User Manual SURPASS hiD 6615 S223/S323 R1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Important Notice on Product Safety Elevated voltages are inevitably present at specific points in this electrical equipment. Some of the parts may also have elevated operating temperatures. Non-observance of these conditions and the safety instructions can result in personal injury or in property damage. Therefore, only trained and qualified personnel may install and maintain the system. The system complies with the standard EN 60950-1 / IEC 60950-1.
User Manual SURPASS hiD 6615 S223/S323 R1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 This document consists of a total 381 pages. All pages are issue 2. Contents 4 1 1.1 1.2 1.3 1.4 1.5 1.6 Introduction ....................................................................................................... 20 Audience........................................................................................................... 20 Document Structure..........................................................................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.2 4.2.3 4.2.4 4.2.4.1 4.2.4.2 4.2.4.3 4.2.4.4 4.2.5 4.2.5.1 4.2.5.2 4.2.5.3 4.2.5.4 4.2.6 4.2.7 4.2.8 4.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7 4.3.8 4.4 4.4.1 4.4.1.1 4.4.1.2 4.4.1.3 4.4.1.4 4.4.1.5 4.4.2 4.4.2.1 4.4.2.2 4.4.2.3 4.5 4.5.1 4.5.1.1 4.5.1.2 4.5.1.3 4.5.1.4 4.5.1.5 4.5.1.6 4.5.1.7 4.5.1.8 4.5.2 4.5.2.1 4.5.2.2 4.5.2.3 4.5.2.4 4.5.3 A50010-Y3-C150-2-7619 UMN:CLI Authentication Interface......................................................
UMN:CLI 6 User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5.4 4.5.5 4.5.6 4.5.7 Applying Default Value...................................................................................... 70 Displaying 802.1x Configuration....................................................................... 70 802.1x User Authentication Statistic ................................................................. 70 Sample Configuration .....................................................................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.3.8 6.3.9 6.3.10 6.3.11 6.3.12 6.3.13 6.3.14 6.3.15 6.3.16 6.3.17 IP ICMP Source-Routing ...................................................................................97 Tracing Packet Route ........................................................................................98 Displaying User Connecting to System .............................................................99 MAC Table .....................
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.3.3 7.3.4 7.3.5 7.3.6 7.4 7.4.1 7.4.1.1 7.4.1.2 7.4.1.3 7.4.1.4 7.4.1.5 7.4.1.6 7.4.1.7 7.4.2 7.4.2.1 7.4.2.2 7.4.2.3 7.4.2.4 7.4.2.5 7.4.2.6 7.4.2.7 7.4.2.8 7.4.2.9 7.4.2.10 7.4.3 7.4.3.1 7.4.3.2 7.4.3.3 7.4.3.4 7.4.3.5 7.4.3.6 7.4.3.7 7.5 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.2.1 7.6.2.2 7.6.2.3 7.6.2.4 7.6.2.5 7.6.2.6 7.6.2.7 7.6.3 8 Basic TLV..................................................................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 7.6.3.1 7.6.3.2 7.6.3.3 7.6.3.4 7.6.3.5 7.6.4 7.6.4.1 7.6.4.2 7.6.4.3 7.6.4.4 7.6.4.5 7.6.4.6 7.6.4.7 7.7 7.8 7.9 7.9.1 7.10 7.10.1 7.10.2 7.11 7.12 7.12.1 7.12.2 7.12.3 7.12.4 7.12.5 7.13 7.13.1 7.13.1.1 7.13.1.2 7.13.2 7.13.3 7.13.4 7.13.5 7.14 7.14.1 7.14.2 7.14.3 7.14.4 7.15 7.15.1 7.15.2 7.16 7.16.1 7.16.1.1 7.16.1.2 7.16.2 7.17 Scheduling Algorithm.......................................................................................
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1 8.1.1 8.1.1.1 8.1.1.2 8.1.1.3 8.1.1.4 8.1.1.5 8.1.2 8.1.3 8.1.4 8.1.5 8.1.6 8.1.7 8.1.8 8.1.8.1 8.1.8.2 8.1.8.3 8.1.9 8.1.9.1 8.1.9.2 8.1.10 8.1.11 8.2 8.2.1 8.2.1.1 8.2.1.2 8.2.1.3 8.2.2 8.2.2.1 8.2.2.2 8.2.2.3 8.2.2.4 8.2.2.5 8.2.2.6 8.2.2.7 8.2.2.8 8.2.2.9 8.3 8.3.1 8.3.2 8.3.3 8.3.4 8.3.5 8.3.5.1 8.3.5.2 8.3.5.3 8.3.5.4 8.3.5.5 8.3.5.6 8.3.5.7 8.3.5.8 10 VLAN ......................................................................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.5.9 8.3.6 8.3.6.1 8.3.6.2 8.3.6.3 8.3.6.4 8.3.7 8.3.8 8.3.9 8.3.9.1 8.3.9.2 8.3.9.3 8.3.9.4 8.3.9.5 8.3.9.6 8.3.9.7 8.3.9.8 8.3.10 8.4 8.4.1 8.4.1.1 8.4.1.2 8.4.1.3 8.4.1.4 8.4.1.5 8.4.1.6 8.4.1.7 8.5 8.5.1 8.5.2 8.6 8.6.1 8.6.2 8.7 8.8 8.8.1 8.8.1.1 8.8.1.2 8.8.1.3 8.8.1.4 8.8.1.5 8.8.1.6 8.8.1.7 8.8.1.8 8.8.1.9 8.8.1.10 8.8.1.11 8.8.1.12 8.8.1.13 8.8.1.14 8.8.1.15 A50010-Y3-C150-2-7619 UMN:CLI Displaying Configuration ....................................
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.1.16 8.8.1.17 8.8.2 8.8.2.1 8.8.2.2 8.8.2.3 8.8.2.4 8.8.2.5 8.8.3 8.8.3.1 8.8.3.2 8.8.3.3 8.8.4 8.8.4.1 8.8.4.2 8.8.5 8.8.5.1 8.8.5.2 8.8.5.3 8.8.5.4 8.8.5.5 8.8.6 8.8.6.1 8.8.6.2 8.8.6.3 8.8.6.4 8.8.6.5 8.8.6.6 8.8.6.7 8.8.6.8 8.8.7 8.8.7.1 8.8.7.2 8.8.7.3 8.8.7.4 8.8.7.5 8.8.7.6 8.8.7.7 8.8.8 8.8.8.1 8.8.8.2 8.8.8.3 8.8.9 8.8.9.1 8.8.9.2 8.8.10 8.9 8.9.1 8.9.2 8.9.3 8.9.3.1 12 DHCP Packet Statistics ...............................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 8.9.3.2 8.9.3.3 8.9.3.4 8.9.3.5 8.9.3.6 8.9.3.7 8.9.3.8 8.9.3.9 8.9.3.10 8.10 8.10.1 8.10.2 8.10.3 8.10.4 8.10.5 8.10.6 8.11 8.12 8.13 8.14 RM Node .........................................................................................................268 Port of ERP domain.........................................................................................268 Protected VLAN...........................................................................
UMN:CLI 14 User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.5.5 9.2.5.6 9.2.6 9.2.6.1 9.2.6.2 9.2.6.3 9.2.7 9.2.7.1 9.2.7.2 9.2.7.3 9.2.7.4 9.2.7.5 9.2.8 9.2.8.1 9.2.8.2 9.2.8.3 9.2.8.4 9.2.8.5 9.2.9 9.3 9.3.1 9.3.1.1 9.3.1.2 9.3.1.3 9.3.1.4 9.3.1.5 9.3.2 9.3.3 9.3.4 9.3.4.1 9.3.4.2 9.3.4.3 9.3.4.4 9.3.5 9.3.5.1 9.3.5.2 9.3.5.3 9.3.5.4 9.3.5.5 9.3.6 9.3.7 9.3.8 9.3.8.1 9.3.8.2 9.3.8.3 9.3.9 9.3.10 9.3.11 Mrouter Port.........................................................................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.1 10.1.1.1 10.1.1.2 10.1.1.3 10.1.2 10.1.2.1 10.1.2.2 10.1.2.3 10.1.2.4 10.1.2.5 10.1.3 10.1.4 10.1.4.1 10.1.4.2 10.1.4.3 10.1.4.4 10.1.5 10.1.5.1 10.1.5.2 10.1.5.3 10.1.5.4 10.1.5.5 10.1.6 10.2 10.2.1 10.2.2 10.2.3 10.2.4 10.2.4.1 10.2.4.2 10.2.4.3 10.2.4.4 10.2.4.5 10.2.4.6 10.2.4.7 10.2.4.8 10.2.5 10.2.6 10.2.6.1 10.2.6.2 10.2.6.3 10.2.6.4 10.2.6.5 10.2.6.6 10.2.6.7 10.2.6.8 10.2.7 10.2.8 10.2.9 10.2.10 10.2.
UMN:CLI 16 User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.12 10.2.13 10.2.14 10.2.15 10.2.16 10.2.17 10.2.18 10.2.18.1 10.2.18.2 10.2.18.3 10.2.18.4 10.3 10.3.1 10.3.2 10.3.3 10.3.4 10.3.5 10.3.6 10.3.7 10.3.8 10.3.9 10.3.9.1 10.3.9.2 10.3.9.3 10.3.10 10.3.11 10.3.12 10.3.13 10.3.14 10.3.15 10.3.16 External Routes to OSPF Network ................................................................. 353 OSPF Distance ..........................................................................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Illustrations Fig. 2.1 Fig. 3.1 Fig. 4.1 Fig. 4.2 Fig. 5.1 Fig. 5.2 Fig. 6.1 Fig. 6.2 Fig. 7.1 Fig. 7.2 Fig. 7.3 Fig. 7.4 Fig. 8.1 Fig. 8.2 Fig. 8.3 Fig. 8.4 Fig. 8.5 Fig. 8.6 Fig. 8.7 Fig. 8.8 Fig. 8.9 Fig. 8.10 Fig. 8.11 Fig. 8.12 Fig. 8.13 Fig. 8.14 Fig. 8.15 Fig. 8.16 Fig. 8.17 Fig. 8.18 Fig. 8.19 Fig. 8.20 Fig. 8.21 Fig. 8.22 Fig. 8.23 Fig. 8.24 Fig. 8.25 Fig. 8.26 Fig. 8.27 Fig. 8.28 Fig. 8.29 Fig. 8.30 Fig. 8.31 Fig. 8.32 Fig. 8.33 Fig. 8.34 Fig.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Fig. 8.38 Fig. 8.39 Fig. 9.1 Fig. 9.2 Fig. 9.3 Fig. 9.4 Fig. 9.5 Fig. 9.6 Fig. 9.7 18 Ring Recovery ............................................................................................. 267 Example of Stacking.................................................................................... 270 IGMP Snooping Configuration Network ...................................................... 278 PIM-SM Configuration Network...........................
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Tables Tab. 1.1 Tab. 1.2 Tab. 3.1 Tab. 3.2 Tab. 3.3 Tab. 3.4 Tab. 3.5 Tab. 3.6 Tab. 3.7 Tab. 3.8 Tab. 3.9 Tab. 3.10 Tab. 3.11 Tab. 3.12 Tab. 3.13 Tab. 6.1 Tab. 6.2 Tab. 6.3 Tab. 6.4 Tab. 7.1 Tab. 7.2 Tab. 7.3 Tab. 7.4 Tab. 8.1 Tab. 8.2 Tab. 8.3 A50010-Y3-C150-2-7619 Overview of Chapters.....................................................................................20 Command Notation of Guide Book ..................................................
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 1 Introduction 1.1 Audience This manual is intended for SURPASS hiD 6615 S223/S323 single-board Fast Ethernet switch operators and maintenance personnel for providers of Ethernet services. This manual assumes that you are familiar with the following: • Ethernet networking technology and standards • Internet topologies and protocols • Usage and functions of graphical user interfaces. 1.2 Document Structure Tab. 1.
User Manual SURPASS hiD 6615 S223/S323 R1.5 1.3 UMN:CLI Document Convention This guide uses the following conventions to convey instructions and information. Information i This information symbol provides useful information when using commands to configure and means reader take note. Notes contain helpful suggestions or references. Warning ! 1.4 This warning symbol means danger. You are in a situation that could cause bodily injury or broke the equipment.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 1.6 GPL/LGPL Warranty and Liability Exclusion The Siemens product, SURPASS hiD 6615, contains both proprietary software and “Open Source Software”. The Open Source Software is licensed to you at no charge under the GNU General Public License (GPL) and the GNU Lesser General Public License (LGPL). This Open Source Software was written by third parties and enjoys copyright protection.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 2 System Overview SURPASS hiD 6615 L3 switch is typical Layer 3 switch intended to construct large-scale network, which provides aggregated function of upgraded LAN network consisted of typical Ethernet switch. Layer 3 switch can connect to PC, web server, LAN equip-ment, backbone equipment, or another switch through various interfaces.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 2.1 System Features Main features of hiD 6615 S223/S323, having Fast Ethernet switch and Layer 3 switching function which supports both Ethernet switching and IP routing, are follow. ! Routing functionalities such as RIP, OSPF, BGP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) VLAN Virtual Local Area Network (VLAN) is made by dividing one network into several logical networks.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI DHCP The hiD 6615 S223/S323 supports DHCP (Dynamic Host Control Protocol) Server that automatically assigns IP address to clients accessed to network. That means it has IP address pool, and operator can effectively utilize limited IP source by leasing temporary IP address. In layer 3 network, DHCP request packet can be sent to DHCP server via DHCP relay and Option 82 function.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 RADIUS and TACACS+ hiD 6615 S223/S323 supports client authentication protocol, that is RADIUS(Remote Authentication Dial-In User Service) and TACACS+(Terminal Access Controller Access Control System Plus). Not only user IP and password registered in switch but also authentication through RADIUS server and TACACS+ server are required to access. Therefore, security of system and network management is strengthened.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 3 Command Line Interface (CLI) This chapter describes how to use the Command Line Interface (CLI) which is used to configure the hiD 6615 S223/S323 system. • • 3.1 Command Mode Useful Tips Command Mode You can configure and manage the hiD 6615 S223/S323 by console terminal that is installed on user’s PC. For this, use the CLI-based interface commands. Connect RJ45-toDB9 console cable to the hiD 6615 S223/S323.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Fig. 3.1 shows hiD 6615 S323 software mode structure briefly. Fig. 3.
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.1 UMN:CLI Privileged EXEC View Mode When you log in to the switch, the CLI will start with Privileged EXEC View mode that is a read-only mode. In this mode, you can see a system configuration and information with several commands. Tab. 3.1 shows main command of Privileged EXEC View mode. Command enable Opens Privileged EXEC Enable mode. exit Logs out the switch. show Shows a system configuration and information. Tab. 3.1 3.1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Tab. 3.3 shows a couple of important main commands of Global Configuration mode. Command access-list Configures policy to limit routing information on the standard of AS. arp Registers IP address and MAC address in ARP table. bgp Helps BGP configuration. bridge Opens Bridge Configuration mode. copy Makes a backup file for the configuration of the switch. dot1x Configures various functions of 802.1x daemon.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Tab. 3.4 shows a couple of main commands of Bridge Configuration mode. Command auto-reset Configures the system for automatic rebooting dhcp-server-filter Configures packet filtering of DHCP server. erp Configures ERP function lacp Configures LACP function. lldp Configures LLDP function mac Manages MAC address mac-flood-guard Configures mac-flood-guard. mirror Configures mirroring function.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.6 DHCP Configuration Mode To open DHCP Configuration mode, use the command, ip dhcp pool POOL, on Global Configuration mode as follow. Then the prompt is changed from SWITCH(config)# to SWITCH(config-dhcp[POOL])#. Command ip dhcp pool POOL Mode Global Description Opens DHCP Configuration mode to configure DHCP. DHCP Configuration mode is to configure range of IP address used in DHCP server, group in subnet, and default gateway of subnet.
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.8 UMN:CLI Interface Configuration Mode To open Interface Configuration mode, enter the command, interface INTERFACE, on Global Configuration mode, and then the prompt is changed from SWITCH(config)# to SWITCH(config-if)#. Command Mode interface INTERFACE Global Description Opens Interface Configuration mode. Interface Configuration mode is to assign IP address in Ethernet interface and to activate or deactivate interface. Tab. 3.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.10 Router Configuration Mode To open Router Configuration mode, use the following command. The system prompt is changed from SWITCH(config)# to SWITCH(config-router)#. ! Command Mode router IP-PROTOCOL Global Description Opens Router Configuration mode. Routing functionalities such as RIP, OSPF, BGP, VRRP and PIM-SM are only available for hiD 6615 S323.
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.12 UMN:CLI Route-Map Configuration Mode To open Route-map Configuration mode, use the following command. The prompt is changed from SWITCH(config)# to SWITCH(config-route-map)#. Command route-map NAME {permit | deny} <1-65535> Mode Global Description Opens Route-map Configuration mode. On Route-map Configuration mode, you can configure the place where information is from and sent in routing table. Tab. 3.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 3.2 Useful Tips This section provides useful functions for user’s convenience while using CLI commands. They are as follow. • Listing Available Commands • Calling Command History • Using Abbreviation • Using Command of Privileged EXEC Enable Mode • Exit Current Command Mode 3.2.1 Listing Available Commands To list available commands, input question mark >.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Command Mode Description Shows available commands of the current mode. show list All show cli Shows available commands of the current mode with tree structure. The following is an example of displaying list of available commands of Privileged EXEC Enable mode.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 After using these commands in order: show clock → configure terminal → interface 1 → exit, press the arrow key <↑> and then you will see the commands from latest one: exit → interface 1 → configure terminal → show clock.
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.2.5 UMN:CLI Exit Current Command Mode To exit to the previous command mode, use the following command. Command exit end ! Mode All Description Exits to the previous command mode. Exits to Privileged EXEC enable mode.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4 System Connection and IP Address 4.1 System Connection After installing switch, the hiD 6615 S223/S323 is supposed to examine that each port is rightly connected to network and management PC. And then, user connects to system to configure and manage the hiD 6615 S223/S323. This section provides instructions how to change password for system connection, connect to system through telnet as the following order.
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.1.2 UMN:CLI Password for Privileged EXEC Mode You can configure a password to enhance the security for Privileged EXEC Enable mode. To configure a password for Privileged EXEC Enable mode, use the following command. Command passwd enable PASSWORD Mode Configures a password to begin Privileged EXEC EnGlobal able mode. Configures an encrypted password. passwd enable 8 PASSWORD ! Description password enable does not support encryption at default value.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To disable password encryption, use the following command. 4.1.3 Command Mode no service password-encryption Global Description Disables password encryption. Changing Login Password To configure a password for created account, use the following command. Command passwd [NAME] Mode Global Description Configures a password for created account. The following is an example of changing password.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To delete the created account, use the following command. Command user del NAME Mode Global Description Delete the created account. To display the created account, use the following command. Command Enable/Global show user 4.1.4.2 Mode Description Shows the created account. Configuring Security Level For the hiD 6615 S223/S323, it is possible to configure the security level from 0 to 15 for a system account.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode Description privilege rmon-alarm level <0-15> {COMMAND | all} Uses the specific command of RMON Configuration privilege rmon-event level mode in the level. <0-15> {COMMAND | all} privilege rmon-history level Uses the specific command of RMON Configuration <0-15> {COMMAND | all} mode in the level. privilege route-map level <0-15> {COMMAND | all} Global Uses the specific command of Route-map Configuration mode in the level.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To delete a configured security level, use the following command. Command Mode Description Deletes all configured security levels.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To display a configured security level, use the following command. Command show privilege Mode Description View Shows a configured security level. Enable show privilege now Global Shows a security level of current mode. The following is an example of creating the system account test0 having a security level 10 and test1 having a security level 1 without password.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI leged EXEC Enable mode; however as level 1, it is possible to use not only the commands in level 1 but also time configuration commands in Privileged EXEC Enable mode and accessing commands to Global Configuration mode. 4.1.5 Limiting Number of User For hiD 6615 S223/S323, you can limit the number of user accessing the switch through both console port and telnet.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.1.7 Auto Log-out For security reasons of the hiD 6615 S223/S323, if no command is entered within the configured inactivity time, the user is automatically logged out of the system. Administrator can configure the inactivity timer. To enable auto-logout function, use the following command. Command Mode Description Enables auto log-out.
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.1.8.2 UMN:CLI Auto System Rebooting The hiD 6615 S223/S323 reboots the system according to user’s configuration. There are two basises for system rebooting. These are CPU and memory. CPU is rebooted in case CPU Load or Interrupt Load continues for the configured time. Memory is automatically rebooted in case memory low occurs as the configured times. To enable auto system rebooting function, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.1 Authentication Method To set the system authentication method, use the following command. Command Mode Description Set the system authentication method. local: authentication for console access remote: authentication for telnet access login {local | remote} {radius | tacacs | host | all} enable radius: selects RADIUS authentication. Global tacacs: selects TACACS+ authentication. host: selects nominal system authentication (default).
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.4 4.2.4.1 UMN:CLI RADIUS Server RADIUS Server for System Authentication To add/delete the RADIUS server for system authentication, use the following command. Command Mode Description Adds the RADIUS server with its information. login radius server A.B.C.D A.B.C.D: RADIUS server address KEY KEY: authentication key value Adds the RADIUS server with its information. Global login radius server A.B.C.D A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.4.4 Frequency of Retransmit If there is no response from RADIUS server, the hiD 6615 S223/S323 is supposed to retransmit an authentication request. To set the frequency of retransmitting an authentication request, use the following command. Command Mode login radius retransmit <1-10> 4.2.5 4.2.5.1 Global Description Sets the frequency of retransmit.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To specify a timeout value, use the following command. Command login tacacs timeout <1-100> 4.2.5.4 Mode Global Description Specifies a timeout value. 1-100: waiting-time for the response (default: 3) Additional TACACS+ Configuration The hiD 6615 S223/S323 provides several additional options to configure the system authentication via TACACS server.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.6 Accounting Mode The hiD 6615 S223/S323 provides the accounting function of AAA (Authentication, Authorization, and Accounting). Accounting is the process of measuring the resources a user has consumed. Typically, accounting measures the amount of system time a user has used or the amount of data a user has sent and received. To set an accounting mode, use the following command. Command Mode Description Sets an accounting mode.
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.8 UMN:CLI Sample Configuration [Sample Configuration 1] Configuration RADIUS server The following is an example of configuring authorization method in SURPASS hiD 6615. It is configured to add RADIUS to default method in case of clients connecting through console and telnet. And, the priority is given to RADIUS in case of clients connecting through console and to default method in case of clients connecting through telnet. Then, show the configuration.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 [Sample Configuration 2] Configuration TACACS+ server The following is an example of configuring authorization method as TACACS+. SWITCH(config)# user add user test1 Changing password for user Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. Enter new password:vertex Re-enter new password:vertex Password changed.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI place with TCP/IP through SNMP or telnet, it requires IP address. You can enable interface to communicate with switch interface on network and assign IP address as the following: • Enabling Interface • Disabling Interface • Assigning IP Address to Network Interface • Static Route and Default Gateway • Displaying Forwarding Information Base(FIB) Table • Forwarding Information Base(FIB) Retain • Displaying Interface • Sample Configuration 4.3.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.3.3 Assigning IP Address to Network Interface After enabling interface, you need to assign IP address. To assign IP address to specified network interface, use the following command. Command Mode Description Assigns IP address to an interface. ip address IP-ADDRESS/M Interface ip address IP-ADDRESS/M secondary Assigns secondary IP address to an interface. To disable the assigned IP address, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following is an example of configuring static route to reach three destinations, which are not directly connected. SWITCH(config)# ip route 100.1.1.0/24 10.1.1.2 SWITCH(config)# ip route 200.1.1.0/24 20.1.1.2 SWITCH(config)# ip route 172.16.1.0/24 30.1.1.2 To display configured static route, use the following command. Command show ip route {A.B.C.D Mode | A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.3.7 Displaying Interface To display interface status and configuration, use the following command. Command Mode Enable show interface [INTERFACE] Global Interface 4.3.8 Description Shows interface status and configuration. INTERFACE: interface name show ip interface [INTERFACE] Enable Shows brief information of interface.
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.4 UMN:CLI SSH (Secure Shell) Network security is getting more important according to using network has been generalized between users. However, typical FTP and telnet service has weakness for security. SSH (Secure Shell) is security shell for login. Through SSH, all data are encoded, traffic is compressed. So, transmit rate becomes faster, and tunnel for existing ftp and pop, which are not safe in security, is supported. 4.4.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.4.1.5 Assigning Specific Authentication Key After enabling ssh server, each client will upload generated key. The ssh server can assign specific key among the uploaded keys from several clients. To verify Authentication Key, use the following command. Command Mode Global ssh key verify FILENAME i 4.4.2 Description Verifys generated ssh key.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure authentication key in the hiD 6615 S223/S323, use the following command. Command Mode Description Configures authentication key. ssh keygen {rsa1 | rsa | dsa} Global rsa1: SSH ver. 1 public key for the authentication rsa: SSH ver. 2 public key for the authentication dsa: SSH ver. 2 public key for the authentication To configure authentication key and connect to SSH server with the authentication key, perform the following procedure.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5 802.1x Authentication To enhance security and portability of network management, there are two ways of authentication based on MAC address and port-based authentication which restrict clients attempting to access to port. The port-based authentication (802.1x) decides to give access to RADIUS server having the information about user who tries to access. 802.1x authentication adopts EAP (Extensible Authentication Protocol) structure.
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5.1 4.5.1.1 UMN:CLI 802.1x Authentication Enabling 802.1x To configure 802.1x, the user should enable 802.1x daemon first. In order to enable 802.1x daemon, use the following command. Command Mode dot1x system-auth-control Global no dot1x system-auth-control 4.5.1.2 Description Enables 802.1x daemon. Disables 802.1x daemon.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 After default server is designated, all requests start from the RADIUS server. If there’s no response from default server again, the authentication request is tried for RADIUS server designated as next one. To configure IP address of RADIUS server and key value, use the following command. Command Mode Description Registers RADIUS server with key value and UDP port of radius server.
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5.1.4 UMN:CLI Authentication Port After configuring 802.1x authentication mode, you should select the authentication port. Command Mode dot1x nas-port PORTS Global no dot1x nas-port PORTS 4.5.1.5 Description Designates 802.1x authentication port. Disables 802.1x authentication port. Force Authorization The hiD 6615 S223/S323 can allow the users to request the access regardless of the authentication from RADIUS server.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5.1.7 Configuring Number of Request to RADIUS Server After 802.1x authentication configured as explained above and the user tries to connect with the port, the process of authentication is progressed among user’s PC and the equipment as authenticator and RADIUS server. It is possible to configure how many times the device which will be authenticator requests for authentication to RADIUS server.
User Manual SURPASS hiD 6615 S223/S323 R1.5 Command dot1x reauth-enable PORTS UMN:CLI Mode Global no dot1x reauth-enable PORTS 4.5.2.2 Description Enables 802.1x re-authentication. Disables 802.1x re-authentication. Configuring the Interval of Re-Authentication RAIDIUS server contains the database about the user who has access right. The database is real-time upgraded so it is possible for user to lose the access right by updated database even though he is once authenticated.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 the following command. Command dot1x reauthenticate PORTS 4.5.3 Mode Global Description Implement re-authentication regardless of the configured time interval. Initializing Authentication Status The user can initialize the entire configuration on the port. Once the port is initialized, the supplicants accessing to the port should be re-authenticated. Command dot1x initialize PORTS 4.5.
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5.7 UMN:CLI Sample Configuration The following is to show the configuration after configuring pot number 4 as the authentication port and registering IP address of authentication port and information of RADIUS server. SWTICH(config)# dot1x system-auth-control SWTICH(config)# dot1x nas-port 4 SWTICH(config)# dot1x port-control force-authorized 4 SWTICH(config)# dot1x radius-server host 10.1.1.1 auth-port 4 key test SWTICH(config)# show dot1x 802.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 PortAuthed |.......................................... MacEnable |...m...................................... MacAuthed |...u......................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 5 Port Configuration It is possible for user to configure basic environment such as auto-negotiate, transmit rate, and flow control of the hiD 6615 S223/S323 port. Also, it includes instructions how to configure port mirroring and port as basic. 5.1 Port Basic It is possible to configure default environment of port such as port state, speed.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode port medium PORT {sfp | rj45} Description Selects port type Bridge (Default: RJ45) To view the configuration of switch port type, use the following command. Command Mode Description Enable Shows port type Global show port medium Bridge 5.2 5.2.1 Ethernet Port Configuration Enabling Ethernet Port To enable/disable a port, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 5.2.2 UMN:CLI Auto-negotiation Auto-negotiation is a mechanism that takes control of the cable when a connection is established to a network device. Auto-negotiation detects the various modes that exist in the network device on the other end of the wire and advertises it own abilities to automatically configure the highest performance mode of interoperation.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure flow control of the Ethernet port, use the following command. Command Mode port flow-control PORTS {on | Description Bridge off} Configures flow control for a specified port, enter the port number. (default: off) The following is an example of configuring flow control to port 25.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 5.2.7 5.2.7.1 Traffic Statistics The Packets Statistics To display traffic statistic of each port or interface with MIB or RMON MIB data defined, use the following commands. Command Mode Description show port statistics avg-pkt Shows traffic statistics of average packet for a specified [PORTS] Ethernet port. show port statistics avg-pps Shows traffic statistics of average packet type for a Enable [PORTS] specified Ethernet port.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Otherwise, to clear all recorded statistics of port and initiate, use the following command. Command Mode Description Enable clear port statistics {PORTS | all} Global Clears all recorded port statistics. Bridge 5.2.7.2 The CPU statistics To display CPU statistics of Ethernet port, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 5.2.8 Port Status To display a port status, use the following command. Command Mode Description Shows configured state of port, enter the port number. show port PORTS Enable Global show port description [PORTS] Bridge show port module-info [PORTS] Shows port specific description (max. number of characters is 100), enter the port number. Shows port module information. The following is an example of displaying port information for port 1 to 12.
User Manual SURPASS hiD 6615 S223/S323 R1.5 Fig. 5.2 UMN:CLI Port Mirroring To configure port mirroring, designate mirrored ports and monitor port. Then enable port mirroring function. Monitor port should be connected to the watch program installed PC. You can designate only one monitor port but many mirrored ports for one switch. Step 1 Activate the port mirroring, using the following command. Command mirror enable Mode Bridge Description Activates port mirroring.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 4 To delete and modify the configuration, use the following command. Command Mode Description Deactivate monitoring. mirror disable Bridge mirror del PORTS [ingress | Delete a port from the mirrored ports. egress] Step 5 To disable monitoring function, use the following command. Command Mode Description Bridge no mirror monitor Disable port mirroring function. The following is an example of configuring port mirroring with a port.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 6 System Environment 6.1 Environment Configuration You can configure a system environment of the hiD 6615 S223/S323 with the following items: • • • • • • • • • • • 6.1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of setting system time and date as 10:20pm, July 4th, 2005. SWITCH# clock 06 Mar 2006 10:20 Mon, 6 Mar 2006 10:20:00 GMT+0000 SWITCH# 6.1.3 Time Zone The hiD 6615 S223/S323 provides three kinds of time zone, GMT, UCT and UTC. The time zone of the switch is predefined as GMT (Greenwich Mean Time). Also you can set the time zone where the network element belongs.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To display a configured NTP, use the following command. Command Mode Enable show ntp Global Description Shows a configured NTP function. The following is an example of configuring 203.255.112.96 as NTP server, running it and showing it. SWITCH(config)# ntp 203.255.112.96 SWITCH(config)# ntp start SWITCH(config)# show ntp ntp started ntp server 203.255.112.96 SWITCH(config)# The following is an example of releasing NTP and showing it.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 always correct and there won't be any subsequent time jumps after the initial correction. Unlike NTP, SNTP usually uses just one Ethernet Time Server to calculate the time and then it "jumps" the system time to the calculated time. It can, however, have back-up Ethernet Time Servers in case one is not available. To configure the switch in SNTP, use the following commands. Command Mode Specifies the IP address of the SNTP server.
User Manual SURPASS hiD 6615 S223/S323 R1.5 6.1.8 UMN:CLI Login Banner It is possible to set system login and log-out banner. Administrator can leave a message to other users with this banner. To set system login and log-out banner, use the following command. Command Mode Description Sets a banner before login the system. banner banner login Global Sets a banner when successfully log in the system. Sets a banner when failing to login the system.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode Global no dns 6.1.10 Description Deletes DNS server and domain name. Fan Operation In hiD 6615 S223/S323, it is possible to control fan operation. To control fan operation, use the following command. Command Mode fan operation {on | off} i 6.1.11 Global Description Configures fan operation. It is possible to configure to start and stop fan operation according to the system temperature. To configure this, refer the Section 6.1.12.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To show a configured threshold of CPU load, use the following command. Command Mode All show cpuload 6.1.12.2 Description Shows a configured threshold of CPU load. Port Traffic To set a threshold of port traffic, use the following command. Command threshold port Mode Sets a threshold of port traffic.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 6.1.12.4 System Temperature To set a threshold of system temperature, use the following command. Command Mode Description Sets a threshold of system temperature in the unit of threshold temp VALUE VALUE Global centigrade (°C). VALUE: Threshold temperature between -40 ~ 100 Deletes a configured threshold of system temperature. no threshold temp To show a configured threshold of system temperature, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 6.1.14 UMN:CLI Assigning IP Address of FTP Client Serveral IP addresses can be assigned on hiD 6615 S223/S323. But user can specify one source IP address connecting FTP server when the switch is a client. To configure FTP binding address as a source IP address when hiD 6615 S223/S323 as a client connects to FTP server, use the following command. Command Mode Binds a source IP address for connecting to FTP ftp bind-address A.B.C.D Global 6.2 server..
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example to display a configuration of syslog. SWITCH# show running-config syslog ! syslog start syslog output info local volatile syslog output info local non-volatile ! SWITCH# 6.2.2 Saving System Configuration If you change a configuration of the system, you need to save the changes in the system flash memory. To save all changes of the system, use the following command. Command write memory ! 6.2.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To back up a system configuration file using FTP or TFTP, use the following command. Command Description copy {ftp | tftp} config upload Uploads a file to ftp or fttp server with a name config- {FILE-NAME | startup-config} ured by user. copy {ftp | tftp} config download Downloads a file from ftp or fttp server with a name {FILE-NAME | startup-config} copy {ftp | tftp} os upload {os1 | i Mode Enable configured by user.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 i After restoring a default configuration, you need to restart the system to initiate. The following is an example of restoring a default configuration of the system. SWITCH(config)# restore factory-defaults You have to restart the system to apply the changes SWITCH(config)# 6.3 System Management When there is any problem in the system, you must find what the problem is and its solution.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following is the basic information to operate ping test. Items Description Supports ping test. Default is IP. Protocol [ip] Target IP address Sends ICMP echo message by inputting IP address or host name of destination in order to check network status with relative. Repeat count [5] Sends ICMP echo message as many as count. Default is 5. Datagram size [100] Ping packet size. Default is 100 bytes.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is the information to use ping test for multiple IP addresses. Items Source address or interface Type of service [0]: Description Designates the address where the relative device should respond in source ip address. The service filed of QoS (Quality Of Service) in Layer 3 application. It is possible to designate the priority for IP Packet. Decides whether Don’t Fragment (DB) bit is applied to Ping packet or not. Default is no.
User Manual SURPASS hiD 6615 S223/S323 R1.5 6.3.2 UMN:CLI IP ICMP Source-Routing If you implement PING test to verify the status of network connection, icmp request arrives at the final destination as the closest route according to the routing theory. C D B Reply E Request A (hiD 6615) PING test to C The route for general PING test PC Fig. 6.1 Ping Test for Network Status In the above figure, if you perform ping test from PC to C, it goes through the route of 「A→B→C」. This is the general case.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To perform ping test as the route which the manager designated, use the following steps. Step 1 Enable IP source-routing function from the equipment connected to PC which the PING test is going to be performed. To enable/disable IP source-routing in the hiD 6615 S223/S323, use the following command. Command ip icmp source-route Mode Global no ip icmp source-route Description Enable IP source-routing function. Disable IP source-routing function.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following is an example of tracing packet route sent to 10.2.2.20. SWITCH# traceroute 10.2.2.20 traceroute to 10.2.2.20 (10.2.2.20), 30 hops max, 38 byte packets 1 10.2.2.20 (10.2.2.20) 0.598 ms 0.418 ms 0.301 ms SWITCH# 6.3.4 Displaying User Connecting to System To display current users connecting to the system from a remote place or via console interface, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 6.3.6 Configuring Ageing time SURPASS hiD 6615 records MAC Table to prevent Broadcast packets from transmitting. And unnecessary MAC address that does not response during specified time is deleted from the MAC table automatically. The specified time is called Ageing time. To specify the Ageing time, use the following command. Command mac aging-time Mode <10- Specifies the Ageing time. Bridge 21474830> 6.3.
User Manual SURPASS hiD 6615 S223/S323 R1.5 6.3.9 UMN:CLI System Memory Information To display a system memory status, use the following command. Command show memory show memory {bgp | dhcp | imi | lib | nsm | ospf | pim | rip} 6.3.10 Mode Enable Global Description Shows system memory information. Shows system memory information with a specific option. CPU packet limit To limit the packets of CPU, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of displaying information of the running processes. SWITCH# show process USER VSZ RSS TTY STAT START TIME COMMAND admin PID %CPU %MEM 1 0.2 0.2 1448 596 ? S 20:12 0:05 init [3] admin 2 0.0 0.0 0 0 ? S 20:12 0:00 [keventd] admin 3 0.0 0.0 0 0 ? SN 20:12 0:00 [ksoftirqd_CPU0] admin 4 0.0 0.0 0 0 ? S 20:12 0:00 [kswapd] admin 5 0.0 0.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI configure one of two as default OS what user wants. In hiD 6615 S223/S323, a system image saved in os1 is configured as default OS by default. To desgnate a default OS, use the following command. 6.3.16 Command Mode default-os {os1 | os2} Enable Description Desgnates default OS of switch. Switch Status To display temperature of switch, power status, and fan status, use the following command. Command 6.3.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7 Network Management 7.1 Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) system is consisted of three parts: SNMP manager, a managed device and SNMP agent. SNMP is an application-layer protocol that allows SNMP manager and agent stations to communicate with each other. SNMP provides a message format for sending information between SNMP manager and SNMP agent. The agent and MIB reside on the switch.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To display a configured SNMP community, use the following command. Command Mode Enable show snmp community Global Description Shows a created SNMP community. The following is an example of creating 2 SNMP communities.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.3 SNMP Com2sec SNMP v2 authorizes the host to access the agent according to the identity of the host and community name. The command, com2sec, specifies the mapping from the identity of the host and community name to security name. To configure an SNMP security name, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.5 UMN:CLI SNMP View Record You can create an SNMP view record to limit access to MIB objects with object identity (OID) by an SNMP manager. To configure an SNMP view record, use the following command. Command Mode Description Creates an SNMP view record. VIEW: view record name snmp view VIEW {included | excluded} OID [MASK] included: includes sub-tree. Global excluded: excludes sub-tree. OID: OID number MASK: Mask value (e.g. ff | ff.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To display a granted an SNMP group to access a specific SNMP view record, use the following command. Command show snmp access Mode Description Enable Shows a granted an SNMP group to access a specific Global SNMP view record The following is an example of permission to accessing an SNMP view record.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.8.1 UMN:CLI SNMP Trap Host To set an SNMP trap host, use the following command. Command Mode Description snmp trap-host IP-ADDRESS [COMMUNITY] snmp trap2-host IP-ADDRESS [COMMUNITY] Specifies IP address of an SNMP trap host. Global snmp inform-trap-host Specifies IP address of SNMP information trap host. IP-ADDRESS [COMMUNITY] i You need to configure an SNMP trap host with the snmp trap2-host command, if you manage the switch via the ACI-E.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.8.3 Enabling SNMP Trap The system provides various kind of SNMP trap, but it may inefficiently work if all these trap messages are sent very frequently. Therefore, you can select each SNMP trap sent to an SNMP trap host. i The system is configured to send all the SNMP traps as default. • • • • • • • • • authentication-failure is shown to inform wrong community is input when user trying to access to SNMP inputs wrong community.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Configures the system to send SNMP trap when no more IP address that can be assigned in the subnet of snmp trap dhcp-lease DHCP server is left. snmp trap fan Configures the system to send SNMP trap when the Global Configures the system to send SNMP trap when any snmp trap power problem occurs in power. Configures the system to send SNMP trap when there snmp trap module 7.1.8.4 fan begins to operate or stops. is any problem in module.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.8.5 Displaying SNMP Trap To display a configuration of SNMP trap, use the following command. Command Mode Enable show snmp trap Global Description Shows a configuration of SNMP trap. The following is an example of configuring IP address 10.1.1.1 as trap-host, 20.1.1.1 as trap2-host and 30.1.1.1 as inform-trap-host. SWITCH(config)# snmp trap-host 10.1.1.1 SWITCH(config)# snmp trap2-host 20.1.1.1 SWITCH(config)# snmp inform-trap-host 30.1.1.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.9.2 UMN:CLI Default Alarm Severity To configure a priority of alarm, use the following command. Command snmp alarm-severity Mode default {critical | major | minor | warning Global | intermediate} 7.1.9.3 Description Configures the priority of alarm. (default: minor) Alarm Severity Criterion You can set an alarm severity criterion to make an alarm be shown only in case of selected severity or higher.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.9.4 Generic Alarm Severity To configure generic alarm severity, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI If you want to delete a configured alarm severity, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode Description Sends alarm notification with the sever- snmp alarm-severity adva-if-trans-fault {criti- ity when ADVA informs to fail to transmit cal | major | minor | warning | intermediate} the packets. Sends alarm notification with the sever- snmp alarm-severity adva-psu-fail {critical | ity when ADVA informs there’s any major | minor | warning | intermediate} problem on the power.
User Manual SURPASS hiD 6615 S223/S323 R1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To display a configured severity of alarm, use the following commands. Command Mode Enable show snmp alarm-severity Global Description Shows a configured severity of alarm. To deletes a recorded alarm in the system, use the following command. Command Mode Enable snmp clear alarm-history Global Description Deletes a recorded alarm in the system. The following is an example of showing the transmitted alarm and delete the records.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.2 UMN:CLI Operation, Administration and Maintenance (OAM) In the enterprise, Ethernet links and networks have been managed via Simple Network Management Protocol (SNMP). Although SNMP provides a very flexible management solution, it is not always efficient and is sometimes inadequate to the task.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.2.2 Local OAM Mode To configure Local OAM, use the following command. Command oam local mode Mode {active | passive} PORTS i 7.2.3 Bridge Description Configures the mode of local OAM. Both request and loopback are possible for local OAM active. However, request or loopback is impossible for local OAM passive. OAM Unidirection When RX is impossible in local OAM, it is possible to send the information by using TX.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To display the information of peer host using OAM function, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is to configure to enable OAM loopback function through 25 port of the switch and operate once.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.3 UMN:CLI Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) is the function of transmitting data for network management for the switches connected in LAN according to IEEE 802.1ab standard. 7.3.1 LLDP Operation The hiD 6615 S223/S323 supporting LLDP transmits the management information between near switches. The information carries the management information that can recognize the switches and the function.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 In hiD 6615 S223/S323, the administrator can enable and disable basic TLV by selecting it. To enable basic TLV by selecting it, use the following command. Command Mode Description lldp enable PORTS {portdescrip- Selects basic TLV that is sent in the port.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.3.6 UMN:CLI Displaying LLDP Configuration To display LLDP configuration, use the following command. Command Mode Description show lldp config PORTS Enable Shows LLDP configuration. show lldp remote PORTS Global Show statistics for remote entries. show lldp statistics PORTS Bridge Shows LLDP operation and statistics. To delete an accumulated statistics on the port, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.4 Remote Monitoring (RMON) Remote Monitoring (RMON) is a function to monitor communication status of devices connected to Ethernet at remote place. While SNMP can give information only about the device mounted SNMP agent, RMON gives information about overall segments including devices. Thus, user can manage network more effectively.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI want to list available commands. The following is an example of listing available commands on RMON Configuration mode.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 i 7.4.1.5 1 sec is the minimum time which can be selected. But the minimum sampling interval currently is 30 sec, i.e., all intervals will be round up to a multiple of 30 seconds. Activating RMON History To activate RMON history, use the following command. Command Mode RMON active i 7.4.1.6 Description Activates RMON history. Before activating RMON history, check if your configuration is correct.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.4.2 UMN:CLI RMON Alarm There are two ways to compare with the threshold: absolute comparison and delta comparison. Absolute Comparison: Comparing sample data with the threshold at configured interval, if the data is more than the threshold or less than it, alarm is occurred Delta Comparison: Comparing difference between current data and the latest data with the threshold, if the data is more than the threshold or less than it, alarm is occurred.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.4.2.2 Object of Sample Inquiry User needs object value used for sample inquiry to provide RMON Alarm. The following is rule of object for sample inquiry. To assign object used for sample inquiry, use the following command. Command sample-variable MIB-OBJECT 7.4.2.3 Mode RMON Description Assigns MIB object used for sample inquiry.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.4.2.5 UMN:CLI Lower Bound of Threshold If you need to occur alarm when object used for sample inquiry is less than lower bound of threshold, you should configure lower bound of threshold. To configure lower bound of threshold, use the following command. Command falling-threshold NUMBER Mode RMON Description Configures lower bound of threshold.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure interval of sample inquiry for RMON alarm, use the following command. Command Mode sample-interval <0-65535> 7.4.2.8 RMON Description Configures interval of sample inquiry. (unit: second) Activating RMON Alarm After finishing all configurations, you need to activate RMON alarm. To activate RMON alarm, use the following command. Command Mode RMON active 7.4.2.9 Description Activates RMON alarm.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure community for trap message transmission, use the following command. Command Mode Description Configures password for trap message transmission community NAME RMON right. NAME: community name 7.4.3.2 Event Description It is possible to describe event briefly when event is happened. However, the description will not be automatically made. Thus administrator should make the description.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode RMON active 7.4.3.6 Description Activates RMON event. Deleting Configuration of RMON Event Before changing the configuration of RMON event, you should delete RMON event of the number and configure it again. To delete RMON event, use the following command. Command Mode no rmon-event <1-65535> 7.4.3.7 Global Description Delete RMON event of specified number. Displaying RMON Event To display RMON alarm, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.5 UMN:CLI Syslog The syslog is a function that allows the network element to generate the event notification and forward it to the event message collector like a syslog server. This function is enabled as default, so even though you disable this function manually, the syslog will be enabled again. This section contains the following contents.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Syslog Output Level with a Priority To set a user-defined syslog output level with a priority, use the following command. Command Mode Description syslog output priority {auth | authpriv | cron | daemon | kern | local1 | local2 | local3 | local4 | Generates a user-defined syslog mes- local5 | local6 | local7 | lpr | mail | news | sys- sage with a priority and forwards it to log | user | uucp} {emerg | alert | crit | err | the console.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following is an example of configuring syslog message to send all logs higher than notice to remote host 10.1.1.1 and configuring local1.info to transmit to console. SWITCH(config)# syslog output notice remote 10.1.1.1 SWITCH(config)# syslog output priority local1 info console SWITCH(config)# show syslog System logger on running! info 7.5.2 local volatile info local non-volatile notice remote 10.1.1.1 local1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.5.4 Debug Message for Remote Terminal To display a syslog debug message to a remote terminal, use the following command. Command terminal monitor Mode Enable no terminal monitor i 7.5.5 Description Enables a terminal monitor function. Disables a terminal monitor function. Terminal monitor is not possible to be operational in local console. Disabling Syslog To disable the syslog manually, use the following command. Command Global no syslog 7.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6 UMN:CLI Rule and QoS The hiD 6615 S223/S323 provides rule and QoS feature for traffic management. The rule classifies incoming traffic, and then processes the traffic according to user-defined policies. You can use the physical port, 802.1p priority (CoS), VLAN ID, DSCP, and so on to classify incoming packets. You can configure the policy in order to change some data fields within a packet or to relay packets to a mirror monitor by a “Rule” function.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.2 7.6.2.1 • Scheduling Algorithm To handle overloading of traffics, you need to configure differently processing orders of graphic by using scheduling algorithm. The hiD 6615 S223/S323 provides: – Strict Priority Queuing (SPQ) – Weighted Round Robin (WRR) – Weighted Fair Queuing (WFQ). • Queue Weight Queue weight can be used to additionally adjust the scheduling mode per queue in WRR or WFQ mode.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.2.3 UMN:CLI Packet Classification After configuring a packet classification for a rule, then configure how to process the packets. To specify a packet-classifying pattern, use the following command. ! When specifying a source and destination IP address as a packet-classifying pattern, the destination IP address must be after the source IP address.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode Description Classifies an IP protocol (ICMP): A.B.C.D: source/destination IP address ip {A.B.C.D | A.B.C.D/M | any} A.B.C.D/M: source/destination IP address with mask {A.B.C.D | A.B.C.D/M | any} icmp any: any source/destination IP address icmp: ICMP Classifies an IP protocol (ICMP): A.B.C.D: source/destination IP address ip {A.B.C.D | A.B.C.D/M | any} A.B.C.D/M: source/destination IP address with mask {A.B.C.D | A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.2.4 UMN:CLI Rule Action To specify a rule action (match) for the packets matching configured classifying patterns, use the following command. Command Mode Description match deny Denies a packet. match permit Permits a packet. Redirects to specified egress port: match redirect PORT PORT: uplink port number match mirror Sends a copy to mirror monitoring port. match dscp <0-63> Changes DSCP field, enter DSCP value. Changes 802.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a specified rule action (match), use the following command. Command Mode Description no match deny no match permit no match redirect no match mirror no match dscp no match cos Rule Deletes a specified rule action.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To delete a specified rule action (no-match), use the following command. Command Mode Description no no-match deny no no-match redirect no no-match mirror no no-match dscp Rule Deletes a specified rule action. no no-match cos no no-match ip-prec no no-match copy-to-cpu 7.6.2.5 Applying Rule After configuring rule using the above commands, apply it to the system with the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.2.7 Displaying Rule The following command can be used to show a certain rule by its name, all rules of a certain type, or all rules at once sorted by rule type. Command Mode Shows a rule, enter a rule name. show rule NAME show rule Description NAME: rule name Enable Global Shows all rules sorted by type. show rule all Shows all rules and admin access rules sorted by type. show rule statistics Shows rule statistics.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.3.1 UMN:CLI Scheduling Algorithm To process incoming packets by the queue scheduler, the hiD 6615 S223/S323 provides the scheduling algorithm as Strict Priority Queuing (SP), Weighted Round Robin (WRR) and Weighted Fair Queuing (WFQ). Weighted Round Robin (WRR) WRR processes packets as much as weight. Processing the packets that have higher priority is the same way as strict priority queuing.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Weighted Fair Queuing Fig. 7.2 Strict Priority Queuing (SP) SPQ processes first more important data than the others. Since all data are processed by their priority, data with high priority can be processed fast but data without low priority might be delayed and piled up. This method has a strong point of providing the distinguished service with a simple way.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To select a packet scheduling mode, use the following command. Command Mode Description Selects a packet scheduling mode for a ports: qos scheduling-mode {sp | wrr} sp: strict priority queuing Global Selects a scheduling mode for handling CPU packets qos cpu scheduling-mode sp i 7.6.3.2 wrr: weighted round robin sp: strict priority queuing The default scheduling mode is WRR. And it is possible to assign a different scheduling mode to each port.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To define an 802.1p priory-to-queue map for 8 queues, use the following command. Command Mode Description Priority to queue number mapping, priority value (0-7) according to 802.1p: 0 = lowest: best effort (be) 1: background (bg) 2: spare (spare) qos map <0-7> <0-3> Global 3: excellent effort (ee) 4: controlled load (cl) 5: video (video) 6: voice (voice) 7: network control (ctrl) Queue value: 0-3: queue number 7.6.3.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.4.1 UMN:CLI Rule Creation For the hiD 6615 S223/S323, you need to open Admin Access Rule Configuration mode first. After opening Admin Access Rule Configuration mode, the prompt changes from SWITCH(config)# to SWITCH(config-admin-rule[NAME])#. To open Rule Configuration mode, use the following command. Command rule NAME create admin Mode Global Description Opens Admin Access Rule Configuration mode, enter rule name.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.4.3 Packet Classification After configuring a packet classification for a rule, then configure how to process the packets. To specify a packet-classifying pattern, use the following command. ! When specifying a source and destination IP address as a packet-classifying pattern, the destination IP address must be after the source IP address. Command Mode Description Classifies an IP address: ip {A.B.C.D | A.B.C.D/M | any} A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.4.4 UMN:CLI Rule Action To specify a rule action (match) for the packets matching configured classifying patterns, use the following command. Command match deny Mode Admin-rule match permit Description Denies a packet. Permits a packet. To delete a specified rule action (match), use the following command. Command no match deny Mode Admin-rule Description Deletes a specified rule action.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 execution of command, apply. That is, if several rules being different only in one value should be created, then only the one changed value needs to be entered again. 7.6.4.6 Modifying and Deleting Rule To modify a rule, use the following command. Command rule NAME modify admin Mode Global Description Modifies an admin access rule, enter a rule name. To delete a rule, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.7 UMN:CLI NetBIOS Filtering NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network (LAN). NetBIOS is used in Ethernet, included as part of NetBIOS Extended User Interface (NetBEUI). Resource and information in the same network can be shared with this protocol. But the more computers are used recently, the more strong security is required.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of configuring NetBIOS filtering in port 1~5 and showing it. SWITCH(bridge)# netbios-filter 1-5 SWITCH(bridge)# show netbios-filter o:enable .:disable -------------------------1 2 12345678901234567890123456| -------------------------ooooo..................... -------------------------SWITCH(bridge)# 7.8 Martian Filtering It is possible to block packets, which trying to bring different source IP out from same network.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Command Mode Description Limits the number of connection to a port by setting max-hosts PORTS <1-16> maximum host: Bridge PORTS: enter the port number. 1-16: enter the maximum MAC number. Deletes configured max-host, enter the port number. no max-hosts PORTS The following is an example of configuring to allow two MAC addresses to port 3, and five addresses to port 1, 2, and to ten addresses to port 7.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure max new hosts, use the following command. Command max-new-hosts PORTS Mode The number of MAC address that can be learned on MAX- MAC-NUMBER Description Bridge the port for a second. max-new-hosts system PORTS The number of MAC address that can be learned on MAX-MAC-NUMBER the system for a second. To delete configured max new hosts, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Step 2 Set the maximum number of secure MAC address for the port. Command Mode port security PORTS maximum <1-16384> Description Sets a maximum number of secure MAC address for Bridge the port. 1-16384: Maximum number of addresses (default: 1) Step 3 Set the violation mode and the action to be taken. Command Mode port security PORTS violation {shutdown | protect | restrict} Bridge Description Selects a violation mode.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To display the configuration of port security, use the following command. Command Mode show port security [PORTS] Description Bridge Shows port security on the port. This is an example of configuring port security on port 7.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To disable the configuration of port secure aging, use the following command. Command Mode Description no port security PORTS aging Disables aging for only statistically configured secure static addresses. no port security PORTS aging time Bridge no port security PORTS aging Disables port secure aging for all secure addresses on a port. Returns to the default condition.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To remove registered dynamic MAC addresses from the MAC table, use the following command. Command Mode Description clear mac Clears dynamic MAC addresses. clear mac NAME Clears dynamic MAC addresses. Clears dynamic MAC addresses. clear mac NAME PORT Enable NAME: enter the bridge name. Global PORT: enter the port number. Bridge Clears dynamic MAC addresses. clear mac NAME PORT NAME: enter the bridge name.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.12 UMN:CLI MAC Filtering It is possible to forward frame to MAC address of destination. Without specific performance degradation, maximum 4,096 MAC addresses can be registered. 7.12.1 Default Policy of MAC Filtering The basic policy of filtering based on system is set to allow all packets for each port. However the basic policy can be changed for user’s requests.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode mac-filter add MACADDR Bridge {deny | permit} Description Allows or blocks packet which brings configured mac address to specified port. Variable MAC-ADDRESS is composed of twelve digits number in Hexa decimal. It is possible to check it by using the show mac command. 00:d0:cb:06:01:32 is an example of MAC address. 7.12.3 Deleting MAC Filter Policy To delete MAC filtering policy, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Sample Configuration The latest policy is recorded as number 1. The following is an example of permitting MAC address 00:02:a5:74:9b:17 and 00:01:a7:70:01:d2 and showing table of filter policy.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 7.13.1.1 Registering ARP Table The contents of ARP table are automatically registered when MAC address corresponds to MAC address is founded. The network administrator could use MAC address of specific IP address in Network by registering on ARP table. To make specific IP address to be accorded with MAC address, use the following command. Command Mode Description Sets a static ARP entry, enter the IP address and the MAC address. arp A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.13.2 UMN:CLI ARP Alias Although clients are joined in same client switch, it may be impossible to communicate between clients for their private security. When you need to make them communicate each other, the hiD 6615 S223/S323 supports ARP alias, which responses ARP request from client net through concentrating switch. To register address of client net range in ARP alias, use the following command. Command arp-alias A.B.C.D A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 You can configure the switch to perform additional checks on the destination MAC address, the sender and target IP address and the source MAC address. Command Mode Description Inspects specific check on incoming ARP packets. src-mac: checks the source MAC address. Packets with different MAC addresses are classified as invalid ip arp inspection validate {src- are dropped. mac | dst-mac | ip} dst-mac: checks the destination MAC address.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.13.4 UMN:CLI Gratuitous ARP Gratuitous ARP is a broadcast packet like an ARP request. It containing IP address and MAC address of gateway, and the network is accessible even though IP addresses of specific host’s gateway are repeatedly assigned to the other. Configure Gratuitous ARP interval and transmission count using following commands. And configure transmission delivery-start in order to transmit Gratuitous ARP after ARP reply.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Type Value Type Value ICMP_ECHOREPLY 0 ICMP_DEST_UNREACH 3 ICMP_SOURCE_QUENCH 4 ICMP_REDIRECT 5 ICMP_ECHO 8 ICMP_TIME_EXCEEDED 11 ICMP_PARAMETERPROB 12 ICMP_TIMESTAMP 13 ICMP_TIMESTAMPREPLY 14 ICMP_INFO_REQUEST 15 ICMP_INFO_REPLY 16 ICMP_ADDRESS 17 ICMP_ADDRESSREPLY 18 Tab. 7.2 ICMP Message Type The following figure shows simple ICMP message construction.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure interval to transmit ICMP message, the administrator should configure the type of message and the interval time. Use the following command, to configure the interval for transmit ICMP message. Command Mode ip icmp interval rate-mask MASK Global Description Configures the interval for transmit ICMP message. MASK: user should input hexadecimal value until 0xFFFFFFFF. The default is 0x1818.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure the limited ICMP transmission time, use the following command. Command ip icmp interval rate-limit INTERVAL i Mode Global Description Configures a limited ICMP transmission time. INTERVAL: 0-2000000000 (unit: 10 ms) The default ICMP interval is 1 second (100 ms). To return to default ICMP configuration, use the following command. Command ip icmp interval default Mode Global Description Returns to default configuration.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following is an example for configuring ICMP Redirect Message and checking the configuration. SWITCH(config)# show running-config (omitted) interface 1 ip address 222.121.68.247/24 ! ! ! SWITCH(config)# ip redirects SWITCH(config)# show running-config (omitted) interface 1 ip address 222.121.68.247/24 !! ip redirects ! ! SWITCH(config)# 7.14.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 help prevent that hackers can find impossible connections. To configure not to send the message that informs TCP connection can not be done, use the following command. Command Mode Configures to block the message that informs TCP ip tcp ignore rst-unknown Global no ip tcp ignore rst-unknown 7.15.2 Description connection can not be done. Responds the message again that informs TCP connection is not possible.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.16.1.1 UMN:CLI Packet Dump by Protocol You can see packets about BOOTPS, DHCP, ARP and ICMP using the following command. Command Mode Description debug packet {interface INTERFACE | port PORTS} protocol Shows packet dump by protocol. {bootps | dhcp | arp | icmp} {src- ip A.B.C.D | dest-ip A.B.C.D} debug packet {interface INTERFACE | port PORTS} host {src-ip Shows host packet dump. A.B.C.D | dest-ip A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Tab. 7.4 shows the options for packet dump. Option Description -a Change Network & Broadcast address to name. -d Change the complied packet-matching code to readable letters and close it -e Output link-level header of each line -f Output outer internet address as symbol Buffer output data in line. This is useful when other application tries to receive data from -l tcpdump. -n Do not translate all address (e.g.
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.16.2 UMN:CLI Debug Packet Dump The hiD 6615 S223/S323 provides network debugging function to prevent system overhead for unknown packet inflow. Monitoring process checks CPU load per 5 seconds. If there is more traffic than threshold, user can capture packets using TCP Dump and save it to file. User can download the dump file with the name of file-number.dump after FP connection to the system. Verify the dumped packet contents with a packet analyze promgram.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8 System Main Functions 8.1 VLAN The first step in setting up your bridging network is to define VLAN on your switch. VLAN is a bridged network that is logically segmented by customer or function. Each VLAN contains group of ports called VLAN members. On the VLAN network, packets received on a port are forwarded only to ports that belong to the same VLAN as the receiving port.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.1 UMN:CLI Port-Based VLAN The simplest implicit mapping rule is known as port-based VLAN. A frame is assigned to a VLAN based solely on the switch port on which the frame arrives. In the example depicted in Figure, frames arriving on ports 1 through 4 are assigned to VLAN 1, frame from ports 5 through 8 are assigned to VLAN 2, and frames from ports 9 through 12 are assigned to VLAN 3.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.1.1 Creating VLAN To configure VLAN on user’s network, use the following command. Command vlan create VLANS i 8.1.1.2 Mode Bridge Description Creates new VLAN by assigning VLAN ID: VLANS: enter the number of VLAN ID (from 1 to 4094). The variable VLANS is a particular set of bridged interfaces. Frames are bridged only among interfaces in the same VLAN. Specifying PVID By default, PVID 1 is specified to all ports. You can also configure PVID.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.1.5 UMN:CLI Displaying VLAN To display a configuration of VLAN, use the following command. Command Mode Enable show vlan [VLANS] Global Bridge 8.1.2 Description Shows the configuration for specific VLAN, enter VLAN ID. Protocol-Based VLAN User can use a VLAN mapping that associates a set of processes within stations to a VLAN rather than the stations themselves. Consider a network comprising devices supporting multiple protocol suites.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode vlan macbase MAC-ADDRESS <1-4094> no vlan Configure VLAN based on MAC address Bridge macbase MAC- Clears configured VLAN based on MAC address. ADDRESS 8.1.4 Description Subnet-based VLAN In order to configure VLAN based on Subnet, user should designate Subnet. use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Advantages Disadvantages VLAN association rules only need to be applied once. Tags can only be interpreted by VLAN aware devices. Only edge switches need to know the VLAN as- Edge switches must strip tags before forwarding sociation rules. frames to legacy devices or VLAN-unaware domains. Core switches can get higher performance by Insertion or removal of a tag requires recalculation of operating on an explicit VLAN identifier.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.8 QinQ QinQ or Double Tagging is one way for tunneling between networks Customer A Customer A VLAN 200 VLAN 641 T PVID 641 VLAN 200 U U T T T T Trunk Port Trunk Port Tunnel Port Tunnel Port T U U T VLAN 201 VLAN 201 T: Tagged U: Untagged Customer B Fig. 8.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI able of carrying double-tagged traffic. A trunk port is always connected to another trunk port on a different switch. Switching shall be performed between trunk ports and tunnels ports and between different trunk ports. 8.1.8.1 Double Tagging Operation Step 1 If there is no SPVLAN Tag on received packet, SPVLAN Tag is added.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 • • • • • 8.1.8.3 DT and HTLS cannot be configured at the same time. (If switch should operate as DT, HTSL has to be disabled.) TPID value of all ports on switch is same. Access Port should be configured as Untagged, and Uplink port as Tagged. Ignore all tag information of port which comes from untagged port (Access Port).
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI isolation. If you want to configure Private VLAN on the hiD 6615 S223/S323 switch, refer to Port Isolation configuration. 8.1.9.1 Port Isolation The Port Isolation feature is a method that restricts L2 switching between isolated ports in a VLAN. Nevertheless, flows between isolated port and non-isolated port are not restricted. If you use the port protected command, packet cannot be transmitted between protected ports.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Fig. 8.5 In Case External Packets Enter under Layer 2 environment (1) To transmit the untagged packet from uplink port to subscriber, a new VLAN should be created including all subscriber ports and uplink ports. This makes the uplink ports to recognize all other ports. FID helps this packet forwarding. FDB is MAC Address Table that recorded in CPU. FDB table is made of FID (FDB Identification).
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.10 UMN:CLI VLAN Translation VLAN Translation is simply an action of Rule. This function is to translate the value of specific VLAN ID which classified by Rule. The switch makes Tag adding PVID on Untagged packets, and use Tagged Packet as it is. That is, all packets are tagged in the Switch, and VLAN Translation is to change the VLAN ID value of Tagged Packet in the Switch. This function is to adjust traffic flow by changing the VLAN ID of packet.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 | 1 2 3 4 Name( VID| FID) |123456789012345678901234567890123456789012 ----------------------------------------------------------------default( 1| 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2( 2| 2) |.u........................................ br3( 3| 3) |..u....................................... br4( SWITCH(bridge)# 4| 4) |...u......................................
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI --------------------------------------------------------------| 1 2 3 4 Ethertype | VID |123456789012345678901234567890123456789012 --------------------------------------------------------------0x0800 5 .p........................................ 0x0900 6 ...p...................................... SWITCH(bridge)# With above configuration, the packets from port number 2 and 4 are decided according to the protocol.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Bandwidth with 1 port Enlarged bandwidth with many ports A logical port that can be made by aggregating a number of the ports. Fig. 8.7 Link Aggregation The hiD 6615 S223/S323 supports two kinds of link aggregation as port trunk and LACP. There’s a little difference in these two ways.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 enter. It is decided with Source IP address, Destination IP address, Source MAC address, Destination Mac address and the user could get information of packets to decided packet route. • • • • • • dstip: Destination IP address dstmac: Destination MAC address srcdstip: Refer to both Source IP address and Destination IP address srcdstmac: Refer to both Source MAC address and Destination MAC address srcip: Source IP address srcmac: Source MAC address.
User Manual SURPASS hiD 6615 S223/S323 R1.5 Configuring LACP Packet Route Operating Mode of Member Port Priority of Switch Identifying Member Ports within LACP BPDU Transmission Rate Key value of Member Port Priority Displaying LACP Configuration • • • • • • • • • 8.2.2.1 UMN:CLI Configuring LACP Step 1 Activate LACP function, using the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 • • • • • • i dstip: Destination IP address dstmac: Destination MAC address srcdstip: Runs by reference to both Source IP address and Destination IP address srcdstmac: Source MAC address and Destination MAC address srcip: Source IP address srcmac: Source MAC address. For the hiD 6615 S223/S323, srcdstmac (source MAC address and destination MAC address) is basically used to decide packet route.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.2.2.4 UMN:CLI Identifying Member Ports within LACP The port configured as member port is basically configured to aggregate to LACP. However, even though the configuration as member port is not released, they could operate as independent port without being aggregated to LACP. These independent ports cannot be configured as trunk port because they are independent from being aggregated to LACP under the condition of being configured as member port.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete key value of configured member port, use the following command. Command no lacp port admin-key PORTS 8.2.2.7 Mode Bridge Description Deletes key value of selected member port, select the member port number. Priority of Member Port To configure priority of LACP member port, use the following command. Command lacp port priority PORTS <165535> Mode Bridge Description Sets the LACP priority of member port, select the port number.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.2.2.9 UMN:CLI Displaying LACP Configuration To display a configured LACP, use the following command. Command Mode Shows the information of aggregated port. show lacp aggregator show lacp aggregator AGGREEnable GATIONS show lacp port Description Global Bridge Shows the information of selected aggregated port. Shows the information of member port. show lacp port PORTS Shows the information of appropriated member port.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3 Spanning-Tree Protocol (STP) LAN, which is composed of double-path like token ring, has the advantage that it is possible to access in case of disconnection with one path. However, there is another problem named Loop when you always use the double-path. Switch A Switch B PC-A Fig. 8.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Meanwhile, RSTP (Rapid Spanning-Tree Protocol) defined in IEEE 802.1w innovate reduces the time of network convergence on STP (Spanning-Tree Protocol). It is easy and fast to configure new protocol. Also, 802.1w includes 802.1d inside, so it can provide compatibility with 802.1d. For more detail description of STP and RSTP, refer to the following. • • • • • • • • • • 8.3.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 After configuring STP, these switches exchange their information. The priority of SWITCH A is 8, the priority of SWITCH B is 9 and the priority of SWITCH C is 10. In this case, SWITCH A is automatically configured as a root switch. Designated Switch After deciding a root switch, while SWITCH A transmits packets to SWITCH C, SWITCH A compares exchanged BPDU to decide the path. The most important information to decide path is the path-cost.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Designated Port and Root Port A Root Port is the port in the active topology that provides connectivity from the Designated Switch toward the root. A Designated Port is a port in the active topology used to forward traffic away from the root onto the link for which this switch is the Designated Switch. That is; except root port in each switch, selected port to communicate is designated port.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Port States Each port on a switch can be in one of five states. Listening BPDUs or timeout indicate Potential to become active Blocking BPDUs indicate port should not be active BPDUs indicate port should not be active Forwarding timer expired Learning Forwarding timer expired BPDUs indicate port should not be active Forwarding Disabled Fig. 8.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.2 UMN:CLI RSTP Operation STP or RSTP is configured on network where Loop can be created. However, RSTP is more rapidly progressed than STP at the stage of reaching to the last topology. This section describes how the RSTP more improved than STP works. It contains the below sections. • • • • Port States BPDU Policy Rapid Network Convergence Compatibility with 802.1d. Port States RSTP defines port states as discarding, learning, and forwarding.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 BPDU Policy 802.1d forwards BPDU following Hello-time installed in root switch and the other switch except root switch its own BPDU only when receiving BPDU from root switch. However, in 802.1w not only root switch but also all the other switches forward BPDU following Hellotime. BPDU is more frequently changed than the interval root switch exchanges, but with 802.1w it becomes faster to be master of the situation of changing network.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI ROOT 1. New link created Switch A 2. Transmit BPDU at listening state Switch B Switch C 3. Block to prevent loop BPDU Flow Fig. 8.16 Switch D Convergence of 802.1d Network This is very an epochal way of preventing a loop. The matter is that communication is disconnected during two times of BPDU Forward-delay till a port connected to switch D and SWITCH C is blocked.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 SWITCH A negotiates with root through BPDU. To make link between SWITCH A and root, port state of non-edge designated port of SWITCH is changed to blocking. Although SWITCH A is connected to root, loop will not be created because SWITCH A is blocked to SWITCH Band C. In this state, BPDU form root is transmitted to SWITCH B and C through SWITCH A. To configure forwarding state of SWITCH A, SWITCH A negotiates with SWITCH B and SWITCH C. ROOT 3.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI It is same with 802.1d to block the connection of SWITCH D and SWITCH C. However, 802.1w does not need any configured time to negotiate between switches to make forwarding state of specific port. So it is very fast progressed. During progress to forwarding state of port, listening and learning are not needed. These negotiations use BPDU. Compatibility with 802.1d RSTP internally includes STP, so it has compatibility with 802.1d.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Operation Here explains how STP/MSTP differently operates on the LAN. Suppose to configure 100 of VLAN from Switch A to B, C. In case of STP, there’s only a STP on all of VLAN and it does not provide multiple instances. While existing STP is a protocol to prevent Loop in a LAN domain establishes STP per VLAN in order to realize routing suitable to VLAN environment.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI In CST, A and B are the switches operating with STP and C, D and, E are those operating with MSTP. First, in CST, CIST is established to decide CST Root. After CST root is decided, the closest switch to CST root is decided as IST root of the region. Here, CST root in IST is IST root. Legacy 802.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.5 Configuring STP/RSTP/MSTP To configure STP and RSTP, use the following steps. Step 1 Decide STP mode using the stp force-version {stp | rstp} command. Step 2 Activate MST daemon using the stp mst enable command. Step 3 Configure detail options if specific commands are required. 8.3.5.1 Activating STP/RSTP/MSTP To enable/disable STP, RSTP, and MSTP in the force-version, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Transmit Rate Path-cost 4M 250 10M 100 100M 19 1G 4 10G 2 Tab. 8.2 STP Path-cost Transmit Rate Path-cost 4M 20,000,000 10M 2,000,000 100M 200,000 1G 20,000 10G 2,000 Tab. 8.3 RSTP Path-cost When the route decided by path-cost gets overloading, you would better take another route. Considering these situations, it is possible to configure path-cost of root port so that user can configure route manually.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.5.5 MST Region If MSTP is established in the hiD 6615 S223/S323, decide which MST region the switch is going to belong to by configuring MST configuration ID. Configuration ID contains region name, revision, VLAN map. To set configuration ID, use the following command. Command Mode Description Designate the name for the region: name: set the MST region name. stp mst config-id name NAME NAME: enter name to give the MST region.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.5.6 UMN:CLI MSTP Protocol MSTP protocol has a backward compatibility. MSTP is compatible with STP and RSTP. If some other bridge runs with STP mode and send BPDU version of STP or RSTP, MSTP automatically changes to STP mode. STP mode can not be changed to MSTP mode automatically. If administrator wants to change network topology to MSTP mode, administrator has to clear previous detected protocol manually.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete the edge port mode, use the following command. Command no stp edge-port PORTS 8.3.5.9 Mode Bridge Description Deletes port edge mode: PORTS: select the port number. Displaying Configuration To display the configuration after configuring STP, RSTP, and MSTP, use the following command. Command Mode Description Shows the configuration of STP/RSTP/MSTP.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.6 UMN:CLI Configuring PVSTP/PVRSTP STP and RSPT are designed with one VLAN in the network. If a port becomes blocking state, the physical port itself is blocked. But PVSTP (Per VLAN Spanning Tree Protocol) and PVRSTP (Per VLAN Rapid Spanning Tree Protocol) maintains spanning tree instance for each VLAN in the network.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.6.2 Root Switch In order establish PVSTP, PVRSTP function, first of all, Root switch should be decided. Each switch has its own Bridge ID and Root switch on same LAN is decided by comparing their Bridge ID. However, the user can change Root switch by configuring Priority for it. The switch having the lowest priority is decided as Root switch. To change Root switch by configuring Priority for it, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.7 UMN:CLI Root Guard The standard STP does not allow the administrator to enforce the position of the root bridge, as any bridge in the network with lower bridge ID will take the role of the root bridge. Root guard feature is designed to provide a way to enforce the root bridge placement in the network.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To clear configured Restarting Protocol Migration, use the following command. Command stp clear-detected-protocol PORTS 8.3.9 Mode Bridge Description Configures restarting protocol migration function. Bridge Protocol Data Unit Configuration Bridge Protocol Data Unit (BPDU) is a transmission message in LAN in order to configure, maintain the configuration for STP/RSTP/MSTP.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To clear configured hello-time, use the following command. Command Mode Returns to the default hello time value of STP, RSTP no stp mst hello-time Bridge 8.3.9.2 Description and MSTP. no stp pvst hellow-time VLAN- Returns to the default hello time value of PVSTP and RANGE PVRSTP. Forward Delay It is possible to configure forward delay, which means time to take port status from listening to forwarding.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a configured max age, use the following command. Command Mode Returns to the default max-age value of STP, RSTP no stp mst max-age Bridge 8.3.9.4 Description and MSTP. no stp pvst max-age VLAN- Returns to the default max-age value of PVSTP and RANGE PVRSTP. BPDU Hop In MSTP, it is possible to configure the number of hop in order to prevent BPDU from wandering. BPDU passes the switches as the number of hop by this function.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure BPDU guard in the switch, perform the following procedure. Step 1 Configure the specific port as edge-port. Command Mode stp edge-port PORTS Bridge no stp edge-port PORTS Description Configures the port as Edge port. Disables Edge port configuration. Step 2 Configure BPDU Guard. Command Mode stp bpdu-guard Bridge no stp bpdu-guard Description Configures BPDU Guard function on switch. Disables BPDU Guard function.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To enable/disable self loop detection, use the following command. Command Mode self-loop-detect {enable | disable} Bridge Description Enables/disables self loop detection function. To display a configuration for BPDU, use the following command. Command Mode Shows status of self loop detection and a port where show self-loop-detect show self-loop-detect {all | Enable loop is happed.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.10 UMN:CLI Sample Configuration Backup Route When you design layer 2 network, you must consider backup route for stable STP network. This is to prevent network corruption when just one additional path exits. Switch B Switch C Broken Aggregation Switch Switch A Switch D Switch E PC-A Fig. 8.26 Example of Layer 2 Network Design in RSTP Environment In ordinary case, data packets go to Root switch A through the blue path.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 MSTP Configuration MST Region 2 Instance 1 VLAN 170 Instance 2 VLAN 180~190 Instance 3 VLAN 191~195 Region Name : test Revision :2 MST Region 1 Instance 1 VLAN 111~120 Instance 2 VLAN 121~130 Instance 3 VLAN 131~140 Region Name : test Revision :1 MST Region 3 Instance 4 VLAN 150~160 Instance 5 VLAN 161~165 Region Name : sample Revision :5 Router MST Region 4 Instance 6 VLAN 200 Region Name : test Revision :1 VLAN 101 ~ 200 Fig. 8.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.4 UMN:CLI Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is configuring Virtual router (VRRP Group) consisted of VRRP routers to prevent network failure caused by one dedicated router. You can configure maximum 255 VRRP routers in VRRP group of hiD 6615 S323. First of all, decide which router plays a roll as Master Virtual Router. The other routers will be Backup Virtual Routers.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.4.1 Configuring VRRP To configure the hiD 6615 S323 as device in Virtual Router, use the following command on Global Configuration mode. Then you can configure VRRP by opening VRRP Configuration mode. Command router vrrp INTERFACE GROUPID Mode Global Description Configures Virtual Router (VRRP Group). GROUP-ID: 1-255 To display a configuration of VRRP, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.4.1.2 UMN:CLI Access to Associated IP Address If you configure the function of accessing Associated IP address, you can access to Associated IP address by the commands such as ping. To configure the function of accessing Associated IP address, use the following command. Command vip-access [enable | disable] 8.4.1.3 Mode VRRP Description Configures the function of accessing associated IP address.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of configuring Master Router and Backup Router by comparing their Priorities: Virtual Routers, Layer 3 SWITCH 1 – 101 and Layer 3 SWITCH 2 – 102. Then, regardless of IP addresses, one that has higher Priority, Layer 3 SWITCH 2 becomes Master Router. SWTICH1(config)# router vrrp default 1 SWITCH1(config-router)# associate 10.0.0.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI SWTICH1(config)# router vrrp default 1 SWITCH1(config-router)# associate 10.0.0.5 SWITCH1(config-router)# exit SWITCH1(config)# show vrrp default - virtual router 1 ---------------------------------------------state master virtual mac address 00:00:5E:00:01:01 advertisement interval 1 sec preemption enabled priority 100 master down interval 3.624 sec [1] associate address : 10.0.0.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Internet Virtual Router Associate IP : 10.0.0.5/24 Master Router 1 IP : 10.0.0.3/24 Backup Router 1 IP : 10.0.0.2/24 Backup Router 2 IP : 10.0.0.1/24 1. Link Down 2. If the interface doesn’t recognize to be Link down, it is supposed to be inaccessible to Master Router. Therefore the users on the interface are not able to communicate. Default Gateway : 10.0.0.5/24 Counter measure 3.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure an authentication password for security of Virtual Router, use the following command on VRRP configuration mode. Command Mode authentication clear_text PASSWORD VRRP Configures an authentication password. Deletes a configured authentication password. no authentication i Description Authentication password can be configured with maximum 7 digits.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Also, to make Preempt “enable” as default setting, use the following command on VRRP configuration mode. Command no preempt 8.4.1.7 Mode VRRP Description Deletes the former configuration of Preempt to enable it. VRRP Statistics To display the VRRP statistics that packets have been sent and received, use the following command. Command Mode Description Enable show vrrp stat Global Bridge Shows statistics of packets in Virtual Router Group.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.5.1 UMN:CLI Configuring Rate Limit To set a port bandwidth, use the following command. Command Mode Description Sets port bandwidth. If you input egress or ingress, you rate PORTS RATE [egress | in- can configure outgoing packet or incoming packet. The gress] unit is 64 Kbps. Bridge no rate PORTS Clears rate configuration of a specific port. Clears rate configuration of a specific port by transmit- no rate PORTS [egress | ingress] ting direction.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.6 Flood Guard Flood-guard limits number of packets, how many packets can be transmitted, in configured bandwidth, whereas Rate limit controls packets through configuring width of bandwidth, which packets pass through. This function prevents receiving packets more than configured amount without enlarging bandwidth.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.6.2 UMN:CLI Sample Configuration The following is an example of showing the configuration after limiting the number of packets transmitted to the port number 1 as 10,000.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8 Dynamic Host Configuration Protocol (DHCP) Dynamic host configuration protocol (DHCP) is a TCP/IP standard for simplifying the administrative management of IP address configuration by automating address configuration for network clients. The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other related configuration details to DHCP-enabled clients on the network.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The hiD 6615 S223/S323 flexibly provides the functions as the DHCP server or DHCP relay agent according to your DHCP configuration. This chapter contains the following sections: DHCP Server DHCP Address Allocation with Option 82 DHCP Lease Database DHCP Relay Agent DHCP Option 82 DHCP Client DHCP Snooping IP Source Guard DHCP Filtering Debugging DHCP • • • • • • • • • • 8.8.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.1.1 DHCP Pool Creation The DHCP pool is a group of IP addresses that will be assigned to DHCP clients by DHCP server. You can create various DHCP pools that can be configured with a different network, default gateway and range of IP addresses. This allows the network administrators to effectively handle multiple DHCP environments. To create a DHCP pool, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following is an example for specifying the range of IP addresses. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# range 100.1.1.1 100.1.1.100 SWITCH(config-dhcp[sample])# i You can also specify several inconsecutive ranges of IP addresses in a single DHCP pool, e.g. 100.1.1.1 to 100.1.1.62 and 100.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of setting default and maximum IP lease time. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# range 100.1.1.1 100.1.1.100 SWITCH(config-dhcp[sample])# lease-time default 5000 SWITCH(config-dhcp[sample])# lease-time max 10000 SWITCH(config-dhcp[sample])# 8.8.1.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.1.8 UMN:CLI Domain Name To set a domain name, use the following command. Command domain-name DOMAIN Mode DHCP Pool no domain-name 8.8.1.9 Description Sets a domain name. Deletes a specified domain name. DHCP Server Option If a DHCP server option is specified, the DHCP server will respond only to DHCP messages that carry the same option information. To specify a DHCP server option, use the following command. Command Mode Specifies a DHCP option.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To select a recognition method of DHCP clients, use the following command. Command ip dhcp database-key {client-id | hardware-address} 8.8.1.12 Mode Global Description Selects a recognition method of DHCP clients IP Address Validation Before assigning an IP address to a DHCP client, a DHCP server will validate if the IP address is used by another DHCP client with a ping or ARP.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To display a list of valid or invalid (blocked) IP addresses, use the following command. Command show ip dhcp authorized-arp valid Mode Description Enable Shows a list of valid IP addresses. Global show ip dhcp authorized-arp Bridge invalid Shows a list of invalid (discarded) IP addresses. To delete a list of invalid (blocked) IP addresses, use the following command. Command Mode clear ip dhcp authorized-arp invalid 8.8.1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of displaying DHCP packet statistics.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.2 UMN:CLI DHCP Address Allocation with Option 82 The DHCP server provided by the hiD 6615 S223/S323 can assign dynamic IP addresses based on DHCP option 82 information sent by the DHCP relay agent. The information sent via DHCP option 82 will be used to identify which port the DHCP_REQUEST came in on.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete specified option 82 information for IP assignment, use the following command. Command Mode Description DHCP Deletes specified option 82 information Class for IP assignment. no relay-information remote-id ip A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.3 8.8.3.1 UMN:CLI DHCP Lease Database DHCP Database Agent The hiD 6615 S223/S323 provides a feature that allows to a DHCP server automatically saves a DHCP lease database on a DHCP database agent. The DHCP database agent should be a TFTP server, which stores a DHCP lease database as numerous files in the form of leasedb.MAC-ADDRESS, e.g. leasedb.0A:31:4B:1 A:77:6A. The DHCP lease database contains a leased IP address, hardware address, etc.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.3.3 Deleting DHCP Lease Database To delete a DHCP lease database, use the following command. Command Mode Deletes a DHCP lease database a specified subnet. clear ip dhcp leasedb A.B.C.D/M clear ip dhcp leasedb pool Enable Deletes a DHCP lease database of a specified DHCP POOL Global pool. Deletes the entire DHCP lease database. clear ip dhcp leasedb all 8.8.
User Manual SURPASS hiD 6615 S223/S323 R1.5 i 8.8.4.1 UMN:CLI Before configuring DHCP server or relay, you need to use the service dhcp command first to activate the DHCP function in the system. Packet Forwarding Address A DHCP client sends DHCP_DISCOVER message to a DHCP server. DHCP_DISCOVER message is broadcasted within the network to which it is attached.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To enable the smart relay agent forwarding, use the following command. Command ip dhcp smart-relay no ip dhcp smart-relay 8.8.5 Mode Global Description Enables a smart relay. Disables a smart relay. DHCP Option 82 In some networks, it is necessary to use additional information to further determine which IP addresses to allocate.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Client Identifier Spoofing By using the agent-supplied remote ID option, the untrusted and as-yet unstandardized client identifier field need not be used by the DHCP server. Fig. 8.33 shows how the DHCP relay agent with the DHCP option 82 operates. DHCP Server 2. DHCP Request + Option 82 3. DHCP Response + Option 82 DHCP Relay Agent 1. DHCP Request 4. DHCP Response DHCP Client Fig. 8.33 8.8.5.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To specify a remote ID, use the following command. Command Mode Description system-remote-id hex HEXSTRING Option 82 system-remote-id ip A.B.C.D Specifies a remote ID. (default: system MAC address) system-remote-id text STRING To specify a circuit ID, use the following command. Command Mode Description system-circuit-id PORTS hex HEXSTRING system-circuit-id PORTS index <0-65535> Option 82 Specifies a circuit ID.
User Manual SURPASS hiD 6615 S223/S323 R1.5 i UMN:CLI If you specify the default trust policy as deny, the DHCP packet that carries the information you specifies below will be permitted, and vice versa. Trusted Remote ID To specify a trusted remote ID, use the following command. Command Mode Description trust remote-id hex HEXSTRING Option 82 trust remote-id ip A.B.C.D Specifies a trusted remote ID. trust remote-id text STRING To delete a specified trusted remote ID, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.6 DHCP Client An interface of the hiD 6615 S223/S323 can be configured as a DHCP client, which can obtain an IP address from a DHCP server. The configurable DHCP client functionality allows a DHCP client to use a user-specified client ID, class ID or suggested lease time when requesting an IP address from a DHCP server. Once configured as a DHCP client, the hiD 6615 S223/S323 cannot be configured as a DHCP server or relay agent. 8.8.6.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.6.5 UMN:CLI IP Lease Time To specify IP lease time that is requested to a DHCP server, use the following command. Command Mode Specifies IP lease time in the unit of ip dhcp client lease <120-2147483637> Interface second (default: 3600). Deletes a specified IP lease time. no ip dhcp client lease 8.8.6.6 Description Requesting Option To configure a DHCP client to request an option from a DHCP server, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.7 DHCP Snooping For enhanced security, the hiD 6615 S223/S323 provides the DHCP snooping feature. The DHCP snooping filters untrusted DHCP messages and maintains a DHCP snooping binding table. An untrusted message is a message received from outside the network, and an untrusted interface is an interface configured to receive DHCP messages from outside the network.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.7.3 UMN:CLI DHCP Rate Limit To set the number of DHCP packet per second (pps) that an interface can receive, use the following command. Command ip dhcp snooping Mode limit-rate PORTS <1-255> Sets a rate limit for DHCP packets. (unit: pps) Global no ip dhcp snooping limit-rate Deletes a rate limit for DHCP packets. PORTS i 8.8.7.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.7.6 DHCP Snooping Database Agent When DHCP snooping is enabled, the system uses the DHCP snooping binding database to store information about untrusted interfaces. Each database entry (binding) has an IP address, associated MAC address, lease time, interface to which the binding applies and VLAN to which the interface belongs. To maintain the binding when reload the system, you must use DHCP snooping database agent.
User Manual SURPASS hiD 6615 S223/S323 R1.5 i 8.8.7.7 UMN:CLI The DHCP snooping database agent should be TFTP server. Displaying DHCP Snooping Configuration To display DHCP snooping table, use the following command. Command 8.8.8 Mode Description show ip dhcp snooping Enable Shows a DHCP snooping configuration. show ip dhcp snooping binding Global Shows DHCP snooping binding entries. IP Source Guard IP source guard is similar to DHCP snooping.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 ! To enable IP source guard, DHCP snooping needs to be enabled. To enable IP source guard with a source IP address filtering on a port, use the following command. Command Mode ip dhcp verify source PORTS Description Enables IP source guard with a source IP address Global filtering on a port. Disables IP source guard.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.8.9 8.8.9.1 UMN:CLI DHCP Filtering DHCP Packet Filtering For the hiD 6615 S223/S323, it is possible to block the specific client with MAC address. If the blocked MAC address by administrator requests IP address, the server does not assign IP. This function is to strength the security of DHCP server. The following is the function of blocking to assign IP address on a port.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 DHCP Server A 192.168.10.1~192.1 68.10.10 IP assigned Client 3 The device that can be a DHCP server Request from client 1, 2 is transmitted to client 3 IP assigned by client 3 not by DHCP server A hiX 5430 10.1.1.1 ~ 10.1.1.10 IP assigned To prevent IP assignment from client 3, DHCP filtering is needed for the port Client 1 Fig. 8.34 Client 2 DHCP Server Packet Filtering To enable the DHCP server packet filtering, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.9 UMN:CLI Ethernet Ring Protection (ERP) The ERP is a Siemens protection protocol and procedure to protect Ethernet ring topologies. It is a fast failure detection and recovery so that it decreases the time to prevent Loop under 50ms.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Normal Node Normal Node 2. Send Link Down Message S P Normal Node 2. Send Link Down Message Fig. 8.36 RM Node 1. Secondary port of RM node is changed as unblocking state Ring Protection When a Link Failure is recovered, a temporary loop may occur. To rectify this condition, ERP sends a “link up” message to the RM.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Normal Node Normal Node 3. Unblock the port recovered from Link Failure 2. Send RM Link Up message S 1. Block RM Node of secondary port P Normal Node Fig. 8.38 8.9.2 2. Send RM Link Up message RM Node Ring Recovery Loss of Test Packet (LOTP) ERP recognizes the Link Failure using Loss of Test Packet (LOTP). RM Node regularly sends RM Test Packet message.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.9.3.2 RM Node To configure RM Node, use the following command. Command Mode erp rmnode DOMAIN-ID Bridge no erp rmnode DOMAIN-ID 8.9.3.3 Description Configures RM node of ERP node mode. Configures ERP node mode as normal node. Port of ERP domain To configure Primary Port and Secondary port of RM Node, use the following command. Command erp port DOMAIN-ID Mode primary PORT secondary PORT i 8.9.3.
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.9.3.6 UMN:CLI Manual Switch to Secondary To configure Manual Switch to Secondary, use the following command. Command Mode Bridge erp ms-s DOMAIN-ID Description Configures ERP manual switch to secondary To disable Manual Switch to Secondary, use the following command. Command Mode Bridge no erp ms-s DOMAIN-ID 8.9.3.7 Description Disables ERP manual switch to secondary Wait-to-Restore Time To configure Wait-to-Restore Time, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To return ERP Test Packet Interval as Default, use the following command. Command Mode no erp test-packet-interval DOMAIN-ID 8.9.3.10 Description Bridge Configures ERP test packet interval as default value Displaying ERP Configuration To display a configuration for ERP, use the following command. Command Mode Description Enable show erp {all | DOMAIN-ID} Global Shows the information of ERP Bridge 8.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI A switch, which is supposed to manage the other switches in stacking is named as Master switch and the other switches managed by Master switch are named as Slave switch. Regardless of installed place or connection state, Master switch can check and manage all Slave switches. The below steps are provided to configure stacking. 8.10.1 Switch Group You should configure all the switches configured with stacking function to be in the same VLAN.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 8.10.3 Disabling Stacking To disable stacking, use the following command. Command Global no stack 8.10.4 Description Disables the stacking function Displaying Stacking Status Command show stack 8.10.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI open Interface configuration mode of VLAN to register as a switch group for stacking. The following is an example of configuring Interface of switch group as 1. SWITCH_A# configure terminal SWITCH_A(config)# interface 1 SWITCH_A(interface)# ip address 192.168.10.1/16 SWITCH_A(interface)# no shutdown SWITCH_A(interface)# i If there are several switches, rest of them are managed by a single IP address of Master switch.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 [Sample Configuration 2] Accessing from Master Switch to Slave Switch The following is an example of accessing to Slave switch from Master switch configured in [Sample Configuration 1]. If you show the configuration of Slave switch in [Sample Configuration 1], you can recognize node-number is 2. SWITCH(bridge)# rcommand 2 Trying 127.1.0.1(23)... Connected to 127.1.0.1. Escape character is '^]'.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Command Mode no storm-control {broadcast | multicast | dlf} [PORTS] Bridge Description Disables broadcast, multicast, or DLF storm control respectively. To display a configuration of storm control, use the following command. Command Mode Description Enable Global show storm-control Displays storm control configuration. Bridge 8.12 Jumbo-frame Capacity The packet range that can be capable to accept is from 64 bytes to 1518 bytes.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 port02 : 2200/ 1518 port03 : 2200/ 1518 port04 : 2200/ 1518 port05 : 2200/ 1518 port06 : 2200/ 1518 port07 : 2200/ 1518 port08 : 2200/ 1518 port09 : 2200/ 1518 port10 : 2200/ 1518 port11 : 1518/ 1518 port12 : 1518/ 1518 SWITCH(bridge)# 8.13 Blocking Direct Broadcast RFC 2644 recommends that system blocks broadcast packet of same network bandwidth with interfaceof equipment, namely Direct broadcast packet.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following is an example of configuration to mtu size as 100. SWITCH(config-if)# mtu 100 SWITCH(config-if)# show running-config interface 1 ! interface default mtu 100 bandwidth 1m ip address 10.27.41.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9 IP Multicast Traditional IP network provided unicast transmission a host to send packets to a single host or broadcast transmission. But multicast provides group transmission a host to send packets to a group of all hosts. In the multicast environment, multicast packets are delivered to a group by duplicating multicast packets. Multicasting is divided into Layer 3 multicast routing and Layer 2 IGMP snooping.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI ing and PIM-SM should be configured at the same time. More than one port on same interface Layer 3 Network IGMP Join/Leave message Multicast data Set-top Box Multicast Server hiX 5430 Set-top Box PIM-SM IGMP Snooping Fig. 9.3 9.1 IGMP Snooping and PIM-SM Configuration Network Multicast Routing Information Base In this chapter, you can configure the common multicast commands for multicast routing information base. 9.1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9.1.3 Clearing MRIB Information Clearing Total or Partial Group Entry of MRIB If you use the clear ip mroute command, the MRIB clears the multicast route entries in its multicast route table, and removes the entries from the multicast forwarder. Each multicast protocol has its own clear multicast route command. The protocol-specific clear command clears multicast routes from the protocol, and also clears the routes from the MRIB.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.1.4 UMN:CLI Displaying MRIB Information To display MRIB information, use the following commands Command Mode Description show ip mroute {dense | sparse} {count | summary} show ip mroute GROUP-ADDR [SRC-IP-ADDRESS] {dense | sparse} {count | summary} show ip mroute GROUP-ADDR [SRC-IP-ADDRESS] GROUP- ADDR [SRC-IP-ADDRESS]{dense Enable Displays multicast routes entries.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9.1.7 Multicast Aging L2 and L3 Join information about Multicast Group used to apply on the chipset without Multicast Stream, which makes dissatisfaction for Maximum Multicast Entry. Multicast Aging is to optimize Multicast Entry management using Multicast L2 Aging. When Multicast Stream comes in, L2 filtering port (igmp snooping, pim snooping) would be written on the chip.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2 UMN:CLI Internet Group Management Protocol (IGMP) Internet Group Management Protocol (IGMP) is used by hosts and routers that support multicasting. All the systems on a network can know which hosts belong to which multicast groups. IGMP is not multicast routing protocol but group management protocol. Multicast routers can receive thousands of multicast packets from other group.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.1.2 Removing IGMP Entry To clear IGMP interface entries, use the following command. Command Mode clear ip igmp interface INTER- Clears IGMP interface entries on an interface. FACE clear ip igmp group {* | A.B.C.D Enable Deletes IGMP group cache entries. *: all IGMP group [INTERFACE]} 9.2.1.3 Description A.B.C.D: IGMP group address IGMP Debug To enable debugging of all IGMP or a specific feature of IGMP, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI IGMP cache, but the switch is not a member. Therefore it can support fast switching. To configure IGMP static Join, use the following command. Command Mode ip igmp static-group A.B.C.D Configures IGMP static join setting. vlan VLAN port PORT reporter A.B.C.D: group address A.B.C.D no ip igmp static-group [A.B.C.D] [vlan VLAN] Description Global Disables the IGMP static join configuration. no ip igmp static-group A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 querier for the interface after the previous querier has stopped querying. Command Mode Description Configures the IGMP queier timeout. 60-300: number of seconds that router waits after the ip igmp querier-timeout <60-300> Interface previous querier has stopped querying before it takes over as the querier Returns to the default value.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.2.4 UMN:CLI IGMP v2 Fast Leave In IGMP version 2, you can minimize the leave latency of IGMP memberships. This command is used when only one receiver host is connected to each interface. When this command is not configured, the router sends an IGMP group-specific query message upon receipt of an IGMP Version 2 group leave message. The router stops forwarding traffic for that group only if no host replies to the query within the timeout period.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.3 L2 MFIB Occasionally, unknown multicast traffic is flooded because a MAC address has timed out or has not been learned by the switch. To guarantee that no multicast traffic is flooded to the port, use the following command. Command Mode Description ip unknown-multicast block Configures the blocking of unknown multicast traffic.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Step 3 Enable IGMP snooping on a VLAN interface. Command ip igmp snooping vlan VLANS Mode Global Description Enables IGMP snooping on a VLAN interface. VLANS: 1-4094 Step 4 Return to Privileged EXEC Enable mode using the exit command. To diable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan VLANS command for the specified VLAN number. To display global IGMP, use the following command. Command show ip igmp snooping [vlan VLANS] 9.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Multicast Packet hiX 5430 Multicast Router 2. Transmit the Multicast packet to the port that send join massage Multicast Join request 1. Request the Multicast Packet Multicast Packet Fig. 9.4 IP Multicasting IGMP Snooping is a function that finds port, which sends「Join message」to join in specific multicast group to receive multicast packet or「Leave message」to get out of the multicast group because it does not need packets.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To disable IGMP snooping fast-leave, use the following command. Command Mode no ip igmp snooping immediateleave Description Deletes the fast-leave. Global no ip igmp snooping vlan VLAN- Deletes the fast-leave on a VLAN interface. ID immediate-leave To display IGMP snooping Immediate Leave configuration, use the following command. Command show ip igmp snooping [vlan VLANS] 9.2.5.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The Query Interval of IGMP v2 Snooping Querier To configure a query interval of the querier, use the following command. Command Mode Description Configures the IGMP snooping querier query interval on the system. ip igmp snooping querier query- 1-1800: IGMP snooping querier query interval in sec- interval <1-1800> Global onds Enables the IGMP snooping querier on a VLAN inter- ip igmp snooping vlan VLANS face.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To display IGMP query parameter, use the following command. Command Mode show ip igmp snooping [vlan VLANS] querier [detail] 9.2.5.3 Description Enable Global Verifies that the IGMP snooping querier is enabled. Bridge IGMP v2 Snooping Last-Member-Interval When receive Leave Message from host in IGMP v2, Querier sends Specific Query and check whether there is Multicast Group Member.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.5.4 IGMP v2 Snooping Report Method When IGMP report suppression is enabled, the switch forwards only one IGMP report per multicast router query. When report suppression is disabled, all IGMP reports are forwarded to the multicast routers. Command ip igmp snooping Mode Configures the IGMP report suppression on the sys- report- suppression Description Global tem.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To disable the port where multicast router is connected, use the following command. Command Mode Description no ip igmp snooping mrouter Disables the port where multicast router is connected port {PORTS | cpu} on the system no ip igmp snooping vlan Global VLANS mrouter port {PORTS | Disables the port where multicast router is connected on a VLAN interface.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To flood multicast traffic when TCN packet is received, use the following command. Command Mode Designates the port where multicast router is con- ip igmp snooping tcn flood Global ip igmp snooping tcn Description vlan nected to on the system. Designates the port where multicast router is connected to on a VLAN interface.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.6 UMN:CLI IGMP v3 Snooping This chapter consists of these sections • IGMP Snooping Version • Join Host Management • Immediate Block 9.2.6.1 IGMP Snooping Version The reports sent to the multicast router are sent based on the version of that interface. A user can administratively configure the version of the port as 1 or 2. If the user has configured the version specifically, the reports are always sent out with only this version.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To display a configuration, use the following command. 9.2.6.3 Command Mode show ip igmp snooping explicit- Enable tracking {vlan VLANS | port Global PORTS | group A.B.C.D} Bridge Description Shows a configuration. Immediate Block For a Layer 2 IGMP v2 host interface to join an IP multicast group, a host sends an IGMP membership report for the IP multicast group.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.7.1 UMN:CLI Enabling MVR To use the MVR, enable the MVR function with the following command. Command mvr Mode Global no mvr 9.2.7.2 Description Enables MVR on the system. Disables MVR on the system. MVR Group Address Statically configure a VLAN interface to receive multicast traffic sent to the multicast VLAN and the IP multicast address. An interface statically configured as a member of a group remains a member of the group until statically removed.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete the statically configured MVR group address, use the following command. Command no mvr vlan VLAN helper 9.2.7.4 Mode Global Description Deletes a MVR group address. IP ADDRESS: specific IP address Send and Receive Port Statically configure a VLAN interface to receive multicast traffic sent to the multicast VLAN and the IP multicast address.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI dropped, and the port is not allowed to receive IP multicast traffic from that group. If the filtering action permits access to the multicast group, the IGMP report from the port is forwarded for normal processing. IGMP filtering controls only group specific query and membership reports, including join and leave reports. It does not control general IGMP queries.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.8.4 Applying IGMP Profile to the Filter Port To apply the configured IGMP Profile to the filter port, use the following command. Command ip igmp filter port PORTS profile <1-2147483647> Mode Description Configures IGMP profile. Global PORTS: port number 1-2147483647: number of configured IGMP profile To cancel the applying of the profile, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.9 UMN:CLI Displaying IGMP Snooping Table To display an IGMP snooping table, use the following command. Command Mode Description show ip igmp snooping groups [IP-ADDRESS] show ip igmp snooping groups port [PORT| cpu] show ip igmp snooping groups Enable Global Shows a configuration. Bridge vlan VLANS show ip igmp snooping groups mac-based 9.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 1. Multicast packet transmitted to RP B 2. Ask RP for multicast packet E A D 2. Ask RP for multicast packet RP (Rendezvous Point) 3. RP transmits multicast packet for the request C F 3. RP transmits multicast packet for the request RPT of PIM-SM Fig. 9.5 Also, routers on packet route automatically optimize route by deleting unnecessary hops when traffic exceeds certain limit.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.1.1 UMN:CLI PIM-SM and Passive Mode You need to open Interface Configuration mode of specified interface for activating PIMSM on Ethernet interface. To open Interface Configuration mode, use the following command. Command Mode interface INTERFACE Global Description Opens Interface Configuration mode of specified interface. To disable Interface Configuration mode, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 the DR. 9.3.1.3 Filters of Neighbor in PIM Enable filtering of neighbors on the interface. When configuring a neighbor filter-PIM-SM will either not establish adjacency with the neighbor, or terminate adjacency with the existing neighbors-if denied by filtering access list. To configure the filtering of neighbor in PIM, use the following command. Command Mode Configures the filtering of neighbor in PIM.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.1.5 UMN:CLI PIM Debug To activate PIM-SM debugging, use the following command. Command Mode Description Activates PIM debugging.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 priority, becomes BSR among them. If there are routers, which have same priority, then one router, which has the highest IP address, becomes BSR. It is possible to configure the following messages, which are included in candidate-BSR message. Since it is possible to assign several IP addresses in hiD 6615 S323, the switch may have several IP addresses assigned.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI decide which IP address to be used as candidate-RP. This command is used to statically configure the RP address for multicast groups. To configure IP address to be used in candidate-RP, use the following command. Command Mode Description Configures RP address for multicast groups statically. ip pim rp-address A.B.C.D [<199> | <1300-1999>] [override] A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.4.3 KAT (Keep Alive Time) of RP You can configure KAT for (S, G) states at RP to monitor PIM Register packets, overriding the generic KAT timer value. Command ip pim rp-register-kat <1-65535> Mode Configures Keep Alive Time. Global 1-65535: time Disables a KAT configuration. no ip pim rp-register-kat 9.3.4.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure the registration suppression time, use the following command. Command Mode Configures the time of registration suppression. ip pim register-suppression <1-65535> Global 1-65535: The register suppression on time in seconds. Disables the registration suppression time. no ip pim register-suppression 9.3.5.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 sage in response. It is normally the loopback interface address, but can also be other physical addresses. This address must be advertised by unicast routing protocols on the DR. Command Mode Configures the source address of register message. ip pim register-source {A.B.C.D | Global INTERFACE} Description A.B.C.D: IP address to be used as source INTERFACE: interface address to be used as source Disables the registration suppression time.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.7 UMN:CLI PIM Join/Prune Interoperability To configure the TX interval of PIM/Join/Prune Message, use the following command. Command Mode Configures Join/Prune timer value. ip pim message-interval <1-65535> Global no ip pim message-interval 9.3.8 9.3.8.1 Description 1-65535: interval (unit: second) Disables TX interval configuration.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 When the Register message is transmitted, the range of Checksum in header conforms to header part as RFC standard, but whole packet is included in the range of checksum in case of Cisco router. For compatibility with Cisco router, you should configure the range of Checksum of Register message as whole packet. To configure the range of Checksum of Register message as whole packet for compatibility with Cisco router, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.9 UMN:CLI PIM-SSM Group To define the Source Specific Multicast (SSM) range of IP multicast addresses, use the following command. When an SSM range of IP multicast addresses is defined by the ip pim ssm command, no Multicast Source Discovery Protocol (MSDP) Source-Active (SA) messages will be accepted or originated in the SSM range. Command Mode Defines the SSM range of IP multicast address.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To display the PIM Snooping configuration, use the following command. Command Mode Description Shows the PIM snooping configuration such as en- show ip pim snooping able/disable status and the enabled VLANs. Shows the multicast router address and DR of a speci- show ip pim snooping vlan fied VLAN. VLANS show ip pim snooping groups [A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 10 IP Routing Protocol ! 10.1 Routing functionalities such as RIP, OSPF, BGP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) Border Gateway Protocol (BGP) The Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP) that is used to exchange routing information among routers in different autonomous systems (AS). BGP routing information includes the complete route to each destination.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.1 10.1.1.1 Basic Configuration Configuration Type of BGP When configuring BGP, you can select BGP configuration type between standard BGP and ZebOS BGP for the hiD 6615 S323. The standard BGP is one of the general BGP configuration type, which includes the following restrictions. i • Manual transmission of community information You should send the community information or message to neighbors directly using the neighbor {A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Step 2 To specify a network to operate with BGP, use the following command. Command Mode Adds BGP network to operate. network A.B.C.D/M network A.B.C.D mask NET- Router MASK 10.1.1.3 Description A.B.C.D/M: network address with netmask A.B.C.D: network address NETMASK: subnet mask Disabling BGP Routing Step 1 To delete a specified network to operate with BGP, use the following command. Command Mode Deletes BGP network. no network A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.2.1 Summary of Path Aggregation combines the characteristics of several different routes and advertises a single route. In the example of 2 routes information of 172.16.0.0/24 and 172.16.1.0/24, the as-set parameter creates an aggregate entry advertising the path for a single route of 172.16.0.0/23, consisting of all elements contained in all paths being summarized.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.2.3 UMN:CLI Multi-Exit Discriminator (MED) During the best-path selection process, the switch compares weight, local preference and as-path in turn among the similar parameters of BGP routers. Then, the MED is considered when selecting the best path among many alternative paths. The hiD 6615 S323, MED comparison is configured only among all paths from the autonomous system.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To ignore AS-path for selecting the best path, use the following command. Command Mode Ignores the information of AS-path as a factor in the bgp bestpath as-path ignore Router no bgp bestpath as-path ignore i Description algorithm for choosing the best route. Considers the information of AS-path as a factor in the algorithm for choosing the best route.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To compare MED values on the exchange of path information between Confederation Peers, use the following command. Command Mode bgp bestpath med confed [missing-as-worst] Description Configures the router to consider the MED in choosing Router bgp bestpath med missing-as- a path from among the paths on the exchange of information between confederation peers.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 • Restart Time It’s the waiting time for the restarting of Neighboring router’s BGP process. Restart time allows BGP process time to restart and implement the internal connection (The session). However, if it’s not working properly, it is considered as the router stops operating. • Stalepath Time After BGP process of Neighboring router is restarted, it holds the time until BGP up dates the path information.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.4 UMN:CLI BGP Neighbor To assign IP address or peer group name for BGP Neighboring router within specified AS number, use the following command. Command Mode Description Configures BGP neighboring router and specify AS number of BGP Neighbor. neighbor {NEIGHBOR-IP | WORD} remote-as <1-65535> NEIGHBOR-IP: neighbor IP address Router WORD: peer group name or neighbor tag 1-65535: remote AS Number 10.1.4.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To create a BGP Peer Group, use the following command. Command Mode Description Create a BGP peer group. neighbor NAME peer-group Router NAME: peer group name Delete the BGP peer group created before. no neighbor NAME peer-group To specify neighbor to the created peer group, use the following command. Command Mode Description Includes BGP neighbor to specified peer group using neighbor NEIGHBOR-IP group NAME 10.1.4.3 IP address.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To disable the exchange information with a specified router or peer group, use the following command. Command Mode Description Shutdowns any active session for the specified router neighbor {NEIGHBOR-IP | WORD} shutdown no neighbor or peer group and delete all related routing data. Router {NEIGHBOR-IP- WORD: peer group name or neighbor tag Enables the sessions with a previously existing ADDRESS | WORD} shutdown 10.1.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To reset the sessions of all peers and initialize the details of route configurations, use the following command. Command Mode clear ip bgp * in [prefix-filter] Description Resets the session of specific group under * condition. in: clears incoming advertised routes. prefix-filter: pushes out prefix-list ORF and does in- clear ip bgp * ipv4 {unicast | bound soft reconfiguration.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Command Mode clear ip bgp <1-65535> soft [in | Updates the route information only while the session is out] possible of BGP neighboring routers which are config- clear ip bgp <1-65535> ipv4 10.1.5.3 Description Global ured a particular AC number. Apply the route either {unicast | multicast} soft [in | incoming or outgoing routes.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 i See Section 10.1.5.1 when you configure the detail parameters. To reset the sessions of BGP router connected to external AS and initialize the details of route configurations, use the following command. Command Mode Description clear ip bgp external in [prefix- Resets the session of BGP router connected to exter- filter] nal AS. in: clears incoming advertised routes.
User Manual SURPASS hiD 6615 S223/S323 R1.5 Command UMN:CLI Mode Description clear ip bgp peer-group GROUP Resets the session for all members of specified peer out group. GROUP: peer group name clear ip bgp peer-group GROUP out: clears outgoing advertised routes. ipv4 {unicast | multicast} out clear ip bgp peer-group GROUP unicast | multicast: address family modifier Global Resets the route information only while the session is soft [in | out] possible for all members of specified peer group.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command show ip bgp Mode neighbors The received-routes option displays all received NEIGHBOR-IP received-routes routes (both accepted and rejected) from the specified show ip bgp ipv4 {unicast | mul- neighbor. To implement this feature, BGP soft recon- ticast} neighbors NEIGHBOR-IP ip bgp figuration is set.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2 UMN:CLI Open Shortest Path First (OSPF) Open shortest path first (OSPF) is an interior gateway protocol developed by the OSPF working group of Internet Engineering Task Force (IETF). OSPF designed for IP network supports IP subnetting and marks on information from exterior network. Moreover, it supports packet authorization and transmits/receives routing information through IP multicast. It is most convenient to operate OSPF on layered network.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Step1 Open Router Configuration mode from Global Configuration mode. Command router ospf [<1-65535>] no router ospf [<1-65535>] i ! Mode Global Description Opens Router Configuration mode with enabling OSPF. Disables OSPF routing protocol. In case that more than 2 OSPF processes are operated, a process number should be assigned. Normally, there is one OSPF which is operating in one router.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Step 3 Use the network command to specify a network to operate with OSPF. There are two ways to show network information configurations. Firstly, shows IP address with bitmask like “10.0.0.0/8”. Secondly, shows IP address with wildcard bit information like “10.0.0.0 0.0.0.255”. The variable option after area must be IP address or OSPF area ID. To configure a network, use the following command. Command network A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.4.1 Authentication Type Authentication encodes communications among the routers. This function is for security of information in OSPF router. To configure authentication of OSPF router for security, use the following command. Command ip ospf authentication Mode [mes- sage-digest | null ] i Description Enables authentication on OSPF interface. Interface message-digest: MD5 encoding ip ospf A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure an authentication key which is based on MD5 encoding, use the following command. Command Mode Description ip ospf message-digest-key <1255> md5 KEY [active] ip ospf message-digest-key <1255> md5 [active] ip ospf A.B.C.D message-digestkey <1-255> md5 [active] Configures the authentication which is based on md5 Interface type. 1-255: key ID KEY: maximum 16 alphanumeric characters ip ospf A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a configured interface cost for OSPF, use the following command. Command no ip ospf cost Mode Interface Description Deletes a configured an interface cost for OSPF. no ip ospf A.B.C.D cost 10.2.4.4 Blocking Transmission of Route Information Database OSPF routing communicates through the LAS.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Transmit delay is considering of the configuration for LSA transmission time. i The interval explained as above must be consistent across all routers in an attached network. To configure a Hello interval, use the following command. Command Mode ip ospf hello-interval <1-65535> Configures a Hello interval in the unit of second. ip ospf A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.4.6 OSPF Maximum Transmission Unit (MTU) Router verifies MTU when DD (Database Description) is exchanging among the routers on OSPF networks. Basically, OSPF network can not be organized if there are different sizes of MTUs between routers. Therefore MTU value must be consistent. Generally MTU value is 1500 bytes on Ethernet interface. To configure MTU on OSPF interface, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To delete a configured priority of OSPF router, use the following command. Command no ip ospf priority Mode Interface Description Deletes a configured priority of OSPF router. no ip ospf A.B.C.D priority 10.2.4.8 OSPF Network Type There are 4 types of OSPF network. Broadcast network, NBMA (Non-broadcast-multipleaccess) network, Point-to-multipoint network and Point-to-point network.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a configured router communicated by non-broadcast type, use the following command. Command Mode Description no neighbor A.B.C.D cost [<1-65535>] no neighbor A.B.C.D priority [<0-255>] no neighbor A.B.C.D priority poll-interval [<1Router 65535>] Deletes a configured neighbor router of NBMA type. no neighbor A.B.C.D poll-interval [<1-65535>] no neighbor A.B.C.D poll-interval priority [<0255>] 10.2.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.6.2 UMN:CLI Default Cost of Area The default cost of Area is configured only in ABR. ABR function is for delivering the summary default route to stub area or NSSA, in that cases the default cost of area must be required. However, ABR which does not have stub area or NSSA can not use the following command. To configure a default cost of Area, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.6.4 Not So Stubby Area (NSSA) NSSA (Not So Stubby Area) is stub Area which can transmit the routing information to Area by ASBR. On the other hand, Stub Area cannot transmit the routing information to area. To configure NSSA, use the following command. Command area <0-4294967295> nssa Mode Router Description Configures NSSA.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure NSSA with one option, use the following command. Command Mode Description area <0-4294967295> nssa default-informationoriginate area <0-4294967295> nssa default-informationoriginate metric <0-16777214> area <0-4294967295> nssa default-information- Router Configures NSSA with one option.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.6.5 Area Range In case of OSPF belongs to several Areas, Area routing information can be shown in one routing path. Like as above, various routing information of Area can be combined and summarized to transmit to outside. To summarize and combine the routing information, use the following command. Command area Mode <0-4294967295> range A.B.C.D/M area <0-4294967295> A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.6.7 UMN:CLI Stub Area Stub Area is that ABR is connected to Backbone Area. If it is assigned as Stub Area, ABR will notify the default path to Stub Area and other routing protocol information will not transmit to Stub Area. To create Stub Area, use the following command. Command area <0-4294967295> stub [nosummary] Mode Router Description Creates a Stub Area.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 In this time, if there is no answer from receiver for configured time, the router transmits LSA again. Retransmit-interval is configuration of the time interval between transmission and retransmission • Dead-interval If there is no hello packet for the configured time. The router perceives other router is stopped working. Dead-interval is configuration of the time interval which perceives other router is stopped operating.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To delete a configured virtual link, use the following command. Command Mode Description no area <0-4294967295> virtual-link A.B.C.D authentication [message-digest | null] no area <0-4294967295> virtual-link A.B.C.D authentication-key KEY no area <0-4294967295> virtual-link A.B.C.D message-digest-key KEY md5 KEY no area <0-4294967295> virtual-link A.B.C.D hello-interval <1-65535> Router Deletes a configured virtual link.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure the Graceful Restart, use the following command. Command Mode capability restart {graceful | reliable-graceful | signaling} Router no capability restart Description Configures the Graceful Restart. Releases the configuration. The following items are additional options for the Graceful Restart: • grace-period When OSPF restarts, process is keeping status in graceful for the time configured as grace-period.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To release the configuration, use the following command. Command Mode Description no ospf restart grace-period <1-1800> ospf restart helper never Global Releases the configuration. no ospf restart helper max-grace-period <11800> 10.2.9 Opaque-LSA Support Opaque-LSA is LSA Type-9, Type-10, Type-11. The hiD 6615 S323 enables Opaque-LSA as a default but it can be released by user.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 • route-map Transmits specific routing information to assigned route which has MAP-NAME. The detail options for default route configuration are classified in 4 as above, and those configurations can be selected more than 2 options without order. The following is explaining options of command: • • • • metric <0-16777214> metric-type <1-2> always route-map MAP-NAME To configure the default route with an option, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure the period of finding, use the following command. Command timers spf SPF-DELAY Mode SPF- HOLD Description Configures the period of finding in the unit of second. Router SPF-DELAY: 0-2147483647 (default: 5) SPF-HOLD: 0-2147483647 (default: 10) To release the configuration, use the following command. Command no timers spf 10.2.12 Mode Router Description Release the configuration.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 The following example shows how to configure it with more than 2 options: • • redistribute {bgp | connected | kernel | rip | static} metric <0-16777214> tag <04294967295> redistribute {bgp | connected | kernel | rip | static} tag <0-4294967295> metrictype <1-2> For efficient transmission of routing information, and to avoid non-matching between metric and OSPF routing protocol, use the default matric command to assign metric about redistribute route.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI The following example shows how to configure the distance with more than 2 options: distance ospf external <1-255> inter-area <1-255> distance ospf inter-area <1-255> intra-area <1-255> • • To make it as a default, use the following command. Command Router no distance ospf 10.2.14 Mode Description Restores it as the default. Host Route OSPF regards routing information of specific host as stub link information.
UMN:CLI 10.2.16 User Manual SURPASS hiD 6615 S223/S323 R1.5 Blocking Routing Information The hiD 6615 S323 can classify and restrict the routing information. To configure this function, sort the specific routing information in access-list first, and block the routing information in access-list. To block the routing information in access-list, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.18.1 UMN:CLI Displaying OSPF Protocol Information You can verify several information about OSPF protocol. To display the information about OSPF protocol, use the following command. Command show ip ospf Mode Enable show ip ospf <0-65535> Global Description Shows the information about OSPF protocol. Shows the information about a specific process ID in OSPF protocol. To display OSPF routing table to ABR and ASBR, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To display the interface information of OSPF, use the following command. Command show ip ospf interface [INTERFACE] Mode Description Enable Shows the interface information of Global OSPF. To display the information of neighbor route, use the following command. Command Mode Description Enable Shows the information of neighbor Global router. show ip ospf neighbor show ip ospf neighbor A.B.C.D [detail] show ip ospf neighbor interface A.B.C.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.18.2 UMN:CLI Displaying Debugging Information The hiD 6615 S323 uses debug command to find the reason of problem. Use the following command. Command Mode Description Shows all the debugging information. debug ospf all Shows information about OSPF operation such as debug ospf events [abr | asbr | OSPF neighbor router, transmitted information, decid- lsa | nssa | os | router | vlink] ing destination router, calculating the shortest route, and so on.
UMN:CLI 10.2.18.4 User Manual SURPASS hiD 6615 S223/S323 R1.5 Maximum Process of LSA The hiD 6615 S323 can configures maximum number of LSA to process. LSA is classified as internal route LSA and external route LSA, maximum number of LSA can configure on each class. And also, If process of LSA is over the configured number, you can configure it to stop the process or send the caution message.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.3 UMN:CLI Routing Information Protocol (RIP) Routing Information Protocol (RIP), as it is more commonly used than any other Routing Protocols, for use in small, homogeneous networks. It is a classical distance-vector routing protocol with using hop count. RIP is formally defined in documents in Request For Comments (RFC) 1058 and Internet Standard (STD) 56.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 2 Configure the network to operate as RIP. Command network {A.B.C.D/M Mode | Establishes the network to operate as RIP. INTER- FACE } no network {A.B.C.D/M | INTERFACE } Description A.B.C.D/M: IP prefix (e.g. 35.0.0.0/8) Router INTERFACE: interface name Removes a specified network to operate as RIP. The command network enables RIP interfaces between certain numbers of a special network address. For example, if the network for 10.0.0.
User Manual SURPASS hiD 6615 S223/S323 R1.5 Command UMN:CLI Mode Description Configures a neighbor router to exchange routing in- neighbor A.B.C.D Router 10.3.3 A.B.C.D: neighbor address Deletes the neighbor router. no neighbor A.B.C.D i formation. You can block the routing information to specific interface by using the passive-interface command. RIP Version Basically, the hiD 6615 S323 supports RIP version 1 and 2.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode Receives RIP v1 type packet only from the interface. ip rip receive version 1 ip rip receive version 2 Description Interface Receives RIP v2 type packet only from the interface. Receives both RIP v1 and RIP v2 type packets from ip rip receive version 1 2 the interface. To delete the configuration that receives RIP version packet from the interface, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 Command UMN:CLI Mode Description redistribute {kernel | connected | static | ospf | bgp} redistribute {kernel | connected | static | ospf | bgp } metric <0-16> redistribute {kernel | connected | static | ospf | bgp } route-map Registers transmitted routing information in another Router router’s RIP table.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Command Mode Description Transmits the information to specified interface only. match interface INTERFACE INTERFACE: interface name Transmits the information matched with access-list. match ip address {<1-199> | 1-199: IP access list number <1300-2699> | NAME} 1300-2699: IP access list number (expanded range) NAME: IP access list name match ip address Transmits the information matched with prefix-list.
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.3.7 UMN:CLI Administrative Distance Administrative distance is a measure of the trustworthiness of the source of the routing information. In large scaled network, Administrative distance is the feature that routers use in order to select the best path when there are two or more different routes to the same destination from two different routing protocols. Administrative distance defines the reliability of a routing protocol.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 10.3.9.1 Filtering Access List and Prefix List The hiD 6615 S323 switch is able to permit and deny conditions that you can use to filter inbound or outbound routes by access-list or prefix-list. Use the distribute-list command to apply the access list to routes received from or forwarded to a neighbor. User should configure the route information for a set of deny conditions based on matching each access list or prefix list.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To add the value of routing metrics, use the following command. Command Mode Description Add an offset to incoming or outgoing metrics to routes offset-list ACCESS-LIST {in | out} <0-16> [INTERFACE] learned via RIP. Router ACCESS-LIST: access list name 0-16: type number INTERFACE: interface name Command no offset-list ACCESS-LIST {in | out} <0-16> [INTERFACE] 10.3.10 Mode Router Description Removes an offset list.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 To adjust the timers, use the following command. Command Mode timers basic UPDATE TIMEOUT GARBAGE Adjusts RIP network timers. Router no timers basic UPDATE TIME- Restores the default timers. OUT GARBAGE 10.3.12 Description Split Horizon Normally, routers that are connected to broadcast type IP networks and that use distancevector routing protocols employ the split horizon mechanism to reduce the possibility of routing loops.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI To configure RIP authentication, use the following command. Command Mode Description Enables authentication for RIP v2 packets and to spec- ip rip authentication key-chain ify the set of keys that can be used on an interface. NAME NAME: name of key chain Specifies the authentication mode. Interface ip rip authentication mode {text | text: sends a simple text password to neighbors.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 command. Command Mode recv-buffer size <81962147483647> no recv-buffer size <8196- Sets the UDP Buffer size value for using RIP. Router 8196-2147483647: UDP buffer size value Restore the default value of UDP buffer size. 2147483647> 10.3.16 Description Monitoring and Managing RIP You can display specific router information such as the contents of IP routing tables, and databases.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI 11 System Software Upgrade For the system enhancement and stability, new system software may be released. Using this software, the hiD 6615 S223/323 can be upgraded without any hardware change. You can simply upgrade your system software with the provided upgrade functionality via the CLI. 11.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 ############################################################################## ############################################################################## ############################################################ 13661792 bytes download OK. SWITCH# show flash Flash Information(Bytes) Area total used free -------------------------------------------------------------OS1(default)(running) 16777216 13661822 3115394 3.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Step 2 To enable the MGMT interface to communicate with TFTP server, you need to configure a proper IP address, subnet mask and gateway on the interface. To configure an IP address, use the following command. Command ip A.B.C.D Mode Boot ip Description Configures an IP address. Shows a currently configured IP address. To configure a subnet mask, use the following command. Command netmask A.B.C.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 3 Download the new system software via TFTP using the following command. Command Mode Description Downloads the system software. load {os1 | os2} A.B.C.D FILE- Boot NAME os1 | os2: the area where the system software is stored A.B.C.D: TFTP server address FILENAME: system software file name To verify the system software in the system, use the following command.
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI Step 4 Reboot the system with the new system software using the following command. Command reboot [os1 | os2] Mode Boot Description Reboots the system with specified system software. os1 | os2: the area where the system software is stored If the new system software is a current standby OS, just exit the boot mode, then the interrupted system boot will be continued again with the new system software. To exit the boot mode, use the following command.
UMN:CLI User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 4 Exit the FTP client using the following command. Command Mode FTP exit ! Description Exits the FTP client. To reflect the downloaded system software, the system must restart using the reload command! For more information, see Section 4.1.8.1. The following is an example of upgrading the system software of the hiD 6615 S223/323 using the FTP provided by Microsoft Windows XP in the remote place. Microsoft Windows XP [Version 5.1.
User Manual SURPASS hiD 6615 S223/S323 R1.
UMN:CLI 380 User Manual SURPASS hiD 6615 S223/S323 R1.
User Manual SURPASS hiD 6615 S223/S323 R1.