for the DHCP server: Run... To... ip dhcpd pool name Add the address pool of the DHCP server and enter the configuration mode of the DHCP address pool. 43.3.3.8 Configuring DHCP server address pool You can run the following commands in DHCP address pool configuration mode to configure related parameters.
Users Manual of XGS-6350-12X8TR Run... To... lease {days [hours][minutes] | infinite } Configure the lease time of the address that is distributed to the client. Run the following command to configure the netbios server address that is distributed to the client: Run... To... netbios-name-serverip-addr… Configure the netbios server address that is distributed to the client. You can run the following command to reject to distribute the IP address to the host whose MAC address is hardware-address.
Users Manual of XGS-6350-12X8TR DHCP server. Run... To... clear ip dhcpd statistic Delete current message statistics information about DHCP server 43.3.3.11 DHCP Server Configuration Example In the following example, the timeout time of the ICMP detection packet is set to 200ms; Address pool 1 is configured and the DHCP server is enabled. ip dhcpd ping timeout 2 ip dhcpd pool 1 network 192.168.20.0 255.255.255.0 range 192.168.20.211 192.168.20.215 domain-name my315 default-router 192.168.20.
Users Manual of XGS-6350-12X8TR 1. Sending ICMP unreachable message If the system receives a message and cannot send it to the destination, such as no routes, the system will send an ICMP-unreachable message to the source host. The function of the system is enabled by default. If the function is disabled, you can run the following command in interface configuration mode to enable the function. Run… To… ip unreachables Enable the function to send an ICMP-unreachable message. 2.
Users Manual of XGS-6350-12X8TR the MTU set on the message forwarding interface. The IP message needs to be segmented, but the “unsegmented” bit of the IP message is reset. The message, therefore, cannot be segmented. The message has to be dropped. In this case, the routing switch sends the ICMP message to notify the source host of the reason of failed forwarding, and the MTU on the forwarding interface.
Users Manual of XGS-6350-12X8TR ip source-route 7. Authorizing IP source route. Allowing IP fast exchange IP fast exchange uses the route cache to forward the IP message. Before the switch forwards message to a certain destination, its system will check the routing table and then forward the message according to a route. The selected route will be stored in the routing cache of the system software.
Users Manual of XGS-6350-12X8TR 43.4.1.2 Configuring Performance Parameters 1. Setting the wait time for TCP connection When the routing switch performs TCP connection, it considers that the TCP connection fails if the TCP connection is not created during the wait time. The routing switch then notifies the upper-level program of the failed TCP connection. You can set the wait time for TCP connection. The default value of the system is 75 seconds.
Users Manual of XGS-6350-12X8TR show ip cache [prefix mask] [type Display the routing cache that is used for number] fast IP message exchange. show ip sockets Display all socket information about the routing switch. show ip traffic Display statistics data about IP protocol. show tcp Display information about all TCP connection states. Briefly display information about TCP show tcp brief connection states. show tcp statistics Display TCP statistics data.
Users Manual of XGS-6350-12X8TR terminates the match regulations. The order of the conditions is, therefore, important. If no regulations match, the address is declined. Use the access list by following the following steps: (1) Create the access list by designating the access list name and conditions. (2) Apply the access list to the interface. 43.4.2.2 Creating Standard and Extensible IP Access List Use a character string to create an IP access list.
Users Manual of XGS-6350-12X8TR say, you cannot add the command line to the designated access list. However, you can run no permit and no deny to delete items from the access list. When you create the access list, the end of the access list includes the implicit deny sentence by default. If the mask is omitted in the relative IP host address access list, 255.255.255.255 is supposed to be the mask. After the access list is created, the access list must be applied on the route or interface.
Users Manual of XGS-6350-12X8TR During the connection period, the same two port numbers are used. The mail packet from the Internet has a destination port, that is, port 25. The outgoing packet has a contrary port number. In fact, the security system behind the routing switch always receives mails from port 25. That is the exact reason why the incoming service and the outgoing service can be uniquely controlled. The access list can be configured as the outgoing service or the incoming service.
Users Manual of XGS-6350-12X8TR The standard access list and the extensible access list cannot have the same name. Run the following command in global configuration mode to create a standard access list: Run… To… ip access-list standardname Use a name to define a standard access list. deny {source [source-mask] | Designate one or multiple permit/deny any}[log] or permit {source conditions in standard access list [source-mask] | any}[log] configuration mode.
Users Manual of XGS-6350-12X8TR 43.4.3.4 Applying the Access List to the Interface After the access list is created, you can apply it to one or multiple interfaces including the in interfaces and out interfaces. Run the following command in interface configuration mode. Run… To… ip access-groupname {in | out} Apply the access list to the interface. The access list can be used on the in interfaces and the out interfaces.
Users Manual of XGS-6350-12X8TR 405
Users Manual of XGS-6350-12X8TR Chapter 44. IP ACL Application Configuration Applying the IP Access Control List 44.1.1 Applying ACL on Ports After an ACL is established, it can be applied on one or many slots or globally. Run the following command in global or port configuration mode: Command Purpose config Enters the global configuration mode. interface g0/1 Enters the to-be-configured port.
Users Manual of XGS-6350-12X8TR Chapter 45. Routing Configuration Configuring RIP 45.1.1 Overview The section describes how to configure the RIP. For details about RIP commands, refer to the setion “RIP Commands” in “Network Protocol Command Reference”. The routing information protocol (RIP) is still a commonly used interior gateway protocol (IGP), mainly applied to small-scale networks of the same type. RIP is a classical distance vector routing protocol, which appears in RFC 1058.
Users Manual of XGS-6350-12X8TR Activating or forbidding horizon split. Monitoring and maintaining RIP 45.1.3 Configuring RIP Tasks 45.1.3.1 Starting up RIP Run the following command in global configuration mode to activate RIP: Command Purpose Activates the RIP routing process and routerrip enters the switch configuration mode. networknetwork-number Specifies the network number related to the RIP routing process. 45.1.3.
Users Manual of XGS-6350-12X8TR timers holddown value It means how much time is needed for a route to be deleted from the routing table. timers expirevalue It means what interval is needed for a route to be declared ineffective. timers updatevalue It means the transmission frequency of the routing update information. 45.1.3.5 Specifying the RIP Version Number The RIP-2 of our switches supports authentication, PIN management, routing summary, CIDR and VLSM.
Users Manual of XGS-6350-12X8TR authentication. Each RIP-2 packet uses the plain authentication by default. For the purpose of security, do not use the plain authentication in the RIP packet because the unencrypted authentication PIN is sent to each RIP-2 packet. You can use the plain authentication without security concern. Run the following commands in VLAN configuration mode to configure the RIP plain text authentication.
Users Manual of XGS-6350-12X8TR Forbids authenticating the source IP no validate-update-source address of the incoming routing information. 45.1.3.9 Configuring the Maximum Number of Routes By default, the local RIP routing table contains up to 1024 routes. When the route number exceeds the maximum number, you cannot add new routes to the routing table. At the same time, the system notifies you that the route number has already reached the maximum number set for the routing table.
Users Manual of XGS-6350-12X8TR 45.1.3.11 Monitoring and Maintaining RIP Monitoring and maintaining RIP needs to display network statistics information, such as RIP parameter configuration, real-time network track. These information help you judge the network usage, solve network problem and the reachabilitiy of network nodes. Run the following commands in management mode to display all routing statistics information: Command show ip rip Purpose Display the current state of the RIP protocol.
Users Manual of XGS-6350-12X8TR router rip network 192.168.20.0 network 20.0.0.0 ! Configuring BEIGRP 45.2.1 Overview Technologies used by BEIGRP are similar to the distance vector protocol: The router makes routing decision according to the information provided by the directly-connecting neighbor; The router provides its routing information to its directly-connecting neighbor.
Users Manual of XGS-6350-12X8TR Configuring forwarding route Configuring other BEIGRP parameters Monitoring and maintaining the running of BEIGRP 45.2.3 BEIGRP Configuration Task 45.2.3.1 Activating BEIGRP Perform the following operations to create a BEIGRP process: Command Purpose router beigrpas-number Adds a BEIGRP process in global configuration mode. networknetwork-number Adds network segment to the BEIGRP network-mask process in route configuration mode.
Users Manual of XGS-6350-12X8TR Command Purpose offset{type number | *} {in | out} Applies a offset table. access-list-name offset 45.2.3.5 Disabling Automatic Route summary The automatic collection of BEIGRP is different from that of other dynamic routing protocols. It complies with the following regulations: When multiple networks in a BEIGRP process are defined, a summary route of the defined network is generated if at least one subnet of the network is in the BEIGRP topology table.
Users Manual of XGS-6350-12X8TR 45.2.3.7 Configuring Forwarding Route When BEIGRP forwards other types of routes, BEIGRP complies with the following regulations: If the present route is static or directly-connected, the command default-metric need not be configured and other compound distance parameters (bandwidth, delay, reliability, effective load and MTU) are directly obtained from the current port.
Users Manual of XGS-6350-12X8TR transmission frequency of the BEIGRP hello message on the interface of the router. hold timer specifies the time to declare the neighbor is dead when the router cannot receives data from the designated neighbor. After any type of the BEIGRP packet is received from the neighboring router, the value of hold timer needs to be reset. Different network types or network bandwidth adopt different default values of the hello timer.
Users Manual of XGS-6350-12X8TR [as-number] interface. show ip beigrp neighbors[as-number Displays the information about BEIGRP | interface] neighbors. show ip beigrp topology [as-number | Displays the information about BEIGRP all-link | summary | active] topology table. 45.2.4 BEIGRP Configuration Example In the following example, the summary route that sends network segment 10.0.0.0/8 on VLAN11 is configured. All subnet routs of the network segment will not be notified of the neighbor.
Users Manual of XGS-6350-12X8TR parameters cost, resending interval, interface output delay, the priority of the switch, the interval to judge the shutdown of the switch, the interval of the hello packet and the authentication PIN. Virtual link The virtual link is supported. NSSA area See RFC 1587. OSPF in the See RFC 1793. on-demand circuit 45.3.2 OSPF Configuration Task List OSPF requires the routing data exchange among switches, ABR and ASBR in the whole domain.
Users Manual of XGS-6350-12X8TR networkaddressmaskareaarea-id Configures the running interface of OSPF and the relevant interface domain ID. 45.3.3.2 Configuring Interface Parameters of OSPF You are allowed to modify OSPF parameters of the interface according to actual requirements. When you modify a parameter, make sure that the parameter on all switches of the interconnected network is same.
Users Manual of XGS-6350-12X8TR The X.25 and frame-relay network provides optional broadcast capability. You can configure the OSPF to run in the broadcast network through the map command. For details of the map command, refer to the description of the map command in WAN Command Reference. 45.3.3.4 Configuring OSPF Network Type No matter what physical media type your network belongs to, you can configure your network to be the broadcast network or the non-broadcast and multi-access network.
Users Manual of XGS-6350-12X8TR the stub area, you need select the option No Summary in the ABR. Run the following command in switch configuration mode to set area parameters: Command Purpose areaarea-idauthentication simple Activates the authentication of the OSPF area. areaarea-idauthentication Specifies the MD5 authentication as message-digest the authentication OSPF. areaarea-idstub [no-summary] Defines a stub area.
Users Manual of XGS-6350-12X8TR [route-map map-name] route. 45.3.3.9 Choosing Route ID Through the LOOPBACK Interface OSPF takes the maximum IP address configured on the interface as the switch ID. If the interface connecting the IP address changes to the Down state, or the IP address is cancelled, the OSPF process is to recalculate the new switch ID and resend the routing information from all interfaces.
Users Manual of XGS-6350-12X8TR Command Purpose timersdelaydelaytime Sets the delay of routing calculation in an area. timersholdholdtime Sets the minimum interval of routing calculation in an area. 45.3.3.12 onitoring and Maintaining OSPF The network statistics information includes the content of IP routing table, cache and database.
Users Manual of XGS-6350-12X8TR debug ip ospf events Monitors the OSPF interface and neighboring events. debug ip ospf flood Monitors the flooding of OSPF database. debug ip ospf lsa-generation Monitors the LSA generation of OSPF. debug ip ospf packet Monitors the OSPF message. debug ip ospf retransmission Monitors the message resending of OSPF. debug ip ospf spf Monitors the SPF calculation route of debug ip ospf spf intra OSPF.
Users Manual of XGS-6350-12X8TR system. The third example shows how to use all kinds of OSPF tools. 45.3.4.2.1 Basic OSPF Configuration Example The following example shows how to configure a simple OSPF. Activate the routing process 9; connect Ethernet interface 0 to area 0.0.0.0; meanwhile, send RIP to OSPF or send OSPF to RIP. interface vlan 10 ip address 130.130.1.1 255.255.255.0 ip ospf cost 1 ! interface vlan 10 ip address 130.130.1.1 255.255.255.0 ! router ospf 90 network 130.130.0.0 255.255.0.
Users Manual of XGS-6350-12X8TR Interface vlan12 is in area 2: interface vlan 12 ip address 131.108.2.5 255.255.255.0 Interface vlan13 is in area 3: interface vlan 13 ip address 131.109.10.5 255.255.255.0 Interface vlan14 is in area 0: interface vlan 14 ip address 131.109.1.1 255.255.255.0 Interface vlan 100 is in area 0: interface vlan 100 ip address 10.1.0.1 255.255.0.0 The function of network area configuration command has its order, so the sequence of the commands is important.
Users Manual of XGS-6350-12X8TR Configure switches according to the previous figure. RTA: interface loopback 0 ip address 202.96.207.81 255.255.255.0 ! interface vlan 10 ip address 192.168.10.81 255.255.255.0 ! interface vlan 10 ip address 192.160.10.81 255.255.255.0 ! router ospf 192 network 192.168.10.0 255.255.255.0 area 1 network 192.160.10.0 255.255.255.0 area 0 ! RTB: interface loopback 0 ip address 202.96.209.82 255.255.255.252 ! interface vlan 10 ip address 192.168.10.82 255.255.255.
Users Manual of XGS-6350-12X8TR ! router ospf 192 network 192.168.20.0 255.255.255.0 area 1 network 192.168.10.0 255.255.255.0 area 1 ! RTC: interface loopback 0 ip address 202.96.208.83 255.255.255.252 ! interface vlan 10 ip address 192.163.20.83 255.255.255.0 ! interface vlan 11 ip address 192.160.20.83 255.255.255.0 ! router ospf 192 network 192.168.20.0 255.255.255.0 area 1 network 192.163.20.0 255.255.255.0 area 0 ! 45.3.4.
Users Manual of XGS-6350-12X8TR (3) Setting the authentication password for each area and network (4) Setting the link state value and other interface parameters Use one area command respectively to set authentication parameters and stub area. You can use one command to set these parameters. Set backbone area (Area 0).
Users Manual of XGS-6350-12X8TR network 192.168.30.0 255.255.255.0 area 192.168.30.0 network 192.168.40.0 255.255.255.0 area 192.168.40.0 area 0 authentication simple area 192.168.20.0 stub area 192.168.20.0 authentication simple area 192.168.20.0 default-cost 20 area 192.168.20.0 authentication simple area 192.168.20.0 range 36.0.0.0 255.0.0.0 area 192.168.30.0 range 192.42.110.0 255.255.255.0 area 0 range 130.0.0.0 255.0.0.0 area 0 range 141.0.0.0 255.0.0.0 redistribute rip RIP is in network 192.168.30.
Users Manual of XGS-6350-12X8TR Use neighbor-based access-list, aspath-list and prefix-list to filter the route. Or use port-based access-list and prefix-list to filter the route or the Nexthop attribute of the route. Use route-map to modify BGP route's attributes such as MED, Local Preference and Weight. To interact with dynamic IGRPs such as ospf and rip, you can use the distribute command to redistribute the route. The BGP routing information is thus automatically generated.
Users Manual of XGS-6350-12X8TR 45.4.2.1.1 Activating BGP Routing Choice Run the following commands in global configuration mode to activate BGP route selecting: Command Purpose router bgp autonomous-system Activates the BGP routing process in router configuration mode. networknetwork-number/masklen Marks the network as the local [route-map route-map-name] autonomous system and adds it to the BGP table.
Users Manual of XGS-6350-12X8TR new soft reconfiguration is used to send the outgoing update to the neighbor, it is called outgoing soft reconfiguration. After the incoming soft reconfiguration is run, new input policies validates. After the outgoing soft reconfiguration is run, the new local output policy validates without resetting BGP session.
Users Manual of XGS-6350-12X8TR When cancelling the synchronization, you need to run the command clear ip bgp to clear BGP sessions. For details, refer to the section “Example for Neighbor-Based BGP Path Filtration”. In general, only one or two routes are forwarded to your IGP and become the exterior routes in IGRP or the BGP session sponsor generates a default AS route. When the routes are forwarded from BGP to IGP, only the routes obtained through EBGP can be forwarded.
Users Manual of XGS-6350-12X8TR neighbor {ip-address } Establishes a BGP filter. distribute-listaccess-list-name {in | out } (3) Use the prefix list with the commands ip prefix-list and neighbor prefix-list. Command Purpose ip prefix-listprefixs-list-name |sequence Defines a prefix list. number {permit |deny}A.B.C.D/n ge x le y router bgpautonomous-system Enters the router configuration mode. neighbor {ip-address } Establishes a BGP filter.
Users Manual of XGS-6350-12X8TR neighbor {ip-address } next-hop-self Cancels the next-hop processing when BGP neighbors update. When the previous command is used, the current router notifies itself to take as the next hop of the route. Therefore, other BGP neighbors will send packets to the current router. It is useful in the non-broadcast network because a path from the current router to the designated neighbor. However, it is useless in the broadcast network because unnecessary extra hops will occur.
Users Manual of XGS-6350-12X8TR Routing network number Value of the AS_PATH attribute Value of the COMMUNITY attribute Routes can be classified into the community through the COMMUNITY attribute and the community-based routing policy can be applied to routes. Therefore, the configuration of routing information control is simplified. Community is a group of routes having the same attributes. Each route may belong to multiple communities.
Users Manual of XGS-6350-12X8TR expendedcommunity-list-name {permit | deny} communtiy-expression route-map map-name Configures the route map. sequence-number {deny | permit} match community-list-name Configures the matching regulations. router bgpautonomous-system Enters the router configuration mode. neighbor {ip-address } Applies the route map. route-maproute-map-name {in | out } Refer to the section “Example for Route Map Through BGP Community Attribute”. 45.4.2.2.
Users Manual of XGS-6350-12X8TR fully connected. The clients in the cluster do not communicate with the IBGP session sponsors in the different cluster. When the route reflector receives the routing infotmation, it will perform the following tasks: Broadcast the routes from the external BGP session sponsors to all clients and non-client peers. Broadcast the routes from the non-client routes to all clients. Broadcast the routes from the client to all client peers and non-client peers.
Users Manual of XGS-6350-12X8TR neighbor {ip-address } ebgp-multihop Sets the BGP neighbor to the multihop ttl external peers. 45.4.2.2.8 Setting BGP route management distance The management distance is a unit to measure the priority of routing protocols. BGP uses three kinds of management distance: external distance, internal distance and local distance. The route learned from the external BGP shows the external distance. The route learned from the internal BGP shows the internal distance.
Users Manual of XGS-6350-12X8TR value of the detailed statistics information can be displayed. 45.4.3.1 Clearing BGP routing table and database Run the following command in management mode to perform relative tasks about clearing high-speed cache, table or BGP database. Command Purpose clear ip bgp * Resets all BGP connections. clear ip bgp as-number Resets the BGP connection of the designated autonomous system. clear ip bgp address Resets the BGP connection of the designated neighbor.
Users Manual of XGS-6350-12X8TR [received-routes | routes | special BGP neighbor. advertised-routes] show ip bgp paths Displays all BGP path information in the database. show ip bgp summary Displays the state of all BGP connections. 45.4.3.3 Tracking BGP information To locate the fault and resolve the problem, you need to observe the BGP connection establishment, route receiving and route forwarding by tracking the BGP information.
Users Manual of XGS-6350-12X8TR router bgp 100 neighbor 1.1.1.1 route-map freddy out ! ip aspath-list abc permit ^690_ ip aspath-list xyz permit .
Users Manual of XGS-6350-12X8TR neighbor 150.136.64.19 remote-as 99 45.4.4.3 Example for neighbor-based BGP path filtration The following is an example for neighbor-based BGP path filtration. The route that gets through the access list test1of as-path obtains a weight value 100. Only the route that gets through the access list test2 of as-path can be sent to neighbor 193.1.12.10. Similarly, the route that gets through the access list test3 can be accepted by neighbor 193.1.12.
Users Manual of XGS-6350-12X8TR router bgp network 101.20.20.0 filter * in prefix max24 ! ip prefix-list max24 seq 5 permit 0.0.0.0/0 ge 8 le 24 ! In the following example, the router filters all the routes and only accepts the routes whose prefix length ranges from 8 to 24: router bgp 12 filter * in prefix-list max24 ip prefix-list max24 seq 5 permit 0.0.0.
Users Manual of XGS-6350-12X8TR redistribute static If at least one route in the routing table belongs to the designated range, an aggregation route is created in the BGP routing table according to the following configuration. The aggregation route is considered to be from your AS and has the atomic attribute which may be lost in the indication information: router bgp 100 aggregate 193.0.0.0/8 The following example shows how to create the aggregation route 193.*.*.
Users Manual of XGS-6350-12X8TR neighbor 2.0.0.1 remote-as 200 /*RTC IBGP*/ neighbor 2.0.0.1 route-reflector-client neighbor 3.0.0.1 remote-as 200/*RTB IBGP*/ neighbor 3.0.0.1 route-reflector-client neighbor 5.0.0.1 remote-as 200 /*RTE IBGP*/ neighbor 4.0.0.2 remote-as 100 /*RTD EBGP*/ network 11.0.0.0/8 ! ip route 11.0.0.0 255.0.0.0 2.0.0.12 RTB configuration: interface vlan110 ip address 3.0.0.2 255.0.0.0 ! router bgp 200 neighbor 3.0.0.1 remote-as 200 /*RTA IBGP*/ network 13.0.0.0/8 ! ip route 13.0.0.
Users Manual of XGS-6350-12X8TR RTE configuration: interface vlan110 ip address 5.0.0.2 255.0.0.0 ! router bgp 200 neighbor 5.0.0.1 remote-as 200 /*RTA IBGP*/ network 15.0.0.0/8 ! ip route 15.0.0.0 255.0.0.0 5.0.0.12 45.4.4.8 BGP autonomous system alliance example The following figure shows an autonomous system alliance configuration. RTA, RTB and RTC create the IBGP connection. RTA, RTB and RTC belong to the private autonomous system 65010. RTE belongs to the private autonomous system 65020.
Users Manual of XGS-6350-12X8TR ! router bgp 65010 bgp confederation identifier 200 bgp confederation peers 65020 neighbor 1.0.0.2 remote-as 65010 /*RTB IBGP*/ neighbor 2.0.0.2 remote-as 65010 /*RTC IBGP*/ neighbor 5.0.0.2 remote-as 65020 /*RTE EBGP*/ neighbor 4.0.0.2 remote-as 100 /*RTD EBGP*/ RTB configuration: interface vlan110 ip address 1.0.0.2 255.0.0.0 ! interface vlan111 ip address 3.0.0.1 255.0.0.0 ! router bgp 65010 bgp confederation identifier 200 bgp confederation peers 65020 neighbor 1.0.0.
Users Manual of XGS-6350-12X8TR neighbor 4.0.0.1 remote-as 200 /*RTA EBGP*/ RTE configuration: interface vlan110 ip address 5.0.0.2 255.0.0.0 ! router bgp 65020 bgp confederation identifier 200 bgp confederation peers 65010 neighbor 5.0.0.1 remote-as 65010 /*RTA EBGP*/ 45.4.4.9 Example for route map using BGP community attribute In the following example, the command route map set-community is used to update the outgoing routes of neighbor 171.69.232.50.
Users Manual of XGS-6350-12X8TR route-map set-community 20 permit match as-path test2 ! ip aspath-list test1 permit 70$ ip aspath-list test2 permit .* In the following example, Set the MED and the local priority of the route from neighbor 171.69.232.55 according to the community attribute value. Set MED of all routes that match the community list com1 to 8000. These routes may contain routes with community value “100 200 300” and “900 901”. These routes may have other attribute values.
Users Manual of XGS-6350-12X8TR Chapter 46. IP Hardware Subnet Routing Configuration IP Hardware Subnet Configuration Task 46.1.1 Overview IP hardware subnet routing is similar to IP fast exchange. When the IP hardware subnet routing is not enabled, before forwarding message containing the IP address A at the next hop, the switch first checks whether the item of destination A exists in the IP cache of hardware. If the item exists, the message will be forwarded through hardware.
Users Manual of XGS-6350-12X8TR 46.1.3 Checking the State of IP Hardware Subnet Routing Command Description show ip exf Displays the current state of the IP hardware subnet routing. Configuration Example Pay attention to the following content when you configure the routing items: As to the direct-connecting routing, the next hop is CPU. If the next hop is a routing interface not an IP address, do as in the direct-connecting routing.
Users Manual of XGS-6350-12X8TR ip exf 0.0.0.0 0.0.0.0 nexthop 192.168.1.
Users Manual of XGS-6350-12X8TR Chapter 47. IP-PBR Configuration IP-PBR Configuration IP-PBR realizes software PBR functions through the hardware of switch chip. PBR stands for Policy Based Routing. PBR enables users to rely on a certain policy not on routing protocol for routing. Software based PBR supports multiple policies and rules and also load balance. You can designate the next hop’s IP address or port for those packets that are in line with policy.
Users Manual of XGS-6350-12X8TR 47.1.2 ISIS Configuration Task List To configure IP-PBR, do as follows: Create ACL; Create a route map; Apply the route map on a port; To create an ACL, run the following command globally: Command Remarks ip access-list standard net1 Enters the ACL configuration mode and defines ACL. To create a route map, run the following commands globally: Command Remarks route-map pbr Enters the route map configuration mode.
Users Manual of XGS-6350-12X8TR IP policy based route state: disabled No pbr apply item No equiv exf apply item All data related about IP-PBR running are shown below: switch#show ip pbr IP policy based route state: enabled No equiv exf apply item VLAN3 use route-map ddd, and has 1 entry active. -----------------Entry sequence 10, permit Match ip access-list: ac1 Set Outgoing nexthop 90.0.0.
Users Manual of XGS-6350-12X8TR IP policy based route state: enabled Equiv EXF has 1 entry active. -----------------Entry sequence 1, handle c1f95b0 Dest ip: 1.1.0.0/16 90.0.0.3 192.168.213.161 47.1.4 IP-PBR Configuration Example Switch configuration: ! ip pbr ! interface vlan1 ip address 10.1.1.3 255.255.255.0 no ip directed-broadcast ip policy route-map pbr ! ip access-list standard ac1 permit 10.1.1.21 255.255.255.255 ! ip access-list standard ac2 permit 10.1.1.2 255.255.255.
Users Manual of XGS-6350-12X8TR will automatically choose 13.1.1.99 or 14.1.1.99 as the egress according to destination IP address.
Users Manual of XGS-6350-12X8TR Chapter 48. Multi-VRF CE Configuration Multi-VRF CE Introduction 48.1.1 Overview The Virtual Private Network (VPN) provides a secure method for multiple client networks to share the ISP-supplied bandwidth. In general, one VPN comprises a team of client networks that share a public routing table on the ISP's routers. Each client network is connected to the interface of the network devices of ISP, while ISP's device will relate each interface to a VPN routing table.
Users Manual of XGS-6350-12X8TR VRF. 48.1.1.2 Establishing Routes with PE The MCE switch (MCE) can connect one or multiple PEs, but both MCE and the connected PEs have to get VRF configured. MCE will provide PE the routes which MCE learns from CE and learns the routes of remote client networks from PE. The VRF route can be established between MCE and PE through dynamic routing protocols such as BGP, OSPF, RIP and BEIGRP. Of course, the VRF route can also be established statically.
Users Manual of XGS-6350-12X8TR Switch_config_vrf# rd Sets the route distinguisher of VRF. route-distinguisher route-distinguisher: Stands for the distinguisher of the route. It consists of autonomous domain ID and random numbers, or IP and random numbers. Switch_config_vrf# route-target Creates the expanded VPN attributes of input/output VRF { export | import | both } objects.
Users Manual of XGS-6350-12X8TR Switch_config_ospf# redistribute Forwards the designated BGP network to the OSPF network. bgp ASN Switch_config_ospf# exit Exits from the OSPF configuration mode. Switch_config# show ip ospf Browses the information about the OSPF protocol. Switch_config# no router Deletes the OSPF-VRF routing configuration. ospfprocess-id 48.2.3.
Users Manual of XGS-6350-12X8TR MCE Configuration Example Figure 2.1 shows a simple VRF network. Both S1 and S2 are the Multi-VRF CE switches. S11, S12 and S13 belong to VPN1, S21 and S22 belong to VPN2, and all of them are customer devices. The OSPF route should be configured between CE and customer device, while the BGP route is configured between CE and PE. PE S1 VPN1 S11 S2 CE G0/1 11.0.0.0 VPN1 S13 CE G0/1 G0/1 G0/2 G1/1 G1/2 G0/2 S12 VPN2 S22 G0/3 G0/3 VPN2 S21 G0/4 Figure 2.
Users Manual of XGS-6350-12X8TR 48.3.2 Configuring MCE-S1 Configures VRF on the Multi-VRF CE device.
Users Manual of XGS-6350-12X8TR Switch_config_v11# ip address 11.0.0.1 255.0.0.0 Switch_config_v11# exit Switch_config# interface VLAN15 Switch_config_v15# ip vrf forwarding vpn2 Switch_config_v15# ip address 15.0.0.1 255.0.0.0 Switch_config_v15# exit Switch_config# interface VLAN21 Switch_config_v21# ip vrf forwarding vpn1 Switch_config_v21# ip address 21.0.0.2 255.0.0.0 Switch_config_v21# exit Switch_config# interface VLAN22 Switch_config_v22# ip vrf forwarding vpn2 Switch_config_v22# ip address 22.0.
Users Manual of XGS-6350-12X8TR Switch_config_bgp_vpn2# no synchronization Switch_config_bgp_vpn2# redistribute ospf 2 Switch_config_bgp_vpn2# neighbor 22.0.0.1 remote-as 200 Switch_config_bgp_vpn2# exit-address-family Switch_config_bgp# exit Create VLAN. Switch_config# vlan 1,11-12,21-22 Enables the forwarding of subnet route of the switch. Switch_config# ip exf 48.3.
Users Manual of XGS-6350-12X8TR Set the L3 VLAN interface of PE, which connects S1: Switch_config# interface VLAN21 Switch_config_v21# ip vrf forwarding vpn1 Switch_config_v21# ip address 21.0.0.1 255.0.0.0 Switch_config_v21# exit Switch_config# interface VLAN22 Switch_config_v22# ip vrf forwarding vpn2 Switch_config_v22# ip address 22.0.0.1 255.0.0.
Users Manual of XGS-6350-12X8TR Switch_config# ip exf 48.3.
Users Manual of XGS-6350-12X8TR Switch_config# interface VLAN41 Switch_config_v41# ip vrf forwarding vpn1 Switch_config_v41# ip address 41.0.0.1 255.0.0.0 Switch_config_v41# exit Switch_config# interface VLAN46 Switch_config_v46# ip vrf forwarding vpn2 Switch_config_v46# ip address 46.0.0.1 255.0.0.0 Switch_config_v46# exit Switch_config# interface VLAN31 Switch_config_v31# ip vrf forwarding vpn1 Switch_config_v31# ip address 31.0.0.2 255.0.0.
Users Manual of XGS-6350-12X8TR Switch_config_bgp# address-family ipv4 vrf vpn2 Switch_config_bgp_vpn2# no synchronization Switch_config_bgp_vpn2# redistribute ospf 2 Switch_config_bgp_vpn2# neighbor 32.0.0.1 remote-as 200 Switch_config_bgp_vpn2# exit-address-family Switch_config_bgp# exit Create VLAN. Switch_config# vlan 1,31-32,41,46 Enables the forwarding of subnet route of the switch. Switch_config# ip exf 48.3.
Users Manual of XGS-6350-12X8TR Switch# ping -vrf vpn1 21.0.0.1 !!!!! --- 21.0.0.
Users Manual of XGS-6350-12X8TR Chapter 49. Reliability Configuration Configuring Port Backup This chapter discusses how to back up the interface, describes the backup functions on the asynchronism serial interface, synchronism serial interface or ISDN interface. For details about interface backup commands, refer to Interface Backup Command Reference. 49.1.1 Overview Interface backup functions can enabled Backup interface or disabled it according to statement or flux information of Primary interface .
Users Manual of XGS-6350-12X8TR 49.1.3.2 Enabling Backup Interface Rejection Set delaying of enabled and disabled backup interface .To realize time gap between primary interface state changing and the result of state of backup interface changing. 1. choose backup interface 2. enabled interface backup delaying in this interface . choose backup interface,You can use instructions as follows in interface configuration mode. Command Purpose Backup interfaceslot/port Choose backup interface of this port.
Users Manual of XGS-6350-12X8TR The time of backup interface activation and deactivation is both 5 seconds. Flux equalization setting is when true flux of primary interface pass 60% of band width , activate backup interface, while flux through both interfaces is less than 30% of band width of primary interface, activate backup interface.
Users Manual of XGS-6350-12X8TR relying on the availability of any single router. It enables a set of router interfaces to work together to present the appearance of a single virtual router or default gateway to the hosts on a LAN. When HSRP is configured on a network or segment, it provides a virtual Media Access Control (MAC) address and an IP address that is shared among a group of configured routers.
Users Manual of XGS-6350-12X8TR standby [group-number] preempt Configure hsrp preempt. If local router's [delaydelay] priority is larger than active router, local router should try to replace the active router. Configure hsrp preempt delay timer.Local router should replace active router after preempt delay timer. standby [group-number] tracktype Configure hsrp group tracking interface number [interface-priority] list.If the tracking interface is failed ,HSRP priority value decreased.
Users Manual of XGS-6350-12X8TR standby 1 preempt standby 1 ip 171.16.6.100 255.255.255.0 standby 1 trackl Serial0 standby 2 preempt standby 2 ip 171.16.6.200 255.255.255.0 standby 2 track Serial0 standby 2 priority 95 The following is the R2 configuration: Configure two HSRP groups on interface Ethernet 0. The virtual IP of group 1 is 171.16.6.100 and the privilege of group1 is 100, so R2 is the standby router of group1. The virtual IP of group 2 is 171.16.6.
Users Manual of XGS-6350-12X8TR The VRRP-running main router transmits the Advertise packets based on the Sock Raw multicast, while the standby routers receive these packets. The standby routers can serve as the main router through their Timer out mechanism and the Preempt mechanism. You can configure multiple hot standby groups on an interface to fully use the router. Currently VRRP supports Ethernet/Fast Ethernet/VLAN protocols, but it does not support the token ring and the token bus.
Users Manual of XGS-6350-12X8TR address Virtual Router A standby router which will be selected to serve as a Backup data-forwarding router when the master router invalidates 49.3.
Users Manual of XGS-6350-12X8TR [no] vrrp group-number Sets the hot standby privilege level priority<1-255> in the VRRP router for selecting the primary router and the standby router. 49.3.3.6 Configuring the Preemption Mode Command Purpose [no] vrrp group-numberpreempt Sets the preemption mode. [delay<1-254>] 49.3.3.
Users Manual of XGS-6350-12X8TR 49.3.4 VRRP Configuration Example In the following network topology, two subnets in a same network use their own gateways (gateway A and gateway B) respectively to access the Internet, but gateway A and gateway B are standby ones each other. When one gateway (one router) breaks down, the other will work for the two subnets. Group 3 vip: 100.1.1.30 vmac: 00:00:5e:00:01:03 Host John e1/1.2 F0/22 F0/20 e1/1.1 A F0/21 F0/23 B e1/1.1 e2/1 vrrp Group 6 vip: 200.1.1.
Users Manual of XGS-6350-12X8TR RouterB: ----------------------------------interface Ethernet1/1.2 encapsulation dot1Q 2 ip address 100.1.1.6 255.255.255.0 vrrp 3 associate 100.1.1.30 255.255.255.0 vrrp 3 priority 110 vrrp 3 description line1-backup vrrp 3 authentication line1pwd vrrp 3 preempt vrrp 3 timers advertise dsec 15 ---------------------------------interface Ethernet1/1.2 encapsulation dot1Q 3 ip address 200.1.1.6 255.255.255.0 vrrp 6 associate 200.1.1.30 255.255.255.
Users Manual of XGS-6350-12X8TR interface VLAN3 ip addr 200.1.1.8 255.255.255.
Users Manual of XGS-6350-12X8TR Chapter 50. Multicast Configuration Multicast Overview The chapter describes how to cofigure the multicast routing protocol. For the details of the multicast routing commands, refer to the part “Multicast Routing Commands”. The traditional IP transmission allows only one host to communicate with a single host (unicast communication) or to communicate with all hosts (broadcast communication). The multicast technology allows one host to send message to some hosts.
Users Manual of XGS-6350-12X8TR 50.1.2 Multicast Routing Configuration Task List 50.1.2.
Users Manual of XGS-6350-12X8TR Configuring the filtration list Setting the DR priority Clearing (S,G) information 50.1.2.4 PIM-SM Configuration Task List Configuring static RP Configuring standby BSR Configuring standby RP Displaying PIM-SM multicast routing Clearing multicast routes learned by PIM-SM Basic Multicast Routing Configuration 50.2.
Users Manual of XGS-6350-12X8TR 50.2.2.2 Starting up PIM-SM To run PIM-DM on a port and activate the PIM-DM multicast, perform the following operation: Command Purpose Enters a port where PIM-SM needs to run and then ip pim-sm activates the PIM-SM multicast routing process in port configuration mode. 50.2.3 Configuring TTL Threshold Run the command ip multicast ttl-threshold to configure the TTL threshold of the multicast message that is allowed to pass the port.
Users Manual of XGS-6350-12X8TR Take the tunnel technology as an example. When a router in a path does not support the multicast protocol, the resolution is to configure the GRE tunnel between two routeres. In the following figure, each unicast router supports only the unicast message; each multicast router supports only the multicast message. The source host sends the multicast message to the destination host through MR1 and MR2.
Users Manual of XGS-6350-12X8TR 50.2.7 Configuring IP Multicast Rate Control Run the command ip multicast rate-limit to limit the rate of receiving and sending the multicast message in a source/group range. Run the command noip multicastrate-limit to cancel the rate limitation. Run the following command to limit the input rate of a multicast flow to n kbps.
Users Manual of XGS-6350-12X8TR Example The following example shows how to configure the command ip multicast helper. The configuration of the router is shown in the following figure. Configure the command ip directed-broadcast on the e0 port of the first-hop router to handle the directional message. Configure ip multicast helper-map broadcast 230.0.0.1 testacl1, allowing to convert the UDP broadcast message with port number 4000 that is sent from the source address 192.168.20.
Users Manual of XGS-6350-12X8TR Command Purpose interface type number Enters the interface configuration mode. ip pim neighbor-filter access-list Filters all pim messages on the stub router. Example The configuration of router A and B is shown as follows: Stub Router A Configuration ip multicast-routing ip pim-dm ip igmp helper-address 10.0.0.2 Central Router B Configuration ip multicast-routing ip pim-dm ip pim-dm neighbor-filter stubfilter ip access-list stubfilter deny 10.0.0.1 50.2.
Users Manual of XGS-6350-12X8TR show ip mroute mfc Displays the multicast forwarding cache. show ip rpf [ucast | mstatic | pim-dm Displays the RPF information. | pim-sm | dvmrp] source-address IGMP Configuration 50.3.1 Overview 50.3.1.1 IGMP Internet Group Management Protocol (IGMP) is a protocol used to manage multicast group members. IGMP is an asymmetric protocol, containing the host side and the switch side.
Users Manual of XGS-6350-12X8TR and RFC3376. IGMP V1 supports only the function to record the multicast group members. IGMP V2 can query the designated multicast group member, generates the leave message when an IGMP host leaves a multicast group, and shortens the change delay of the group member. IGMP V3 has additional functions to update and maintain the multicast group member IDs which correspond to the source host addresses.
Users Manual of XGS-6350-12X8TR minimum IP address is the querier in the network. The switch that is not the querier needs to save a clock to record the existence of the querier. If the clock times out, the non-querier switch turns to be the querier until it receives the IGMP Query message from the switch with a smaller IP address.
Users Manual of XGS-6350-12X8TR For IGMP-Router V2 and IGMP-Router V3, run the following command in interface configuration mode to configure the IGMP query interval of the last group member: Command Purpose ip igmp Configures the IGMP query interval of last-member-query-intervaltime the last group member (unit: ms). The previous command is useless for IGMP-Router V1. 50.3.2.
Users Manual of XGS-6350-12X8TR in interface configuration mode will be omitted. If the command is first configured in interface configuration mode, the command configured in global configuration mode will delete the command configured in interface configuration mode.
Users Manual of XGS-6350-12X8TR 50.3.3.3 IGMP Querier interval configuration example The following example shows how to modify the IGMP Querier interval to 100 seconds on the interface ethernet 1/0: interface ethernet 1/0 ip igmp querier-timeout 100 50.3.3.4 Maximum IGMP response time example The following example shows how to modify the maximum IGMP response time to 15 seconds on the interface ethernet 1/0: interface ethernet 1/0 ip igmp query-max-response-time 15 50.3.3.
Users Manual of XGS-6350-12X8TR the multicast group 224.1.1.7 to the interface ethernet 0/0. Run the following command in interface configuration mode to receive the IP multicast message that is from 192.168.20.169 and finally sent to the multicast group 224.1.1.7: ip igmp static-group 224.1.1.7 include 192.168.20.169 The previous command can be executed for many times to define different source addresses.
Users Manual of XGS-6350-12X8TR pruning state contains information about the multicast source and the multicast group. When the multicast group member appears in the pruning area, PIM-DM actively sends the graft message to the upper field without waiting for the pruning state of the upper field to time out, turning the pruning state to the forwarding state.
Users Manual of XGS-6350-12X8TR upstream ports. For the following switches, the interval is the period to receive and handle the state-refresh message. 50.4.2.2 Configuring State-Refresh The state-refresh control information of the PIM-DM is forwarded in management mode by default. The configuration commands in interface configuration mode are effective only to the configurations at the upstream ports when the first-hop switch directly connecting the source sends the state-refresh message periodically.
Users Manual of XGS-6350-12X8TR Configures the priority for the local DR ip pim-dm dr-priority on the designated port. 50.4.2.5 Clearing Item (S,G) Normally, item (S,G) in the local MRT or the statistics value of the multicast message number forwarded through item (S,G) need be cleared. Run the following commands in management mode. Command Purpose clear ip mroute pim-dm {* | group Clears the item (S,G) in the local MRT.
Users Manual of XGS-6350-12X8TR Figure 5-1 Join-in mechanism of PIM-SM PIM-SM forwards the multicast packet by creating the multicast distribution tree. The multicast distribution tree can be classified into two groups: Shared Tree and Shortest Path Tree. Shared Tree takes the RP of group G as the root, while Shortest Path Tree takes the multicast source as the root. PIM-SM creates and maintains the multicast distribution tree through the displayed join/prune mode.
Users Manual of XGS-6350-12X8TR about a group member’s relationship from the directly-connected host, if the DR has no the routing item of the group, the DR will map the group address to a candidate RP through the Hash algorithm. The DR then multicasts the Join/prune message hop by hop towards the RP. Finally, the DR packages the multicast data in the registration message and unicasts it to the RP. 50.5.2 Configuring PIM-SM 50.5.2.
Users Manual of XGS-6350-12X8TR routers in the domain, ensuring the RP mapping is unique. Run the following command in global configuration mode: Command ip pim-sm rp-candidate [typenumber] [interval|group-list acl-name] no ip pim-sm rp-candidate [typenumber] Purpose Configures the local switch as the candidate RP. After the candidate RP is configured, it will be sent to the BSR periodically. The BSR then broadcasts all PIM-SM routers in the PIM-SM domain. 50.5.2.
Users Manual of XGS-6350-12X8TR ip pim-sm dr-priority 100 ! interface Serial2/0 ip address 192.168.21.142 255.255.255.0 physical-layer speed 128000 ip pim-sm ! router rip network 192.168.21.0 network 192.166.1.0 network 192.166.100.0 version 2 ! ip pim-sm bsr-candidate Loopback0 30 201 ip pim-sm rp-candidate Loopback0 ! Device B: ! ip multicast-routing ! interface Ethernet0/1 ip address 192.168.200.144 255.255.255.0 ip pim-sm ip pim-sm dr-priority 200 ! interface Serial0/0 ip address 192.168.21.144 255.
Users Manual of XGS-6350-12X8TR ! interface Ethernet1/1 ip address 192.166.1.142 255.255.255.0 ip pim-sm ! interface Serial2/0 ip address 192.168.21.142 255.255.255.0 physical-layer speed 128000 ip pim-sm ! router rip network 192.168.21.0 network 192.166.100.0 ! ip pim-sm bsr-candidate Loopback0 30 201 ! Device B: ! ip multicast-routing ! interface Loopback0 ip address 192.168.100.144 255.255.255.0 ip pim-sm ! interface Ethernet0/1 ip address 192.168.200.144 255.255.255.
Users Manual of XGS-6350-12X8TR Chapter 51. IPv6 Configuration IPv6 Protocol’s Configuration The configuration of the IPv6 address of the router only takes effect on the VLAN interface, not on the physical interface. The IPv6 protocol is disabled in default state. If the IPv6 protocol need be used on a VLAN interface, this protocol should be first enabled in VLAN interface configuration mode. To enable the IPv6 protocol, users have to set the IPv6 address.
Users Manual of XGS-6350-12X8TR Command Purpose ipv6 enable Sets a link-local address automatically. ipv6 address fe80: : x link-local Sets a link-local address manually. The link-local address must begin with fe80.The default length of the prefix is 64 bit.At manual settings only the values at the last 64 bits can be designated. On a VLAN interface can only one link-local address be set.
Users Manual of XGS-6350-12X8TR (4) Setting IPv6 redirection (5) Setting IPv6 destination unreachability (6) Setting IPv6 ACL (7) Setting IPv6 Hop-Limit 1. Setting the transmission frequency of the ICMPv6 packet If you want to limit the transmission frequency of the ICMPv6 packet, run the command in the following table. If the ICMPv6 transmission frequency is larger than the set value, the transmission frequency will be limited. The default transmission frequency is 1000us.
Users Manual of XGS-6350-12X8TR IPv6 redirection is opened by default. However, if a hot standby router protocol is configured on an interface, IPv6 redirection is automatically closed. If the hot standby router protocol is canceled, this function will not automatically opened. To open IPv6 redirection, run the following command: 5. Command Purpose ipv6 redirects Allows IPv6 to transmit the redirection packets.
Users Manual of XGS-6350-12X8TR Chapter 52. ND Configuration ND Overview A node (host and router) uses ND (Neighbor Discovery protocol) to determine the link-layer addresses of the connected neighbors and to delete invalid cache rapidly. The host also uses the neighbor to discover the packet-forwarding neighboring routers. Additionally, the node uses the ND mechanism to positively trace which neighbors are reachable or unreachable and to test the changed link-layer address.
Users Manual of XGS-6350-12X8TR vlanid hardware-address IPv6 address into a link-layer address. 52.1.2 ND Configuration The ND protocol is used not only for address resolution but for other functions such as neighbor solicitation, neighbor advertisement, router solicitation, router advertisement and redirect.
Users Manual of XGS-6350-12X8TR Setting the prefix of the RA message The router releases address prefixes to the network host via RA message. The address prefix plus the host address is the entire unicast address. The prefix option is carried by the RA message, and the host obtains the IPv6 address prefix and related parameter from this option.
Users Manual of XGS-6350-12X8TR Setting the reachable-time field of the RA message reachable-time means the time to reach a neighbor, which is 0 by default. Command Purpose ipv6 nd reachable-time milliseconds Sets the reachable-time field in the RA message transmitted by the local port. Its default value is 0ms. Setting the value of the router preference in the RA message router-preference means the router’s priority, which accounts for two bits in the flags domain in the RA message.
Users Manual of XGS-6350-12X8TR Chapter 53. RIPNG Configuration Configuring RIPNG 53.1.1 Overview Routing Information Protocol of next generation (RIPng) is the RIP of version 6. In the equipment RIPng and RIP are two completely independent modules that are in charge of the learning and management of the routing information in version 6 and version 4 respectively. RIPng is same to RIP in the internal working mechanism. RIPng switches the routing information through the UDP broadcast.
Users Manual of XGS-6350-12X8TR Activating or Forbidding Horizontal Fragmentation Monitoring and Maintaining RIPng 53.1.3 RIPng Configuration Tasks 53.1.3.1 Allowing to Set the Unicast Routing Protocol To set the RIPng, you must first run the following command to allow setting the switch of a unicast route. Command Ipv6 unicast-routing Purpose Enables to set the unicast routing protocol on a device. 53.1.3.
Users Manual of XGS-6350-12X8TR above, run the following command in RIPng configuration mode: Command Purpose neighboripv6-address Defines a neighboring router and switches the routing information with this neighboring router. 53.1.3.5 Applying the Offset on the Routing Weight The offset list is used to add an offset for an incoming or outgoing route which RIPng learns. In this case, a local mechanism is provided to add the routing weight.
Users Manual of XGS-6350-12X8TR recovery is needed. To adjust the timer, run the following command in RIPng configuration mode: Command Purpose timers holddown value Means how long it takes for a route to be removed from the routing table. timers garbagevalue Means how long it takes for a route to be declared invalid. timers updatevalue Means the transmission frequency of routing updates, whose unit is second. 53.1.3.
Users Manual of XGS-6350-12X8TR parameters of RIPng, the network usage information and the real communication-tracing information. This kind of information can help users to judge the usage of network resources and solve network problems. From the statistics information, you can also know the reachablity of a network node.
Users Manual of XGS-6350-12X8TR ipv6 rip dang2 split-horizon ! router ripng dang2 redistribute static exit ! ! Device B: interface Ethernet1/1 no ip address no ip directed-broadcast duplex half ipv6 address 4444: : 2222/64 ipv6 enable ipv6 rip dang enable ipv6 rip dang split-horizon ! router ripng dang redistribute static exit ! In this way both device A and device B learns the static routing information from each other.
Users Manual of XGS-6350-12X8TR Chapter 54. OSPFv3 Configuration Overview OSPFv3 is an IGP routing protocol developed by the OSPF working group of IETF for the IPv6 network. OSPFv3 supports the IPv6 subnet, the mark of the external routing information and the packet’s authentication. OSPFv3 and OSPFv2 have a lot in common: Both router ID and area ID are 32 bit. The following are the same type of packets: Hello packets, DD packets, LSR packets, LSU packets and LSAck packets.
Users Manual of XGS-6350-12X8TR OSPFv3 Configuration Task List OSPFv3 demands the switchover of routing data between in-domain router, ABR and ASBR. In order to simplify the settings, you can make related configuration to enable them to work under the default parameters without any authentication; if you want to change some parameters, you must guarantee that the parameters on all routers are identical. To set OSPFv3, you must perform the following tasks.
Users Manual of XGS-6350-12X8TR If the OSPFv3 process is still not created before OSPFv3 is enabled on an interface, the OSPFv3 process will be automatically created. 54.3.2 Setting the Parameters of the OSPFv3 Interface During OSPFv3 realization, related OSPFv3 parameters on an interface are allowed to be modified according to actual requirements. Of cause you have no need to change every parameter, but you have to make sure that some parameters are consistent on all routers in the connected networks.
Users Manual of XGS-6350-12X8TR point-to-multipoint one. Between those routers which are not adjacent the routing information can be switched through the virtual link. The OSPFv3 point-to-multipoint interface can be set to be multipoint-to-point interface, through which multiple routes of a host can be established.
Users Manual of XGS-6350-12X8TR Command Purpose areaarea-idrange ipv6-prefix Sets the address' range of the /prefix-length summary route. 54.3.7 Setting the Summary of the Forwarded Routes When routes are distributed from other routing areas to the OSPFv3 routing area, each route is singularly broadcasted as an external LSA. However, you can set a route on a router to make this route cover an address range. In this way, the size of the OSPFv3 link-state database can be reduced.
Users Manual of XGS-6350-12X8TR OSPFv3 uses three different kinds of management distances: inter-domain, inner-domain and exterior. The routes in a domain are called inner-domain routes; the routes to other domains are called inter-domain routes; the routes transmitted from other routing protocols are called the exterior routes. The default value of each kind of routes is 110. 54.3.
Users Manual of XGS-6350-12X8TR show ipv6 ospf neighbor Displays the information about OSPFv3 neighbors. show ipv6 ospf route Displays the routing information about OSPFv3. show ipv6 ospf topology Displays the OSPFv3 topology. show ipv6 ospf virtual-links Displays the virtual links of OSPFv3. debug ipv6 ospf Monitors all OSPFv3 behaviors. debug ipv6 ospf events Monitors the OSPFv3 events. debug ipv6 ospf ifsm Monitors the state machine of the OSPFv3 interface.
Users Manual of XGS-6350-12X8TR interface vlan 10 ipv6 address 2001: : 1/64 ipv6 enable ipv6 rip aaa enable ipv6 rip aaa split-horizon ipv6 ospf 90 area 0 ipv6 ospf cost 1 ! router ospfv3 90 router-id 1.1.1.1 redistribute rip ! router ripng aaa redistribute ospf 90 2. Configuring multiple OSPFv3 processes The following example shows that two OSPFv3 processes are created.
Users Manual of XGS-6350-12X8TR ! router ospfv3 110 router-id 2.2.2.2 ! Each interface can belong to many OSPFv3 processes, but if an interface belongs to multiple OSPFv3 processes each OSPFv3 process must correspond to different instances. 3. Complicated configuration example The following example shows how to configure multiple routers in a single OSPFv3 autonomous system.
Users Manual of XGS-6350-12X8TR ! ! router ospfv3 1 router-id 2.2.2.
Users Manual of XGS-6350-12X8TR ! R2: interface vlan 0 ipv6 enable ipv6 ospf 1 area 1 ! ! router ospfv3 1 router-id 2.2.2.
Users Manual of XGS-6350-12X8TR Configure the router according to the above-mentioned figure: R1: interface vlan 0 ipv6 address 101: : 1/64 ipv6 enable ipv6 ospf 1 area 1 ! interface vlan 1 ipv6 address 6: : 1/64 ipv6 enable ipv6 ospf 1 area 0 ! ipv6 route 2001: : /64 6: : 2 ! router ospfv3 1 router-id 200.200.200.1 area 1 virtual-link 200.200.200.
Users Manual of XGS-6350-12X8TR Browsing the state of the OSPFv3 neighbor: R1#show ipv6 ospf neighbor OSPFv3 Process (1) Neighbor ID Pri State Dead Time Interface Instance ID 200.200.200.2 1 Full/DR 00: 00: 35 VLAN0 200.200.200.2 1 Full/ - 00: 00: 36 VLINK1 0 0 R2#show ipv6 ospf neighbor OSPFv3 Process (1) OSPFv3 Process (1) Neighbor ID Pri State Dead Time Interface Instance ID 200.200.200.1 1 Full/Backup 00: 00: 36 200.200.200.
Users Manual of XGS-6350-12X8TR is directly connected, L, VLAN1 C ff00: : /8[2] is directly connected, L,Null0 R2#show ipv6 route O 6: : /64[1] [110,20] via fe80: C 101: : 4: : 2e0: fff: fe26: 2d98(on VLAN0) fff: fe26: 2d98(on VLAN0) /64[1] is directly connected, C, VLAN0 O 101: : 1/128[1] [110,10] via fe80: C 101: : 4: : 2e0: 2/128[1] is directly connected, L, VLAN0 C 888: : /64[1] is directly connected, C, VLAN1 C 888: : 8/128[1] is directly connected, L, VLAN1 O
Users Manual of XGS-6350-12X8TR Chapter 55. BFD Configuration Overview BFD (Bidirectional Forwarding Detection) is a set of all-net uniform detection mechanism used for rapid detection and monitoring of link or IP routing forwarding connectivity. To improve the performance of existing networks, communication troubles can be detected rapidly between neighboring protocols so that a standby communication channel can be quickly established.
Users Manual of XGS-6350-12X8TR of BFD control packets on the local end cannot be modified until the packets reset by the peer's F field are received, which ensures that the detection time is lengthened on the peer before the increase of the transmission interval of BFD control packets on the local end. Otherwise, the detection timer on the peer may time out.
Users Manual of XGS-6350-12X8TR 55.2.4 Enabling Port BFD Authentication Port BFD authentication is not activated by default. Authentication configuration takes immediate effect before BFD neighbor is up, and the two terminals of a link on which BFD detection is conducted can be up only when their BFD authentication configurations are same.
Users Manual of XGS-6350-12X8TR interface vlan1 ip address 1.1.1.2 255.255.255.0 bfd enable no ip directed-broadcast ! router bgp 200 no synchronization bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.
Users Manual of XGS-6350-12X8TR Chapter 56. SNTP Configuration Overview 56.1.1 Stipulations 56.1.1.1 Format Stipulation in the Command Line Syntax Definition Stands for the keyword in the command line, which stays unchanged and must be entered without Bold any modification. It is presented as a bold in the command line. Stands for the parameter in the command line, which must be replaced by the actual value. It must be {italic} presented by the italic in the brace.
Users Manual of XGS-6350-12X8TR Setting the Grade of the SNTP Server Enabling the SNTP Server The local switch takes as the SNTP client: Setting the IP Address of the SNTP Server Setting the Interval of Browsing the SNTP Server Disabling the SNTP Server 56.2.3 SNTP Configuration 56.2.3.1 Setting the Grade of the SNTP Server Configuration mode: Global Command Purpose sntp master [Stratum] Sets the grade of the SNTP server. 56.2.3.
Users Manual of XGS-6350-12X8TR Chapter 57. Cluster Management Configuration Overview The switch cluster is a group of switches which can be managed as a single entity. In the cluster, there must be a switch worked as the command switch, which allows up to 255 switches simultaneously to join the cluster as member switches. As the single access node in the cluster, the command switch is used to configure, manage and monitor member switches. One switch belongs to only one cluster at a certain moment.
Users Manual of XGS-6350-12X8TR When planning the address pool, pay attention that the service addresses cannot be the same as those in the address pool; note that the address number in the address pool cannot be smaller than the maximum number of member switches in the cluster (including the command switch). 57.3.2 Creating Cluster A. Activating command switch Run the following command in global configuration mode to set the current switch to the command switch: B.
Users Manual of XGS-6350-12X8TR cluster hellotime<1-300> Configures the interval of sending hello message between the command switch and the member switch. C. Configuring holdtime If the member switch and the command switch do not receive the handshake message from the peer in an interval, they think the peer is in down state.
Users Manual of XGS-6350-12X8TR member switch is public@es6. 57.3.6 Using Web to Manage Cluster After the cluster is created, the http message can be transmitted between the member switch and the browser through the command switch. The detailed operation is to add prefix like “esN/” before the url. Suppose the IP of the command switch is 192.168.20.1, the url of the No.6 member switch is http: //192.168.20.1/es6/.
