Академический Документы
Профессиональный Документы
Культура Документы
Version: 2.05.10
ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
Revision History
II
Figures............................................................................................................. I
Tables .............................................................................................................V
Glossary .......................................................................................................VII
III
Chapter Summary
Chapter 3 Usage and Describes the configuration mode, command mode and command
Operation line use of ZXR10 2900EE.
Chapter 4 System
Describes system management.
Management
Chapter 5 Service
Describes service configuration.
Configuration
RS-29EC-4GE-SFP subcards,
24 10/100 BASE-T Ethernet ports RS-29EC-4GE-RJ45 subcards, and
ZXR10 2928E-PS
1 subcard slot RS-29EC-4FE-SFP subcards are
supported.
Switching Capability
The ZXR10 2900E series switches satisfy the layer-2 line-speed switching requirement
on all ports. The data message can be forwarded at wire-speed after being filtered and
processed by flow classification. Ports provide high throughput, low packet discarding rate
and low time delay and jitter, which satisfy the demand of the key application.
1-1
Reliability
The ZXR10 2900E ensures the redundancy backup and fast switch through
STP/RSTP/MSTP. These switches support the 802.3ad LACP function and it supplies
load sharing and link backup. It supports ZESR Ethernet ring network mode to provide
fast protection switching, which ensures that the user service will not be interrupted.
Service Characteristics
Operation characteristics and controls are as follows:
l It provides flexible VLAN classification mode. It can be classified by types of port,
protocol, MAC address and so on.
l It provides VPN on layer-2 which flexibly controls outer layer label and makes
operation and plan convenient.
l It provides user port location technology such as VBAS, DHCP Option82 and PPPoE+.
l It provides L2 multicast technology including IGMP-snooping and proxy function,
fast-leaving characteristic and Multicast-Vlan Switching (MVS) function, which
supports for opening IPTV service.
Security Control
The functions of security control are listed below.
l User level security control is provided.
à IEEE 802.1x implements dynamic and port-based security, which provides the
user ID authentication function.
à It supports MAC/IP/VLAN/PORT combination at random, which prevents illegal
user from accessing the network effectively.
à Port isolation is helpful to make sure that users can not monitor or access to other
users on the same switch.
à It supports GuestVlan and anti-proxy function, which helps the application in the
education network and other complicated networking environment.
à DHCP monitoring prevents spiteful users deceiving the server and sending
spurious address, so it can start IP source protection and create a binding table
for the IP address of the user, MAC address, ports and VLAN to prevent user
deceiving or using IP address of other users.
l Equipment level security is provided.
à CPU security control technology can resist DoS attack from CPU.
à SSH/SNMPv3 protocol supplies network management security.
1-2
QoS Guarantee
Applications of QoS are shown below:
l Standard 802.1p CoS and DSCP field sort can be labeled and sorted again based on
single packet with source and destination IP address, source and destination MAC
address, and TCP/UDP port number.
l It provides queue schedule algorithm: Strict Priority (SP) and combination schedule
(SP+WRR). Of which WRR is the abbreviation of Weighted Round Robin.
l It supports Committed Access Rate (CAR) function. It manages the asynchronous
uplink and downlink data flow from end stage or up link by utilizing input strategy
and output shaping. Input strategy control supplies the bandwidth control with
minimal increment of 8kbps. When network congestion occurs, it still can satisfy the
QoS demands of discarding packets, time delay and time jitter. As a result, queue
congestion can be avoided effectively.
Management Modes
Switch management refers to:
l It supports SNMPv1/v2c/v3 and RMON.
l It supports ZXNM01 uniform network management platform.
l It supports CLI command lines including Console, Telnet and SSH to access the
switch.
l It supports Web network management.
l It supports ZTE Group Manage Protocol (ZGMP) group management.
Functions
ZXR10 2900E series switches use the Store and Forward mode, and supports layer-2
switching at wire-speed. Full wire-speed switching is implemented at all ports.
ZXR10 2900E series switches have the following functions:
l 100Mbps ports support 10/100M self adaption and MDI/MDIX self adaption.
l Gigabit electrical ports support port 10/100/1000M self adaption and MDI/MDIX self
adaption.
l It supports port-based 802.3x flow control (full duplex) and back-pressure flow control
(half duplex).
l It supports Virtual Circuit Tester (VCT) function.
1-3
l It supports VLAN complying with 802.1q. The maximum number of VLANs can be up
to 4094.
l It supports VLAN stacks function (QINQ), and outer label is optional (SQinQ).
l It supports GVRP dynamic VLAN.
l It has the capability of MAC addresses self-learning. The size of the MAC address
table is up to 16K.
l It supports port MAC address binding and addresses filtering.
l It supports MAC address automatic fixed function. The MAC can be recovered when
the device is power off.
l It supports the function of port security and port isolation.
l It supports the STP defined in the 802.1d, RSTP defined in the 802.1w, and MSTP
defined in the 802.1s. MSTP can have up to 4 examples.
l It supports ZESR technology and linkhello/linkdown mechanism.
l It supports LACP port binding defined in 802.3ad and port static binding. At most 15
port groups can be bound and each group contains at most 8 ports.
l It supports 1024 multicast groups, cross-VLAN ICMP snooping and MVS controllable
multicast technology.
l It supports single port loop test.
l It supports 802.1x user authentication.
l It supports VBAS, DHCP-OPTION82 and PPPOE+.
l It supports DHCP-SNOOPING.
l It supports DHCP Client function, which can automatically apply management
interface from DHCP Server.
l It supports the DHCP relay function, which allows an access device to request the
DHCP server for a host address across different network segments.
l It supports DAI dynamic ARP detection technology, which prevents ARP attack.
l It supports broadcast storm suppression.
l It supports port ingress and egress mirror, and flow-based mirror and statistics.
l It supports remote mirroring RSPAN.
l It supports ACL function based on port and VLAN. The ACL rule can be set according
to time segment.
l It supports IETF-DiffServ and IEEE-802.1p standard. All ports support 8 priority
queues. Ingress supports CAR. The queue scheduling supports SP and combination
(SP+WRR) scheduling method. It supports egress shaping and tail-drop.
l Port-based speed control includes input speed limit and output speed limit. Input
speed limit supports flow rate limit of multiple buckets. The minimal granularity is
8Kbps.
l It provides detailed port flow statistics.
l It supports 802.3ah Ethernet OAM.
l It supports SFLOW.
l It supports L2 protocol transparent transmission.
l It supports syslog function.
l It supports the function of NTP client end..
l It supports network management static route configuration.
l It supports ZGMP group manage.
1-4
1-5
1-6
1. Select Start > Programs > Accessories > Communications > HyperTerminal on
the PC screen to start the HyperTerminal, see Figure 2-2.
2-1
2. Enter the related local information in the open dialog box, see Figure 2-3.
After the Connection Description dialog box appears, enter a name and select an
icon for the new connection, see Figure 2-4.
2-2
3. Based on the serial port connected to the console cable, select COM1 or COM2 as
the serial port to be connected, see Figure 2-5.
2-3
4. Enter the properties of the selected serial port, see Figure 2-6. The port property
configuration includes Bits per Second 9600, Data bit 8, Parity None, Stop bit 1 and
Data flow control None.
Power on and boot the switch to initialize the system and enter operational use
configuration.
2-4
Use the command set user {local | radius| tacacs-plus}<name> admin-password <string>
(the length of admin-password does not exceed 16 characters) to set the administrator
password.
Note:
The default username is admin and the password is zhongxing. The default management
password is null.
Suppose the IP address of the layer-3 port is 192.168.3.1 and this address can be pinged
from the local host. Then perform the following remote configuration operations:
1. Run the Telnet command on the host, see Figure 2-7.
3. Enter the username and password to enter the user mode of the switch.
2-5
2-6
Note:
The default username is admin and the password is zhongxing. The administrator
password is empty. If login with administrator account number, administrator password
cannot be empty. Therefore set administrator password first. The default http listening
port is 80.
For the detailed WEB remote login and configuration, refer to the topic of “WEB”.
User Mode
When you log in to the switch through the HyperTerminal,Telne or SSHt, you can enter the
user mode after entering the login username and password. The prompt character in the
user mode is the host name followed by “>” as shown below:
zte>
The default host name is zte. The user can modify the host name by using the command
hostname <name> (the name length cannot exceed 200 characters).
In the user mode, you can use the command exit to exit the switch configuration or use
the command show to view the system configuration and operation information.
Note:
zte>enable
Password:***
zte(cfg)#
2-7
In the global configuration mode, you can configure various functions of the switch. Thus,
use the command set user <name> admin-password [<string>] to set the password for
entering the global configuration mode to prevent the login of unauthorized users.
To return to the user mode from the global configuration mode, use the exit command.
In the SNMP configuration mode, you can set the SNMP and RMON parameters.
To return to the global configuration mode from the SNMP configuration mode, use the
command exit or press <Ctrl+Z>.
In the Layer 3 configuration mode, the user can configure the Layer 3 port, static router,
and ARP entities.
To return to the global configuration mode from the layer-3 configuration mode, use the
command exit or press <Ctrl+Z>.
In the file system configuration mode, you can operate on the switch file system,
including adding file directory, deleting file or directory, modifying file name, displaying
file or directory, changing file directory, uploading/downloading files through TFTP,
uploading/downloading files through FTP, copying files, and formatting Flash.
To return to the global configuration mode from the file system configuration mode, use
the command exit or press <Ctrl+Z>.
2-8
zte(cfg-nas)#
In the NAS configuration mode, the user can configure the switch access service, including
the user access authentication and management.
To return to the global configuration mode from the NAS configuration mode, use the
command exit or press <Ctrl+Z>.
In the cluster management configuration mode, you can configure the switch cluster
management service.
To return to the global configuration mode from the cluster management configuration
mode, use the command exit or press <Ctrl+Z>.
In the basic ingress ACL configuration mode, you can add, delete and move the rules of
basic ingress ACL with specific ACL number .
To return to the global configuration mode from basic ingress ACL configuration mode, use
the command exit or press <Ctrl+Z>.
In the extended ingress ACL configuration mode, you can add, delete and move the rules
of extended ingress ACL with specific ACL number.
To return to the global configuration mode from extended ingress ACL configuration mode,
use the command exit or press <Ctrl+Z>.
2-9
In the layer-2 ingress ACL configuration mode, you can add, delete and move the rules of
layer-2 ingress ACL with specific ACL number.
To return to the global configuration mode from layer-2 ingress ACL configuration mode,
use the command exit or press <Ctrl+Z>.
In the hybrid ingress ACL configuration mode, you can add, delete and move the rules of
hybrid ingress ACL with specific ACL number.
To return to the global configuration mode from hybrid ingress ACL configuration mode,
use the command exit or press <Ctrl+Z>.
In the global ingress ACL configuration mode, you can add, delete and move the rules of
global ingress ACL with specific ACL number.
To return to the global configuration mode from global ingress ACL configuration mode,
use the command exit or press <Ctrl+Z>.
In the basic egress ACL configuration mode, you can add, delete and move the rules of
basic egress ACL with specific ACL number .
To return to the global configuration mode from basic egress ACL configuration mode, use
the command exit or press <Ctrl+Z>.
2-10
In the extended egress ACL configuration mode, you can add, delete and move the rules
of extended egress ACL with specific ACL number.
To return to the global configuration mode from extended egress ACL configuration mode,
use the command exit or press <Ctrl+Z>.
In the layer-2 egress ACL configuration mode, you can add, delete and move the rules of
layer-2 egress ACL with specific ACL number.
To return to the global configuration mode from layer-2 egress ACL configuration mode,
use the command exit or press <Ctrl+Z>.
In the hybrid egress ACL configuration mode, you can add, delete and move the rules of
hybrid egress ACL with specific ACL numbers.
To return to the global configuration mode from hybrid egress ACL configuration mode,
use the command exit or press <Ctrl+Z>.
2-11
Parameter Description
<A.B.C.D/M> IP address and mask bit, It must be the integer from 1 to 32,
such as 10.40.47.254/24
2-12
zte>?
enable enable configure mode
exit exit from user mode
help description of the interactive help system
show show config information
list print command list
zte>
2. Enter a question mark behind a character or string, commands or a list of keywords
starting with the character or string can be displayed. Note that there is no space
between the character (string) and the question mark. For example:
zte(cfg)#c?
cfm clear config cpu-threshold createconfig clear create
zte(cfg)#c
3. Enter a question mark behind a command, a keyword or a parameter, the next keyword
or parameter to be input will be listed, and also a brief explanation will be given. Note
that a space must be entered before the question mark. For example:
zte(cfg)#config ?
egress-acl enter egress acl config mode
group enter group management config mode
ingress-acl enter ingress acl config mode
mac-based-vlan enter mac-based vlan config mode
nas enter nas config mode
router enter router config mode
snmp enter SNMP config mode
tffs enter file system config mode
4. If you enter a wrong command, keyword, or parameter and press Enter, the message
“Command not found” will be displayed on the interface. For example:
zte(cfg)#conf ter
% Command not found (0x40000034)
In the following example, the online help is used to help create a username.
zte(cfg)#cre?
zte(cfg)#create ?
acl create descriptive name for acl
cfm create CFM information
port create descriptive name for port
protocol-protect create a rule for protocol protect
user create a user
vlan create descriptive name for vlan
zte(cfg)#create user
% Parameter not enough (0x4000003f)
zte(cfg)#create user ?
<string>
user name(maxsize:15)
zte(cfg)#create user houyx ?
2-13
Command Abbreviations
In ZXR10 2900E, a command or keyword can be shortened into a character or string that
uniquely identifies this command or keyword. For example, the command exit can be
shortened as ex, and the command show port shortened as sh por.
Historical Commands
The user interface supports the function of recording entered commands. A maximum of
20 historical commands can be recorded. The function is very useful in re-invoking of a
long or complicated command.
To re-invoke a command from the record buffer, do one of the following.
Command Function
Functional Keys
The ZXR10 2900E provides a lot of functional keys for the user interface to facilitate user
operations. Table 2-2 lists the functional keys.
<Ctrl+P> or <↑> Recovers the last command (Roll back in the historical
records of commands).
<Ctrl+N> or <↑> Recovers the next command (Roll forward in the historical
records of commands).
<Ctrl+B> or <←> Moves left in the command line currently indicated by the
prompt.
<Ctrl+F> or <→> Moves right in the command line where the prompt is
currently located.
2-14
If the command output exceeds one page, the output is split into several pages
automatically and the prompt “—– more —– Press Q or <Ctrl+C> to break —–” appears
at the bottom of the current page. You can press any key to turn pages or press Q or
<Ctrl+C> to stop the output.
2-15
2-16
Directory Operation
The directory can be created and deleted. The current working directory, the file of the
specified directory can be viewed.
Configure directory operation at global mode.
Ste-
Command Function
p
3-1
Use the remove <file-name> command to delete a specified directory. The img, cfg, and
data directories created by default and all non-empty directories cannot be deleted.
File Operation
The file system can delete a specified file, rename a file name, copy a file and view file
information.
File operation is configured in global configuration mode.
Ste-
Command Function
p
Ste-
Command Function
p
3-2
Ste-
Command Function
p
Formatting Flash
Caution!
After the flash is formatted, all system software and configurations will be cleared.
Ste-
Command Function
p
Steps
1. Run the tftpd software at the back-end host. The interface is shown in Figure 3-1.
3-3
2. Click Tftpd > Configure, in the dialog box that appears, click Browse and select the
directory with the version file or configuration file, for example, D:\IMG.
3. Click the second Browse to select the log file name, click OK to complete the
configuration, see Figure 3-2.
After the TFTP configuration is completed, perform the TFTP operations on the switch.
For details, see the later sections.
– End of Steps –
3-4
Steps
1. Run the FileZilla Server software on the back-end host and perform the operation as
shown in Figure 3-3. The FileZilla Server window is displayed, see Figure 3-4.
2. Click Edit > Uers and create a user name and password by referring to Figure 3-5.
3-5
3. Select Shared folders in the left pane and set a primary directory for the new user,
see Figure 3-6.
After that, you can perform FTP application operations on the switch. The scenarios
for FTP and TFTP are the same, including the configuration import and export and
automatic software download. For details, refer to the following sections.
– End of Steps –
3-6
Note:
The switch provides the configuration information import/export function, which makes it
easy to configure and manage the switch.
Note:
The files mentioned here refer to the configuration file and version file in the FLASH
memory.
3-7
To prevent damage to the configuration data, back up the configuration data by using the
command tftp.
The following command can be used to back up a configuration file in the FLASH memory
to the back-end TFTP Server:
zte(cfg-tffs)#cd cfg
zte(cfg-tffs)#tftp 192.168.1.102 upload startrun.dat
zte(cfg-tffs)#cd ..
Note:
The automatic software version download function is used for an undeployed device.
When the switch is powered on for the first time, the system identifies that the automatic
download flag is set (default configuration upon shipment from factory) in the NVRAM and
no configuration file exists, so the system triggers automatic download.
The system obtains the version file name and (or) the configuration file name by interacting
with a DHCP server. It downloads the files by interacting with a TFTP server. If the
3-8
download succeeds (even if one file is downloaded successfully), the automatic download
flag in the NVRAM is cleared and the switch is restarted.
For the relation between the files transferred by the DHCP server and the triggered
download operations, refer to the table below:
zImage Yes No
config.dat No Yes
startrun.dat No Yes
*.dat No Yes
*.dat, wherein, “*” is a wild card indicating a device type. This means the configuration file
automatically adapts in accordance with the device type.
The name of the file to be downloaded is a character string configured on the DHCP server,
and it cannot be modified locally.
By executing the show dhcp command, you can see the configuration file to be downloaded
to the current device, for example, the ZXR10_2928E.dat file downloaded from the TFTP
server to the ZXR10 2928E device.
The following table lists the complete adaption relation:
zte(cfg)#show dhcp
DHCP download flag is disabled, config file is found.
DHCP download will not startup, when system reboot.
DHCP config file(option-67) *.dat will be translated to ZXR10_2928E.dat.
DHCP snooping-and-option82 is disabled.
DHCP client is enabled.
DHCP client broadcast-flag is enabled.
3-9
The network architecture is shown in Figure 3-7. Set the TFTP server address and version
file name on the DHCP server. For example, set the TFTP server address to 10.40.89.78,
and set the file name to *.dat@zImage. After powered on, the system downloads ZXR10
2918E.dat (assume that the device type is ZXR10 2918E) and zImage from the TFTP
server. After downloading the file successfully, the system is restarted.
Note:
The function of automatic saving of a configuration file helps you to upload switch
configurations to the back end.
The uploaded configuration files include startrun.dat and toPmac.dat. When the
time set by period is counted down to 0, the switch uploads the startrun.dat file to the
TFTP server at a local time between 00:00 and 00:01, and uploads the toPmac.dat file
one minute later. The automatically uploaded files are stored in the flash sub folder in
theupload/download directory configured by the TFTP server. The names of the files
respectively are startrun mm_dd_yy.dat and toPmac mm_dd_yy.dat, where “mm”,
“dd”, and “yy” indicate the date on which the upload occurs.
3-10
The network is shown in Figure 3-8. Before configuring the following commands, make
sure that the switch can ping the server successfully. Assume that the TFTP server
address is 10.40.89.78, and the configuration is save to the server once per 10 days. The
configuration commands are as follows:
zte(cfg)#set auto-saveconfig serverip 10.40.89.78
zte(cfg)#set auto-saveconfig period 10
zte(cfg)#set auto-saveconfig enable
Caution!
The enable command should be configured after the server IP is configured. If the server IP
is not configured, the system displays a prompt. The automatic uploading function cannot
be enabled successfully. If a communication exception occurrs between the switch and
the server when the uploading function is triggered last time, the configuration files cannot
be uploaded successfully this time. The system uploads the configuration files when the
next triggering time comes.
Note:
Normally, version upgrade is needed only when the original version does not support some
functions or the equipment operate abnormally due to some special causes. Improper
version upgrade operations may result in upgrade failure and startup failure of the system.
Therefore, before version upgrade, get familiar with the principles and operations of the
ZXR10 2900E and master the upgrade procedure.
3-11
Version upgrade operations performed in proper and improper switch systems are
different.
3-12
zte(cfg-tffs)#cd ..
6. Use the command tftp to upgrade the version. The following shows how to download
the version file from the TFTP server to the FLASH memory:
zte(cfg-tffs)#cd img
zte(cfg-tffs)#tftp 10.40.89.78 download zImage
.................................................
.................................................
.................................................
7,384,016 bytes downloaded
zte(cfg-tffs)#ls
zte(cfg-tffs)#ls
/img/
. <DIR>
.. <DIR>
zImage 7,536,884 bytes
240,568,768 bytes free
7. Restart the switch. After successful startup, check the version under running and
confirm whether the upgrading is successful.
3-13
[ZXR10 Boot]
3. Enter c in the ZX10 Boot status and press Enter to enter the parameter modification
status. Set the IP addresses of the Ethernet port and the TFTP server. The two
addresses are set to be in the same network segment.
[ZXR10 Boot]: c
boot location [0:Net,1:Flash] :
0/*start by tftp or flash */
actport : 1
/*select the panel port that tftp enables*/
serverip : 10.40.89.78
/*ftp/tftp server address*/
netmask : 255.255.255.0
/*subnet mask*/
ipaddr : 10.40.89.79
/*local interface address*/
bootfile : /img/zImage
/*version file location*/
username : ZXR10
/*the username when the file is downloaded by ftp*/
password : ZXR10
/*the password when the file is downloaded by ftp */
MAC : 00:d0:d0:30:20:10
/*Switch MAC address*/
4. Set the IP address of the back-end host to be the same as that of the above TFTP
server.
5. Start the TFTP server software on the back-end server and configure the TFTP by
referring to the TFTP configuration.
6. In the ZX10 Boot status, enter zte, enter the BootManager status of the switch. Enter
? to display the command list for this state.
[ZXR10 Boot]:zte
[bootManager]: ?
? - alias for 'help'
cd - change current path
exit - exit from bootManager mode
format - format flash
ftp - get/put file from/to FTP server
help - print online help
l - load zImage
ls - list files in current directory
mv - change [source] name to [destination] name
reboot - perform REBOOT of the CPU
rm - remove file
setBOOTpassword - set password for BOOT mode
setPtype- set packaged type
show - show board information
3-14
Command Function
3-15
Command Function
zte(cfg)#set auto-saveconfig serverip <A.B.C.D> Sets the IP address of the TFTP server
to which the system automatically
uploads the configuration file.
show auto-saveconfig (all configuration mode) Displays the status of the automatic
upload function.
3-16
4-1
TACACS+ Configuration.........................................................................................4-133
Time Range Configuration......................................................................................4-135
Voice VLAN Configuration ......................................................................................4-136
802.1AG Configuration ...........................................................................................4-138
Y.1731 Configuration ..............................................................................................4-144
MAC-based VLAN Command Configuration ...........................................................4-149
DHCP Relay Configuration .....................................................................................4-150
Command Function
exit (All configuration mode) Returns to the original command line mode.
list (all configuration modes) Lists all valid configuration commands in current mode.
zte(cfg)#set date <yyyy-mm-dd> time <hh:mm:ss> Sets switch date and time.
zte(cfg)#set date summer-time {one-year Sets the time period when the daylight saving time is used.
| repeating}{date <yyyy-mm-dd><hh:m
m:ss><yyyy-mm-dd><hh:mm:ss>| week
<week><day><month><year><hh:mm:ss><wee
k><day><month><year><hh:mm:ss>}[<60-1440>]
4-2
Command Function
zte(cfg)#set user radius purview {admin | guest} Sets a RADIUS authentication user login authority.
zte(cfg)#set user radius admin-password [<string>] Sets a RADIUS user management password.
zte(cfg)#set user tacacs-plus purview {admin | Sets login permissions of TACACS+ authentication users
guest}
zte(cfg)#set user tacacs-plus admin-password Sets the TACACS user management password.
[<string>]
zte(cfg)#set user multi-user {enable | disable} Sets the multi-user login function.
4-3
Command Function
zte(cfg)#set bootpassword to <string> Sets the password for logging in to boot mode
zte(cfg)#set bootpassword clear Deletes the password for logging in to boot mode
zte(cfg)#set fan mode {auto | manual} Sets the fan operating mode.
zte(cfg)#readconfig <filename> Reads the local file on the device as the configuration.
zte(cfg)#set temperature-alarm <0-100> Sets the threshold for over temperature alarms on the switch.
zte(cfg)#terminal monitor module {all| Allows/forbids printing real-time alarm logs of a module for
arp-inspection|dhcp|radius|AAA }{ off | on } the terminal.
list include <string> (all configuration modes) Displays the commands including a specific string.
show reset-time (all configuration modes) Displays switch Console automatic logout time configuration.
show line-vty (all configuration modes) Displays Telnet user login timeout time configuration.
show terminal (all configuration modes) Displays terminal log configuration information.
show terminal log (all configuration modes) Displays the terminal log information in RAM.
show date-time (all configuration modes) Displays the current date and time.
show cpu (all configuration modes) Displays CPU usage at the duration of 5 s, 30 s and 2 m.
4-4
Command Function
show memory (all configuration modes) Displays the current RAM use.
show bootpassword(all configuration modes) Displays the password for logging in to boot mode
Configuring a Port
The port configuration includes the following commands:
Command Function
zte(cfg)#set port <portlist> duplex {full | half | auto} Sets the working mode of port to full duplex or half duplex.
zte(cfg)#set port <portlist> flowcontrol {enable | disable} Enables or disables port flow control function.
4-5
Command Function
zte(cfg)#set jumbo port <portlist>{enable | disable } Enables or disables the port jumbo function.
zte(cfg)#set port statistics mode {ingress | egress | both} Sets packet statistics mode.
zte(cfg)#clear port <portlist>{name | statistics | Clears the port name, port statistics data, port description,
description| multicast-filter} and the multicast filter flag.
show port [<portlist>] (all configuration modes) Displays port configuration and status information.
show port <portlist> statistics (all configuration modes) Displays the statistics of the current port.
show port <portlist> utilization (all configuration modes) Displays port bandwidth utilization.
show port <portlist> brief (all configuration modes) Displays port brief.
show port <portlist> vlan (all configuration modes) Displays the location of VLAN.
show jumbo (all configuration modes) Displays the jumbo configuration of all ports.
show jumbo [<portlist>] (all configuration modes) Displays port jumbo configuration information.
show vct port <portid> (all configuration modes) Displays port virtual line detection result.
zte(cfg)#set port <portlist> protect {enable | disable } Enables or disables the port protection function.
zte(cfg)#set port <portlist> protect time <1-10> Sets the port protection period in port protection status.
4-6
BASE-T and 100 BASE-TX. In the case that the current Ethernet Cat.5 cabling basic
structure is not changed, PoE can provide DC power supply for the device based on IP
(such as IP phone, wireless local network AP and network camera) when it data signals
are transmitted. PoE technology can reduce the cost mostly when the current structural
cabling security is ensured. Figure 4-1 shows the typical PoE application.
4-7
3. Sets port power supply priority. System provides three types of priorities for each
port. When the total power of all ports exceeds the device maximum output power,
the device will decide which devices are given power supply according to port
power supply priority. The port with high power supply priority will provide power
in advance. The port with lowest priority will stop power supply. If the two ports
have the same power supply priority, the priority of port will be decided by its port
number, the less the port number, the higher the priority and provide power in
advance.
4. Provides the monitoring function for fan.
5. Provides various alarm informations and abnormal monitors and alarm report
mechanisms such as Terminal log, SNMP Trap and Syslog.
Configuring PoE
The PoE configuration includes the following commands:
Command Function
zte(cfg)#set poe port <portlist>{enable | disable} Enables or disables the port function.
zte(cfg)#set poe port <portlist> pd-max-power {15.4 | 4.0 | 7.0 | ext.18 Sets the maximum power supply of the
| ext.27 | ext.30} port.
zte(cfg)#set poe port <portlist> priority {critical | high | low} Sets the port power supply priority.
zte(cfg)#set poe port <port list> enable time-range <word> Enables the port PoE.
show poe device (all configuration modes) Displays the PoE status of the device.
show poe status [port <portlist>] (all configuration modes) Displays the PoE status of the port.
show poe config [port <portlist>] (all configuration modes) Displays PoE configuration information.
Configure power supply device of PS type. The type that supports power supply
includes ZXR10 2910E-PS,ZXR10 2918E-PS and ZXR10 2928E-PS . Take ZXR10
2918E-PS as an example, provide 15.4 W power supply complying with AF standard
for 16 ports. Each PD is about 13 W.
l Configuration Procedure
zte(cfg)#set poe port 1-16 pd-max-power 15.4
4-8
From the results, we can see that the DUT device provides a power supply for PD
stably.
4-9
ZXR10 2900E adds the RSPAN function, that is, when the packet is sent from the
destination, the specified tag such as priority or vid can be added, which provides support
for remote mirroring.
Note:
By default, switches do not have mirroring ports or monitoring ports. The correct data
packets received by ingress mirroring port are mirrored onto the monitoring ports, but data
packets directly discarded on the ingress port (for example, because of CRC errors) are
not mirrored.
Command Function
zte(cfg)#set mirror session <1-3> add source-port <portlist>{ingress | Adds an egress or ingress mirroring
egress} source port according to session.
zte(cfg)#set mirror session <1-3> add dest-port <1-28>{ingress | egress| Adds an egress or ingress mirroring
rspan} destination port according to session.
zte(cfg)#set mirror session <1-3> delete source-port <portlist>{ingress Deletes an egress or ingress monitoring
| egress} port according to session.
zte(cfg)#set mirror session <1-3> delete dest-port <1-28>{ingress | egress| Deletes an egress or ingress monitoring
rspan} (destination) port according to session.
zte(cfg)#set mirror rspan-tag vlan-id <1-4094> priority <0-7>{ingress Sets RSPAN tag format including
| egress} VLAN-ID and priority.
4-10
This instance describes how to configure port mirroring on a switch and port 2 can
monitor the packets on port 1, see Figure 4-2.
l Configuration Procedure
1. The following example describes how to set port mirroring in ingress direction.
zte(cfg)#set mirror session 1 add source-port 1 ingress
zte(cfg)#set mirror session 1 add dest-port 2 ingress
zte(cfg)#set mirror statistical sample-interval 100 ingress
/*set the port sample-interval of mirror statistic*/
zte(cfg)#set mirror rspan-tag vlan-id 100 priority 7 ingress
/*set VLAN tag added after port mirroring*/
2. The following example describes how to set port mirroring in egress direction.
zte(cfg)#set mirror add source-port 1 egress
zte(cfg)#set mirror add dest-port 2 egress
zte(cfg)#set mirror statistical sample-interval 100 egress
/*set the port sample-interval of mirror statistic*/
zte(cfg)#set mirror rspan-tag vlan-id 100 priority 7 engress
/*set VLAN tag added after port mirroring*/
l Configuration Verification
Check port mirroring configuration
zte(cfg)#show mirror session 1
Session 1:
Ingress mirror information:
---------------------------
Source port : 1
Destination port: 2
Egress mirror information:
---------------------------
Source port : 1
Destination port: 2
zte(cfg)#show mirror rspan
Ingress Rspan VLAN tag: priority 7, vlan 100
Egress Rspan VLAN tag: priority 7, vlan 100
zte(cfg)#show mirror statistical
Ingress statistical mirror: sample-interval 100
Egress statistical mirror: sample-interval 100
4-11
Configuring a VLAN
The VLAN configuration includes the following commands:
Command Function
zte(cfg)#set vlan <vlanlist> delete port <portlist> Deletes the port from VLAN.
zte(cfg)#set vlan <vlanlist> delete trunk <trunklist> Deletes a trunk from VLAN.
zte(cfg)#set port <portlist> vlan-attribute <vlanlist>{tag | untag} Adds ports into VLAN one by one.
4-12
Command Function
show vlan [<vlanlist>] (all configuration modes) Displays the basic VLAN information.
Note:
By default, VLAN1 is enabled, all ports are in VLAN1 and in untag mode.
l Configuration Procedure
zte(cfg)#set vlan 100 add port 1, 2 untag
zte(cfg)#set vlan 100 add port 7, 8 tag
zte(cfg)#set port 1, 2 pvid 100
zte(cfg)#set vlan 100 enable
l Configuration Verification
zte(cfg)#show vlan 100
VlanId : 100 VlanStatus: enabled
VlanName:
VlanMode: Static
Tagged ports : 7-8
Untagged ports: 1-2
Forbidden ports:
4-13
l Configuration Procedure
1. Configuration of switch A
zte(cfg)#set vlan 2 add port 16 tag
zte(cfg)#set vlan 2 add port 1 untag
zte(cfg)#set vlan 3 add port 16 tag
zte(cfg)#set vlan 3 add port 3 untag
zte(cfg)#set port 1 pvid 2
zte(cfg)#set port 3 pvid 3
zte(cfg)#set vlan 2-3 enable
2. Configuration of switch B
zte(cfg)#set vlan 2 add port 16 tag
zte(cfg)#set vlan 2 add port 2 untag
zte(cfg)#set vlan 3 add port 16 tag
zte(cfg)#set vlan 3 add port 4 untag
zte(cfg)#set port 2 pvid 2
zte(cfg)#set port 4 pvid 3
zte(cfg)#set vlan 2-3 enable
l MAC addition/deletion: users can manually add static and fixed MACs and delete
dynamic, static and fixed MAC table entry through command line.
l MAC table aging time refers to the period from the latest update of dynamic MAC
address in the FDB table to the deletion of this address.
4-14
l MAC filtering function: When the switch receives the packets with specified source
address or destination address, it drops them according to source MAC address and
destination MAC address.
l MAC address learning control means MAC learning can provide three types of learn-
ing modes including hardware wire-speed learning, CPU controlled learning and non
learning to satisfy various user requirements. In addition, MAC learning can provide
global, port-based, TRUNK-based and VLAN-based independent switches.
l MAC learning number limit can configure the maximum learning MAC address number
based on global, port, TRUNK and VLAN. When the value is reached, the new MAC
cannot be learnt.
l MAC alarm control can configure the output of the common alarm information of MAC
function, for example, the MAC learning number limit is exceeded and address drift.
l MAC address fixed function can transform the dynamic MAC entry to static or fixed
MAC entry in batch. After transformation, static entry cannot drift. When the device
is rebooted, MAC fixed entry can recover and cannot disappear.
l MAC information display means the current MAC function configuration and state
information can be checked.
Note:
The MAC address of Ethernet NIC is a group of 48–bit number. The 48 bits include two
parts. The previous 24 bits are used to represent the manufacturer indicating Ethernet
NIC. The following 24 bits are a group of sequence numbers designated by manufacturer
and named as OUI (Organizationally Unique Identifier). The lowest bit ( the most left bit in
the structure) is named as private or group bit. If this bit is set to 0, the rest address is a
private address. If 1, it means the remaining address domain identifies the group address
requiring more resolution. If the whole OUI is set to 1, each site of the whole network is
destination. That is the special engagement supported by OUI.
Command Function
zte(cfg)#set mac add static <HH.HH.HH.HH.HH.HH> port <1-28> Adds an MAC static entry based on port and
vlan <1-4094> VLAN.
4-15
Command Function
zte(cfg)#set mac add static <HH.HH.HH.HH.HH.HH> trunk Adds an MAC static entry based on trunk and
<1-15> vlan <1-4094> VLAN.
zte(cfg)#set mac add permanent <HH.HH.HH.HH.HH.HH> port Adds the MAC permanent entry based on port
<1-28> vlan <1-4094> and VLAN.
zte(cfg)#set mac add permanent <HH.HH.HH.HH.HH.HH> trunk Adds the MAC permanent entry based on trunk
<1-15> vlan <1-4094> and VLAN.
zte(cfg)#set mac delete {port <1-28>| trunk <1-15>| vlan Deletes all dynamic/static/permanent MAC
<1-4094>}[dynamic | static | permanent] address entries based on port/trunk/VLAN.
zte(cfg)#set mac delete dynamic Deletes all dynamic MAC address entities.
zte(cfg)#set mac delete permanent Deletes all permanent MAC address entities.
zte(cfg)#set mac delete static Deletes all static MAC address entities.
zte(cfg)#set mac aging-time <60-600> Sets device MAC address aging time.
zte(cfg)#set mac filter {source | destination | both}<HH.HH.HH.HH Sets the source MAC address or destination
.HH.HH> vlan <1-4094> MAC address filter function.
zte(cfg)#set mac learning {global | port <1-28>| trunk <1-15>| vlan Sets MAC address learning mode based on
<1-4094>}{enable | disable | mode {automatic | cpu-controlled}} global/port/trunk/VLAN.
zte(cfg)#set mac limit {global | port <1-28>| trunk <1-15>| vlan Sets the MAC address number limit function
<1-4094>} limit-num <0-16384> based on global/port/trunk/VLAN.
zte(cfg)#set mac unknown-filter {global | port <1-28>| trunk Sets the function of filtering unknown source
<1-15>} limit-num <0-16384> packets based on global/port/trunk.
zte(cfg)#set mac to permanent {port <1-28>| trunk <1-15>}{enable Sets the function of batch converting MAC
| disable | max-number <1-128>} addresses as permanent.
zte(cfg)#set mac to static {port <1-28>| trunk <1-15>| vlan Sets the function of converting MAC address to
<1-4094>}{enable | disable} static ones in batch.
zte(cfg)#set mac logging-alarm {station-move | threshold-state}{en Enables or disables the MAC event alarm
able | disable} function.
zte(cfg)#set mac logging-alarm interval <1-900> Sets the MAC event alarm output interval.
show mac (all configuration modes) Displays MAC address entry content.
show mac running-config (all configuration modes) Displays MAC configuration information.
show mac all-type {port <1-28>| trunk <1-15>| vlan <1-4094>} Displays MAC address entry content based on
(all configuration modes) port/trunk/VLAN.
4-16
Command Function
show mac mac-address <HH.HH.HH.HH.HH.HH> (all configuration Displays the MAC address entry content of a
modes) specified MAC address.
show mac unknown-filter [port <1-28>| trunk <1-15>] (all Displays the filter function of the packet with the
configuration modes) unknown source based on global/port/trunk.
show mac aging-time (all configuration modes) Displays device MAC address aging time.
show mac logging-alarm (all configuration modes) Displays MAC event alarm configuration.
zte(cfg)#set mac learning except session <1-100>{clear Sets the function of not learning specified MAC
|mac-address <HH.HH.HH.HH.HH.HH.HH> mac-mask addresses
<HH.HH.HH.HH.HH.HH.HH>[vlan <1-4094>]}
zte(cfg)#set mac learning except {port <portlist>| trunk Debinds ports/trunks and all sessions.
<trunklist>}session unbind
zte(cfg)#set mac learning except {port <portlist>| trunk Sets the binding relation between ports/trunks
<trunklist>}session <1-100>{bind|unbind} and all sessions.
4-17
The ZXR10 2900E supports up to 15 aggregation groups. In each aggregation group, the
number of aggregated links does not exceed eight. Aggregated links must have the same
transmission media type and transmission rate.
Configuring LACP
The LACP configuration includes the following commands:
Command Function
zte(cfg)#set trunk <trunklist> pvid <1-4094> Sets the default trunk VID.
zte(cfg)#set lacp load-balance {port | packet {L2 | L3 | L4}} Sets LACP load balance mode.
4-18
Command Function
zte(cfg)#clear trunk <trunklist>{ multicast-filter} Clears the flag of the port multicast filter.
l Configuration Procedure
1. The detailed configuration of switch A is as follows:
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 3 add port 15-16
zte(cfg)#set lacp aggregator 3 mode dynamic
zte(cfg)#set lacp load-balance packet L2
zte(cfg)#set vlan 2 add trunk 3 tag
zte(cfg)#set vlan 2 add port 1 untag
zte(cfg)#set vlan 3 add trunk 3 tag
zte(cfg)#set vlan 3 add port 3 untag
zte(cfg)#set port 1 pvid 2
zte(cfg)#set port 3 pvid 3
zte(cfg)#set vlan 2-3 enable
4-19
l Configuration Verification
The results of implementing the following command on the two switches are similar.
zte(cfg)#show lacp
Lacp is enabled.
Lacp priority is 32768.
Load-balance is based on L4 hash mode.
PortNum GroupNum GroupMode LacpTime LacpActive
----------- ----------- ----------- ----------- -----------
15 3 Dynamic Long True
16 3 Dynamic Long True
zte(cfg)#show lacp aggregator 3
Group 3
Actor Partner
---------------------------- ----------------------------
Priority : 32768 32768
Mac : 00.d0.d0.fa.29.20 00.d0.d0.fc.88.63
Key : 258 258
Ports : 16, 15 16, 15
The above displayed result proves that the link aggregation is successful. If it is not
successful, the result is shown as follows after executing the show lacp aggregator 3
command.
zte(cfg)#show lacp aggregator 3
% Group 3 is not active!
Generally, the problem of the physical link causes the result. Check the physical link
status.
4-20
table, instead of all ports. This restricts the wide spread of multicast messages in the LAN
switch, reduces the waste of network bandwidth, and improves the utilization rate of the
switch.
Command Function
zte(cfg)#set igmp snooping vlan <1-4094>{add | delete} group Adds or deletes static multicast group
<A.B.C.D>[port <portlist>| trunk <trunklist>] based on VLAN.
zte(cfg)#set igmp snooping vlan <1-4094>{add | delete} smr {port <portlist>| Adds or deletes routing port or trunk on
trunk <trunklist>} the specified VLAN.
zte(cfg)#set igmp snooping response-interval <10-250> Sets the snooping response interval.
zte(cfg)#set igmp snooping fastleave {enable | disable} Enables or disables fast leave function.
4-21
Command Function
show igmp snooping vlan [<1-4094>[host | route]] (global configuration Displays the configuration of IGMP
modes) snooping result.
show igmp snooping v3 {port <1-28>| trunk <1-15>} (global configuration Displays the v3 multicast snooping
modes) results of the port or trunk.
show igmp filter (global configuration modes) Displays the configuration of IGMP filter.
zte(cfg)#set igmp filter {add | delete} grouplist <A.B.C.D.> mask Adds/removes the group list filter
<A.B.C.D.> vlan <vlanlist> to/from a specified VLAN.
zte(cfg)#set igmp snooping multicast-ring {add | delete} cascade port Adds or deletes cascaded ports in a
<portlist> multicast ring network.
4-22
l Configuration Procedure
zte(cfg)#set vlan 200 add port 1, 3, 5, 10 untag
zte(cfg)#set port 1, 3, 5, 10 pvid 200
zte(cfg)#set vlan 200 enable
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 200
zte(cfg)#set igmp snooping vlan 200 add smr port 10
zte(cfg)#set igmp filter enable
zte(cfg)#set igmp filter add groupip 230.44.45.167 vlan 200
l Configuration Verification
4-23
Command Function
zte(cfg)#set mld snooping vlan <1-4094> add group <ipv6-address> port Adds a static group to a specific VLAN
<portlist> and adds a port to the static group.
zte(cfg)#set mld snooping vlan <1-4094> delete group <ipv6-address>[port Clears static groups in a specific VLAN
<portlist>] and clears the ports in the static groups.
zte(cfg)#set mld snooping vlan <1-4094>{add | delete} mrouter port Adds or clears a routing ports in a
<port-id> specific VLAN.
4-24
Command Function
zte(cfg)#set mld snooping query version {v1 | v2} Sets the MLD version of query packets.
zte(cfg)#set mld snooping query {enable | disable} Enables or disables the query function.
zte(cfg)#set mld snooping robustness <1-7> Sets the MLD robustness value.
show mld snooping mr-port-info (all configuration modes) Displays MLD router port information.
4-25
l Configuration Procedure
zte(cfg)#set vlan 200 add port 1, 3, 5, 10 untag
zte(cfg)#set port 1, 3, 5, 10 pvid 200
zte(cfg)#set vlan 200 enable
zte(cfg)#set mld snooping enable
zte(cfg)#set mld snooping add vlan 200
zte(cfg)#set mld snooping vlan 200 add smr port 10
l Configuration Verification
Display the snooping result:
zte(cfg)#show mld snooping vlan 200
MLD Snooping : enable
Querier : disable
Working Mode : proxy
Max Group Number : 256
Total Group Number : 2
Exist Host Group Number : 2
Index Vlan Group ID Prejoin LiveTime Ports
----- ---- -------------- ------- ---------- --------
1 200 ff1e::11 0 0:00:00:14 D:1,3, 5
2 200 ff1e::22 0 0:00:00:09 D:1,3,
Configuring IPTV
The IPTV configuration mainly includes the following contents:
l Configure channel attribute
l Configure package attribute
l Configure preview related attribute
l Configure CDR related attribute
l Configure port related attribute
The IPTV configuration includes the following commands:
4-26
Command Function
zte(cfg-nas)#iptv channel {name <channel-name>| id-list < channel-list>} Enables or disables channel log
cdr {enable | disable} function.
zte(cfg-nas)#iptv channel {name <channel-name>| id-list Specifies the preview configuration file
<channel-list>}{viewfile-name <viewfile-name>| viewfile-id <0-1023>} of the channel.
zte(cfg-nas)#iptv cdr report-interval <1-65535> Sets the time interval for CDR report.
4-27
Command Function
zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] channel {name Allocates the visit authority of the
<channel-name>| id-list <channel-list>}{deny | order | preview | query} channel for user.
zte(cfg-nas)#clear iptv port <portlist>[vlan <1-4094>] package {name Deletes the package allocated for
<package-name>| id-llist <package-idlist>} users.
show iptv control (all configuration modes) Displays IPTV global configuration.
4-28
Command Function
show iptv view-profile [name <viewfile-name>| id <0-1023>](all Displays preview configuration file
configuration modes) information.
zte(cfg-nas)#iptv channel-group name <channel-group-name> rename Modify the channel group name.
<new-name>
zte(cfg-nas)#iptv channel-group {name <channel-group-name>| id-list < Enable/disable the channel group log
channel-group-list>} cdr {enable | disable} function.
zte(cfg-nas)#iptv channel-group {name <channel-group-name>| id-list Specifies the preview configuration file
<channel-group-list>}{viewfile-name <viewfile-name>| viewfile-id for the channel group.
<0-1023>}
zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] channel-group {name Allocates an access permission to the
<channel-group-name>| id-list <channel-group-list>}{deny | order | preview channel group for users.
| query}
4-29
l Configuration Procedure
1. Configure VLAN
zte(cfg)#set vlan 100 add port 1
zte(cfg)#set vlan 4000 add port 1, 4
zte(cfg)#set vlan 100, 4000 enable
zte(cfg)#set port 1 pvid 100
zte(cfg)#set port 4 pvid 4000
/*IGMP Snooping*/
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 100, 4000
zte(cfg)#set igmp snooping fastleave enable
2. Configure IPTV
zte(cfg)#config nas
zte(cfg-nas)#iptv control enable
zte(cfg-nas)#iptv cac-rule enable
3. Configure a rule on the port
zte(cfg-nas)#iptv channel mvlan 4000 group 225.1.1.1
name CCTV1 id 1
zte(cfg-nas)#iptv port 1 service start
zte(cfg-nas)#iptv port 1 control-mode channel
zte(cfg-nas)#iptv port 1 channel id-list 1 order
zte(cfg-nas)#iptv port 1 add mvlan 4000 uvlan 100
l Configuration Verification
Check configuration
zte(cfg-nas)#show iptv rule
MaxRuleNum:64
CurRuleNum:1
HisRuleNum:1
Id Port Vlan Mbase Mode Service Cdr Order Preview Query PkgNum
-- ---- ---- ----- ------- ------- -------- ----- ------- ----- ------
1 1 false channel in disabled 1 0 0 0
4-30
Index :0
Rule :1 Vlan :100
Port :1 ChNum :1
Mac :00.10.94.00.00.01 Ip :192.85.1.3
l Configuration Procedure
1. Configure VLAN
zte(cfg)#set vlan 100 add port 1
zte(cfg)#set vlan 4000 add port 1, 4
zte(cfg)#set vlan 100, 4000 enable
zte(cfg)#set port 1 pvid 100
zte(cfg)#set port 4 pvid 4000
/*IGMP Snooping*/
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 100, 4000
zte(cfg)#set igmp snooping fastleave enable
4-31
2. Configure IPTV
zte(cfg)#config nas
zte(cfg-nas)#iptv control enable
zte(cfg-nas)#iptv cac-rule enable
zte(cfg-nas)#iptv prv enable
3. Configure a rule on the port
zte(cfg-nas)#iptv channel mvlan 4000 group 225.1.1.1
name CCTV1 id 1
zte(cfg-nas)#iptv port 1 service start
zte(cfg-nas)#iptv port 1 control-mode channel
zte(cfg-nas)#iptv port 1 channel id 1 preview
4. Configure the preview template
zte(cfg-nas)#iptv view-profile name VPF1.PRF
zte(cfg-nas)#iptv view-profile name VPF1.PRF count 2
zte(cfg-nas)#iptv view-profile name VPF1.PRF blackout 10
zte(cfg-nas)#iptv view-profile name VPF1.PRF duration 20
zte(cfg-nas)#iptv channel id 1 viewfile-name VPF1.PRF
l Configuration Verification
Check configuration
/*check the configuration of preview template*/
zte(cfg-nas)#show iptv view-profile name VPF1
ViewProfile Id :1
MaxPrvCount :2
MaxPrvDuration :20
BlackoutInterval :10
/*view the user online state when the user is online*/
zte(cfg-nas)#show iptv client index 0
Index :0
Rule :1 Vlan :100
Port :1 ChNum :1
Mac :00.10.94.00.00.01 Ip :192.85.1.3
4-32
Rapid Spanning Tree Protocol (RSTP) is on the basis of common STP, added with the
mechanism that the port state can be rapidly changed from Blocking to Forwarding, which
increases the topology convergence speed.
Multiple Spanning Tree Protocol (MSTP) is on the basis of RSTP and STP, added with
the forwarding processing of frames with VLAN ID. The whole network topology structure
can be planned into a Common and Internal Spanning Tree (CIST), which is divided into
Common Spanning Tree (CST) and Internal Spanning Tree (IST).
Many devices enabling MSTP construct MST area in switching network. When the devices
satisfy the following conditions, they can be considered to exist in a MST area. A switching
network can cover many MST areas. User can divide the switches into a MST area by
using MSTP commands.
l Same area name.
l Same reversion level.
l Same mapping relationship between VLAN and instance.
l Switches should be connected directly.
There are many spanning trees can be configured in each MSTP area, and they are
independent each other. Each spanning tree is Internal Spanning Tree (IST), and it can
be called as Multiple Spanning Tree Instance (MSTI). Common Spanning Tree connect
all MST areas in switching network. A MST area can be considered as a switch, CST is
a spanning tree which is generated by STP and RSTP protocol calculation. All ISTs and
CSTs are called as Common and Internal Spanning Tree (CIST). CIST is a single spanning
tree to connect all switches.
In this MSTP topology structure, an IST can serve as a single bridge (switch). In this way,
CTS can serve as an RSTP for the interaction of configuration information (BPDU). Multiple
instances can be created in an IST area and these instances are valid only in this area.
An instance is equivalent to an RSTP, except that the instance needs to perform BPDU
interaction with bridges outside this area.
MSTP topological structure is shown as Figure 4-9.
4-33
Spanning Tree Protocol (STP) can calculate according to the protocol. Ports are divided
into different parts:
l Master: The port type is introduced in MSTP protocol. When the multiple different
areas exist, the main port is the minimal path cost port point to the root.
l Root: The port that has the minimal cost to root bridge and takes charge in forwarding
data to root node. When multiple ports have the same cost to the root bridge, then
the port with the lowest port priority becomes to the root port.
l Designated: The port transmits data to switch downward, and sends STP protocol
message to maintain the state of STP.
l Backup: The port receives the STP message, which proves that there exits a loop
route to the port itself.
l Alternate: The port receives excess STP protocol message from other equipment.
However, when the original link abnormally lost, the port under this state can transfer
to transmitting state and maintain the network instead of the port lapsed.
l Edged: The port is used to connect the terminal equipment, such as PC. The port
does not participate in calculation before STP is stable, and the state can be switched
fast.
According to port role, the state after the calculation being steady is shown in Table 4-1.
Master Forward
Root Forward
Designated Forward
4-34
Backup Discard
Alternate Discard
Edged Forward
BPDU protect function is for the protection of margin port. The margin port will not receive
the protocol message. If there exists vicious protocol attack or Linux virtual bridge,
receiving unlawful protocol message will bring to net shocking or topology changing
abnormally. The port will be closed after using the protection. After a while, to check the
net is normal or not. If it is normal, it will recover to original state.
Root protection is function is for the protection of root switch. In the network that needs to
appoint switch as root switch, if there exists vicious protocol attack or Linux virtual bridge,
it will bring the change to the root and net abnormal. After using the root protection of
the port, if the port receives the protocol information prior to root switch, it will transfer the
port to blocking state. This port no longer transmits message, and discards the received
protocol message to protect the status of the root switch.
Loop protection function is for the protection of loop net topology. In the network where
ring exists, redundant topology will be in the state of backup, and in the state of blocking
after the port is steady. If there is no need to transfer to transmission state, it is possible
to set port to loop protect. Once the port wants to transform, it will inspire loop protection
and set the port to blocking state.
When configuring one port, only one of the three protections can be configured: BPDU
protection, root protection and loop protection.
Configuring STP
In the default configuration, the MSTP only has the instance with ins_id as 0. This instance
always exists and users cannot manually delete it. This instance is mapped with VLANs 1
to 4094.
The STP configuration includes the following commands:
Command Function
zte(cfg)#set stp port <portlist>{enable | disable} Enables or disables port stp function.
zte(cfg)#set stp port <portlist> linktype {point-point | shared} Sets port connection type.
4-35
Command Function
zte(cfg)#set stp trunk <trunklist> linktype {point-point | shared} Sets trunk connection type.
zte(cfg)#set stp trunk <trunklist> packettype {IEEE | CISCO | HUAWEI | Sets trunk receiving and sending packet
HAMMER | extend } type.
zte(cfg)#set stp edge-port {add | delete} port <portlist> Adds/deletes STP edge port.
zte(cfg)#set stp {hmd5-digest | hmd5-key}{CISCO | HUAWEI}<0x00..0-0xf Sets hmd5 parameter when the device
f..f> is connected with CISCO or HUAWEI.
zte(cfg)#set stp instance <0-63>{port <1-28>| trunk < trunklist >} priority Sets the priority of port/trunk in the
<0-240> instance.
zte(cfg)#set stp instance <0-63>{port <1-28>| trunk <trunklist>} cost Sets the path cost of port/trunk in the
<1-200000000> instance.
zte(cfg)#set stp instance <0-63>{port <1-28>| trunk <trunklist>} root-guard Enables or disables the root protection
{enable | disable} of port/trunk in the instance.
zte(cfg)#set stp instance <0-63>{port <1-28>| trunk <trunklist>} loop-guard Enables or disables the loop protection
{enable | disable} of port/trunk in the instance.
4-36
Command Function
l Configuration Procedure
zte(cfg)#set stp enable
/*enable the stp protocol of switch1 and switch2*/
zte(cfg)#set stp forceversion stp
/*set STP forceversion as stp*/
l Configuration Verification
1. Check the STP state of switch 1 in the system view.
zte(cfg)#show stp instance
Spanning tree enabled protocol stp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ ------- ------- ---------- ----- -----------
4-37
l Configuration Procedure
zte(cfg)#set stp enable
/*enable STP protocol of switch1 and switch2*/
zte(cfg)#set stp forceversion rstp
/*set forceversion of stp as rstp*/
l Configuration Verification
1. Check the STP state of switch 1 in the system view.
zte(cfg)#show stp instance
Spanning tree enabled protocol rstp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
4-38
ForwardDelay(s): 15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ -------- ------- ---------- ----- -----------
1 128.1 200000 Forward Designated RSTP None
2 128.2 200000 Forward Designated RSTP None
2. Check the STP state of switch 2 in the system view.
zte(cfg)#show stp instance
Spanning tree enabled protocol rstp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s):15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.29.52.06
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.29.52.06
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ --------- ------- ---------- ----- -----------
1 128.1 200000 Forward Root RSTP None
2 128.2 200000 Discard Alternate RSTP None
As shown in Figure 4-12, configure the MSTP of switch1 and switch2 (They are in the
same MST area) to realize link backup and block the loop in the net. The configuration
is as follows: establish mapping between instance 1 and service VLAN10-20; set
Name as zte, Revision as 10. Take switch1 as the root bridge in instance 1.
l Configuration Procedure
4-39
4-40
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15 RemainHops : 20
BridgeID:
Priority : 32769 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role GuardStatus
--------- ------ ------- ------- ---------- -----------
1 128.1 200000 Forward Designated None
2 128.2 200000 Forward Designated None
3. Check the STP state of switch 2 in the system view.
zte(cfg)#show stp instance
MST00
Spanning tree enabled protocol mstp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s):15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.29.52.06
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.29.52.06
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ ------- ------- ---------- ----- ---------
1 128.1 200000 Forward Root MSTP None
2 128.2 200000 Discard Alternate MSTP None
ST01
Spanning tree enabled protocol mstp
RootID:
Priority : 32769 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s):15 RemainHops : 19
BridgeID:
Priority : 32769 Address : 00.d0.d0.29.52.06
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role GuardStatus
--------- ------ ------- ------- ---------- ------------
1 128.1 200000 Forward Root None
2 128.2 200000 Discard Alternate None
4-41
4-42
source port number, UDP destination port number, ICMP type, ICMP Code and
DiffServ Code Point (DSCP).
8. L2 egress ACL: Match destination MAC address, source VLAN ID and 802. 1p
priority value, Ethernet network type and DSAP/SSAP.
9. Hybrid egress ACL: Match Source IPv4/IPv6 address, destination IPv4/IPv6
address, IP protocol type, TCP source port number, TCP destination port number,
UDP source port number, UDP destination port number, DiffServ Code Point
(DSCP), source MAC address, destination MAC address, source VLAN ID and
802. 1p priority value.
l Each ACL has an access list number to identify. The access list number is a number.
The access list number ranges of different types of ACL are shown below:
1. Basic ingress ACL: 1~99
2. Extended ingress ACL: 100~199
3. L2 ingress ACL: 200~299
4. Hybrid ingress ACL: 300~399, support IPv6
5. Basic egress ACL: 400~499
6. Extended egress ACL: 500~599
7. L2 egress ACL: 600-699
8. Hybrid egress ACL:700~799, supports IPv6
9. Global ACL: 800
l Each ACL has at most 500 rules and the range is 1-500.
Configuring ACL
The ACL configuration includes the following commands:
Command Function
zte(cfg)#set port <portlist> acl mode {port | vlan} Sets port ACL binding mode.
zte(cfg)#set port <portlist> acl <1-799>{enable | disable} Binds ACL instance to the port.
zte(cfg)#set vlan <vlanlist> acl <1-399>{enable | disable} Binds ACL instance to the VLAN.
zte(cfg)#clear ingress-acl basic number <1-99> Clears a basic ingress ACL instance.
4-43
Command Function
zte(extend-acl-group)#rule <1-500>{permit | deny} ip {<source-ipaddr><sip- Sets the rule that an extended ingress
mask>| any}{<destination-ipaddr><dip-mask>| any}[dscp <0-63>][fragment] ACL is used to match IP packet.
zte(extend-acl-group)#rule <1-500>{permit | deny} arp {<sender-ipaddr><s Sets the rule that an extended ingress
ip-mask>| any}{<target-ipaddr><tip-mask>| any} ACL is used to match ARP packet.
zte(cfg)#clear ingress-acl extend number <100-199> Clears an extended port ACL instance.
zte(link-acl-group)#rule <1-500>{permit | deny} other {[ether-type Sets the rule that a layer-2 ingress ACL
<1501-65535>| dsap-ssap <0-65535>][cos <0-7>][<vlan-id>[<vlan-mask is used to match the packet except
>]][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>| any]} IP/ARP.
zte(link-acl-group)#rule <1-500>{permit | deny} any [<vlan-id>[<vlan-mask Sets the rule that a layer-2 ingress ACL
>]][cos <0-7>][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>| is used to match packets with specified
any] cos, VLAN id, smac, and dmac flags.
zte(cfg)#clear ingress-acl link number <200-299> Clears a layer-2 ingress ACL instance.
4-44
Command Function
zte(hybrid-acl-group)#rule <1-500>{permit | deny} ipv6 <ip-protocol>{<s Sets the rule that a hybrid ingress
ource-ipv6addr><sipv6-mask>| any}{<destination-ipv6addr><dipv6-mask>| ACL is used to match IPv6–specified
any}[<vlan-id>] protocol field packet.
4-45
Command Function
zte(cfg)#clear ingress-acl hybrid number <300-399> Clears a hybrid ingress ACL instance.
zte(cfg)#clear egress-acl basic number < 400-499> Clears a basic egress ACL instance.
4-46
Command Function
zte(egress-extend-acl)#rule < 1-500>{ permit | deny} arp {< sender-ipaddr>< Sets an extended egress ACL which
sip-mask>| any}{< target-ipaddr>< tip-mask>| any} matches ARP packet.
zte(egress-link-acl)#rule < 1-500>{ permit | deny} ip {[ coss < 0-7>][< Sets a layer-2 egress ACL which
vlan-id>[< vlan-mask>]][< dest-mac>< dmac-mask>| any]} matches the IP packet.
zte(egress-link-acl)#rule < 1-500>{ permit | deny} arp {[ coss < 0-7>][< Sets a layer-2 egress ACL which
vlan-id>[< vlan-mask>]][< dest-mac>< dmac-mask>| any]} matches the ARP packet.
zte(cfg)#clear egress-acl link number < 600-699> Clears a layer-2 egress ACL instance.
4-47
Command Function
4-48
Command Function
zte(cfg)#clear egress-acl hybrid number < 700-799> Clears a hybrid egress ACL instance.
move <1-500>{after | before}<1-500>(all ACL configuration modes) Sorts a rule in ACL instance.
clear rule <1-500>(all ACL configuration modes) Clears one rule in ACL instance.
zte(cfg)#show acl config [<1-800>| name <word>][ active | command | deny Displays the detailed configuration of
| passive | permit | policy | rule <1-500>| snmp | time-range ] ACL instance.
4-49
l Configuration Procedure
zte(cfg)#config ingress-acl hybrid number 300
zte(ingress-hybrid-acl)#rule 1 deny ip any 192.168.0.1 255.255.255.255
zte(ingress-hybrid-acl)#rule 2 deny arp any 192.168.0.1 255.255.255.255
zte(ingress-hybrid-acl)#exit
zte(cfg)#set port 1-24 acl 300 enable
zte(cfg)#set time-range worktime range period 09:00 to 18:00 daily
zte(cfg)#set time-range worktime acl 300 rule 1 enable
zte(cfg)#set time-range worktime acl 300 rule 2 enable
4-50
When data packet enters the port, the switch will do the QoS initial mark which mainly
includes the initialization of TC QoS.
In the direction of switch egress, QoS is used to put the packet into the suitable queue
according to marked TC and do the corresponding queue scheduling algorithm and
congestion control algorithm according to the current queue configuration and modify it
according to 802.1p User priority or IP Dscp field of data packet.
Configuring QoS
The QoS configurations on ZXR10 2900E includes global-based QoS configuration and
port-based QoS configuration. Part of QoS configuration is related to ACL. The QoS
configuration includes the following commands:
Command Function
zte(cfg)#set qos priority-mapping port <1-28> default-up <0-7> Sets the default port UP priority.
zte(cfg)#set qos priority-mapping port <1-28> port-to-profile qos-profile Sets the mapping relation between port
<0-127> and profile.
zte(cfg)#set qos priority-mapping qos-profile {up-to-profile <0-7>| Sets the mapping relation between
dscp-to-profile <0-63>} qos-profile <0-127> DSCP/UP and profile.
zte(cfg)#set qos queue-schedule mode {byte | packet} Sets the QoS queue scheduling unit.
4-51
Command Function
zte(cfg)#set qos traffic-limit fe-port <1-24> packet-type {broadcast | Sets the packet type that rate limit
known-uc | multicast | tcp-syn | unknown-uc}{enable | disable} function limits.
zte(cfg)#set qos traffic-limit fe-port <1-24> protect {enable|disable} Sets the port rate limiting function.
zte(cfg)#set qos traffic-limit ge-port <25-28> packet-type {broadcast | Sets the packet type that rate limit
known-uc | multicast | tcp-syn | unknown-uc}{enable | disable} function limits.
zte(cfg)#set qos traffic-limit xge-port <2/1-2/4> packet-type {broadcast | Sets the message type restricted by the
known-uc | multicast | tcp-syn | unknown-uc}{enable | disable} rate limit function.
zte(cfg)#set qos traffic-shaping fe-port <1-24> queue <1-7>{data-rate Sets 100M egress shaping rate based
<32-100000> burst-size <8-4094>| disable} on queue.
4-52
Command Function
zte(cfg)#set qos traffic-shaping ge-port <25-28> queue <1-7>{data-rate Sets 1000M egress shaping rate based
<2-1000> burst-size <8-4094>| disable} on queue.
zte(cfg)#set qos traffic-shaping xge-port <2/1-2/4>{data-rate <2-10000> Sets the Egress shaping rate for the
burst-size <8-4094>| disable} 10000 M port.
zte(cfg)#set qos traffic-shaping xge-port <2/1-2/4> queue <1-7>{data-rate Sets the queue-based Egress shaping
<2-10000> burst-size <8-4094>| disable} rate for the 10000 M port.
show qos queue-schedule mode (all configuration modes) Displays QoS queue scheduling unit.
show qos traffic-limit [port <1-28>] (all configuration modes) Displays ingress rate limit configuration.
show qos traffic-shaping [port <1-28>] (all configuration modes) Displays egress shaping configuration.
zte(cfg)#set qos policer <0-383> exceed-action remark profile <0-127> Sets the binding and action
up {no-change | enable-modify | disable-modify} dscp { no-change | implementation mode between
enable-modify | disable-modify } flow policer and QoS profile.
zte(cfg)#set qos policer counter-mode {L1 | L2 | L3} Sets flow policer statistics mode.
4-53
Command Function
zte(cfg)#set policy remark in ingress-acl <1-399,800> rule <1-500> profile Uses QoS profile to modify the specified
<0-127> up {no-change | enable-modify | disable-modify} dscp {no-change | flow UP/DSCP field that the ingress
enable-modify | disable-modify} ACL matches.
zte(cfg)#set policy mirror in acl <1-399,800> rule <1-500>{cpu | Copies the specified data flow to the
analyze-port} monitor port.
zte(cfg)#set policy redirect in acl <1-399,800> rule <1-500>{cpu | port Redirects the specified data flow to the
<1-28>} user-specified egress port.
zte(cfg)#set policy vlan-remark in acl <1-800> rule <1-500><1-4094>{nested Remarks the VLAN attribution of the
| replace {untagged | tagged | all}} designated flow.
4-54
Command Function
show qos policer [<0-383>] (all configuration modes) Displays flow policer configuration.
show qos policer-counter [<0-383>] (all configuration modes) Displays flow policer statistics value.
show policy [mirror | redirect | statistics | policing [<0-383>]| vlan-remark Displays various binding configuration
| remark | harddrop] (all configuration modes) of the specified flow.
As show in Figure 4-14, use the 2928E as an example, set the bandwidth (both
direction) of all the user-interface as 2M. The uplink bandwidth of the switch is 20M.
The uplink port is port 26 and the client PC accesses the network through port 24.
l Configuration Procedure
zte(cfg)#set qos traffic-limit fe-port 1 data-rate 2000
4-55
The Private VLAN (PVLAN) technology solves these problems. A PVLAN divides ports
in a VLAN into isolated ports, promiscuous ports, and community ports. A promiscuous
port can communicate with any port. An isolated port can communicate only with a
promiscuous port, and it cannot communicate with other isolated ports. A community
port can communicate with a promiscuous port or another community port in the same
session. Therefore, the ports within a VLAN are separated. Users can only communicate
with their default gateways, and the network security is guaranteed.
4-56
The ZXR10 2900E series switches support four PVLAN sessions. Each PVLAN session
supports an unlimited number of promiscuous ports. Each PVLAN supports an unlimited
number of isolated or community ports.
Configuring PVLAN
The PVLAN configuration includes the following commands:
Command Function
show vlan pvlan [session<1-4>] (all configuration modes) Displays PVLAN configuration.
l Configuration Procedure
zte(cfg)#set vlan pvlan session 1 promis-port 26 isolate-port 1-3
l Configuration Verification
zte(cfg)#show vlan pvlan
pvlan session : 1
promis-ports : 26
promis-trunks :
isolate-ports : 1-3
isolate-trunks :
4-57
community-ports :
community-trunks :
l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 1 add port 1-3
zte(cfg)#set lacp sggregator 1 mode dynamic
2. Configuration of switch B:
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 1 add port 1-3
zte(cfg)#set lacp aggregator 1 mode dynamic
zte(cfg)#set vlan pvlan session 2 promis-trunk 1 isolate-port 4-6
l Configuration Verification
zte(cfg)#show vlan pvlan
pvlan session : 1
promis-ports : 16
promis-trunks :
isolate-ports : 1-3
isolate-trunks :
community-ports :
4-58
community-trunks :
pvlan session : 2
promis-ports :
promis-trunks : 1
isolate-ports : 4-6
isolate-trunks :
community-ports :
community-trunks :
ZXR10 2900E provides 802.1x transparent transmission function. It also provides layer-2
transparent transmission function such as STP, LACP/OAM, ZGMP,LLDP and GVRP. The
protocol range is 0x00, 0x02-0x2f.
The common layer-2 protocols are shown below.
0x00 STP
0x02 LACP/OAM
0x03 802.1x
0x09 ZGMP
0x0E LLDP
0x21 GVRP
4-59
Command Function
l Configuration Procedure
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 1 add port 1, 2
zte(cfg)#set l2pt 0x02 enable
zte(cfg)#set vlan 100 enable
zte(cfg)#set vlan 100 add port 1, 3
zte(cfg)#set port 1,3 pvid 100
zte(cfg)#set vlan 200 enable
zte(cfg)#set vlan 200 add port 2, 4
zte(cfg)#set port 2,4 pvid 200
l Configuration Verification
Display the aggregation state of Switch 2 and Switch 3:
zte(cfg)#show lacp aggregator 1
Group 1
Actor Partner
4-60
------------------------------- ----------------------------
Priority : 32768 32768
Mac : 00.d0.d0.02.00.54 00.d0.d0.29.52.06
Key : 258 258
Ports : 2, 1 2, 1
4-61
Command Function
zte(cfg)#ping <A.B.C.D>[<0-65535>[<28-65535>[<1-255>[<0-65535>[<A
Detects the network connectivity
.B.C.D>]]]]]
zte(cfg-router)#set ipport <0-63> ipaddress {<A.B.C.D/M>|<A.B.C.D>< Sets IP address and submask of layer-3
A.B.C.D>} port.
zte(cfg-router)#set ipport <0-63> mac <HH.HH.HH.HH.HH.HH> Sets the MAC address of layer-3 port.
zte(cfg-router)#set ipport <0-63> vlan <1-4094> Sets the VLAN binding with layer-3 port.
4-62
l Configuration Procedure
zte(cfg)#set vlan 100 enable
zte(cfg)#set vlan 100 add port 1
zte(cfg)#set port 1 pvid 100
zte(cfg)#config route
zte(cfg-router)#set ipport 0 ipaddress 192.168.1.2 255.255.255.0
zte(cfg-router)#set ipport 0 vlan 100
zte(cfg-router)#set ipport 0 enable
l Configuration Verification
zte(cfg-router)#show ipport
IpPort En/Disable IpAddress Mask MacAddress VlanId
------ ---------- ------------ -------------- ----------------- ------
0 enabled 192.168.1.2 255.255.255.0 00.d0.d0.fa.29.20 100
zte(cfg-router)#exit
Use the ping command to check whether the layer-3 port is available.
zte(cfg)#ping 192.168.1.1
zte(cfg)#ping 192.168.1.1
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
4-63
Command Function
zte(cfg-router)#set ipv6port <0> ipv6address {<ipv6Addr/M>|<ipv6Addr Sets an IPv6 address and address prefix
><wildcard>} length of an IPv6 Layer 3 interface.
Configuring DAI
The DAI configuration includes the following commands:
4-64
Command Function
l Configuration Procedure
zte(cfg)#set dhcp snooping-and-option82 enable
zte(cfg)#set dhcp snooping add port 49,50
zte(cfg)#set dhcp port 49 client
zte(cfg)#set dhcp port 50 server
zte(cfg)#show dhcp snooping
DHCP snooping is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server
4-65
Note:
DAI detection condition: the port sent is non-trusted port, DAI function is enabled on
the VLAN. When DHCP Snooping is enabled and non-trusted port is added into DHCP
Snooping, DAI detection is valid.
l Configuration Verification
zte(cfg)#show arp-inspection
Enabled validation: ip,dst-mac,src-mac
Enabled vlanlist : 1
PortId TrustType Limit(pps)
------ --------- ----------
49 Untrust 15
50 Trust -
51 Trust -
52 Trust -
4-66
4-67
EAP-MD5. Any of the methods can be used according to different service operation
requirements.
l PAP (Password Authentication Protocol)
PAP is a simple plain text authentication mode. NAS requires the subscriber to
provide the username and password and the subscriber returns the subscriber
information in the form of plain text. The server checks whether this subscriber
is available and whether the password is correct according to the subscriber
configuration and returns different responses. This authentication mode features
poor security and the username and password transferred may be easily stolen.
Figure 4-20 shows the process of using the PAP mode for identity authentication.
Figure 4-21 shows the process of using the CHAP mode for identity authentication.
4-68
Command Function
zte(cfg)#set port <portlist> vlanjump {enable [defaultauthvlan <1-4094>]| Enables or disables the vlan jump after
disable]} user 802.1x authentication.
4-69
Command Function
4-70
Command Function
zte(cfg-nas)#aaa-control port <portlist> port-mode {auto | Sets the authentication control mode of
force-unauthorized | force-authorized} the port.
4-71
Command Function
zte(cfg-nas)#radius isp <ispname> client <A.B.C.D> Sets RADIUS client end address.
zte(cfg-nas)#radius isp <ispname> defaultisp {enable | disable} This specifies a default domain.
4-72
l Configuration Procedure
1. Configure layer-3 interface commands
zte(cfg-router)#set ipport 0 ip 10.40.89.106/24
zte(cfg-router)#set ipport 0 vlan 1
zte(cfg-router)#set ipport 0 enable
2. Configure 802.1X commands
zte(cfg)#set port 2 security enable
zte(cfg)#config nas
zte(cfg-nas)#aaa port 2 dot1x enable
zte(cfg-nas)#aaa port 2 keepalive enable
zte(cfg-nas)#aaa port 2 accounting enable
3. Configure radius commands
zte(zte)#config nas
zte(cfg-nas)#radius isp zte enable
zte(cfg-nas)#radius isp zte defaultisp enable
zte(cfg-nas)#radius isp zte sharedsecret 1234
zte(cfg-nas)#radius isp zte client 10.40.89.106
zte(cfg-nas)#radius isp zte add accounting 10.40.89.78
zte(cfg-nas)#radius isp zte add authentication 10.40.89.106
4. Enable radius client software on PC and input correct username and password.
Then the authentication request is launched.
Note:
Disable the security proxy such as Sygate before the user PC sending authentication
request.
l Configuration Verification
When the authentication request succeeds, view the user information by using the
command show client.
4-73
zte(cfg)#show client
MaxClients : 256 HistoryAccessClientsTotal : 1
OnlineClients: 1 HistoryFailureClientsTotal: 0
Flags:I-Index,Au-Authorized,P-PortId,US-UpSpeed,DS-DownSpeed,Y-yes,N-no
I UserName Au P Vlan MacAddress US DS ElapsedTime
--- ------------- -- ---- ---- ----------------- ------ ------ ------------
0 liushujie Y 2 1 00.19.e0.1a.97.dd 0 0 0:0:0:22
Command Function
zte(cfg-nas)#aaa-control mac-authentication session <1-3> range Adds the range of MAC addresses that
<HH.HH.HH.HH.HH.HH><HH.HH.HH.HH.HH.HH> need authentication in unit of session.
zte(cfg-nas)#clear mac-authentication client {port <portlist>| vlan Clears clients on a specific port or in a
<vlanlist>} specific VLAN.
4-74
The user network is generally connected to the PE through the Trunk VLAN mode. The
internal Uplink ports of the ISP network are symmetrically connected through the Trunk
VLAN mode.
1. When a packet is sent form user network 1 to the customer port of switch A, because
the PORTBASE VLAN-based customer port does not identify the tag when receiving
the packet, the customer port processes the packet as an untagged packet no matter
whether this data packet is attached with the VLAN tag or not. The packet is forwarded
by the VLAN 10, which is determined by the PVID.
2. The uplink port of switch A inserts the outer tag (VLAN ID: 10) when forwarding the
data packet received from the customer port. The tpid of this tag can be configured
on the switch. Inside the ISP network, the packet is broadcast along the port of VLAN
10 until it reaches the switch B.
3. Switch B finds out that the port connected to user network 2 is a customer port. Thus, it
removes the outer tag in compliance with the conventional 802.1Q protocol to recover
the original packet and sends the packet to user network 2.
4. In this way, data between user network 1 and user network 2 can be transmitted
transparently. The VLAN ID of the user network can be planned regardless of the
conflict with the VLAN ID in the ISP network.
Configuring QinQ
The QinQ configuration includes the following commands:
4-75
Command Function
zte(cfg)#set vlan qinq customer port <portlist>{enable | disable} Adds or deletes a customer port.
zte(cfg)#set vlan qinq uplink port <portlist>{enable | disable} Adds or deletes an uplink port.
zte(cfg)#set vlan egress-tpid session <1-7> tpid-value <0xHHHH> Sets an egress TPID template.
show vlan qinq (all configuration modes) Displays customer/uplink port of QinQ.
l Configuration Procedure
/*set qinq, the outer label is 100*/
zte(cfg)#set vlan 100 enable
zte(cfg)#set vlan 100 add port 1 untag
zte(cfg)#set vlan 100 add port 24 tag
zte(cfg)#set port 1 pvid 100
zte(cfg)#set vlan qinq customer port 1 enable
zte(cfg)#set vlan qinq uplink port 24 enable
zte(cfg)#set vlan 999 enable
zte(cfg)#config router
zte(cfg-router)#set ipport 1 ipaddress 192.168.0.1/24
zte(cfg-router)#set ipport 1 vlan 999
4-76
Configuring Syslog
The Syslog configuration includes the following commands:
Command Function
4-77
Command Function
Configuring NTP
The NTP configuration includes the following commands:
Command Function
zte(cfg)#set ntp add authentication-key <1-255> md5 <string> Sets NTP authentication-key.
4-78
Command Function
zte(cfg)#set ntp {add | delete} trusted-key <1-255> Adds or deletes NTP trusted-key.
zte(cfg)#set ntp server <A.B.C.D>[version <1,2,3>| key <1-255>] Sets NTP server.
4-79
Configuring GARP/GVRP
The GARP/GVRP configuration includes the following commands:
Command Function
zte(cfg)#set garp timer {hold | join | leave | learvall}<timer_value> Sets various GARP timers.
zte(cfg)#set gvrp {port <portlist>| trunk <trunklist>} registration {normal | Sets GVRP registration type on Trunk
fixed | forbidden} port.
show gvrp (all configuration modes) Displays GVRP configuration and state.
Note:
1. Only GARP is enabled first, can GVRP be enabled.
2. Generally, GARP timer uses default value. If it is modified, the configuration in the
network must be same.
3. GVRP port registration type uses default normal value. If it is modified, VLAN learning
cannot be implemented.
4-80
l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set garp en
zte(cfg)#set gvrp en
zte(cfg)#set gvrp port 1 en
zte(cfg)#set vlan 10-20 en
zte(cfg)#set vlan 10-20 add port 1
2. Configuration of switch B:
zte(cfg)#set garp en
zte(cfg)#set gvrp en
zte(cfg)#set gvrp port 1 en
zte(cfg)#set vlan 30-40 en
zte(cfg)#set vlan 30-40 add port 1
Note:
1. Garp function should be enabled first before Gvrp function is enabled.
2. Enabling GVRP can enable up to 256 vlans.
3. Timer of Garp generally uses the default value. If it is modified, the value must be
the same as the one configured in the network.
4. Gvrp port registration type uses default Normal value. If it is modified to other
types, vlan learning can’t be done.
l Configuration Verification
SwitchA(cfg)#show garp /*View GARP configuration*/
GARP is enabled!
GARP Timers:
Hold Timeout :100 milliseconds
Join Timeout :200 milliseconds
Leave Timeout :600 milliseconds
LeaveAll Timeout :10000 milliseconds
4-81
4-82
In the DHCP service system, ZXR10 2900E series switches are provided with a lot of
automatically deployed functions. For details, refer to “Downloading Software Version
Automatically”.
Configuring DHCP
The DHCP configuration includes the following commands:
Command Function
zte(cfg)#set dhcp port <1-28>{server | cascade | client} Sets DHCP attribute of port.
zte(cfg)#set dhcp trunk <trunklist>{server | default} Sets trunk attribute in DHCP snooping.
zte(cfg)#set dhcp snooping bind-entry mac <HH.HH.HH.HH.HH.HH> ip Adds static user information binding
<A.B.C.D> vlan <1-4094> port <1-28> entry.
zte(cfg)#set dhcp option82 sub-option device { ani< string >| remote-ID Configures the device information of
{cisco | manual < string >}} Switch.
zte(cfg)#set dhcp option82 mode port <1-52>{default | drop | modify | Sets the mode of port dynamic user
append} information association.
zte(cfg)#clear dhcp option82 sub-option device ani Deletes device identifier information.
4-83
Command Function
zte(cfg-router)#set ipport <0-63> dhcp client request {dns-server | Sets message type sent by server when
domain-name | route | static-route | tftp-server-name} DHCP client interacts with server.
zte(cfg-router)#clear ipport < 0-63> dhcp client { class-id | client-id | Clears DHCP client optional sending
hostname | lease } information configuration.
zte(cfg)#set dhcp snooping bind-entry database read Reads DHCP binding entry from flash.
zte(cfg)#set dhcp snooping bind-entry database time-write {disable | enable Writes DHCP binding entry into flash at
| time <30-65535>} regular time.
zte(cfg)#set dhcp snooping bind-entry database write Writes DHCP binding entry into flash.
4-84
Command Function
l Configuration Procedure
zte(cfg)#set dhcp snooping-and-option82 enable
zte(cfg)#set dhcp snooping add port 49,50
zte(cfg)#set dhcp port 49 client
zte(cfg)#set dhcp port 50 server
zte(cfg)#set dhcp ip-source-guard add port 49
zte(cfg)#set dhcp option82 add port 49,50
l Configuration Verification
zte(cfg)#show dhcp snooping
DHCP snooping is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server
DHCP snooping disabled vlan: none
4-85
zte(cfg)#show dhcp
DHCP download flag is disabled, config file is found.
DHCP download will not startup, when system reboot.
DHCP config file(option-67) *.dat will be translated to ZXR10_2952E.dat.
DHCP snooping-and-option82 is enabled.
PortId PortType Snooping Option82
------ -------- -------- --------
49 Client Enabled Enabled
50 Server Enabled Enabled
51 Client Disabled Disabled
52 Client Disabled Disabled
DHCP client is disabled.
l Configuration Procedure
zte(cfg)#set dhcp client enable
zte(cfg)#set vlan 10 add port 49 untag
zte(cfg)#set vlan 10 enable
4-86
Configuring DHCPv6
The DHCPv6 configuration includes the following commands:
Command Function
4-87
Command Function
show dhcpv6 snooping [port <1-28>] (all configuration modes) Displays DHCPv6 snooping entities.
show dhcpv6 option82 ani (all configuration modes) Displays device identifiers.
4-88
l Configuration Procedure
zte(cfg)#set dhcpv6 snooping enable
zte(cfg)#set dhcpv6 snooping add port 49,50
zte(cfg)#set dhcpv6 port 49 client
zte(cfg)#set dhcpv6 port 50 server
zte(cfg)#set dhcpv6 ip-source-guard add port 49
zte(cfg)#set dhcpv6 option82 enable
zte(cfg)#set dhcpv6 option82 add port 49,50
l Configuration Verification
zte(cfg)#show dhcpv6 snooping
DHCP v6 snooping is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server
zte(cfg)#show dhcpv6 option82
DHCP v6 option82 is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server
zte(cfg)#show dhcpv6 ip-source-guard
4-89
Caution!
Only trust ports can receive VBAS packets and VBAS response packets only can be sent
from trust ports.
Port connecting to user network is called cascade port and port connecting to BAS server
is called trust port. Typical network of VBAS is shown in Figure 4-30.
Configuring VBAS
The VBAS configuration includes the following commands:
4-90
Command Function
l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set vbas enable
zte(cfg)#set vbas trust-port 1 enable
zte(cfg)#set vbas cascade-port 2 enable
2. Configuration of switch B:
zte(cfg)#set vbas enable
zte(cfg)#set vbas trust-port 1 enable
3. Configuration Verification
Check switch A
zte(cfg)#show vbas
vbas: enabled
trust port : 1
cascade port : 2
4-91
Check switch B
zte(cfg)#show vbas
vbas: enabled
trust port : 1
cascade port : none
Configuring PPPoE-PLUS
The configuration of PPPoE-PLUS(PPPoE+) includes the following contents:
Command Function
show pppoe-plus port <1-28> (all configuration modes) Displays port rid configuration.
4-92
l Configuration Procedure
Configure switch A
zte(cfg)#set pppoe-plus enable
zte(cfg)#set pppoe-plus tag-format port 1 dsl-forum
l Configuration Verification
zte(cfg)#show pppoe-plus
PPPoE plus is enabled.
4-93
l Edge Node: The node connects with more than 2 levels in ZESR ring is called edge
node. The edge node can be transmission node (contains 2 ports), master node
(contains 2 ports) or assistant port (contains 1 port).
l Assistant Node: The assistant port is also edge port. It is the transmission node that
has only one port in the relative segment. It mainly assists the master node to achieve
service switching for the segment. As shown in “ZESR Multi-ring Multi-domain Design
Figure”, major ring is composed of S1, S2, S3 and S4. Of which S1 is master node,
others are transmission node. Level 1 segment 1 is composed of S3, S4, S5 and S6.
Of which S3 and S4 are assistant nodes, S5 is master node, S6 is transmission node.
Level 1 segment 2 is composed of S3, S4 and S7. Of which S3 and S4 are assistant
nodes, S7 is master node.
l Smart-link node: The smart-link is a simple expansion for the former ZESR function
and realizes the protection for key service link. As shown in “SMART-LINK”, when
the link goes wrong, it can switch automatically and carry out malfunction response in
time.
Figure 4-33 ZESR running state when the ring is “complete state”
As shown in Figure 4-33, each node is ZXR10 2900E switch. All the nodes form
a ring. The MASTER switch is the master node. ZESR Domain sets a control
VLAN composed of all the ports in the ring. The protected VLAN must contain
all the above ports. ZESR Domain sets a master and multi transit nodes. Each
node connects with the ring with two ports: primary port and secondary port.
4-94
Figure 4-34 ZESR running state when the ring is “link failure”
When the loop is link restore, as shown in Figure 4-35, master detects the link
recovery, blocks the secondary port and sets lop as complete state.
4-95
Figure 4-35 ZESR running state when the ring is “link restore”
4-96
4-97
One master node exists on primary ring of one ZESR domain. As shown in Figure
4-37, such as master node S1 is both the initiator of detection of ring network state
and the decision-maker for operation after topology changing of primary ring.
à The Function of Transit Node
Transit node is used to monitor the state of direct-connect ZESR link and notify
the link change to master node, who will make decision for processing.
à The Function of Assistant Node
Assistant node is also the border node, and transit node with only one port
on corresponding segment link. It is mainly used to monitor the state of
direct-connect ZESR, notify the link change to master node and meanwhile
monitor the state of master node on segment link.
à The Function of Multi-Domain
Multiple domains are supported on one segment of link, realizing traffic sharing.
l ZESR Tangent Ring
For the reason that ZESR edge-node has heavy burden, ZESR tangent ring adopts
the design of using multi ctrl vlans to protect the same group of protected vlans.
4-98
As shown in Figure 4-40, the ring composed by S1, S2, S3 and the ring composed by
S3, S4, S5 are tangent at S3. The two rings belong to different areas, but they protect
the same protected vlans.
l ZESR Linkhello Function
The ZESR protocol of ZXR10 2900E adds the Linkhello interacting protocol between
adjacent nodes. It is used to detect the link faults such as link monologue and link
across transmission equipment. Linkhello interaction is only used for adjacent nodes
and has nothing to do with ZESR node type and network form.
When Linkhello mechanism is added, there are two ways to detect link state: one
is to detect the physical state of link, another is to send Linkhello frame detection
between the two adjacent nodes of the loop. Only when both state are up, the link is
up. Otherwise the link is down.
4-99
Note:
à No more than 4 areas in one node
à No more than 3 layers in one node
à No more than 3 layers in one area
à No more than 4 lower layer access ports in one node
Configuring ZESR
The ZESR configuration includes the following commands:
Command Function
zte(cfg)#set zesr domain <1-4>{add | delete}{access-port <1-28>| Adds or deletes SMART-LINK access
access-trunk <1-15>} port/trunk on the ZESR ring node.
zte(cfg)#set zesr domain <1-4> mode smart-link Sets node type as SMART-LINK.
zte(cfg)#set zesr domain <1-4> major-level preforward-timer <3-600> Sets preforward-timer, preup-timer and
preup-timer <0-500> linkdown-failtimer <8-500> linkdown-failtimer on the primary ring.
zte(cfg)#set zesr domain <1-4> level <1-2> segment<1-4> mode {master | Sets the node attribute of secondary
transit | edge-master | edge-transit} ring.
zte(cfg)#set zesr domain <1-4> level <1-2> segment <1-4>{add | Adds or deletes the edge port of the
delete}{edge-port <1-28>| edge-trunk <1-15>}[notmaster | master] secondary ring.
4-100
Command Function
zte(cfg)#set zesr domain <1-4> linkhello {add | delete} port <1-28> Adds or deletes linkhello port.
zte(cfg)#set zesr domain <1-4> linkhello-timer <1-3> linkhello-failtimer Sets linkhello packet sending interval
<3-9> and linkhello mechanism timeout.
zte(cfg)#set zesr protocol-mac {normal|special} Sets the ZESR protocol MAC mode.
show zesr domain [<1-4>] (all configuration modes) Displays ZESR configuration.
4-101
l Configuration Procedure
1. S1 node
/*VLAN*/
zxr10(cfg)#set vlan 100 add port 1, 2 untag
zxr10(cfg)#set vlan 4000 add port 1, 2 tag
zxr10(cfg)#set vlan 100, 4000 enable
zxr10(cfg)#set port 1, 2 pvid 100
/*STP*/
zxr10(cfg)#set stp instance 1 add vlan 100
zxr10(cfg)#set stp enable
/*ZESR*/
zxr10(cfg)#set zesr domain 1 add control-vlan 4000
zxr10(cfg)#set zesr domain 1 add protect-instance 1
zxr10(cfg)#set zesr domain 1 add primary-port 1
zxr10(cfg)#set zesr domain 1 add secondary-port 2
zxr10(cfg)#set zesr domain 1 major-level mode master
zxr10(cfg)#set zesr domain 1 enable
2. S2–S4 node
/*VLAN*/
zxr10(cfg)#set vlan 100 add port 1, 2
zxr10(cfg)#set vlan 4000 add port 1, 2 tag
zxr10(cfg)#set vlan 100, 4000 enable
zxr10(cfg)#set port 1, 2 pvid 100
/*STP*/
zxr10(cfg)#set stp instance 1 add vlan 100
zxr10(cfg)#set stp enable
/*ZESR*/
zxr10(cfg)#set zesr domain 1 add control-vlan 4000
zxr10(cfg)#set zesr domain 1 add protect-instance 1
zxr10(cfg)#set zesr domain 1 add primary-port 1
zxr10(cfg)#set zesr domain 1 add secondary-port 2
4-102
Note:
1. ZESR port in control VLAN must be configured as tag port.
2. Before enabling ZESR function, STP function must be enabled.
3. The primary port and the secondary port in master node are different on function.
Normally, the primary port is set as forwarding status, but the secondary port is
set as blocking status.
4. The primary port and the secondary port in transit node are the same on function.
Normally, they are both set as forwarding status.
The protect instance in the ring is 1, the protected data is VLAN 100 and the protocol
VLAN is VLAN 4000.
4-103
l Configuration Procedure
1. S1 node
/*VLAN*/
zxr10(cfg)#set vlan 100 add port 1, 2
zxr10(cfg)#set vlan 4000 add port 1, 2 tag
zxr10(cfg)#set vlan 100, 4000 enable
zxr10(cfg)#set port 1, 2 pvid 100
/*STP*/
zxr10(cfg)#set stp instance 1 add vlan 100
zxr10(cfg)#set stp enable
/*ZESR*/
zxr10(cfg)#set zesr domain 1 add control-vlan 4000
zxr10(cfg)#set zesr domain 1 add protect-instance 1
zxr10(cfg)#set zesr domain 1 add primary-port 1
zxr10(cfg)#set zesr domain 1 add secondary-port 2
zxr10(cfg)#set zesr domain 1 major-level mode master
zxr10(cfg)#set zesr domain 1 enable
2. S2 node
/*VLAN*/
zxr10(cfg)#set vlan 100 add port 1, 2
zxr10(cfg)#set vlan 4000 add port 1, 2 tag
4-104
4-105
Note:
1. The intersecting node of the primary ring and the hierarchical ring must be
Edge-Port or Edge-Transit.
2. The port connecting the primary ring and the hierarchical ring must be Edge-Port.
3. The edge-port has two attributes: not Master and Master. The attribute not Master
is used in the condition that the master of the hierarchical ring exists. Master is
used in the condition that the master does not exist and the edge-port master
serves as the master.
4. The edge-port with Master attribute must be set on edge-master.
This example describes how to configure ZESR smart link networking domain. The
smart link networking composed of 5 switches is shown in Figure 4-43. There are one
ZESR primary ring and one smart link node.
4-106
l Configuration Procedure
1. S1 node
/*VLAN*/
zxr10(cfg)#set vlan 100 add port 1, 2
zxr10(cfg)#set vlan 4000 add port 1, 2 tag
zxr10(cfg)#set vlan 100, 4000 enable
zxr10(cfg)#set port 1, 2 pvid 100
/*STP*/
zxr10(cfg)#set stp instance 1 add vlan 100
zxr10(cfg)#set stp enable
/*ZESR*/
zxr10(cfg)#set zesr domain 1 add control-vlan 4000
zxr10(cfg)#set zesr domain 1 add protect-instance 1
zxr10(cfg)#set zesr domain 1 add primary-port 1
zxr10(cfg)#set zesr domain 1 add secondary-port 2
zxr10(cfg)#set zesr domain 1 major-level mode master
zxr10(cfg)#set zesr domain 1 enable
2. S2 node
/*VLAN*/
zxr10(cfg)#set vlan 100 add port 1, 2
zxr10(cfg)#set vlan 4000 add port 1, 2 tag
4-107
4-108
Note:
1. The intersecting node of the primary ring and the Smart Link node must set as
Edge-Master or Edge-Transit.
2. The port connecting the primary port and Smart Link must set as Access-Port.
3. The Smart Link can be used with the hierarchical ring at the same time.
4-109
l Configuration Procedure
Configuration on SW-1:
VLAN:
zxr10(cfg)#set vlan 100, 4000 add port 1, 2 tag
zxr10(cfg)#set vlan 100, 4000 enable
STP:
zxr10(cfg)#set stp enable
zxr10(cfg)#set stp instance 1 add vlan 100
ZESS:
zxr10(cfg)#set zesr domain 1 add control-vlan 4000
zxr10(cfg)#set zesr domain 1 add protect-instance 1
zxr10(cfg)#set zesr domain 1 add primary-port 1
zxr10(cfg)#set zesr domain 1 add secondary-port 2
4-110
STP:
zxr10(cfg)#set stp enable
zxr10(cfg)#set stp instance 1 add vlan 100
ZESS:
4-111
l OAM Discovery Function: After enabling Ethernet OAM function, ZXR10 2900E series
switch can detect the remote DTE device which has OAM function. After coordinating
with the peer OAM, enter normal Ethernet OAM interaction process .
l Remote Link Event Alarm: OAM function inspects the events of remote link, and
adopts the corresponding responding methods. When the fault takes place on re-
mote link, OAM defines the event and announces it to remote OAM client. The de-
tailed events announcement packet is also provided.
OAM defines the following link events.
1. Link Failure: The physical layer locates the failure that take place on receiving
direction of local DTE.
2. Emergency Failure: The local failure event has happened, and this failure can not
be recovered.
3. Emergency Events: The un-defined emergency event happens.
l OAM Remote Loopback: ZXR10 2900E series switch provides optional data link
layer frame level loopback mode by OAM function. OAM remote loopback is used to
locate failure and examine the link performance. When remote DTE is on the OAM
remote loopback mode, the statistic data of local and remote DTE can be inquired
and compared at any time. Meanwhile, OAM loopback frame can be analyzed to
obtain the additional information of link health (frame discard due to the link failure).
l Link Monitoring: ZXR10 2900E series switch monitors and examines the link state,
and announces the specified frame events by OAM function. The specified frame
events can be classified into four types: error symbol period event, error frame event
and error frame period event, error frame-second statistic event. After inspecting the
error, OAM will respond and alarm the peer device by announcement mechanism.
Configuring OAM
The OAM configuration includes the following commands:
Command Function
zte(cfg)#set ethernet-oam port <portlist> period <1-10> timeout <2-20> Enables or disables OAM function on
mode {active | passive} port.
zte(cfg)#set ethernet-oam org-specific {oui <XX-XX-XX>| time-stamp Sets the specified content in OAMPDU
<1-10>} packet.
4-112
Command Function
zte(cfg)#set ethernet-oam port <portlist> link-monitor symbol-period Sets the symbol period event which is
threshold <1-65535> window <1-65535> used for link monitor.
show ethernet-oam port <portlist> discovery (all configuration modes) Displays port OAM discovery state.
l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set ethernet-oam en
zte(cfg)#set ethernet-oam port 1 en
2. Configuration of switch B:
4-113
4-114
Config:
Mode : active
Period : 10*100(ms)
Link TimeOut : 5(s)
Unidirection : nonsupport
PDU max size : 1518
Status:
Parser : discard /*the parser state is discard*/
Multiplexer : forward
Stable : yes
Discovery : done
Loopback : on(Master)
/*the local is the active originator (Master).
The other end displays as slave.*/
PDU Revision : 1431
Remote DTE
-----------
Config:
Mode : active
Link Monitor : support
Unidirection : nonsupport
Remote Loopback : support
Mib Retrieval : nonsupport
PDU max size : 1518
Status:
Parser : loopback /*the parser state is loopback*/
Multiplexer : discard /*the multiplexer state is discard*/
Stable : yes
Mac Address : 00.d0.d0.29.28.02
PDU Revision : 28
zte(cfg)#set ethernet-oam remote-loopback port 2 stop
/*disable OAM remote-loopback on port2.
The switch replies OAM discovery success.*/
The switch gives the following prompts when OAM discovery failure occurs, or starting
and stopping remote loopback.
SAT JUL 03 23:30:00 2004 ETH-OAM port 2's discovery process is successful.
Disconnect the network cable between switches, the following information appears.
4-115
l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set ethernet-oam enable
zte(cfg)#set ethernet-oam port 2 enable
2. Configuration of switch B:
zte(cfg)#set ethernet-oam enable
zte(cfg)#set ethernet-oam port 1 enable
zte(cfg)#set ethernet-oam port 1 link-monitor enable
zte(cfg)#set ethernet-oam port 1 lin symbol-period threshold 10 window 10
zte(cfg)#set ethernet-oam port 1 lin frame threshold 10 window 20
zte(cfg)#set ethernet-oam port 1 link-monitor frame-period threshold 5
window 1000
zte(cfg)#set ethernet-oam port 1 link-monitor frame-seconds threshold 10
window 30
zte(cfg)#show eth port 1 link-monitor
Link Monitoring of Port: 1
Errored Symbol Period Event:
Symbol Window : 10(million symbols)
Errored Symbol Threshold : 10
Total Errored Symbols : 0
Local Total Errored Events : 0
Remote Total Errored Events : 0
4-116
Key of configuration:
The link monitoring events are classified into four types: error symbol monitor event,
error frame monitor event, error frame-period monitor event and error frame-second
statistic monitor event. When the link monitoring information is viewed, the related
error symbol, the statistic of error frame and the statistic of local and peer link events
will be shown on each event.
Configuring SQinQ
The SQinQ configuration includes the following commands:
4-117
Command Function
zte(cfg)#clear vlan sqinq session <1-400> Deletes the specified SQinQ session.
show vlan sqinq (all configuration modes) Displays all SQinQ sessions.
show vlan sqinq session <1-400> (all configuration modes) Displays the specified SQinQ session.
Session number : 2
Customer Port : 1
Customer Vlan List : 12
Uplink Vlan : 998
4-118
4-119
Mapping Modes:
Uplink: replace the CVLAN with SVLAN based on “Interface+customer VLAN”.
Downlink: replace the SVLAN in the outermost layer with CVLAN based on “SVLAN +
Destination MAC address”.
The whole system supports 400 sessions, up to 400 CVLANs can be supported.
4-120
Command Function
show vlan mapping (all configuration modes) Displays all VLAN Mapping sessions.
4-121
SW1 and SW2 are configured in the same way. Take SW1 as example.
l Configuration Procedure
The following example shows how to configure the VLAN Mapping instance.
zte(cfg)#set vlan 1-100,1000 add port 1,24 tag
zte(cfg)#set vlan 1-100,1000 enable
zte(cfg)#set vlan mapping session 1 customer-port 1 customer-vlan 1-100
uplink-vlan 1000
l Configuration Verification
Command Function
zte(cfg)#set sflow agent-address <A.B.C.D>[udp-port <1-65535>] Sets the IP address of an sFlow agent.
4-122
Command Function
zte(cfg)#set sflow {ingress | egress} port <portlist> packet-sample off Disables port-based sFlow sampling.
zte(cfg)#set sflow {ingress | egress} port <portlist> packet-sample on Enables port-based sFlow sampling or
frequency <2-16000000>[time-range <word>] associates with a time range.
4.34 PP Configuration
PP Overview
Protocol Protect (PP) maintains and monitors the rate of packets forwarded to the CPU,
thus preventing viruses or spiteful attacks to the switch. In this way, the switch provides
self-protection ability and ensures network security.
PP takes the following measures: limiting the rates of related services, filtering unsuitable
packets, sending alarms when there are packets sent at an abnormal rate, and reminding
NMS that there may be packets attacking the CPU.
To enhance flexibility and compatibility of the switch, PP provides the function of configuring
priority users for the protocol packets sent by the switch.
Configuring PP
The PP configuration includes the following commands:
Command Function
4-123
Command Function
zte(cfg)#set protocol-protect mac-drop {disable | enable} Enables the mac drop function.
zte(cfg)#set protocol-protect mac-drop rule <1-128> bind port <portlist> Binds the mac drop rule with the port.
zte(cfg)#clear protocol-protect mac-drop rule [<1-128>] Clears specified mac drop rules.
show protocol-protect limit (all configuration modes) Displays PP rate limit information.
show protocol-protect mac-drop port [<portlist>](all configuration modes) Displays the rules and statistics bound
with a specified port.
show protocol-protect mac-drop rule [<1-128>](all configuration modes) Displays specified mac drop rules.
PP Configuration Instance
l Configuration Description
As shown in Figure 4-49, Host 1 sends DHCP attack packets. Users can view
the device operating status and alarm information. Users also can view IGMP
operating status under DHCP packet attacks. The router sends IGMP query packets
periodically.
4-124
l Configuration Procedure
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 1
zte(cfg)#set dhcp snooping-option enable
zte(cfg)#set dhcp snooping add port 1-3
l Configuration Verification
Use Host1 to send DHCP Discover packets. View alarm information on the switch.
Thu Jul 1 17:53:18 2004 Receive too many packets of 'dhcp' from port 1
Use Host2 to apply for joining the multicast group 225.0.0.1. View the multicast entity
on the device.
zte(cfg)#show igmp snooping vlan
Maximal group number: 1024
Current group number: 1
Num VlanId Group Last_Report PortMember
---- ------- --------------- --------------- -------------------
1 1 225.0.0.1 10.40.1.10 2-3
4-125
3. The MIB of the local device stores the network management information of all
neighbor devices, and a network management program can query layer-2 connection
information in the MIB.
The LLDP is not a configuration protocol of the remote system or a signaling control
protocol used between two ports. The LLDP discovers layer-2 protocol configuration
conflicts between neighbor devices, but it only reports the problem to an upper-layer
network management device, without providing any mechanism to solve the problem.
The LLDP is simply a neighbor discovery protocol that defines a standard for network
devices (such as switches, routers, and WLAN access points) in the Ethernet to advertise
their identities to other nodes in the network and store discovery information of all neighbor
devices. For example, device configuration and device IDs can be advertised by the LLDP.
The LLDP defines a universal advertisement information set, a protocol for sending
the advertisement information, and a method for storing the received advertisement
information. The device that wants to advertise its information can place multiple pieces
of advertisement information into a Link Layer Discovery Protocol Data Unit (LLDPDU).
The LLDPDU contains a variable-length message unit (called TLVs), which are described
below:
l Type: indicates the type of the message to be sent.
l Length: indicates the number of bytes in the message.
l Value: indicates the contents to be sent.
Each LLDPDU contains four mandatory TLVs and one optional TLV:
l Chassis ID TLV and Port ID TLV: identify the sender.
l TLL TLV: notifies the receiver of the storage period of a message. If the receiver does
not receive any update message within the specified period, the receiver discards all
the related messages. A recommended update frequency is defined by the IEEE, that
is, to send messages at 30-second intervals.
l Optional TLVs: include a basic management TLV set (such as port description TLV), a
special TLV set defined by IEEE 802.1, and a special TLV set defined by IEEE 802.3.
l End of LLDPDU TLV: indicates the end of an LLDPDU.
Configuring LLDP
The LLDP configuration includes the following commands:
Command Function
4-126
Command Function
show lldp config [{port <portlist>| trunk <trunklist>}] (all configuration Displays LLDP configuration
modes) information.
show lldp neighbor [{port <portlist>| trunk <trunklist>}] (all configuration Displays summary information of LLDP
modes) neighbors.
show lldp entry [{port <portlist>| trunk <trunklist>}] (all configuration Displays detailed information of LLDP
modes) neighbors.
show lldp statistic [{port <portlist>| trunk <trunklist>}] (all configuration Displays statistics information of LLDP
modes) neighbors.
l Configuration Verification
zte(cfg)#show lldp neighbor
Capability Codes:
P-Repeater, B-Bridge, W-WLAN Access Point, R-Router, T-Telephone
C-DOCSIS Cable Device, s-Station, S-Switch, O-Other
Interface DeviceID Holdtime Capability Platform PortID NetworkPolicy
4-127
--------------------------------------------------------------------------------
port-19 00d0d0092918 110 B S ZXR10 2918E-PS port-9 Unknown
Version V2.05..
When three parameters in the receiving and sending test packets are same, the loop
definitely exists on this port.
Command Function
4-128
Command Function
zte(cfg)#set loopdetect blockdelay <1-1080> Sets interval for blocking port with loop.
4-129
l Configuration Procedure
zte(cfg)#set loopdetect port 1 enable
l Configuration Verification
Check the loop detection state of Switch 2:
zte(cfg)#show loopdetect
The block-delay of loopdetect : 5 (min)
The packet interval of loopdetect : 15 (sec)
PortId isUp isStp isProtect isExtend loopVlanNum loopType
------ ---- ----- --------- -------- ----------- ---------
1 Up No Yes No 1 Port
l Configuration Procedure
Switch2(cfg)#set loopdetect port 1,2 enable
Switch2(cfg)#set loopdetect extend port 1 enable
l Configuration Verification
Check the loop detection state of switch2
4-130
Switch2(cfg)#show loopdetect
The block-delay of loopdetect : 5 (min)
The packet interval of loopdetect : 15 (sec)
PortId isUp isStp isProtect isExtend loopVlanNum loopType
------ ---- ----- --------- -------- ----------- ---------
1 Up No Yes Yes 1 Port
2 Up No Yes No 0 Port
UDLD needs to establish neighbor relationship between Layer 2 devices first. When the
UDLD function is enabled on an Ethernet port whose status is up, the port sends a Probe
message inviting a neighbor device to join. The port on which the UDLD function is enabled
on the neighbor device receives the Probe message and sends an Echo message. If the
port receives the Echo message, the connection between the devices works properly in
both directions in the view of the local device. Neighbor relationship is established with
the peer device on the local device. The local devices sends an Echo message. After the
peer device receives the Echo message, the neighbor relationship is established between
the devices.
After neighbor relationship is established, the devices send Hello messages periodically
to detect whether the link is operating properly. When receiving a Hello message from the
neighbor, a device updates the neighbor information saved locally and resets the time-out
period of the neighbor. If the device does not receives a Hello message when the time-out
period expires, it is considered that the a fault occurs to the neighbor and the neighbor is
aged. If the last neighbor is deleted due to aging, it is considered that the link is not in
normal operating state. It is necessary to handle the problem according to working mode.
There are two UDLD working modes: normal mode and aggressive mode.
l In normal mode, only when the device receives a protocol message confirming that
the link is connected incorrectly will the port be shut down. If the device does not
receive the related message or cannot confirm that the link is working properly in one
direction, the device does not operates the port.
l In aggressive mode, if the device cannot confirm that the link is working properly in
both directions (such as the link is connected incorrectly, the link is working properly
only in one direction or the link is a self-loop), the port is shut down. It is necessary to
use the reset or recovery command to recover the communication ability of the port.
Generally, UDLD shuts down a port in the following situations.
4-131
l In both modes, when an Echo message is sent, the device detects that the neighbor
of the peer port is not the device itself during the final neighbor detection.
l In aggressive mode, the status becomes PROBE because the last neighbor is aged,
and multiple Probe messages are sent continuously without any response.
l In aggressive mode, the port receives the UDLD message sent by itself and there is
a self-loop.
To prevent a neighbor from being aged by mistake, a local device sends Flush messages
on its own initiative to the port on which the UDLD function is enabled in the following
situations.
l The port is down administratively.
l UDLD is down on the port.
l The device is restarted.
Configuring UDLD
The UDLD configuration includes the following commands:
Command Function
zte(cfg)#udld port <portlist> mode {aggressive | normal} Sets the mode of a port in UDLD.
zte(cfg)#udld port <portlist> recovery timer <10-600> Sets the recovery interval.
4-132
l Configuration Procedure
zteA(cfg)#udld port 17,18 enable
zteB(cfg)#udld port 17,18 enable
l Configuration Verification
Thu Jul 1 16:07:09 2004 Udld Port : 17 link failure
Thu Jul 1 16:07:09 2004 Udld Port : 18 link failure
Thu Jul 1 16:07:10 2004 Port : 17 linkdown
Thu Jul 1 16:07:10 2004 Host Topology changed
Thu Jul 1 16:07:10 2004 Port : 18 linkdown
Thu Jul 1 16:07:10 2004 Host Topology changed
4-133
Configuring TACACS+
The TACACS+ configuration includes the following commands:
Command Function
4-134
l Configuration Procedure
zte(cfg)#set loginauth tacacs-plus+local
zte(cfg)#set adminauth tacacs-plus+local
zte(cfg)#config router
zte(cfg-router)#set ipport 1 ipaddress 192.168.1.1 255.255.255.0
zte(cfg-router)#set ipport 1 vlan 1
zte(cfg-router)#set ipport 1 enable
zte(cfg-router)#exit
zte(cfg)#config nas
zte(cfg-nas)#tacacs-plus group zte enable
zte(cfg-nas)#tacacs-plus group zte add host 192.168.1.100
zte(cfg-nas)#tacacs-plus loginauthen default group zte
zte(cfg-nas)#tacacs-plus loginauthor default group zte
zte(cfg-nas)#tacacs-plus adminauthen default group zte
zte(cfg-nas)#tacacs-plus accounting commands default group zte
zte(cfg-nas)#tacacs-plus accounting exec default group zte
zte(cfg-nas)#tacacs-plus accounting update period 10
4-135
l Configure a time range for each day: Specify the exact start time and end time. If the
start time and the end time are not configured, the time range is a full day.
l Configure a period: Specify the period to be a certain day of a week.
l Configure a date range: Specify the start date and end date. If the start date and the
end date are not configured, the start date is the day when the configuration takes
effect and the end date is the day when the configuration is invalid.
Command Function
show time-range [<word>] (all configuration modes) Displays time range configuration.
Command Function
4-136
Command Function
zte(cfg)#set vlan voice-vlan <1-4094> qos-profile <0-127> modify Sets to modify either up or dscp or
{up|dscp|all} both.
zte(cfg)#clear vlan voice-vlan port <1-18> oui-id Clears all OUIs configured on a port.
show vlan voice-vlan port <1-18> (all configuration modes) Displays voice configuration on a port.
show vlan voice-vlan default-oui (all configuration modes) Displays the default OUI of a device.
show vlan voice-vlan user-table port <1-18> (all configuration modes) Displays the user table on a port.
show vlan voice-vlan <vlanlist> qos (all configuration modes) Displays voice VLAN QoS configuration.
l Configuration Procedure
zte(cfg)#set vlan 10,20,100 add port 1-3 tag
zte(cfg)#set vlan 10,20,100 enable
zte(cfg)#set vlan voice-vlan port 1 oui-id 1 mac-addr 00.00.01.00.00.01
mac-mask FF.FF.FF. FF.FF.FF
4-137
4-138
In the domain shown in Figure 4-56, a series ports are defined on peripheral and internal
devices. The grey ports on the peripheral devices are service ports connected to the
external devices and therefore are named Maintenance association End Point (MEP). The
other black ports (including those on intermediate devices) connect internal devices and
therefore are named Maintenance Domain Intermediate Point (MIP). The management
function is implemented through the defined MEP and MIP.
As shown in Figure 4-57, a network is divided into a customer domain, provider domain,
and operator domain. A level between 0-7 is designated for each domain. The domain
level determines the inclusion relation between domains. A domain with a higher level can
include domains with lower levels but not vice versa. The domains with the same level
cannot include each other. This means that all domains can be tangential (internally or
externally) and inclusive but cannot be intersecting.
4-139
l Loopback Message (LBM): A unicast CFM protocol data unit. It is sent to a specified
MP from an MEP, expected to receive an LBR message.
l Loopback Reply (LBR): A unicast CFM protocol data unit. It is sent by the MP receiving
an LBM as the reply to the LBM.
With the five protocol messages listed above, CFM implements the following functions:
l Detecting faults: MEP detects network connectivity faults by periodically sending
and receiving CCM messages. The faults include connection failure and unwelcome
connection (error connection).
l Notifying faults: After MEP detects a connectivity fault, it sends a proper alarm to the
specified management system, for example, trap messages of SNMP.
l Locating a path: MEP locates and traces a path from an MEP to another MP (including
MEP and MIP) by using LTM/LTR messages.
l Confirming and separating a fault: This is an administrative function. The network
manager confirms the fault through LBM/LBR messages and separates the fault.
Command Function
Creates a CFM md
zte(cfg)#create cfm md-session <1-16> ma-session <1-32> name <string> Creates a CFM ma
zte(cfg)#create cfm md-session <1-16> ma-session <1-32> mep-session Creates a CFM local mep
<1-64> mep-id <1-8191> direction {down|up}
zte(cfg)#create cfm md-session <1-16> ma-session <1-32> mip-session Creates a CFM mip
<1-64> name <string>
zte(cfg)#create cfm md-session <1-16> ma-session <1-32> rmep-session Creates a CFM remote mep
<1-64> rmep-id <1-8191> remote-mac <hh.hh.hh.hh.hh.hh>
zte(cfg)#cfm md-session <1-16> ma-session <1-32> primary-vlan Sets the primary VLAN within cfm ma
<1-4094>
zte(cfg)#cfm md-session <1-16> ma-session <1-32> ccm time-interval Sets the interval that ccm packets of
<4-7> mep within cfm ma are sent.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> ccm md-name {absent Sets the way to fill in the MEG ID field
| disable | present} in a cfm ccm messages.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the status of the cfm mep protocol.
state {disable|enable}
4-140
Command Function
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the status of cfm mep ccm sending
ccm-send {disable|enable} packets of .
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the status of cfm mep ccm
ccm-receive {disable|enable} receiving packets.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the priority of packets sent by cfm
priority <0-7> mep ccm.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the lowest alarm priority of cfm
alarm-lowest-pri <1-5> mep.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Allocates a port or aggregation port for
assign {delete | port <portid>| trunk <trunkid>} mep.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mip-session <1-64> Allocates port or aggregation port for
assign {delete | port <portid>| trunk <trunkid>} mip.
zte(cfg)#clear cfm md-session <1-16> ma-session [<1-32>] Clears all configuration of cfm ma.
zte(cfg)#clear cfm md-session <1-16> ma-session <1-32>{mep-id Clears all configuration of cfm mep.
[<1-8191>]| mep-session [<1-64>]}
zte(cfg)#clear cfm md-session <1-16> ma-session <1-32> mip-session Clears all configuration of cfm mip.
[<1-64>]
show cfm md-session [<1-16>](all confiuration modes) Displays all configuration of cfm md.
show cfm md-session <1-16> ma-session [<1-32>](all confiuration modes) Displays all configuration of cfm ma.
show cfm md-session <1-16> ma-session <1-32> mp-session [<1-64>](all Displays all configuration of cfm mp.
confiuration modes)
4-141
l Configuration Procedure
Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2
remote-mac 00.d0.d0.c0.00.02
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
Configuration on S2:
zte(cfg)# cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 2
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1
remote-mac 00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
The network configuration with MIP refers to the connected devices as shown inFigure
4-59.
4-142
l Configuration Procedure
Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2
remote-mac 00.d0.d0.c0.00.03
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
Configuration on S2:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mip-session 1 name zte_mip_1
zte(cfg)#cfm md-session 1 ma-session 2 mip-session 1 assign port 2
zte(cfg)#create cfm md-session 1 ma-session 1 mip-session 2 name zte_mip_1
zte(cfg)#cfm md-session 1 ma-session 2 mip-session 2 assign port 3
Configuration on S3:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
4-143
Y.1731 Configuration
Y.1731 configuration includes the following commands:
Command Function
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Enables the LM function at both ends.
two-lm {enable | disable}
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Enables the DM function in both
two-dm {enable | disable} directions.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Enables the AIS function.
ais {enable | disable}
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Enables the LCK function.
lck {enable | disable}
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the level that sending the AIS/LCK
client-level <0-7> function to outer layers.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the remote MEP related to local
relate-to rmep-id <1-8191> MEP.
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Starts LM detection at one end.
one-lm send-packet [continue-time <60-600> interval <1-60>]
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Stops LM detection at one end.
one-lm send-packet stop
4-144
Command Function
zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Starts DM detection at both ends.
two-dm send-packet [continue-time <60-600> interval <1-60>]
zte(cfg)#clear cfm md-session <1-16> ma-session <1-32> mep-id Clears the related remote MEP.
<1-8191> relate-rmep
LM Network Configuration
l Configuration Description
The network configuration is illustrated by using the network instance shown in Figure
4-60.
l Configuration Procedure
Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1 direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2 remote-mac
00.d0.d0.c0.00.02
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
4-145
Configuration on S2:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2 direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 4
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1 remote-mac
00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 relate-to rmep-id 1
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 one-lm (two-lm) enable
l Configuration Verification
View the measurement result by using the command for displaying MEP information
that is provided by 802.1ag.
DM Network Configuration
l Configuration Description
The network configuration is illustrated by using the network instance shown in Figure
4-61.
l Configuration Procedure
Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
4-146
Configuration on S2:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2 direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 4
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1 remote-mac
00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 relate-to rmep-id 1
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 two-dm enable
l Configuration Verification
Manually trigger the test on S1 or S2:
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 (2) one-lm send-packet
View the measurement result by using the command for displaying MEP information
that is provided by 802.1ag.
The network configuration is illustrated by using the network instance shown in Figure
4-62.
4-147
l Configuration Procedure
Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1 direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2 remote-mac
00.d0.d0.c0.00.04
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ais (lck) enable
Configuration on S2:
zte(cfg)# cfm enable
zte(cfg)#create cfm md-session 10 name zte level 4
zte(cfg)#create cfm md-session 10 ma-session 10 name zte_zte
zte(cfg)#cfm md-session 10 ma-session 10 primary-vlan 100
zte(cfg)#create cfm md-session 10 ma-session 10 mep-session 10 mep-id 10 direction down
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 state enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 ccm-send enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 ccm-receive enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 assign port 3
zte(cfg)#create cfm md-session 10 ma-session 10 rmep-session 20 rmep-id 20 remote-mac
00.d0.d0.c0.00.03
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 ccm-receive enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 ais (lck) enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 client-level 5
Configuration on S3:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 10 name zte4 level 4
zte(cfg)#create cfm md-session 10 ma-session 10 name zte_zte
zte(cfg)#cfm md-session 10 ma-session 10 primary-vlan 100
zte(cfg)#create cfm md-session 10 ma-session 10 mep-session 20 mep-id 20 direction down
4-148
Configuration on S4:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2 direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 6
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1 remote-mac
00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ais (lck) enable
l Configuration Verification
Disconnect the link between S2 and S3. After that, alarms occur on only S2 and S3,
and unrelated alarms on S1 and S4 are restricted due to the AIS function.
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 (2) one-lm send-packet
View the measurement result by using the command for displaying MEP information
that is provided by 802.1ag.
4-149
Command Function
4-150
the Relay Agent domain and allocates an IP address to the DHCP Client that is in the
same subnet as the IP address in accordance with the domain value. This means that
the allocated IP address and the IP address of the interface through which Relay receives
request messages are in the same network segment. At the same time, DHCP Relay
implements the forwarding of the responses from the DHCP Server to the Client.
Command Function
zte(cfg)#set dhcp relay option82 sub-option device { ani< string >| remote-ID Sets the switch node device ID.
{cisco | manual < string >}}
zte(cfg)#set dhcp relay option82 sub-option port <1-28> circuit-ID {on Sets the relay option82 suboption.
{cisco | china-tel | dsl-forum| henan-rtf| manual < string >}| off}
zte(cfg)#clear dhcp relay vclass-id {characters <string>{ server A.B.C.D}| Clears the configured dhcp relay
hex-numbers <hex-string>{ server A.B.C.D}} vclass-id.
clear dhcp relay option82 sub-option device ani Clears the device ID information.
zte(cfg)#clear dhcp option82 sub-option device ani Clears the device ID information.
show dhcp relay binding [port <1-28>| trunk <1-15>](all configuration Displays the DHCP relay binding
modes) information.
4-151
Command Function
Note:
The DHCP client and the DHCP server are in different network segments.
l Configuration Procedure
1. Assign a specified VLAN to the port:
set vlan 1000 add port 2 tag
set vlan 1000 enable
2. Configure the DHCP relay by using the following commands:
zte(cfg)#set dhcp relay enable
4-152
zte(cfg)#show ipport 0
Status : up IpAddress : 169.1.15.1
VlanId : 1 Mask : 255.255.0.0
ArpProxy : disabled MacAddress: 00.00.00.11.22.33
Timeout : 600(s) IpMode : static
En/Disable: enabled
4-153
4-154
5.1 REMOTE-ACCESS
Remote-Access Overview
Remote-Access is a restrictive mechanism used for network management users to log in
through Telnet, SSH, SNMP and Web, that is, it is used to restrict the access. This function
is to enhance the security of the network management system.
After this function is enabled, specify a network management user to access the switch
only from a specified IP address , the user cannot access the switch from other IP
addresses. When this function is disabled, the network management user can access the
switch through Telnet, SSH, SNMP and Web from any IP address.
Configuring REMOTE-ACCESS
The REMOTE-ACCESS configuration includes the following commands:
Command Function
5-1
Command Function
5-2
5.2 SSH
SSH Overview
The secure shell (SSH) is a protocol created by Network Working Group of the IETF, which
is used to offer secure remote access and other secure network services over an insecure
network.
The purpose of the SSH protocol is to solve the security problems in interconnected
networks, and to offer a securer substitute for Telnet and Rlogin (Although the present
development of the SSH protocol has far exceeded the remote access function scope),
therefore, the SSH connection protocol shall support interactive session.
The SSH can be used to encrypt all transmitted data. Even if these data is intercepted, no
useful information can be obtained.
At present, the SSH protocol has two incompatible versions: SSH v1.x and SSH v2.x.
This switch only supports SSH v2.0 and uses the password authentication mode. The
SSH uses port 22.
Configuring SSH
The SSH configuration includes the following commands:
Command Function
As shown in Figure 5-1, one host attempts to access the switch through SSH. The
switch is configured with a layer-3 port. The IP address of the port is 192.1.1.1/24,
and the IP address of the host is 192.1.1.100/24.
5-3
l Configuration Procedure
1. The specific configuration of the switch is as follows:
zte(cfg)#set ssh enable
zte(cfg)#show ssh
SSH is enabled.
There's no ssh user logging in this system.
5-4
c. For the first time to log in, the user confirmation is needed, as shown in Figure
5-4.
5-5
5.3 PRIVILEGE
PRIVILEGE Overview
The command level function, or the privilege function, refers to leveling the command lines
available for the switches and granting different permissions. With this function, users
of different levels can access the commands of different scopes. This protects switch
configuration from being modified by any user with any permission.
PRIVILEGE Configuration
PRIVILEGE configuration includes the following commands:
Command Function
show privilege {default | level [<0-15>]| session [<1-1024>]} (for Displays a specified command
all configuration modes) permission rule.
Users can perform this configuration only when logging in to the switch with the highest
permission (Level 15).
5-6
l Configuration Procedure
Configure the switch:
/*Enable privilege function*/
zte(cfg)#privilege enable
/*Grant Level-12 permission to all functions of the set node*/
zte(cfg)#privilege 12 session 1 part cfg set
l Verifying the Configuration
1. Execute the following command to verify the command permission rule.
zte(cfg)#show privilege session
State: Enable
User level: 15
Session Level Type Mode Key
------- ----- ---- ------------- -----------------
1 12 part cfg set
2. Log in to the switch and use the related set command as a user with a lower
permission (for example, Level 11).
Execute the zte(cfg)#set stp enable command. The system will prompt that the
user is not allowed to use the command.
The user privilege(level 11) is less than command privilege(level 12 rule 1).
% Command cannot be performed because of insufficient privilege. (0x40000aab)
Log in to the switch as a user with a permission higher than or equal to the
permission (for example, Level 13) and use the same command. The command
can be properly executed, without the prompt mentioned above occurring.
5-7
1. Managed devices, which can communicate over the Internet. Each device contains
an agent.
2. NMS, The network management process shall be able to communicate over the
Internet.
3. The protocol used for the exchange of management information between the switching
agent process and the NMS, that is, SNMP.
An NMS collects data by polling the agents that reside in the managed devices. The agents
in the managed devices can report errors to NMSs at any time before the NMSs poll them.
These errors are called traps. When a trap occurs to a device, the NMS can be used to
query the device (suppose it is reachable) and obtain more information. Snmp v2c and
v3 also support inform (a SNMPv2 Trap that need response) to inform abnormal events to
NMS. If receives inform message NMS will send a acknowledgement packet to switch. If
switch hasn’t received acknowledgement packet from NMS in a period time it will resend
the original inform message twice.
All variables in the network are stored in the MIB. SNMP monitors network device status
by querying the related object values in the agent MIB. ZXR10 2900E implements the
standard MIB and private MIB defined in rfc2233, rfc1493, rfc2665 and rfc2819.
Configuring SNMP
The SNMP configuration includes the following commands:
Command Function
zte(cfg-snmp)#set community <string> ingress-acl-basic-nu Sets the basic ACL number bound
mber <1-99> to the specified community.
5-8
Command Function
zte(cfg-snmp)#set host <A.B.C.D> inform { v2c <string>| v3 Sets host IP address, group name,
<string>{auth | noauth | priv}} username and version of inform.
zte(cfg-snmp)#set group <string> v3 {auth | noauth | priv}[read Sets the SNMP V3 group name
<string>[write <string>[notify <string>]]] and group security level.
show snmp {community | engineID | group | host | trap | user | Displays each element of SNMP
view} (all configuration modes) V1, V2C and V3.
5-9
zte(cfg)#config snmp
zte(cfg-snmp)#create community zte private
zte(cfg-snmp)#create view vvv
zte(cfg-snmp)#set community zte view vvv
zte(cfg-snmp)#set host 10.40.92.105 trap v2 zte
5-10
Suppose that the IP address of the network management server is 10.40.92.77, the
switch has a layer-3 port with the IP address of 10.40.92.11, and the switch is managed
through the network management server.
Create a user named “zteuser” and the group named “ztegroup”, the security level of
this group is private ( that is authentication and encryption ). Specify the IP address
of the host receiving trap or inform as 10.40.92.77, and the user is“zteuser”.
l Switch Configuration
zte(cfg)#config router
zte(cfg-router)#set ipport 1 ipaddress 10.40.92.11/24
zte(cfg-router)#set ipport 1 vlan 1
zte(cfg-router)#set ipport 1 enable
zte(cfg-router)#exit
zte(cfg)#config snmp
zte(cfg-snmp)#set group ztegroup v3 priv
zte(cfg-snmp)#set user zteuser ztegroup v3 md5-auth zte des56-priv zte
zte(cfg-snmp)#set host 10.40.92.77 inform v3 zteuser priv
5-11
so that the MAC change information on Port 1 can be reported to the network
management system. The report condition is: The number of changed MAC entities
reaches 50, or the time is one minute (that is, 60 seconds).
l Configuration Procedure
zte(cfg-snmp)#set trap macnotification enable
zte(cfg-snmp)#set trap macnotification port 1 enable
zte(cfg-snmp)#set trap macnotification history-size 50
zte(cfg-snmp)#set trap macnotification interval 60
l Configuration Verification
If the number of changed MAC entities reaches 50 within one minute, the switch
sends trap information when the number reaches 50 instead of waiting until one
minute. The number of entities sent is 50. If the number of changed MAC entities
does not reach 50 within one minute, the switch sends trap information after when one
minute expires. The number of entities sent is less than or equal to 50. By default,
the MAC change advertisement function is disabled. Therefore, if the MAC change
advertisement function is enabled globally but it is not enabled on a related port, the
network management system cannot receive trap information. In this example, if the
MAC entities change on another port instead of Port 1, trap information is not sent.
RMON specifications refer to the definition of RMON MIB. ZXR10 2900E supports four
groups of RMON MIB.
l History: records the periodic statistics sample of the information that can be obtained
from the statistics group.
l Statistics: maintains the basic application and error statistics of each subnet that the
agent monitors.
l Event: it is a table related to all events generated by RMON agents.
l Alarm: allows operators of the management console to set sampling interval and
alarm threshold for any count or integer recorded by RMON agents.
5-12
All these groups are used to store the data collected by the monitor and the derived data
and statistics. The alarm group is based on the implementation of the event group. These
data can be obtained through the MIB browser.
The RMON control information can be configured through the MIB browser, and a
HyperTerminal or remote Telnet command line. The RMON sampling information and
statistics are obtained through the MIB browser.
Configuring RMON
The RMON configuration includes the following commands:
Command Function
5-13
The following examples describe how to set event 2, history 2, alarm 2 and statistics
1 respectively.
l Network
DUT device is directly connected with network management server PC.
l Switch Configuration
zte(cfg-snmp)#set event 2 description It'sJustForTest!!
zte(cfg-snmp)#set event 2 type logandtrap
zte(cfg-snmp)#set event 2 community public
zte(cfg-snmp)#set event 2 owner zteNj
zte(cfg-snmp)#set event 2 status valid
5-14
5.6 ZGMP
ZGMP Overview
ZGMP is ZTE Group Manage Protocol. A cluster is a combination consisting of a set of
switches in a specific broadcast domain. This set of switches forms a unified management
domain, providing an external public network IP address and management interface, as
well as the ability to manage and access each member in the cluster.
The management switch which is configured with a public network IP address is called a
command switch. Other switches serve as member switches. In normal cases, a member
switch is not configured with a public network IP address. A private address is allocated
to each member switch through the class DHCP function of the command switch. The
command switch and member switches form a cluster (private network).
In general, the broadcast domain where a cluster is located consists of switches in these
roles: Command switch, member switches, candidate switches and independent switches.
One cluster has only one command switch. The command switch can automatically collect
the device topology and set up a cluster. After a cluster is set up, the command switch
5-15
Figure 5-8 shows the changeover rule of the four roles of switches within a cluster.
5-16
Configuring ZGMP
The ZGMP configuration includes the following commands:
Command Function
zte(cfg-group)#set zdp {port <portlist>| trunk <trunklist>}{enable | Enables or disables the ZDP
disable} function based on port/trunk.
zte(cfg-group)#set ztp {port <portlist>| trunk <trunklist>}{enable | Enables or disables the ZTP
disable} function based on port/trunk.
5-17
Command Function
5-18
Command Function
rlogin {commander | member <1-255>}(all configuration modes) Remotely logs in to cluster device.
5-19
l Configuration Procedure
1. Configure the public network IP address of the command switch and the gateway.
zte(cfg)#set vlan 2525 enable
zte(cfg)#set vlan 2525 add port 1-24 tag
zte(cfg)#config router
zte(cfg-router)#set ipport 25 ipaddress 100.1.1.10/24
zte(cfg-router)#set ipport 25 vlan 2525
zte(cfg-router)#set ipport 25 enable
zte(cfg-router)#iproute 0.0.0.0/0 100.1.1.1
2. Create a cluster on layer-3 port 1 of the command switch and VLAN 1 (default
VLAN).
zte(cfg)#config group
zte(cfg-group)#set group commander ipport 1
Cmdr.zte(cfg-group)#ztp start
5-20
5-21
5.7 sFlow
sFlow Overview
sFlow Overview is a technique to monitor high speed data transmission network. It uses
sFlow proxy embedded in network equipments to send the sampled data packets to the
sFlow collectors.
sFlow implements the following functions:
l Provide the correct statistics about client flow.
l Monitor intrusion and police violation to make the network more safer.
l Monitor the network traffic and application visually.
l Provide the correct data suitable for capacity deployment.
l Ensure the priority of traffic across core network.
l Recognize the network application flow from the remote site to ensure the effect on
server.
Configuring sFlow
The sFlow configuration includes the following commands:
Command Function
5-22
Command Function
5.8 WEB
WEB Management Overview
ZXR10 2900E provides an embedded Web server stored in flash memory, which allows
user to use a standard Web browser (it is recommended to use IE6.0 above and 1024×768
resolution) for managing remote switch.
5-23
3. Enter legal username and password, and select user privilege. Admin user needs to
enter login password and management password. Guest users only need to enter
login password. Click Login to login in to the system main interface, as shown in
Figure 5-11.
Click directory tree on the left of system main page, Configuration > System, open
system information page (by default, Configuration directory is expansive), as shown
in Figure 5-12.
5-24
Parameter Description
5-25
Parameter Description
Note:
Linkdown of port means that port hasn’t physical connection. The displaying values
of “Duplex” and “Speed” are meaningless.
5-26
Parameter Description
5-27
Configure the attribute of the selected port in this page, after configuration, click the
Apply button to complete the configuration.
Note:
“Security” and “MacLimit” are conflicting. Therefore the two attributes can’t be
configured enabled at the same time.
Caution!
Note: If the port connects the network management host is shutdown network
management will be interrupted.
5-28
Click the check box before attribute to select the attribute to be configured in this page,
and then click Apply to submit to complete the configuration.
l VLAN Management
VLAN Information Check
Click directory tree on the left of main page, Configuration > VLAN > Vlan
Overview, open VLAN information page to display the VLAN information which
is operated currently. If the VLAN hasn't been operated the default VLAN will be
displayed. Refer to Figure 5-17.
When VLAN entry to be displayed is more than 20, it will be displayed by page and
page number will prompted at bottom right corner of page. When the number of page
is more than one page, click previous or next to switch page or select page number
in GO drop-down box.
5-29
Parameter Description
2. Enter VLAN number in VLAN number page( such as "1, 3-5"), click Apply to
enter single VLAN configuration or bulk VLAN configuration page, respective
description are as follows:
5-30
After setting some attributes of VLAN in this page, click Apply to complete
the configuration.
Note:
When configuring port/Trunk in VLAN, enter port/Trunk number in the
following text box, the format is as "1,3-5". Also can select the corresponding
check box to add them into VLAN.
Admin of Select items is used to enable VLAN. Port is ordinary port of bulk
VLAN configuration. Trunk is Trunk group of bulk VLAN configuration.
5-31
After setting some attributes of VLAN in this page, click Apply to complete
the configuration.
l PLAN Management
PVLAN Information Check
Click directory tree Configuration > PVLAN > Pvlan Overview on the left of main
page, open PVLAN information page, as shown in Figure 5-21.
Parameter Description
PVLAN Configuration
Click directory tree Configuration > PVLAN > Pvlan Configure on the left of main
page, open PVLAN configuration page, as shown in Figure 5-22.
5-32
Parameter Description
This page also can set attributes. After setting, click Apply to submit. When system
is configured successfully, the configured information page will be displayed.
l Port Mirroring Management
Port Mirroring Information Check
Click directory tree Configuration > MIRROR > Mirror Overview on the left of main
page, open Mirror information page, refer to Figure 5-23.
5-33
Parameter Description
The source port and destination port can be configured in this page. After setting,
click Apply to submit to complete the configuration.
l LACP Management
5-34
Parameter Description
Parameter Description
set basic attributes of "AdminStatus" and "LacpPriority" in this page and set attributes
of "LacpTime" and "LacpActive" of aggregation port. After setting, click Apply to
submit to complete the configuration.
When setting same configuration of bulk aggregation port attribute , click the
corresponding check box to select multiple aggregation ports (select Select All to
select all ports), and then click Set to open configuration page of bulk aggregation
port, as shown in Figure 5-26.
5-35
After setting attributes of aggregation port in this page, click Apply to submit.
Aggregation Group Information Check
Click directory tree Configuration > Lacp > Lacp State on the left of main page, open
aggregation group information page, as shown in Figure 5-27.
Parameter Description
5-36
Click Config of the right column to open the corresponding aggregation group
configuration page, as shown in Figure 5-28.
Configure "Aggretator Mode" attribute of aggregation group in this page , bind port
with aggregation group (select port in optional port column, clic ) and release port
from aggregation group (select port in aggregation port column, click ).
Note:
Only the ports with same attribute can be bound into the same aggregation group.
Each aggregation group can bind up to 8 ports.
Caution!
Avoid binding the port connects the network management host with aggregation
group, or the network management will be interrupted.
Monitoring Information
l Terminal Log Check
Click directory tree Monitoring > Terminal Log on the left of main page, open terminal
log information page, as shown in Figure 5-29.
5-37
Parameter Description
5-38
Parameter Description
System Maintenance
l Configuration Saving Page
Click directory tree Maintenance > Save on the left of main page, open saving
configuration information page, as shown in Figure 5-32.
5-39
Caution!
Saving configuration will cover the original configuration file. Make sure that the
configuration need to be covered before clicking Ok.
l Configuring Reboot
Click directory tree Maintenance > Reboot on the left of main page, open reboot
function page, as shown in Figure 5-33.
5-40
l Uploading File
à Click directory tree Maintenance > Upload on the left of main page, open file
upload page, as shown in Figure 5-34.
à Click Browse..., browse and select the file to be uploaded, as shown in Figure
5-35, and then click Ok to upload file.
Note:
5-41
Caution!
Make sure the legality and validity of file to be uploaded. The uploaded file will cover
the original file. If the operation is not correct switch can't work. Unprofessional
personnel are not recommended to use this function.
l User Management
Click directory tree Maintenance > User Manager on the left of main page, open user
management page, as shown in Figure 5-36.
By default, the Modify tab is displayed. Modify the login password and management
password, and then click Apply to submit.
l Adding User
Click add button in user management page, open Adding User page, as shown in
Figure 5-37
5-42
Enter the information about the user to be added, and then click Apply to submit.
l Deleting User
Click Delete button in user management page, open Deleting User page, as shown
in Figure 5-38.
5.9 M_Button
Introduction to the M_Button Function
The M_button function is used to display the key statistics data and indicate the key events
through the panel indicators, which facilitates device maintenance.
5-43
5-44
10. CRC port display mode (CRC): In this mode, a port indicator displays the CRC errors.
If there is a CRC error frame on the port, the yellow indicator is lit. If there is no CRC
error frame on the port, the indicator is not lit.
11. STORM port display mode (STORM): In this mode, a port indicator indicates a storm
port. If the port is a storm port, the yellow indicator is lit. If the port is not a storm port,
the indicator is not lit.
12. NoMAC port display mode (NoMAC): In this mode, a port indicator indicates whether a
MAC address is learnt. If the port does not learn a MAC address, the yellow indicator
is lit. If the port learns a MAC address, the indicator is not lit. This mode supports
trunk. If a trunk port learns a MAC address, the indicators of the active ports in the
trunk are not lit.
13. PoE mode: In this mode, a port indicator indicates the PoE status. If PoE is normal,
the green indicator is lit. If a PoE exception occurs, the yellow indicator is lit. If there
is no power, the indicator is not lit. Only 2910E-PS and 2918E-PS support this mode.
5.10 Telnet
Telnet Overview
As a member of the TCP/IP protocol family, the Telnet protocol is the standard protocol for
the remote Internet login service. With this protocol, users can perform operations on a
remote switch through the local PC.
A ZTE switch can be used as both a Telnet client and a Telnet server.
Telnet Configuration
Telnet configuration includes:
5-45
Command Function
l Configuration Procedure
1. Configure the switch
By default, the Telnet server function is enabled. You can use the following
command to make sure that the function is enabled.
zte(cfg)#show Telnet
Telnet server is enable
2. Configure the PC
Note:
Windows 2000 provides the Telnet client and server programs. Telnet.exe
is the client program and tlntsvr.exe is the server program. In addition,
Windows 2000 provides the Telnet server management program tlntadmn.exe.
By default, the Telnet service is installed in Windows 2000.
5-46
5-47
5-48
6-1
b. Note the chute and whether the related wire is loosen. If it is loose, adjust it.
3. Clean the switch
Note the cloth should not be too wet and the operation cannot affect the interface.
4. The backup of the alarm information, the backup of statistics information, the backup
of configuration information
Maintenance Period
The maintenance period of Ethernet switch is shown as Table 6-1.
Example 1
zte(cfg)#show vct port 1
Cable Test Result for Port 1
6-2
RX PAIR :
Cable Test Passed. No problem found.
Cable Length is unknown.
TX PAIR :
Cable Test Passed. No problem found.
Cable Length is unknown.
Example 2
zte(cfg)#show vct port 8
Cable Test Result for Port 8
RX PAIR :
Cable Test Passed. Cable is open.
Approximately 7 meters from the tested port.
TX PAIR :
Cable Test Passed. Cable is open.
Approximately 6 meters from the tested port.
6-3
Fault Handling
1. Use the correct configuration cable.
2. Check the attribute of serial port of hyperterminal, the correct configuration : Bits per
Second (baud rate) is set to 9600, data bit is set to 8, Parity check is set to “None”, data
flow control is set to “None”. Check whether the hyperterminal serial port is normal and
change the configuration terminal.
3. Check whether the Console port of the switch is normal.
Fault Handling
1. Modify all PVIDs of ports and make them same as the VLAN ID to which the port
belongs.
2. Enable all the ports used.
3. Enable the VLAN that IP port binds.
4. Configure valid IP address, subnet mask and default gateway.
5. Modify the IP address of the switch or the IP or other devices to remove the IP address
conflict.
6. Configure REMOTE ACCESS as any, permit any host mode.
6-4
Fault Handling
1. Upgrade the browser version of host to at least IE6.0.
2. Check the switch configuration and acquire correct IP address and port number.
3. Check the line between host and device to ensure that the communication between
host and device is normal.
4. Configure the correct management interface for the switch and configure the correct
IP address at the same time.
5. Enable WEB management function of the switch and configure port number.
Fault Handling
At first, ensure whether administrator can find the original username and password. If
cannot, reboot the switch and delete the configuration file. The operation procedure is as
follows:
1. Reboot the switch and enter any key at the hyperterminal to enter boot state.
ZXR10 2928E BootRom Version v1.15
Compiled May 21 2012 08:57:22
Copyright (c) 2010 by ZTE Corporation.
6-5
startrun.dat 671
to_permmac.dat 98304
[bootManager]: rm startrun.dat
[bootManager]: ls
/cfg/
to_permmac.dat 98304
[bootManager]:
4. After the switch is rebooted, use default username and password for login.
6-6
Fault Handling
The handling method refers to “Losing the Login Username or Password”.
Note
Before the switch is rebooted, record the current configuration for reconfiguration.
Fault Handling
1. Modify all PVIDs of ports and make them same as the VLAN ID to which the port
belongs.
2. Enable all the ports used.
3. Enable VLAN used.
4. Add the port used into VLAN again, select untag when it is added.
5. Configure the correct IP address for device.
6-7
authentication function on the access layer device of six buildings of student area in the
specified time. The configuration of ZXR10 2900E is as follows:
The two devices connected with the two ports in the same VLAN cannot ping each other.
set port 1-24 security enable
config nas
radius isp test defaultisp enable
radius isp test sharedsecret amtium
/*The sharing key negotiated with company B */
radius isp test add accounting 10.150.12.101
/*Company B authentication and accounting server address*/
radius isp test add authentication 10.150.12.101
/*Company B authentication and accounting server address*/
radius isp test client 172.16.0.181
/*Configure ISP name and the IP address of access switch*/
aaa-control port 1-24 dot1x enable
aaa-control port 1-24 accounting enable
aaa-control port 1-24 port-mode auto
When the configuration is completed, some hosts of B1, B2 and B3 three building have
“authentication timeout” problem.
6-8
of server and switch are not same. When the back-end configuration of accounting and
authentication server is checked, it is found that the shared key configuration of access
layer switch of B1–B3 is wrong, the original key “amtium” is configured as “antium” now,
which causes the unsuccessful authentication negotiation of two devices and that user
authentication failure.
Solution
When the engineer of company B changes the password as “amtium” and have checked
for two days, the fault such as “authentication timeout”does not appear. The problem is
resolved completely.
Solution
1. Filter the MAC address of this PC with fault on the access layer switch and prohibit the
PC from accessing the internet, which prevents it from influencing the other users
6-9
2. Notice the school center equipment room, prohibit the host from logging in to the
network before that the hardware of the host is not formatted and the system is installed
again.
3. The PCs of the whole network install ARP dedicated check and kill tool.
6-10
II
III
IV
LACP
- Link Aggregation Control Protocol
LLDP
- Link Layer Discovery Protocol
MLD
- Multicast Listener Discovery
MPU
- Management Process Unit
MSTP
- Multiple Spanning Tree Protocol
NTP
- Network Time Protocol
OAM
- Operation, Administration and Maintenance
PPPoE
- Point to Point Protocol over Ethernet
PVLAN
- Private Virtual Local Area Network
VII
PoE
- Power over Ethernet
QoS
- Quality of Service
RADIUS
- Remote Authentication Dial In User Service
RMON
- Remote Monitoring
RSTP
- Rapid Spanning Tree Protocol
SNMP
- Simple Network Management Protocol
SSH
- Secure Shell
STP
- Spanning Tree Protocol
TACACS+
- Terminal Access Controller Access-Control System Plus
TCP
- Transfer Control Protocol
TFTP
- Trivial File Transfer Protocol
UDLD
- UniDirectional Link Detection
UDP
- User Datagram Protocol
VBAS
- Virtual Broadband Access Server
VLAN
- Virtual Local Area Network
VPN
- Virtual Private Network
ZESR
- ZTE Ethernet Switch Ring
VIII