Professional Documents
Culture Documents
Release 3.5.R1
October 2013
MN100246 Rev T
The information in this document is subject to change without notice and describes only the product defined in
the introduction of this document. This document is intended for the use of customers of Telco Systems only
for the purposes of the agreement under which the document is submitted, and no part of it may be reproduced
or transmitted in any form or means without the prior written permission of Telco Systems. The document is
intended for use by professional and properly trained personnel, and the customer assumes full responsibility
when using it. Telco Systems welcomes customer comments as part of the process of continuous development
and improvement of the documentation.
If the Release Notes that are shipped with the device contain information that conflicts with the information in
the user guide or supplements it, the customer should follow the Release Notes.
The information or statements given in this document concerning the suitability, capacity, or performance of the
relevant hardware or software products are for general informational purposes only and are not considered
binding. Only those statements and/or representations defined in the agreement executed between Telco
Systems and the customer shall bind and obligate Telco Systems. Telco Systems however has made all
reasonable efforts to ensure that the instructions contained in this document are adequate and free of material
errors and omissions. Telco Systems will, if necessary, explain issues which may not be covered by the
document.
Telco Systems sole and exclusive liability for any errors in the document is limited to the documentary
correction of errors. TELCO SYSTEMS IS NOT AND SHALL NOT BE RESPONSIBLE IN ANY EVENT
FOR ERRORS IN THIS DOCUMENT OR FOR ANY DAMAGES OR LOSS OF WHATSOEVER KIND,
WHETHER DIRECT, INCIDENTAL, OR CONSEQUENTIAL (INCLUDING MONETARY LOSSES),
that might arise from the use of this document or the information in it.
This document and the product it describes are the property of Telco Systems, which is the owner of all
intellectual property rights therein, and are protected by copyright according to the applicable laws.
Telco Systems logo is a registered trademark of Telco Systems, a BATM Company. BiNOS, BiNOSCenter,
T-Marc, T5 Compact, T5C-XG, T-Metro, EdgeLink, EdgeGate, Access60, AccessIP,
AccessMPLS, AccessTDM, AccessEthernet, NetBeacon, Metrobility, and OutBurst are trademarks
of Telco Systems.
Other product and company names mentioned in this document reserve their copyrights, trademarks, and
registrations; they are mentioned for identification purposes only.
Introduction
Table of Contents
Table of Figures 1
Introduction 2
Key Features 2
Using This Document 3
Intended Audience 3
Documentation Suite 3
Conventions Used 3
Organization 4
Getting Documentation Updates 6
Technical Support 6
International Headquarters 6
US: North America and Latin America 6
Asia Pacific (APAC) 6
Europe, Middle East and Africa (EMEA) 7
Table of Figures
Figure 1: T-Marc 3208SH ...................................................................................................................... 2
Page 1
T-Marc3208SH
Introduction
The T-Marc 3208SH is a Carrier Ethernet demarcation device for service providers and wireless
operators who backhaul traffic from multiple 2G, 3G and 4G cell sites over Carrier Ethernet. This
device supports Ethernet, pseudowire, and TDM emulation using Circuit Emulation Services
(CES), MPLS, OAM tools, and QoS. The combination of features, technologies, and manageability
offered by the T-Marc 3208SH gives service providers a competitive advantage by extending
service intelligence to the customer edge as well as offering and maintaining advanced Service Level
Agreements (SLAs).
The T-Marc 3208SH provides a comprehensive set of synchronization options optimized for
cellular operators looking to backhaul their data and voice traffic from the Node-B\BTS (base
transceiver station) to their core network over Ethernet\MPLS transport. The device supports
Synchronous Ethernet (SyncE), external clock and phase source.
A wide set of QoS features provide granular control over the behavior of traffic and services in the
network.
The T-Marc 3208SH supports 8 dual PHY Gigabit Ethernet interfaces, 4 dual-speed (100/1000)
Ethernet plug-in (SFP) ports, Sync Clock and Phase Clock Coaxial interfaces, as well as two
expansion slots for add-on line cards.
Key Features
The device offers the following features:
Page 2
Gigabit Ethernet, wire speed, non-blocking Carrier Ethernet service demarcation switch
MEF, IEEE, ITU-T and IETF standards compliance for multivendor interoperability
Circuit Emulation Services (CES) for delivery of traditional TDM or leased line services
this device.
For the latest software updates, see the Release Notes for the relevant release. The release notes may
contain information that is in conflict with the user guide. In all cases, information contained in the
release notes supersedes material contained in this user guide.
Intended Audience
This user guide is intended for network administrators responsible for installing and configuring
network equipment. To use this guide, you must already be familiar with Ethernet and local area
networking (LAN) concepts and terminology.
Documentation Suite
This document is just one part of the full documentation suite provided with this product.
You are:
Document Function
Function
Installation Guide
User Guide
Release Notes
Conventions Used
The conventions listed below may appear in the user guide. Pay special attention as each one
contains important information:
Page 3
NOTE
Indicates information requiring special attention.
CAUTION
Indicates special instructions needed to avoid possible damage to the product.
WARNING
Indicates special instructions necessary to avoid possible injury or death.
The table below defines additional conventions used to show commands, variable and parameters
within the document:
Conventions
Description
commands
command example
<Variable>
user-defined variables
Organization
The device User Guide includes the following chapters, each focusing on a different feature or set
of features. Each chapter begins with a brief overview of the feature/s, followed by the
configuration flow, and concluding with the configuration details for the corresponding commands.
Page 4
Chapter Name
Description
Introduction
Using CLI
Device Authentication
Chapter Name
Description
Operations, Administration,
and Maintenance (OAM)
Synchronous Ethernet
(SyncE)
Troubleshooting
Appendix B: Specifications
Appendix C: Acronym
Glossary
The list of acronyms used in this user guide and their meaning
Page 5
Technical Support
Telco Systems provides technical assistance for customers and partners. Contact the Professional
Services team at our international headquarters, or the technical support center for your region.
Contact information is provided below:
Web Access: http://www.telco.com
Email: support@telco.com
International Headquarters
Telco Systems, A BATM Company
Professional Services
13 HaYetzira St., New Industrial Park
Yokneam Ilit, 20692, Israel
Tel: +972-4-993-5630
Fax: +972-4-993-7926
Email: support@telco.com
Page 6
Page 7
Using CLI
Table of Contents
Table of Figures 1
List of Tables 1
Using the Command Line Interface (CLI) 3
Accessing the CLI 3
The CLI Modes 3
Committing Configuration Commands 4
Using the CLI 5
The range Expression 25
Debug Commands 28
Banner Commands 36
Table of Figures
Figure 1: CLI Modes Hierarchy ............................................................................................................4
List of Tables
Table 1: CLI Syntax Conventions in the User Guide ........................................................................6
Table 2: CLI Help Options ....................................................................................................................6
Table 3: CLI Keyboard Sequences .................................................................................................... 12
Table 4: CLI Messages......................................................................................................................... 13
Table 5: Common Regular Expressions ........................................................................................... 14
Table 6: General Operational Mode Commands ............................................................................ 16
Table 7: Show Commands .................................................................................................................. 18
Table 8: Show Command Filter Options ......................................................................................... 20
Table 9: General Configuration Mode Commands......................................................................... 23
Table 10: Debug Commands .............................................................................................................. 30
Table 11: Banner Commands ............................................................................................................. 36
Page 1
Page 2
T-Marc3208SH
Once the login prompt is displayed, type your username and password to access the CLI.
For more information regarding default usernames and passwords, refer to the Device Authentication
chapter.
Example for SSH login:
The default device-name displayed at the prompt is T-Marc 3208SH. Throughout this guide, we
refer to T-Marc 3208SH as device-name.
The default password is admin.
Operational mode
Configuration mode
Operational Mode
This is the initial mode that the CLI enters after a successful login to the CLI.
device-name#
Page 3
Configuration Mode
The Configuration mode is the mode in which users can change the device configuration.
To enter this mode from Operational mode, use the config
terminal
command.
device-name#config terminal
Entering configuration mode terminal
device-name(config)#
The Configuration mode has various sub-modes for configuring the different device features, as
shown in the figure below.
Page 4
configuration by other users. In case of relevant changes, the system prompts for validating these
changes and committing them.
In addition when you attempt to exit the Configuration mode (end command or exit command),
the system prompts you to commit unapplied configuration changes:
Uncommitted changes found, commit them (yes/no/cancel)? [cancel]
In this case:
type yes to save the configuration changes and exit the configuration session
type no to exit the configuration session without committing the configuration changes
type cancel to remain in the current configuration session without exiting or committing the
configuration changes
When committing commands, the CLI validates the configuration changes and prompts for
missing configuration:
Example:
device-name#config
Entering configuration mode terminal
device-name(config)#vlan vl10 10
device-name(config-vlan-10)#routing-interface sw10
device-name(config-vlan-10)#com
Aborted: Error: Vlan instance is using the current routinginterface or you are trying assign a non-existing
routing-interface to vlan!
device-name(config-vlan-10)#
In this format
device-name[(config ...)]# represents the prompt displayed by the device. This prompt includes:
Page 5
Example:
default-vlan
100
Description
<Italic, small
letters>
A numerical argument:
Italic, capital
letters
A string argument:
bold letters
A command keyword:
<priority>
NAME
show port
A.B.C.D
An IP address:
10.4.0.4
UU/SS/PP
HH:HH:HH:HH:HH:HH
[]
{}
Getting Help
To get specific help on a command mode, keyword, or argument, use one of the following
commands or characters:
Table 2: CLI Help Options
Command
Purpose
help
Page 6
Command
abbreviatedcommand<Tab>
Purpose
To display a commands possible completions, type the partial command
followed immediately by <Tab> or <Space>.
If the partially typed command uniquely identifies a command, the full
command name is displayed. Otherwise, the CLI displays a list of possible
completions:
Example:
device-name(config)#ether
Possible completions:
ether-type
Configure Ethertype access lists
ethernet
Configures Ethernet services and protocols
command?
or
abbreviatedcommand?
(Leave no space between the command and ?) Provides a list and description
of commands that begin with a particular string:
Example:
device-name#s?
Possible completions:
send
Send message to terminal of one or all users
service
Configure services
show
Show information about the system
ssh
ssh to network hosts
system
Configure system's diagnostics, management and
troubleshooting
capabilities
Page 7
Command
Purpose
command ?
or
abbreviatedcommand ?
Page 8
Command
!, #
Purpose
The CLI ignores all the characters following ! or # up to the next new line.
Example:
device-name#show running-config system snmp
system
snmp
engine-id
80:00:02:e2:03:00:a0:12:27:0d:a5
no shutdown
authentication-failure-trap
view myview 1.3
group mygroup noAuthNoPriv read myview write myview notify
myview
user tester mygroup v3
target-address mycomp
address
10.3.71.58
message-model v3
security-name tester
NOTE
To use ! or # as an argument, prefix it with \ or
inside double quotes ().
Page 9
Command
command |
{append FILE
NAME | begin
| count |
include |
exclude |
linnum |
more |
nomore |
save FILE
NAME} |
until
regularexpression
Purpose
Searches and filters the command output. This functionality is
useful if you need to sort through a large output or if
you want to exclude irrelevant output.
append: appends the command output to a file. You are prompted
for a file name
begin: begins an unfiltered output of the command with the
first line containing the regular expression
count: counts the output-lines number
include: displays output lines that contain the regular
expression
exclude: displays output lines that do not contain the regular
expression
linnum: enumerates lines in the output
more: enables the output pagination
nomore: disables the output pagination
save: saves the command output to a file. You are prompted for
a file name
regular-expression: see Table 5
Example 1:
The below example displays only lines that do not contain
Regular expression sw*.
device-name#show router interface | exclude sw*
========================================================================
--------+------+---------------+---------------+---------------+-------lo
up
outBand0 up
127.0.0.1
255.0.0.0
127.255.255.255 1500
10.3.155.5
255.255.0.0
10.3.255.255
1500
========================================================================
Example 2:
It is also possible to display the output starting at the
first match of a regular expression, using the begin
keyword.
device-name#show router interface | begin .*sw30
39
sw30
up
100.1.3.1
255.255.255.0
100.1.3.255
1544
40
sw40
up
100.1.4.1
255.255.255.0
100.1.4.255
1544
============================================================================
|
Svc20
|4098|
Minimum Abbreviation
The CLI accepts a minimum number of characters that uniquely identify a command. Therefore
you can abbreviate commands and parameters as long as they contain enough letters to differentiate
them from any other available commands or parameters on the specific CLI mode.
Example:
Page 10
terminal
command as con
device-name#con t
Entering configuration mode terminal
device-name(config)#
In case of an ambiguous entry (when the CLI mode includes more than one command matching
the characters typed), the system prompts for further input.
Example:
device-name#co
-------------^
syntax error:
Possible alternatives
commit
compare
a file
complete-on-space config
-
Negating Commands
The no prefix negates the command or resets the commands configuration to its default value. For
example, the log command logs system messages. To disable logging, use the no log command.
history
port
vlan
history
Page 11
Function
Esc+b or Alt+b
Esc+f or Alt+f
Ctrl+a or Home
Ctrl+e or End
Ctrl+d
Ctrl+k
Ctrl+u or Ctrl+x
Ctrl+w, Esc+Backspace, or
Alt+Backspace
Esc+d or Alt+d
Ctrl+y
Ctrl+p or Up Arrow
Ctrl+r
Esc+c
Ctrl+c
Ctrl+t
Transposes characters
ESC+m
Ctrl+z
Page 12
CLI Messages
The CLI displays relevant messages in response to executed commands:
Table 4: CLI Messages
CLI Message
Description
syntax error:
expecting
- Clear parameter
commit
compare
- Compare running configuration to another
configuration or a file
complete-on-space config
Syntax error:
incomplete path
defaults-display
file
help
history
idle-timeout
logout
- Logout a user
mpls
no
oam
ping
run
send
show
ssh
system
telnet
tool
traceroute
who
write
- Write configuration
Displayed when the user types a valid command but fails to type the
commands required arguments:
device-name(config)#port
------------------------^
syntax error: incomplete path
syntax error:
Possible
alternatives
starting with
Displayed when the user types too few characters. In these cases, the
CLI detects an ambiguity and displays the possible matches:
device-name(config)#re
-----------------------^
syntax error:
Possible alternatives starting with re:
resolved - Conflicts have been resolved
revert
- Copy configuration from running
Page 13
Regular Expressions
Regular expressions are a subset of EGREP and AWK programming-language regular expressions.
Table 5: Common Regular Expressions
Key
Function
^
$
[abc...]
[^abc...]
r1 | r2
r1r2
r+
r*
r?
(r)
Page 14
- [no] complete-on-space
- [no] defaults-display
- help COMMAND
- show
- who
- write <terminal>
Page 15
Description
device-name#
Operational mode
complete-on-space
no complete-on-space
defaults-display
no defaults-display
help COMMAND
history <size>
10
no history
Restores to default
show
who
write terminal
show running-config
Page 16
Show Commands
device-name#
- show routes
- show bfd-session
- show bist
- show access-group-statistics
- show access-groups
- show access-lists
- show eps
- show ethernet
- show oam efm
- show port
- show rmon
- show snmp
- show snmp-server
- show snmp-system
- show syslog
- show cli
- show clock
- show fdb
- show history
- show igmp-snooping
- show l2-tunneling
- show saa
- show startup-config
- show super-vlan
- show running-config
- show router
- show mpls
- show vpls
- show vpws
- show sap-access-group-statistics
- show service
- show system
- show technical-support
- show version
- show vlan
Page 17
- show radius-statistics
- show router
- show routes
- show tacacs-statistics
Description
device-name#
Operational mode
show access-group-statistics
show access-groups
show access-lists
show eps
show Routes
show bfd-session
show ethernet
show port
show rmon
show snmp
show snmp-server
show snmp-system
show syslog
Page 18
Command
show cli
Description
Displays the CLI configuration:
autowizard
complete-on-space
display-level
history
idle-timeout
ignore-leading-space
output
paginate
screen-width
show-defaults
terminal
show clock
show history
show igmp-snooping
show interface
show l2-tunneling
show saa
show startup-config
show super-vlan
show fdb
show mpls
show router
show running-config
show sap-access-group-statistics
Fan Test
Page 19
Command
show system manufacturing-details
[main-board | module STRING]
Description
Displays the factory-inputted manufacturing
information. Not user modifiable.
show technical-support
show version
show vlan
show vpls
show vpws
show radius-statistics
show router
show routes
show tacacs-statistics
The output of the show commands can generate a large amount of data. To display only a subset of
information, type the Pipe character (|) followed by a specific keyword and a regular expression.
The below table shows the filtering options for the show command.
Table 8: Show Command Filter Options
Command
Description
expression
Page 20
Command
Description
expression
expression
expression
Examples:
To display the interface starting with ethernet0, execute the following command:
device-nameH#show router interface | begin outBand0
outBand0 up
10.3.155.5
255.255.0.0
10.3.255.255
1500
========================================================================
To display only the route statements from the running-config, execute the following command:
device-name#show running-config | include route
router
router-id 2.2.2.2
To display only lines that start with 127, execute the following command:
device-name#show Routes | include ^127
127.0.0.0/8
0
0.0.0.0
0s
lo
connect
selected
ifindex
active,fib
127.0.0.1/32
0
0.0.0.0
0s
lo
connect
selected,self_ip
ifindex
active,fib
To display the whole configuration except for the access-lists, execute the following command:
device-name#show running-config | exclude access-list
Page 21
+ config terminal
- abort
- clear
- do COMMAND
- end [no-confirm]
- help COMMAND
- pwd
- resolved
- run
- revert [no-confirm]
- validate
Page 22
Description
config terminal
abort
clear
do COMMAND
end [no-confirm]
level
help COMMAND
pwd
resolved
Page 23
Command
revert [no-confirm]
Description
Copies the running configuration into candidate
configuration
full-configuration: displays
whole configuration
the
top COMMAND
validate
Page 24
1/1/1
NOTE
The range expression can be applied only on integer values.
The range expression can be omitted.
The range expression cannot be used for creating a new range of values.
Example 1:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#router
device-name(config-router)#rsvp-te
device-name(config-rsvp-te)#lsp
Possible completions:
<lsp-id:int> range
device-name(config-rsvp-te)#lsp range 53-57, 1000
device-name(config-lsp-53-57,1000)#show full-configuration
router
rsvp-te
lsp 53
far-end
3.3.3.3
name
53
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
no shutdown
!
lsp 54
far-end
4.4.4.4
name
54
fast-reroute-mode facility
cspf
no shutdown
!
lsp 56
far-end
6.6.6.6
name
56
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
no shutdown
!
lsp 57
Page 25
far-end
7.7.7.7
name
57
fast-reroute-mode facility
cspf
no shutdown
!
lsp 1000
far-end
6.6.6.6
name
manual_bypass
guarded-destination 67.0.0.6
cspf
no shutdown
!
!
!
Example 2:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#router
device-name(config-router)#rsvp-te
device-name(config-rsvp-te)#lsp
Possible completions:
<lsp-id:int> range
device-name(config-rsvp-te)#lsp range 5*
device-name(config-lsp-5*)#show full-configuration
router
rsvp-te
lsp 53
far-end
3.3.3.3
name
53
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
no shutdown
!
lsp 54
far-end
4.4.4.4
name
54
fast-reroute-mode facility
cspf
no shutdown
!
lsp 56
far-end
6.6.6.6
name
56
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
Page 26
no shutdown
!
lsp 57
far-end
name
fast-reroute-mode
cspf
no shutdown
!
lsp 58
far-end
name
fast-reroute-mode
cspf
no shutdown
!
7.7.7.7
57
facility
8.8.8.8
58
facility
!
!
Example 3:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#service
device-name(config-service)#vpls 101-200
device-name(config-vpls-101-200)#shutdown
device-name(config-vpls-101-200)#commit
Commit complete.
Example 4:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#service
device-name(config-service)#no vpls * spoke 3
device-name(config-service)#show configuration
service
vpls 101
no spoke-sdp 3
!
vpls 102
no spoke-sdp 3
!
vpls 103
no spoke-sdp 3
!
vpls 104
no spoke-sdp 3
!
vpls 105
no spoke-sdp 3
!
Page 27
vpls 106
no spoke-sdp
!
vpls 107
no spoke-sdp
!
vpls 108
no spoke-sdp
!
vpls 109
no spoke-sdp
Debug Commands
Caution
It is recommended to use the debug commands only under the direction of Technical
Support team when troubleshooting specific problems. Enabling debugging can disrupt
operation of the device when internetworks are experiencing high load conditions.
Command Hierarchy
device-name#
+ config terminal
+ [no] debug
- [no] bm api
- [no] bm api_time
- [no] bm api_call
- [no] bm async_io
- [no] bm drv
- [no] bm fdb
- [no] bm fdb_detailed
- [no] bm init
- [no] bm if_state
- [no] bm notify
- [no] bm oam
- [no] bm proto_1to1
- [no] bm proto_ces_circ
- [no] bm proto_ip
- [no] bm proto_reslink
- [no] bm proto_service
- [no] bm proto_trunk
- [no] bm rx
- [no] bm sfp
Page 28
- [no] bm stp
- [no] bm tx
- [no] bm vlan
- [no] system-monitor
- [no] ptp-tc
Page 29
Command Descriptions
To turn off a debug command enter the no form of the command at the command line.
Table 10: Debug Commands
Command
Description
config terminal
debug
Page 30
Command
Description
bm api
bm api_time
bm drv
bm fdb
bm fdb_detailed
bm init
bm notify
bm oam
bm proto_1to1
bm proto_ces_circ
bm proto_ip
bm proto_reslink
bm proto_service
bm proto_trunk
bm rx
bm sfp
bm stp
bm tx
bm if_state
bm async_io
bm api_call
Page 31
Command
cfm <value>
Description
Enables displaying of additional log messages related to
CFM:
eps <value>
mpls ldp
mpls prefix-fec
mpls rsvp
mpls te
mpls vpls
mpls vpws
system-monitor
ptp-tc
raps <value>
bm vlan
drv acl
drv core
drv hqos
drv init
drv internal_memory
drv l2
drv link
drv mfib
Page 32
Command
Description
drv mpls
drv param
drv pktdump
drv port_monitor
drv qos
drv rx
drv saa
drv sfp
drv sfp_event
drv stp
drv super_vlan
drv tls
drv trunk
drv tx
drv vlan
ospf assert
ospf events
ospf ism_events
ospf ism_status
ospf ism_timers
ospf lsa_flood
ospf lsa_generate
Page 33
Command
Description
ospf lsa_install
ospf lsa_refresh
ospf management
ospf nsm_events
ospf nsm_status
ospf nsm_timers
ospf nssa
ospf opaque
ospf pkt_db_desc
ospf pkt_detail
ospf pkt_hello
ospf pkt_ls_ack
ospf pkt_ls_req
ospf pkt_ls_upd
ospf recv
ospf rm_api
ospf rm_redistribute
ospf send
ospf system
ospf te
ospf tsm_events
ospf tsm_lists
Page 34
Command
Description
ospf tsm_send
isis authentication
ospf tsm_status
Page 35
Banner Commands
Commands Hierarchy
+ config terminal
+ system
Commands Descriptions
Table 11: Banner Commands
Command
config terminal
system
banner-ssh STRING
Description
Enters Configuration mode
Enters System Configuration mode
Specifies a login banner for SSH users:
no banner-ssh
banner-telnet STRING
no banner-telnet
Page 36
Page 1
Page 2
Table of Figures
Figure 1: PTP Session Configuration Flow ...................................................................................... 40
Figure 2: PTP Port Configuration Flow............................................................................................ 41
Figure 3: BMC Configuration Flow ................................................................................................... 41
Figure 1. Create User ........................................................................................................................... 85
Figure 2. Create User ........................................................................................................................... 94
List of Tables
Table 1: NETCONF Standard Capabilities ........................................................................................ 7
Table 2: NETCONF Commands ........................................................................................................ 9
Table 3: MAC Address Table Commands ........................................................................................ 16
Table 4: MAC Learning Security Profile Commands...................................................................... 24
Table 5: File System Commands ........................................................................................................ 29
Table 6: System Time and Date Commands .................................................................................... 43
Table 7: DNS Client Commands ....................................................................................................... 47
Table 8: VTY Session Commands ..................................................................................................... 48
Table 9: License Commands ............................................................................................................... 49
Table 10: Sessions Limiting Commands ........................................................................................... 50
Table 11: RMON Commands ............................................................................................................ 55
Table 12: Counters Displayed by the show rmon statistics Command ..................... 57
Table 13: System Message Fields........................................................................................................ 59
Table 14: Severity Levels ..................................................................................................................... 60
Table 15: Syslog Message Facilities .................................................................................................... 61
Table 16: System Log Commands...................................................................................................... 62
Table 17: DoS Commands .................................................................................................................. 67
Table 18: The reload Command ................................................................................................... 69
Table 19: CoPP Commands ................................................................................................................ 71
Page 3
T-Marc3208SH
Page 4
Device Management
The device management enables system administrators to access, control and update
network devices.
Files System
The File System manages software images and configuration files stored in flash memory
and used by T-Marc 3208SH devices.
Session Limiting
You can configure the number of sessions that are held to the T-Marc 3208SH device.
Remote Monitoring
Remote Monitoring (RMON) is a standard monitoring specification that enables network
monitors.
Reload Commands
Managing the Device (Rev. 01)
Page 5
Device Management
Managing the Device via CLI
You can establish a CLI connection with the device by either:
Connecting the devices console port to your PC. For information about connecting to the
console port, see the devices Installation guide.
Using any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote PC. For
information see the Device Authentication chapter of this User Guide.
Page 6
1.
Enable the SNMP protocol on the device (refer to the SNMP chapter of this user guide).
2.
Verify that the Management Information Bases (MIBs) provided with the release are installed
on the management PC.
3.
Connect your PC to a device port that is assigned to VLAN 1 (the default VLAN, refer to the
VLANs chapter of this User Guide)
4.
Permit device management access on VLAN 1 (refer to the VLANs chapter of this User
Guide).
NETCONF Sessions
A NETCONF session is the logical connection between a network administrator or network
configuration-application and a network device.
NETCONF Capabilities
NETCONF capabilities are a set of functionalities that supplement the base NETCONF
specification.
NETCONF allows the client to discover the capabilities supported by the server. These capabilities
are sent to the management PC.
Table 1: NETCONF Standard Capabilities
Command
Description
:candidate
Page 7
Page 8
Command
Description
:confirmed-commit
:interleave
The agent accepts <rpc> requests (besides <closesession>) while notification delivery is active. The
:notification capability must also be present if this
capability is advertised.
:notification
:rollback-on-error
:url
:validate
:writable-running
:xpath
NETCONF Commands
Commands Hierarchy
+ config terminal
+ system
- [no] netconf-server
Commands Descriptions
Table 2: NETCONF Commands
Command
Description
config terminal
system
netconf-server
no netconf-server
no access source-ip
source-address A.B.C.D
source-address
port <value>
Restores to default
Specifies the port through which the NETCONF
connection is established:
Port 830
no port
Restores to default
Page 9
Command
Description
shutdown
no shutdown
2.
3.
The agent and the manager both send a hello message and a set of capabilities are displayed:
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
</capabilities>
</hello>]]>]]>
Page 10
Page 11
<ifMediaEncoding>42</ifMediaEncoding>
<ifMediaBitrate>42</ifMediaBitrate>
<ifMediaVendorID>N/A</ifMediaVendorID>
<ifMediaVendorName>N/A</ifMediaVendorName>
<ifMediaVendorSN>N/A</ifMediaVendorSN>
<ifMediaVendorPN>N/A</ifMediaVendorPN>
<ifMediaVendorRev>N/A</ifMediaVendorRev>
<ifMediaVendorManufacturingDate>N/A</ifMediaVendorManufactur
ingDate>
<ifMediaCalibMode>42</ifMediaCalibMode>
</InterfaceReadOnlyData>
<Counters>
<ifInOctets>0</ifInOctets>
<ifInUcastPkts>0</ifInUcastPkts>
<ifInNUcastPkts>0</ifInNUcastPkts>
<ifInDiscards>0</ifInDiscards>
<ifInErrors>0</ifInErrors>
<ifInUnknownProtos>0</ifInUnknownProtos>
<ifOutOctets>0</ifOutOctets>
<ifOutUcastPkts>0</ifOutUcastPkts>
<ifOutNUcastPkts>0</ifOutNUcastPkts>
<ifOutDiscards>0</ifOutDiscards>
<ifOutErrors>0</ifOutErrors>
<ifOutQLen>0</ifOutQLen>
<ifSpecific>1.2.3</ifSpecific>
<ifInMulticastPkts>0</ifInMulticastPkts>
<ifInBroadcastPkts>0</ifInBroadcastPkts>
<ifOutMulticastPkts>0</ifOutMulticastPkts>
<ifOutBroadcastPkts>0</ifOutBroadcastPkts>
<ifHCInOctets>0</ifHCInOctets>
<ifHCInUcastPkts>0</ifHCInUcastPkts>
<ifHCInMulticastPkts>0</ifHCInMulticastPkts>
<ifHCInBroadcastPkts>0</ifHCInBroadcastPkts>
<ifHCOutOctets>0</ifHCOutOctets>
<ifHCOutUcastPkts>0</ifHCOutUcastPkts>
<ifHCOutMulticastPkts>0</ifHCOutMulticastPkts>
<ifHCOutBroadcastPkts>0</ifHCOutBroadcastPkts>
<ifHighSpeed>0</ifHighSpeed>
<ifConnectorPresent>true</ifConnectorPresent>
<ifCounterDiscontinuityTime>0</ifCounterDiscontinuityTime>
<ifUndersizePkts>0</ifUndersizePkts>
<ifOversizePkts>0</ifOversizePkts>
<ifFragmentsPkts>0</ifFragmentsPkts>
<ifJabberPkts>0</ifJabberPkts>
<ifCRCAligneErrorPkts>0</ifCRCAligneErrorPkts>
<ifCollisionsPkts>0</ifCollisionsPkts>
<ifFra64Pkts>0</ifFra64Pkts>
<ifFra65to127Pkts>0</ifFra65to127Pkts>
<ifFra128to255Pkts>0</ifFra128to255Pkts>
<ifFra256to511Pkts>0</ifFra256to511Pkts>
<ifFra512to1023Pkts>0</ifFra512to1023Pkts>
Page 12
<ifFra1024to1518Pkts>0</ifFra1024to1518Pkts>
<ifTotalOctets>0</ifTotalOctets>
<ifTotalInPkts>0</ifTotalInPkts>
<ifTotalPkts>0</ifTotalPkts>
<ifTotalBcastPkts>0</ifTotalBcastPkts>
<ifTotalMcastPkts>0</ifTotalMcastPkts>
<ifTotalOutPkts>0</ifTotalOutPkts>
<ifAlignErr>0</ifAlignErr>
<ifFCSErr>0</ifFCSErr>
<ifSQETestErr>0</ifSQETestErr>
<ifCSEErr>0</ifCSEErr>
<ifSymbolErr>0</ifSymbolErr>
<ifMacTxErr>0</ifMacTxErr>
<ifMacRxErr>0</ifMacRxErr>
<ifTooLongFra>0</ifTooLongFra>
<ifSnglCollision>0</ifSnglCollision>
<ifMultCollision>0</ifMultCollision>
<ifLateCollision>0</ifLateCollision>
<ifExcessCollision>0</ifExcessCollision>
<ifInUnknownOpcode>0</ifInUnknownOpcode>
<ifDefferedTx>0</ifDefferedTx>
</Counters>
<efm-oam xmlns="http://batm.com/ns/efm/1.0">
<oper-status>linkFault</oper-status>
<maximum-pdu-size>0</maximum-pdu-size>
<config-revision>0</config-revision>
<functions-supported>eventSupport
variableSupport</functions
-supported>
<packets-sent>0</packets-sent>
<packets-received>0</packets-received>
<loopback-status>noLoopback</loopback-status>
<get-forward-status>None</get-forward-status>
<get-forward-shutdown>None</get-forward-shutdown>
</efm-oam>
</interface>
</interfaces>
</data>
</rpc-reply>
2.
Page 13
</config>
</edit-config>
</rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
<ok/>
</rpc-reply>
Commands for changing the mode, IP address, mask, IP gateway restart the
CES module automatically.
Changing the working mode does not remove automatically all configured
commands related to the previous mode. Therefore, all previously configured
options as interface framings, circuits, etc. must be removed manually via XML
file.
. . .
<module>
<name>1/3</name>
<interface>
<e1-interfaces>
<interface>
<name>e1-2.0.0.0</name>
<framing>cas</framing>
<clock>adaptive</clock>
<clock-controller>
<number>primary</number>
<circuit>2</circuit>
</clock-controller>
</interface>
</e1-interfaces>
</interface>
<circuit>
<number>2</number>
<interface>e1-2.0.0.0</interface>
<timeslots>1-15,17-31</timeslots>
<vlan-id>10</vlan-id>
<destination>
<ip-address>1.2.3.4</ip-address>
</destination>
</circuit>
<circuit>
<number>3</number>
<interface>e1-3.0.0.0</interface>
</circuit>
</module>
. . .
Page 14
Dynamic: Dynamic entries are MAC addresses learned by the device through examination of
incoming packets. Dynamic entries remain in the MAC address table provided traffic
continues to be received from the port but are deleted either when traffic is not received within
a specified time frame (defined by aging timeout).
The device flushes and repopulates dynamic entries when any of the following occurs:
A VLAN is removed
A VLAN ID is changed
A port mode is changed (tagged/untagged)
A port is disabled
A port goes down
Static: A user-defined entry, created using the Command Line Interface (CLI), that forces the
device to learn the MAC address for a specific port. Static entries are maintained permanently
by the device in the MAC address table and are retained by the device after reset or a power
on/off cycle.
Secure: Secured ports are configured using MAC Learning Profiles. MAC addresses learned
from a secured port will appear with a status of Secure.
Self: The MAC address of the device itself maintained permanently as a static entry in the
MAC address table. Such entries are created for each virtual LAN (VLAN) serviced by the
device and do not contain Port IDs.
Filtered: Addresses learned in excess of a defined Port Limit are added dynamically to the
MAC Address Table with the status of Filtered. The device will not forward additional packets
from a filtered address to the port indicated by the MAC Address Table entry.
Page 15
Command Hierarchy
device-name#
+ config terminal
+
port UU/SS/PP
- [no] learn-new-mac-addresses
+ service
- [no] learn-new-mac-addresses
Command Descriptions
Table 3: MAC Address Table Commands
Command
Description
config terminal
port UU/SS/PP
Page 16
Command
Description
1/2/8
service
vpls <vpls-id>
no vpls <vpls-id>
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 17
Command
Description
no spoke-sdp [<sdp_id>]
mesh-sdp [<sdp_id>]
NOTE
By default, mesh SDPs are secured
thus the traffic between mesh
SDPs and secured SAPs/spoke
SDPs will be blocked.
no mesh-sdp [<sdp-id>]
learn-new-mac-addresses
no learn-new-mac-addresses
Restores to default
300 seconds
no fdb aging-time
Restores to default
Page 18
Command
Description
of <1-4094>, for which the
packet with the specified MAC
address is received
None configured
no fdb
static
port UU/SS/PP
priority <priority>
0
no priority
type {filtered |
static}
Restores to default
secure | self |
Static
clear fdb [interface UU/SS/PP | mac
HH:HH:HH:HH:HH:HH | vlan <vlan-id>
| type {dynamic | filtered | secure} |
service <id> | sap {{UU/SS/PP |
agN}[:[igmp] | :[<vlan-id>]:[igmp] |
UU1/SS1/PP1:<ces-circuit>:{ces |
ces-oos}}
HH:HH:HH:HH:HH:HH: (optional) a
specific MAC address
UU/SS/PP: the
physical port
port) defined
obtained from
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 19
Command
Description
command)
Page 20
Page 21
Port Security
MAC addresses are entered in the MAC address table with a secure status. Secure MAC Addresses
are retained permanently and are excluded automatically when the switch floods all ports on receipt
of an unknown address.
When a secured port receives a packet, it compares the packets source MAC address to the secured
MAC address list.
If the packets source MAC address is in the list, the incoming packet is forwarded.
If the packets source MAC address is not in the secured list, the port does not forward the
packet. In this case, the port either shuts down permanently or drops incoming packets from
the unauthorized device, generating an SNMP trap.
Dynamic secured MAC addresses that are dynamically learned. These addresses are stored in
the address table but are removed when the device restarts.
static <vlan-id>
static | unknown} command.
NOTE
The allocated MAC addresses on a port are permanently secured.
Port Limit
The Port Limit feature limits the number of MAC addresses learned by a port. When enabling this
feature:
MAC addresses that exceed the limit are learned as filtered MAC addresses.
packets with unknown MAC addresses are not forwarded. The mac-limited port behaves as
secured.
On the device, you can define one or more MAC Learning Profiles and add to each profile either
Port Security or Port Limit. Once defined, you can apply those profiles to the physical port.
To define the maximum number of addresses that can be learned, both Port Security and Port
Limit work in conjunction with the max-mac-count command. If a limit is not set through this
command, the device will continue to learn until the maximum number of addresses for the device
is reached.
Page 22
Beyond the limit, additional MAC addresses are entered into the MAC address table with a filtered
status. Exceeding the defined limit for a port is considered to be a security violation. The device can
take action. Through configuration options, the device can either shut down the port or generate an
SNMP trap and log message. Filtered addresses, which are not learned by the device, remain in the
table for later security analysis by the system administrator.
Command Hierarchy
device-name#
+ config terminal
+ ethernet
- max-mac-count <number-of-addresses>
+ port UU/SS/PP
+ service
- [no] fdb-rapid-flush
- [no] fdb-rapid-flush
Page 23
Command Descriptions
Table 4: MAC Learning Security Profile Commands
Command
Description
config terminal
ethernet
no mac-learning learning-profile
[NAME]
action {operational-shutdown |
trap}
no action
ignore-filtered-addresses
no ignore-filtered-addresses
max-mac-count <number-ofaddresses>
Restores to default
port-limit
port-security
Page 24
no watermark count
Restores to default
Command
no watermark action
port UU/SS/PP
Description
service
tls <service-id>
NOTE
You cannot use the same service ID
for all MPLS L2 services.
no tls <service-id>
vpls <vpls-id>
Creates a VPLS:
no vpls <vpls-id>
fdb-rapid-flush
no fdb-rapid-flush
Restores to default
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 25
Command
Description
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 26
Command
Description
NOTE
mac-learning-profile
profile-name NAME
no mac-learning-profile
profile-name [NAME]
Page 27
Files System
The file system can define, download, and delete software images and/or configuration files stored
in Flash memory.
Command Hierarchy
device-name#
- file ls
- file ls os-image
Page 28
- file vi FILE-NAME
Command Descriptions
Table 5: File System Commands
Command
Description
device-name#
Operational mode
FILE-NAME
Page 29
Command
file cp os-image
PROTOCOL[USER[:PASSWORD]@]IPv4[:POR
T]/FILE-NAME
Page 30
Description
Downloads a new software image from a
TFTP/FTP server:
Command
file cp from
PROTOCOL[USER[:PASSWORD]@]IPv4[:POR
T]/FILE-NAME1 FILE-NAME2
file cp technical-support
PROTOCOL[USER[:PASSWORD]@]IPv4[:POR
T]/FILE-NAME
Description
Downloads a configuration file from a
TFTP/FTP server to the local file system:
Saves the output of the show technicalsupport command to the local file system
(see the Troubleshooting chapter of this UG):
Page 31
Command
file cp technical-support use-externalfile FILE-NAME USE-EXTERNAL-FILE-
NAME
NAME
file cp running-configuration
PROTOCOL[USER[:PASSWORD]@]IPv4[:POR
T]/FILE-NAME
Description
Saves the show technical-support
command output to the local file system:
USE-EXTERNAL-FILE-NAME: name of
the file that contains the
filtered command output
USE-EXTERNAL-FILE-NAME: name of
the file that contains the
filtered command output
Page 32
Command
file cp startup-config from
PROTOCOL[USER[:PASSWORD]@]Ipv4[:POR
T]/FILE-NAME
Description
Downloads a startup configuration file from a
TFTP/FTP server to be loaded during the next
restart:
file ls
file ls os-image
Page 33
Command
file diff FILE-NAME1 FILE-NAME2
Description
Compares the content of two files and returns
matches without regard to
uppercase/lowercase:
FILE-NAME
file vi FILE-NAME
Page 34
Command
file cp ces-image
PROTOCOL[USER[:PASSWORD]@]IPv4[:POR
T]/FILE-NAME
Description
Downloads a new CES image from a
TFTP/FTP server to the local file system:
In the following example, the new_image. T-Marc 3208SH. app.binoxpkg application package file is
downloaded from an FTP server (IP address is 10.3.71.17).
NOTE
BiNOX application package file (app.binoxpkg) is used to upgrade the device. The
main advantage to using the package upgrade is the new file validation feature that
prevents activation of a corrupted or incorrect image file.
1.
Download the desired file from the FTP server to the local file system:
device-name#file cp os-image ftp://user:pass123@10.3.71.17/new_image.T-Marc
3208SH.app.binoxpkg
Downloading the image 'new_image. T-Marc 3208SH.app.binoxpkg' from
host ftp://10.3.71.46 (29,051,909 bytes transferred)... OK
Generating components list for the package file... OK
Package's Content:
----------------------------------------------------------------------
Page 35
___________________________________________________________________________
____________________________
/
\
| Component Type:
Name:
|
|
Version
|
| File
|------------------------------|---------------------|------------------------------------------------|
| > Application
|
| 2.6.21.7-hrt1-WR2.0 |
|
| Undefined
| 2.1.TP-dev55
| T-Marc 3208SHsafemode.img
| Undefined
| Undefined
|
|
|
|
|
|
\______________________________|_____________________|__________________________________________
_______/
Extracting the required components from the package file( This may take
several minutes )... OK
Checking
Checking
Checking
Checking
Checking
Checking
the
the
the
the
the
the
component
component
component
component
component
component
file
file
file
file
file
file
Page 36
NOTE
If insufficient free space is available, the new software image is not saved on the
local file system. The following error message appears:
Installing the image file... Failed! (cp: write error: No space left on
device)
2.
3.
4.
Page 37
Page 38
Ordinary clockCommunicates with the network based on a single physical port, similar to
an end host. An ordinary clock can function as a grandmaster clock.
Boundary clockTypically has several physical ports, with each port behaving like a port of an
ordinary clock. However, each port shares the local clock, and the clock data sets are common
to all ports. Each port decides its individual state, either master (synchronizing other ports
connected to it) or member (synchronizing to a downstream port), based on the best clock
available to it through all of the other ports on the boundary clock. Messages related to
synchronization and establishing the master-member hierarchy terminate in the protocol
engine of a boundary clock and are not forwarded.
Transparent clockForwards all PTP messages like an ordinary device but measures the
residence time of a packet in the device (the time that the packet takes to traverse the
transparent clock) and in some cases the link delay of the ingress port for the packet. The ports
have no state because the transparent clock does not need to synchronize to the grandmaster
clock.
To avoid instances where slave clocks synchronize with suspicious and rogue masters, you can
define a table of acceptable masters. With this feature enabled, the slave device will filter out any
announce messages received from master clocks not included in the table.
PTP Process
The PTP process consists of two phases: establishing the master-member hierarchy and
synchronizing the clocks.
Within a PTP domain, each port of an ordinary or boundary clock follows this process to
determine its state:
Examines the contents of all received announce messages (issued by ports in the master state)
Compares the data sets of the foreign master (in the announce message) and the local clock for
priority, clock class, and accuracy.
Based on this comparison, determines its own state as either master or member
After the master-member hierarchy has been established, the clocks are synchronized as follows:
The master sends a synchronization message to the member and notes the time it was sent.
The member receives the synchronization message and notes the time it was received.
The member sends a delay-request message to the master and notes the time it was sent.
The master receives the delay-request message and notes the time it was received.
The member uses these timestamps to adjust its clock to the time of its master
NOTE
After PTP is configured on master and slave devices, it is recommended to wait
20 minutes for the acquisition phase to finish.
Page 39
Page 40
Page 41
Command Hierarchy
NOTE
System time for the device resets after reload. System time must be defined manually
when NTP is not configured.
device-name#
+ config terminal
+ system
+ [no] time
- [no] summer-time
+ [no] ntp
- refresh-interval <interval>
- timezone <-12+12>
+ [no] ptp
[no] transparent-clock
[no] shutdown
Page 42
Command Descriptions
Table 6: System Time and Date Commands
Command
Description
config terminal
system
time
no time
date CCYY-MM-DDTHH:MM:SS
CCYY-MM-DDTHH:MM:SS: CC represents
the century, YY the year, MM the
month and DD the day
T: date/time separator
summer-time
no summer-time
recurring shutdown
no recurring shutdown
Page 43
Command
Description
ntp
NOTE
After changing any of the NTP
configuration parameters, restart the
NTP server using shutdown/no
shutdown commands.
no ntp
remote-server-ip A.B.C.D
Disables NTP
Specifies the IP address of the NTP server:
no remote-server-ip
authentication key-id <165535> [key-string
STRING]
no authentication key-id
refresh-interval <interval>
timezone <-12+12>
time-out <value>
no time-out
min <min>
no min
Page 44
Command
Description
source-address A.B.C.D
dscp-mapping <value>
no dscp-mapping
shutdown
no shutdown
ptp
no ptp
transparent-clock
no transparent-clock
Restores to default
port UU1/SS1/PP1
UU2/SS2/PP2
no port
shutdown
no shutdown
Page 45
Command
Description
source-mac {self |
unmodified}
Restores to default
timeout <value>
10 seconds
no timeout
Restores to default
Example
The following example configures the following summer time recurring:
Page 46
Command Hierarchy
device-name#
+ config terminal
+ system
Command Descriptions
Table 7: DNS Client Commands
Command
Description
config terminal
system
dns-resolver A.B.C.D [shutdown]
Page 47
Command Hierarchy
device-name#
- idle-timeout <timeout>
Command Descriptions
Table 8: VTY Session Commands
Command
Description
device-name#
Operational mode
idle-timeout <timeout>
Page 48
License Configuration
In the current version, each device ships with a full license. To find out the software license for the
device, use the commands shown below.
Command Hierarchy
device-name#
+ config terminal
+ system
- license id <value>
Command Descriptions
Table 9: License Commands
Command
Description
config terminal
system
license id <value>
Page 49
Session Limiting
The Session Limiting feature allows you to configure a limit on the number of CLI, SNMP, or
Netconf concurrent sessions.
+ config terminal
+system
Commands Descriptions
Table 10: Sessions Limiting Commands
Command
Description
config terminal
system
max-config-sessions <value>
20 sessions
SNMP and Netconf sessions are not considered
as configuration sessions.
no max-config-sessions
Restores to default
max-sessions <value>
no max-sessions
Restores to default
Example:
When you reach the limit of allowed sessions, you can terminate any of the current sessions and log
into the device:
device-name#config terminal
Entering configuration mode terminal
Page 50
device-name(config)#system
device-name(config-system)#max-sessions 2
T-Marc 3208SH
admin@10.3.172.7's password:
Too many sessions. Ongoing sessions:
SID USER CTX FROM
PROTO LOGIN
CONFIG MODE
23 admin cli 10.3.71.112 ssh
13:36:48
20 admin cli 10.3.71.144 ssh
13:11:33
Enter SID of session to terminate or 'exit':
Page 51
Remote Monitoring
Remote Monitoring (RMON) is an Internet Engineering Task Force (IETF) monitoring
specification that defines a set of statistics and functions that can be exchanged between RMONcompliant console systems and network probes.
RMON provides you with comprehensive network-fault diagnosis, planning, and performancetuning information.
You can use the RMON feature with the Simple Network Management Protocol (SNMP) agent to
monitor all the traffic flowing among devices on all connected LAN segments.
Statistics History
A statistics monitoring provides historical view of the interface statistics based on user-defined
interval. A statistic monitoring profile defines which specific statistic-counter will be monitored.
Profile can be bound to specific interface instance in the control table
A table of build-in counters includes:
Page 52
Counter
Description
ifAlignErr
ifCRCAligneErrorPkts
ifCSEErr
ifCollisionsPkts
ifDefferedTx
ifDownCounter
ifExcessCollision
ifFCSErr
ifFra64Pkts
ifFra65to127Pkts
ifFra128to255Pkts
ifFra256to511Pkts
ifFra512to1023Pkts
ifFra1024to1518Pkts
ifFragmentsPkts
ifHCInBroadcastPkts
ifHCInMulticastPkts
ifHCInOctets
ifHCInUcastPkts
ifHCOutBroadcastPkts
ifHCOutMulticastPkts
ifHCOutOctets
ifHCOutUcastPkts
ifInBroadcastPkts
ifInDiscards
ifInErrors
ifInFlowControl
ifInFraFragments
ifInFraOversize
ifInJabber
ifInMulticastPkts
ifInNUcastPkts
ifInOctets
ifInRateBps10Sec
ifInRateBps60Sec
ifInUcastPkts
ifInUnknownOpcode
ifInUnknownProtos
ifJabberPkts
ifLateCollision
ifMacRxErr
ifMacTxErr
ifMultCollision
ifOutBroadcastPkts
ifOutDiscards
ifOutErrors
ifOutFlowControl
ifOutFraFragments
ifOutFraOversize
ifOutJabber
ifOutMulticastPkts
ifOutNUcastPkts
ifOutOctets
ifOutRateBps10Sec
Page 53
ifOutRateBps60Sec
ifOutUcastPkts
ifOversizePkts
ifSQETestErr
ifSnglCollision
ifSymbolErr
ifTooLongFra
ifTotalBcastPkts
ifTotalInPkts
ifTotalMcastPkts
ifTotalOctets
ifTotalOutPkts
ifTotalPkts
ifUndersizePkts
NOTE
Counters are applied on a single port or on a group of ports.
RMON Commands
Commands Hierarchy
device-name#
+ config terminal
+system
+ [no] statistics-history
Page 54
etherStatsPkts512to1023Octets | etherStatsPkts64Octets |
etherStatsPkts65to127Octets | etherStatsUndersizePkts]
Commands Descriptions
Table 11: RMON Commands
Command
Description
config terminal
system
statistics-history
no statistics-history
get-interval <value>
no get-interval
Restores to default
Page 55
Command
profile NAME [xpath-template
<value>]
Description
Specifies an RMON profile:
shutdown
no shutdown
Absolute
no type {absolute | delta}
show system statistics-history [control
| displaylevel <value>]
Restores to default
Displays the complete collection of statistics:
Example 1
device-name#show port 1/1/1 rmon statistics
===============================================================================
RMON Statistics
Page 56
===============================================================================
Port 1/2/8
Counter Name
Counter Value
------------------------------------------------------------------------------etherStatsDropEvents
117
etherStatsOctets
11298
etherStatsPkts
133
etherStatsBroadcastPkts
0
etherStatsMulticastPkts
133
etherStatsCRCAlignErrors
0
etherStatsUndersizePkts
0
etherStatsOversizePkts
0
etherStatsFragments
0
etherStatsJabbers
0
etherStatsCollisions
0
etherStatsPkts64Octets
4
etherStatsPkts65to127Octets
130
etherStatsPkts128to255Octets
0
etherStatsPkts256to511Octets
0
etherStatsPkts512to1023Octets
0
etherStatsPkts1024to1518Octets
0
===============================================================================
rmon statistics
Command
Counter
Description
etherStatsBroadcastPkts
etherStatsCollisions
etherStatsCRCAlignErrors
etherStatsDropEvents
etherStatsFragments
etherStatsJabbers
etherStatsMulticastPkts
etherStatsOctets
etherStatsOversizePkts
Page 57
Counter
Description
etherStatsPkts
etherStatsPkts1024to1518Octets
etherStatsPkts128to255Octets
etherStatsPkts256to511Octets
etherStatsPkts512to1023Octets
etherStatsPkts65to127Octets
etherStatsPkts64Octets
etherStatsUndersizePkts
Example
The following example displays how to create a profile Test_1/1/1, apply it on port 1/1/1, and
collect statistics for 10 seconds:
device-name(config)#system
device-name(config-system)#statistics-history
device-name(config-statistics-history)#profile Test_1/1/1
device-name(config-profile-Test_1/1/1)#xpath-template
"/interfaces/interface{%s}/Counters/ifInOctets"
device-name(config-profile-Test_1/1/1)#commit
Commit complete.
device-name(config-profile-Test_1/1/1)#exit
device-name(config-control-1)#profile-name Test_1/1/1
device-name(config-control-1)#xpath-key 1/1/1
device-name(config-control-1)#commit
Commit complete.
device-name(config-control-1)#exit
device-name(config-statistics-history)#get-interval 10
device-name(config-statistics-history)#no shutdown
device-name(config-statistics-history)#commit
Commit complete.
Page 58
The console log routes system messages to a local or remote console, or to the system memory
buffer
Message logging is configurable (for example: what severity levels and where the log is sent)
allows configuration of the types of logging information to be captured and the destination
(log file or other devices)
The system message is stored and displayed based on the following format:
DATE TIME SEVERITY PROCESS MESSAGE-TEXT
Description
SEVERITY
PROCESS
MESSAGE-TEXT
Example
Jan
1 01:02:48 info
Multicast group.
OSPF
Page 59
To configure the level of the trap message logging filter, use the
command.
Keyword
Description
emergency
alert
critical
error
warning
Warning condition.
notice
info
debug
Zero (0) is the highest severity, and 7 is the lowest severity. When you specify a severity level,
logging output of the specified level and all lower levels (higher severities) are enabled.
Page 60
Syslog Facility
A Syslog facility is a setting for the remote Syslog server.
Table 15: Syslog Message Facilities
Keyword
Description
alert
Log alert
audit
Log audit
auth
Security/authorization messages
clock
Clock daemon
cron
daemon
System daemons
ftp
FTP daemon
local0
local1
local2
local3
local4
local5
local6
local7
lpr
Mail system
news
ntp
NTP subsystem
security
Security/authorization messages
syslog
user
User-level messages
uucp
UUCP subsystem
NOTE
Some operating systems use facilities alert, audit, and auth for
security/authorization and audit/alert messages.
Page 61
- show syslog
Commands Descriptions
Table 16: System Log Commands
Command
Description
config terminal
log
no log
no cli-console {severity
name}
| process-
Page 62
Command
Description
process-name NAME}
no ssh-console {severity
name}
| process-
no telnet-console {severity
process-name}
| process-name}
syslog-server A.B.C.D
Restores to default
Specifies the IP address of Syslog server:
no syslog-server A.B.C.D
facility <level>
no facility
severity <level>
Page 63
Command
Description
of Table 14
process-name NAME
no process-name
source-address A.B.C.D
A.B.C.D: IP address, in a
dotted-decimal format
Restores to default
dscp-mapping <value>
no dscp-mapping
Page 64
show syslog
Configuration Example
The following example shows how to enable system log messages for different severity levels that
are displayed by the console port, on SSH session or Syslog buffer.
1.
2.
3.
Page 65
Administrators typically configure protection against DoS attacks on edge devices to prevent an
attack from entering the core layers of the network. DoS attacks can be classified as:
Resource exhaustion flooding attacks: Cause resources for the server or network to be
consumed to the point where the service no longer responds or the response is significantly
reduced.
Command Hierarchy
device-name#
+ config terminal
+
ethernet
+ [no] attack-prevent
- [no] first-tcp-fragment-without-full-tcp-header
-
[no] fragmented-icmp
[no] matching-source-destination-ip
[no] tcp-fin-urg-psh-sequence-zero
[no] tcp-src-equals-tcp-dst
Page 66
[no] icmp-payload-greater-than-icmp-max-size
[no] tcp-header-fragment-offset-1
[no] tcp-syn-fin
[no] udp-src-equals-udp-dst
[no] tcp-flag-and-sequence-zero
Command Descriptions
Table 17: DoS Commands
Command
Description
config terminal
ethernet
attack-prevent
no attack-prevent
first-tcp-fragment-without-fulltcp-header
no first-tcp-fragment-without-fulltcp-header
Restores to default
fragmented-icmp
no fragmented-icmp
Restores to default
icmp-payload-greater-than-icmp-maxsize
no icmp-payload-greater-than-icmpmax-size
Restores to default
matching-source-destination-ip
no matching-source-destination-ip
Restores to default
tcp-fin-urg-psh-sequence-zero
no tcp-fin-urg-psh-sequence-zero
Restores to default
tcp-header-fragment-offset-1
no tcp-header-fragment-offset-1
Restores to default
tcp-src-equals-tcp-dst
no tcp-src-equals-tcp-dst
Restores to default
tcp-syn-fin
no tcp-syn-fin
Restores to default
Page 67
Command
Description
udp-src-equals-udp-dst
no udp-src-equals-udp-dst
Restores to default
tcp-flag-and-sequence-zero
no tcp-flag-and-sequence-zero
Restores to default
Configuration Example
device-name(config-attack-prevent)#first-tcp-fragment-without-full-tcp-header
device-name(config-attack-prevent)#fragmented-icmp
device-name(config-attack-prevent)#commit
Commit complete.
device-name(config-attack-prevent)#end
device-name#show running-config ethernet attack-prevent
ethernet
attack-prevent
first-tcp-fragment-without-full-tcp-header
fragmented-icmp
!
!
Page 68
Reload Commands
device-name#
+ config terminal
- system
Description
config terminal
system
reload [manufacturing-defaults]
[downgrade]
manufacturing-defaults: resets
the device to the factory
default configuration
Example 1:
Managing the Device (Rev. 01)
Page 69
device-name#config terminal
Entering configuration mode terminal
device-name(config)#system
device-name(config-system)#relaod
Connection to 10.3.133.6 closed by remote host.
Connection to 10.3.133.6 closed.
Example 2:
device-name(config)#system reload at 9 26 11 35
Where values are months, day, hour and minutes.
device-name#show system reload
system reload in time : In 0:0; Hex : 00000000
system reload at time : Month: 9 Day: 26 At 11:35; Hex : 1a090b23
Page 70
Command Hierarchy
device-name#
+ config terminal
+ system
+
security
port UU/SS/PP
Description
config terminal
system
security
protection-profile NAME
no protection-profile
NAME: string of up to 32
characters
Page 71
Command
Description
ipv4-reserved-multicast {discard
| pass | peer | peer-andpass}
peer-and-pass
no ipv4-reserved-multicast
Restores to default
port UU/SS/PP
protection-profile NAME
no protection-profile
Page 72
Standards
MIBs
RFCs
Not supported
Standard MIB,
8021Q_d6.mib
Not supported
MAC Learning
Security Policies
Not supported
Private MIB,
PRVT-MACSECURITY-MIB.mib
Not supported
Files System
Not supported
Private MIB,
PRVTINTERWORKING-OSMIB
Not supported
Not supported
Not supported
DNS Resolver
Not supported
Not supported
Not supported
Not supported
Remote Monitoring
(RMON)
Not supported
PRVT-StatHistMIB.mib
Public MIBs:
RMON-MIB.mib
System Logs
Not supported
Not supported
Not supported
Not supported
Not supported
Page 73
If the EdgeGenie server network is different than the Outband management network,
add a static route to allow responses from the device to the EdgeGenie network.
device(config)#router static-route <EG_Network> 172.16.1.20 1
device(config-router)#commit
The device can also be managed through an Inband management network using the IP
SW interfaces configured in step #4 of this procedure.
2.
To prepare for SNMP management, create two SNMP Users: one user allows any
management software to read information from the device (including EdgeGenie) and the
other user allows EdgeGenie to configure the device. .
Set OID Tree View to All
device(config)#system
device(config-system)#snmp
device(config-snmp)#view all 1.3 included
The user name will also be used as the name of the SNMP Community. In EdgeGenie,
when you create a Network Element for the device, enter the User Names you created
into the Read Community and Write Community fields. For more information, see Adding
a Network Element.
Once configured, SNMP can be customized according to management security
requirements through the EdgeGenie software. Use the same security community and
names and SNMP version.
3.
Page 74
device(config)#system
device(config-system)#netconf-server
device(config-netconf-server)#no shutdown
device(config-netconf-server)#commit
4.
Configure IP connectivity for the Control Plane protocols and enable the OAM-EFM and
SNMP source address.
Configure the IP SW and Loopback interfaces.
Device1(config)#router interface sw11 address 192.168.11.1/24
Device1(config-interface-sw11)#exit
Device1(config)#router interface sw13 address 192.168.13.1/24
Device1(config-interface-sw13)#exit
Device1(config)#router interface lo1 address 10.10.0.1/32
Device1(config-interface-lo1)#exit
Create VLANs and associate each VLAN with an IP Interface and Port.
Device1(config)#vlan -1-Device-2 11 routing-interface sw11 tagged 1/1/1
Device-1(config-untagged-1/1/1)#exit
Device-1(config-vlan-Device-1-Device-2/11)#exit
Device-1(config)#vlan Device-1-Device-3 13 routing-interface sw13 tagged
1/1/2
Device-1(config-untagged-1/1/2)#exit
Device-1(config-vlan-Device-1-Device-3/13)#exit
Device-1(config-vlan)#exit
Device-1(config)#commit
In order for EdgeGenie to discover the links in the topology, define the OAM-EFM role
as active for all connected link ports.
Device-1(config)#port 1/1/1
Device-1(config-port-1/1/1)#efm role active
Device-1(config-port-1/1/1)#exit
Device-1(config)#port 1/1/2
Device-1(config-port-1/1/2)#efm role active
Device-1(config-port-1/1/2)#commit
Page 75
5.
6.
Page 76
7.
Enable TE/CSPF.
Device1(config-ospf)#traffic-engineering
Create an OSPF area and add all interfaces to this area (including the Loopback interface).
Device-1(config-ospf)#area 0.0.0.0
Device-1(config-area-0.0.0.0)#interface 10.10.0.1
Device-1(config-area-0.0.0.0)#interface 192.168.11.1
Device-1(config-area-0.0.0.0)#interface 192.168.13.1
Device-1(config-area-0.0.0.0)#exit
Device-1(config-ospf)#commit
8.
Page 77
Device-2(config-ospf)#commit
9.
10. Configure the MPLS LSR-ID to match the Loopback interface (Lo1).
Device-1(config)#router mpls
Device-1(config-mpls)#lsr-id 10.10.0.1
Device-1(config-mpls)#exit
Device-1(config-router)#exit
Device-1(config)#commit
Specify the Loopback Address of the other network devices as LDP Targeted Peers. The
targeted peers should be specified only for VPLS service end-points.
Device-1(config)#router ldp
Device-1(config-ldp)#targeted-peer 10.10.0.2
Device-1(config-targeted-peer-10.10.0.2)#exit
Device-1(config-ldp)#targeted-peer 10.10.0.3
Device-1(config-targeted-peer-10.10.0.3)#exit
Page 78
Device-1(config-ldp-te)#interface sw13
Device-1(config-interface-sw13)#exit
Page 79
Device-1(config-rsvp-te)#commit
20. It is recommended to set the loopback interface as an SNMP source address. This ensures that
SNMP connectivity from the device to the EG server, such as SNMP traps, use the loopback
interface IP address which is the address identifying the device in EG database.
device(config-snmp)#source-address 10.10.0.1
22. Routing Table: Verify that the L/O Address of the other network devices are in the Routing
Table of every device.
Device-1#show router ospf route
23. LDP Link and Targeted Sessions Status: Verify that both the Targeted and Link Sessions are in
the operational state for every peer.
Device-1#show mpls ldp discovery
Page 80
25. If not previously installed, download the Java runtime environment (can be found on the
EdgeGenie start page).
26. Click Launch. You will need a valid Username, Password, and Server IP Address.
Note
If an alert message is displayed informing you that the Server and the
Client versions are not the same. Click OK. You can update the version
later.
If you have redundant servers installed, then enter the IP Addresses of both servers,
separated by a comma. For example:
10.5.4.3,10.5.11.12
EdgeGenie displays the license screen when a valid license is not found or at the end of
an evaluation period.
27. To enter the license key before the end of the evaluation period, on the module ribbon, select
License.
28. Enter the license key provided to you and click Set License. The license key only needs to be
entered once. .
Note
When you are running an evaluation copy of EdgeGenie, the license screen
appears whenever you run the client. Click Close to continue working with the
Evaluation copy or enter a license key.
Creating a Domain
The domain is a logical entity and you must assign the devices to a domain (default domain is
NOC). If the domain in which the devices will reside is not already identified in EdgeGenie, use the
following procedure to define the domain.
To set up a domain:
29. On the EdgeGenie Desktop, click Domain. The Create Domain screen opens.
Page 81
32. On the EdgeGenie Desktop, click the NE command button. The Create NE screen is
displayed.
Page 82
Description
General
IP
Name
Page 83
Field
Description
Managed
Domain
Select the Domain in which the device resides from the list provided.
(Default is NOC.)
Role
Select the role that the device plays in the network. Choices are: Core,
Aggregation, and Access. Note that information entered here is used to
identify the device but does not affect path calculations.
Access
CLI Username
Enter the CLI User Name required to access individual devices and
obtain information about those devices.
CLI Password
Enter the CLI Password associated with the CLI User Name.
SNMP Version
V2c: When selected, you will also need to enter Read Community
and Write Community information.
V3: When selected, you will also need to enter the Authentication
Protocol and Password as well as the Privacy Protocol and
Password.
ReadCommunity
Enter the Read Community string required for SNMP V1 or V2c access
to devices in the domain. Enter the User Name you created for the
Read Community Group.
Write
Community
Enter the Write Community string required for SNMP V1 or V2c access
to devices in the domain. Enter the User Name you created for the
Write Community Group.
User Name
Enter the User Name required for SNMP V3 access to the device.
Security Level
Select the Security Level defined for SNMP V3 access to devices in the
domain from the list provided:
Authentication
Protocol
Page 84
Field
Description
Authentication
Password
Privacy Protocol
Privacy
Password
NE Inventory
Instant Filter
Filters the list according to the number (of Modules) entered here.
NE Type
Supports MPLS
Select the checkbox when the device supports MPLS. The default icon
for the device will show MPLS.
Module Index
Type
For each Module in the ordered list, select the Module Type from the
list provided.
Description
Name
Enter the name that will be used to log onto the EdgeGenie client.
Page 85
Password
Enter the Password that will be used in conjunction with the User
Name to log onto the EdgeGenie client.
Confirm Password
Role
To define the level of access given to the user, select a Role from
the list provided.
Click Create. The User Name and Password are now saved in the EdgeGenie database.
Page 86
If the EdgeGenie server network is different from the Outband management network,
add a static route to allow responses from the device to the EdgeGenie network.
device(config)#router static-route <EG_Network> 172.16.1.20 1
device(config-router)#commit
In case the Inband management is used, create a management VLAN with a routing interface
attached, corresponding to the EdgeGenie network:
device(config)#router interface sw1 address 9.0.1.2/16
device(config-interface-sw1)#exit
device(config-router)#exit
device(config)#vlan MANAGEMENT 1000
device(config-vlan-1000)#untagged 1/1/1
device(config-untagged-1/1/1)#exit
device(config-vlan-1000)#untagged 1/1/2
device(config-untagged-1/1/2)#exit
device(config-vlan-1000)#routing-interface sw1
device(config-vlan-1000)#management
device(config-vlan-1000)#exit
device(config)#port 1/1/1
device(config-port-1/1/1)#default-vlan 1000
device(config-port-1/1/1)#port 1/1/2
device(config-port-1/1/2)#default-vlan 1000
device(config-port-1/1/2)#exit
In this example the Inband management is using untagged ports. If the management
communication between the EG server and the device is tagged, use tagged ports.
3.
4.
Page 87
5.
To prepare for SNMP management, create two SNMP Users: one user allows any
management software to read information from the device (including EdgeGenie) and the
other user allows EdgeGenie to configure the device.
Set OID Tree View to All
device(config)#system
device(config-system)#snmp
device(config-snmp)#view all 1.3 included
The user name will also be used as the name of the SNMP Community. In EdgeGenie,
when you create a Network Element for the device, enter the User Names you created
into the Read Community and Write Community fields. For more information, see Adding
a Network Element on page 82.
Once configured, SNMP can be customized according to management security
requirements through the EdgeGenie software. Use the same security community and
names and SNMP version.
6.
7.
Enable the OAM-EFM. In order for EdgeGenie to discover the links in the topology, define
the OAM-EFM role as active for all connected link ports.
device(config)#port 1/1/1
device(config-port-1/1/1)#efm role active
device(config-port-1/1/1)#exit
device(config)#port 1/1/2
device(config-port-1/1/2)#efm role active
device(config-port-1/1/2)#commit
Page 88
installed and describes how to install the EdgeGenie Client on your computer as well as how to
manually add a device.
Use the internet browser to access the server where the server package was installed. The
address should look like the following:
https://<EG server IP address>:8080/webstart/
9.
If not previously installed, download the Java runtime environment (can be found on the
EdgeGenie start page).
10. Click Launch. You will need a valid Username, Password, and Server IP Address.
Note
If an alert message is displayed informing you that the Server and the Client
versions are not the same. Click OK. You can update the version later.
If you have redundant servers installed, then enter the IP Addresses of both servers,
separated by a comma. For example:
10.5.4.3,10.5.11.12
EdgeGenie displays the license screen when a valid license is not found or at the end of
an evaluation period.
11. To enter the license key before the end of the evaluation period, on the module ribbon, select
License.
12. Enter the license key provided to you and click Set License. The license key only needs to be
entered once.
Note
When you are running an evaluation copy of EdgeGenie, the license screen
appears whenever you run the client. Click Close to continue working with the
Evaluation copy or enter a license key.
Creating a Domain
The domain is a logical entity and you must assign the devices to a domain (default domain is
NOC). If the domain in which the devices will reside is not already identified in EdgeGenie, use the
following procedure to define the domain.
To set up a domain
13. On the EdgeGenie Desktop, click Domain. The Create Domain screen opens.
Page 89
16. On the EdgeGenie Desktop, click the NE command button. The Create NE screen is
displayed.
Page 90
Description
General
IP
Name
Page 91
Field
Description
Managed
Domain
Role
Access
Page 92
CLI Username
CLI Password
SNMP Version
ReadCommunity
Write Community
User Name
Field
Description
Security Level
Authentication Protocol
Authentication Password
Privacy Protocol
Privacy Password
NE Inventory
Instant Filter
NE Type
Supports MPLS
Module Index
Type
Page 93
Description
Name
Enter the name that will be used to log onto the EdgeGenie client.
Password
Enter the Password that will be used in conjunction with the User
Name to log onto the EdgeGenie client.
Confirm Password
Role
To define the level of access given to the user, select a Role from
the list provided.
Click Create. The User Name and Password are now saved in the EdgeGenie database.
Page 94
Table of Figures
Figure 1: SNMP Agent and Manager Communication ..................................................................... 3
Figure 2: Trap Sent to SNMP Manager Successfully ........................................................................ 5
Page 1
List of Tables
Table 1: SNMP Versions ....................................................................................................................... 9
Table 2: Security Levels Available in the SNMPv3 Security Models ............................................ 10
Table 3: SNMP Configuration Commands ...................................................................................... 12
Table 4: Notification Types................................................................................................................. 17
Page 2
T-Marc3208SH
Overview
SNMP is an application layer protocol that facilitates the exchange of management information
between network devices. An SNMP-managed network consists of three key components:
Managed Device: A network node that contains an SNMP Agent and resides on a managed
network
Using SNMP, a network administrator can manage network performance, find and solve network
problems, and extend the network.
Table 1 displays communication between an SNMP Agent and a Manager.
SNMP Entity
An SNMP Entity, an implementation of the SNMP architecture, consists of an SNMP Engine and
one or more associated applications.
An SNMP Engine provides services for sending and receiving messages, authenticating and
encrypting messages, and controlling access to managed objects. The SNMP Engine is
identified by the SNMP Engine ID.
Applications use the services of an SNMP Engine to accomplish specific tasks. They
coordinate the processing of management information operations, and may use SNMP
messages to communicate with other SNMP Entities.
Page 3
SNMP Agent
An Agent is a network-management software module that resides in a managed device and is
responsible for maintaining local management information and delivering that information to a
Manager via SNMP. A management information exchange can be initiated by the Manager or by the
Agent.
The SNMP Agent contains MIB variables and these values can be requested or changed by the
SNMP Manager. The Agent and MIB reside on the device. The Agent gathers data from the MIB
and responds to a Managers request to get or set data.
Name: Names are used to identify managed objects and are represented uniquely as an Object
Identifier (OID). An OID is an administratively assigned name used to identify an object
regardless of the semantics associated with that object.
Syntax
Encoding: Encoding is the way that instances of a particular object type are represented using
the object types syntax.
SNMP Manager
An SNMP Manager is a software module in a management network responsible for managing
either part of or the entire configuration on behalf of network management applications and users.
The SNMP Manager sends requests to the SNMP Agent to get and set MIB values.
Communication among protocol entities is accomplished by the exchange of messages; each of
them is entirely and independently represented within a single UDP datagram. A message consists
of a version identifier, an SNMP community name, and a protocol data unit (PDU). PDUs are the
packets that are exchanged in the SNMP communication.
SNMP Engine ID
The SNMP Engine ID is a 5 to 32 bytes long, administratively unique identifier of a participant in
SNMP communication within a single management domain. The SNMP Manager and SNMP
Agent must be configured by an administrator to have unique SNMP Engine IDs.
Page 4
SNMP Notifications
The SNMP notification messages allow devices to send asynchronous messages to the SNMP
Managers. Devices can send notifications to SNMP Managers when particular events occur. For
example, an Agent might send a message to a Manager when the Agent experiences an error
condition.
NOTE
All traps, except the ones sent with SNMPv1, have a request ID as part of the PDU.
SNMP notifications can be sent as traps or Inform requests. Traps are unreliable because the
receiver does not send an acknowledgment upon receipt of a trap. However, an SNMP Manager
that receives an Inform request acknowledges the message with an SNMP response PDU. If the
sender does not receive a response after a particular time interval, the Inform request is sent again.
Informs consume more resources in the device and in the network but are more reliable. Unlike a
trap, which is discarded after being sent, an Inform request must be held in memory until a
response is received or the request times out. Also, traps are sent only once, while an Inform may
be sent several times.
Figure 2 through Figure 5 illustrate the differences between traps and Inform requests.
In Figure 2, the Agent successfully sends a trap to the SNMP Manager. The Manager receives the
trap but does not send an acknowledgment to the Agent. The Agent has no way of knowing
whether the trap reached its destination.
In Figure 3, the Agent successfully sends an Inform request to the Manager. Upon receipt of the
Inform request, the Manager sends a response back to the Agent. As a result, the Agent knows that
the Inform request successfully reached its destination. In this example, while traffic is generated
twice, as in Figure 2; the Agent is sure that the Manager received the notification.
Page 5
In Figure 4, the Agent sends a trap to the Manager, but the trap does not reach the Manager. Since
the Agent has no way of knowing whether the trap reached its destination, the trap is not sent
again. The Manager never receives the trap.
Page 6
In Figure 5, the Agent sends an Inform request to the Manager, but the Inform request does not
reach the Manager. The Manager does not send a response. After a period of time, the Agent
resends the Inform request. This time, the Manager receives the Inform request and replies with a
response. In this example, there is more traffic than in Figure 4; however, the notification reaches
the SNMP Manager.
Page 7
The Agent sends an Inform PDU with a valid Engine ID (the Engine ID that is received as shown
in Figure 6), but with incorrect snmpEngineBoots and snmpEngineTime. These parameters are still
unknown to the Agent. The discovery process ends when no authentication/encryption exists for
the target address. If authentication/encryption exists, the packet is with the corresponding
authentication/encryptionMD5, SHA or DES.
In Figure 7, the Manager returns an authenticated REPORT PDU (notInTimeWindow) that
consists of valid snmpEngineBoots and snmpEngineTime parameters.
Finally, when the discovery process is completed, the Agent and the Manager are synchronized and
subsequent packets do not discover the Engine ID of the Manager.
Page 8
Versions of SNMP
The application software supports the following versions of SNMP:
Table 1: SNMP Versions
Variable
Description
SNMPv1
In the SNMP version 1, user can get and set MIB objects, traverse the
MIB tree using the getNext operation, and enable the management
device to receive asynchronous messages from the Agent using the trap
mechanism. SNMPv1 bases its security on community strings.
SNMPv2c
SNMPv3
Page 9
Variable
Description
Authentication
Encryption
Explanation
noAuthNoPriv
Username
No
authNoPriv
HMAC-MD5 or
HMAC-SHA
No
authPriv
HMAC-MD5 or
HMAC-SHA
Cipher Block
ChainingData
Encryption
Standard
(CBC-DES)
You must configure the SNMP Agent to use the version of SNMP supported by the management
device. An Agent can communicate with multiple users. For this reason, you can configure the
application software to support communications with many users: some users can use the SNMPv1
protocol, some can use the SNMPv2c protocol, and the rest can use SMNPv3.
NOTE
You can participate in different groups, with a different security model in each
group. You cannot participate in more than one group with the same security model.
Page 10
SNMP Commands
The following section presents the SNMP Command Hierarchy together with command
descriptions and an example.
Command Hierarchy
device-name#
+ configure terminal
+ system
+ [no] snmp
- [no] authentication-failure-trap
- [no] system-name .LINE-TEXT
Page 11
Command Descriptions
Table 3: SNMP Configuration Commands
Command
Description
config terminal
system
snmp
no snmp
no access source-ip
engine-id <engineID>
engineID: a string of 10 to 64
characters (represented internally
by 5 to 32 bytes), in the format
of XX:XX:XX:XX:XX:XX
80 00 02 E2 03 [MAC ADDR]
no engine-id
max-packet-size <size>
9216
no max-packet-size
general-port <port-number>
161
Page 12
Command
Description
no general-port
shutdown
no shutdown
no authentication-failure-trap
system-name .LINE-TEXT
system-location .LINE-TEXT
Empty (null)
no system-location
Restores to default.
system-contact .LINE-TEXT
Empty (null)
no system-contact
Restores to default
system-description .LINE-TEXT
Empty (null)
no system-description
Restores to default
notification-change-trap
no notification-change-trap
Disables traps
source-address A.B.C.D
no source-address
Page 13
dscp-mapping <value>
no dscp-mapping
view VIEWNAME OID-TREE [MASK
| included | excluded]
no view VIEWNAME
group GROUPNAME {authNoPriv |
authPriv | noAuthNoPriv} read
READ-VIEW write WRITE-VIEW
notify NOTIFY-VIEW
{authNoPriv | authPriv |
noAuthNoPriv}: the security level.
For more information, refer to
Table 2
Page 14
Command
Description
AUTHENTICATION-PASSWORD: the
authentication password string up
to 32 characters
target-address ADDR-NAME
no target-addr ADDR-NAME
message-model {v1 | v2c | v3}
v2c
no message-model
Page 15
Command
Description
security-level {noAuthNoPriv
| authNoPriv | authPriv}
authNoPriv, authPriv,
noAuthNoPriv: the security level.
For more information, refer to
Table 2
address TARGET-ADDRESS
0.0.0.0
no address
Restores to default
security-name USERNAME
no security-name
dst-port <port-number>
162
no dst-port
timeout <value>
15 seconds
no timeout
retry-count <value>
3 retries
no retry-count
no type
show snmp-server [displaylevel <level> |
statistics]
Page 16
Command
Description
is enabled:
Description
authenticationFailure
prvtSysMonCpuTemperature
prvtSysMonCpuUtilization
customerCreated
Page 17
Page 18
Argument Value
Description
customerDeleted
prvtSysMonFansTest
lagLinkDown
lagLinkUp
lagMemberAdd
lagMemberLinkDown
lagMemberLinkUp
lagMemberRemove
linkDown
linkUp
mplsAutoTunnelDown
mplsAutoTunnelUp
Argument Value
Description
mplsDynTunnelDown
mplsDynTunnelUp
mplsManTunnelDown
mplsManTunnelReoptimized
mplsManTunnelUp
mstNewRoot
mstTopologyChange
prvtSysMonOnBoardPowerSupplyTest
portSecurityViolation
prvtSysMonPortStatisticsTest
prvtSysMonPowerSupplyFansTest
prvtSysMonPowerSupplyTest
prvtCfm1wJitterThreshold
prvtCfmAisLckCleared
Page 19
Page 20
Argument Value
Description
prvtCfmAisLckRecieved
prvtCfmFaultAlarm
prvtCfmFaultAlarmCleared
prvtCfmFrameLossThreshold
prvtCfmJitterThreshold
prvtCfmLatencyThreshold
prvtCfmUnexpectedPriority
prvtConfigChangeAlarm
prvtEfmOamDyingGasp
prvtEfmOamLoopBackState
prvtEfmOamNonThresholdEvent
Argument Value
Description
prvtEfmOamThresholdEvent
prvtEpsDefectAlarm
prvtEpsLostCommunication
prvtEpsProtctSignalFailDetected
prvtEpsProtctSignalFailRecovery
prvtEpsRestoredCommunication
prvtEpsSignalDegradeDetected
prvtEpsSignalDegradeRecovery
1W Jitter error
2W Jitter error
Latency error
Frame loss error.
prvtEpsSignalFailDetected
prvtEpsSignalFailRecovery
prvtEpsSwitchoverAlarm
prvtRapsDefectAlarm
Page 21
Page 22
Argument Value
Description
prvtRapsInstSubRingDefectAlarm
prvtRapsInstSubRingSwitchoverAlarm
prvtRapsSwitchoverAlarm
prvtResilientLinkStatusChange
prvtSaaRFC2544ProbeFailed
prvtSaaRFC2544ProbeSuccess
prvtSaaTestRfc2544Finished
prvtSaaY1731DelayFarEndThreshold
prvtSaaY1731DelayNearEndThreshold
prvtSaaY1731FrLossFEThreshold
prvtSaaY1731FrLossNearEndThreshold
prvtSaaY1731JitterFarEndThreshold
Argument Value
Description
prvtSaaY1731JitterNearEndThreshold
prvtSysMonRamUsage
sapCreated
sapDeleted
sdpCreated
sdpDeleted
serviceCreated
serviceDeleted
sfpPlugged
sfpUnPlugged
stNewRoot
stTopologyChange
syncEthernetDPLLChanged
syncEthernetDPLLLockFailed
syncEthernetDPLLReferenceChange
syncEthernetInvalidESMC
syncEthernetInvalidQualityLevelReceived
syncEthernetQualityLevelChange
Page 23
Page 24
Argument Value
Description
prvtSwAclIfAcgApplyFailed
prvtSwAclIfAcgRLimitApplyFailed
prvtSwAclIfAcgRedirectApplyFailed
prvtSwAclIfAcgFcApplyFailed
prvtSwAclIfAcgMonPrfApplyFailed
prvtSwAclSapAcgApplyFailed
prvtSwAclSapAcgRLimitApplyFailed
prvtSwAclSapAcgRedirectApplyFailed
prvtSwAclSapAcgFcApplyFailed
Argument Value
Description
prvtSwAclSapAcgMonPrfApplyFailed
coldStart
warmStart
Page 25
Enable SNMP:
device-name#config terminal
device-name(config)#system
device-name(config-system)#snmp
2.
Create a view that includes the entire MIB tree from root:
device-name(config-snmp)#view internet 1.3 included
3.
Create a user named tester that uses SNMPv3 and attach it to a group named public without
authentication and privacy:
device-name(config-snmp)#group public noAuthNoPriv read internet write
internet notify internet
device-name(config-snmp)#user tester public v3
4.
5.
Page 26
6.
: 800002E203005043B5AA9B
snmpEngineBoots
: 30
snmpEngineTime
: 17
snmpEngineMaxMessageSize : 9216
===============================================================================
SNMP Views
===============================================================================
MIB View name
: internet
MIB Subtree
: 1.3
: included
===============================================================================
Number of entries: 1
SNMP Groups table
===============================================================================
SNMP group name
: public
Security-model
: noAuthNoPriv
: internet
: internet
: internet
===============================================================================
Number of entries: 1
SNMP user access configuration
===============================================================================
SNMP user name
: tester
: public
SNMP version
: SNMPv3
Authentication type
: None
: N/A
Encryption password
: N/A
Remote Engine ID
===============================================================================
Number of entries: 1
SNMP Notification targets
===============================================================================
Number of entries: 0
7.
: public
Security-model
: noAuthNoPriv
: internet
: internet
: internet
===============================================================================
Number of entries: 1
Page 27
Enable SNMP:
device-name#config terminal
device-name(config)#system
device-name(config-system))#snmp
2.
Create a view that includes the entire MIB tree from root:
device-name(config-snmp)#view internet 1.3 included
3.
4.
Create a user named tester that uses SNMPv3, and attach it to the already created group named
public:
5.
6.
7.
8.
Page 28
type
trap
Page 29
Page 30
Feature
Standards
MIBs
RFCs
Simple Network
Management
Protocol (SNMP)
STD0015, Simple
Network
Management
Protocol
STD0016, Structure
of Management
Information
STD0017,
Management
Information Base
STD0058, Structure
of Management
Information Version 2
(SMIv2)
STD0062, Simple
Network
Management
Protocol Version 3
(SNMPv3)
Public MIBs:
SNMPV1-MIB
MIB-II (RFC1213MIB)
SNMP-COMMUNITYMIB (RFC2576)
SNMPv2-MIB
SNMP-VIEWBASED-ACM-MIB
SNMP-USERBASED-SM-MIB
Feature
Standards
MIBs
RFCs
RFC 3417, Transport
Mappings for the Simple
Network Management
Protocol (SNMP)
RFC 3418, Management
Information Base (MIB)
for the Simple Network
Management Protocol
(SNMP)
RFC 1901, Introduction to
Community-based
SNMPv2.
RFC1902, Structure of
Management Information
for Version 2 of the
Simple Network
Management Protocol
(SNMPv2).
RFC1905, Protocol
Operations for Version 2
of the Simple Network
Management Protocol
(SNMPv2).
RFC3584, Coexistence
between Version 1,
Version 2, and Version 3
of the Internet-standard
Network Management
Framework
Page 31
Device Authentication
Table of Contents
Table of Figures 2
List of Tables 2
Features Included in This Chapter 3
Managing User Privilege Levels 4
Default User Name and Password 4
User Privilege-Level Configuration 5
Users and Privilege Level Commands 5
Remote Authentication Dial in User Service (RADIUS) 11
The RADIUS Negotiation Procedure 11
Defining User Privileges on the RADIUS Server 12
RADIUS Configuration Flow 13
RADIUS Commands 13
Terminal Access Controller Access-Control System Plus (TACACS+) 18
TACACS+ Negotiation 18
Defining User Privileges on the TACACS+ Server 19
TACACS+ Configuration Flow 20
TACACS+ Commands 20
Comparing TACACS+ and RADIUS 24
Telnet 25
Telnet Commands 25
Secure Shell (SSH) 27
SSH Commands27
Prioritizing ARP Packets 30
ARP Prioritization Commands 30
Supported Standards, MIBs, and RFCs32
Device Authentication (Rev. 01)
Page 1
Table of Figures
Figure 1: User Privilege Levels Configuration Flow ......................................................................... 5
Figure 2: A RADIUS Communication Example ............................................................................. 11
Figure 3: RADIUS Configuration Flow ............................................................................................ 13
Figure 4: TACACS+ Configuration Flow ........................................................................................ 20
List of Tables
Table 1: Privilege Profile Types ............................................................................................................ 4
Table 2: Default Device Username and Password ............................................................................ 4
Table 3: User and Privilege Level Commands ................................................................................... 6
Table 4: RADIUS Commands ............................................................................................................ 14
Table 5: TACACS+ Server Responses .............................................................................................. 18
Table 6: TACACS+ Commands ........................................................................................................ 21
Table 7: A comparison between TACACS+ and RADIUS ........................................................... 24
Table 8: Telnet Commands ................................................................................................................. 25
Table 9: SSH Commands .................................................................................................................... 27
Table 10: ARP Prioritization Commands ......................................................................................... 30
Page 2
T-Marc3208SH
Telnet
Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that allows you to
make connections to remote devices.
Page 3
Description
Administrators
Network-Admins
Technicians
Users
Guests
During logon, the device checks the user name and password either against a table that is stored
locally or in a remote database:
Locally: Authentication occurs through a database of user names and passwords located on
the local file system. If a remote database exists but the device is unable to make contact after
repeated attempts, the local database is queried instead. If there is no response or the local
database does not exist, the user is not permitted access.
Page 4
Username
Password
admin
Admin
Command Hierarchy
device-name#
+ config terminal
+ system
+ security
- namespace NAME
- operation {r | rw | rwx | rx | w | wx | x}
Page 5
- match COMMAND-STRING
- agent cli]
- operation {r | x | rx}
- member PRIVILEGE-PROFILE-NAME
- password PASSWORD
Configuration Commands
Table 3: User and Privilege Level Commands
Command
Description
config terminal
system
security
password preferred-authentication
{local | radius | tacacs}
Restores to default
privilege-profile PRIVILEGE-
PROFILE-NAME
no privilege-profile PRIVILEGE-
PROFILE-NAME
netconf-access-rule <number>
PRIVILEGE-PROFILE-NAME: a string
of <1-256> characters. You can
use predefined privilege profiles
(see Table 1)
NOTE
Before executing the netconfaccess-rule command, you
must commit all changes.
no netconf-access-rule
<number>
Page 6
Command
Description
action {permit | permit_log
| deny}
match COMMAND-STRING
namespace NAME
operation {r | rw | rwx | rx
| w | wx | x}
command-access-rule <number>
COMMAND-STRING: a string of
characters
r: read
rw: read-write
rwx: read-write-execute
rx: read-execute
w: write
wx: write-execute
x: execute
NOTE
Before executing the commandaccess-rule command, you
must commit all changes.
no command-access-rule
<number>
match COMMAND-STRING
agent cli
operation {r | x | rx}
r: read
x: execute
rx: read-execute
Page 7
Command
Description
user USER-NAME
no user USER-NAME
member PRIVILEGE-PROFILE-
NAME
password PASSWORD
USER-NAME: a case-sensitive
string of <1-100> characters
(blank spaces and question marks
(?) are not allowed)
PRIVILEGE-PROFILE-NAME: a string
of <1-256> characters. You can
use predefined privilege profiles
(see Table 1)
Configuration Example
1.
Define a privilege profile telco which denies access to the device via CLI:
Device-name#config
Device-name(config)#system
Device-name(config-system)#security
Device-name(config-security)#privilege-profile telco
Device-name(config-privilege-profile-telco)#command-access-rule 2
Device-name(config-command-access-rule-2)#action deny
Device-name(config-command-access-rule-2)#agent cli
Device-name(config-command-access-rule-2)#match "file ls"
Device-name(config-command-access-rule-2)#operation rx
Device-name(config-command-access-rule-2)#exit
Device-name(config-privilege-profile-telco)#command-access-rule 3
Device-name(config-command-access-rule-3)#action deny
Device-name(config-command-access-rule-3)#agent cli
Device-name(config-command-access-rule-3)#match "config terminal"
Device-name(config-command-access-rule-3)#operation rx
Device-name(config-command-access-rule-3)#exit
Device-name(config-privilege-profile-telco)#command-access-rule 4
Device-name(config-command-access-rule-4)#action deny
Device-name(config-command-access-rule-4)#agent cli
Device-name(config-command-access-rule-4)#match "config no-confirm"
Device-name(config-command-access-rule-4)#operation rx
Device-name(config-command-access-rule-4)#exit
Device-name(config-privilege-profile-telco)#command-access-rule 5
Device-name(config-command-access-rule-5)#action deny
Device-name(config-command-access-rule-5)#agent cli
Device-name(config-command-access-rule-5)#match config
Device-name(config-command-access-rule-5)#operation rx
Page 8
Device-name(config-command-access-rule-5)#commit
Device-name(config-command-access-rule-5)#exit
Device-name(config-privilege-profile-telco)#exit
2.
3.
4.
Page 9
!
command-access-rule 5
action
deny
agent
cli
match
config
operation rx
!
!
privilege-profile users
!
user tester
password $1$zrynUo$D7sdDdi0ps/BdQnrksXvH0
member
tester
!
!
!
Page 10
The RADIUS client (typically a Network Access Server [ NAS]) exchanges UDPs with the
RADIUS server (usually a UNIX or Windows NT daemon process) to authenticate userconnection requests.
NAS sends user-connection requests to designated RADIUS servers. The RADIUS server returns
the configuration information needed by NAS to provide the user with requested access. The RSA
MD5 algorithm encrypts user passwords prior to exchange between the NAS and RADIUS server.
The NAS and the RADIUS server authenticate transactions using a shared secret key that is not
sent over the network.
The user sends a Telnet request to connect to a T-Marc 3208SH device (NAS).
The device sends an Access Request packet, which contains the user name, encrypted password,
NAS IP address, and port to the RADIUS server. The request packet also provides
information about the type of session the user wants to initiate.
Page 11
The RADIUS server first validates NAS (based on the shared secret-key) then validates the
user request against a local database by matching the password (and in some cases, other
parameters such as the port number). The RADIUS server then:
sends an acceptance message if the user information is validated. The acceptance message
includes a list of attributes that should be used in the session. An important parameter is
the privilege level of the authenticated user.
sends a rejection message if the user is not found in the database or the information does
not match. The message may or may not include the reason for the rejection.
Based on this response, NAS accepts or rejects the request.
Complete the RADIUS configuration (as described in the FreeRADIUS README file) on
the RADIUS server.
2.
Copy an additional dictionary.batm file (with the information shown below) to the folder
containing the RADIUS configuration files. The free RADIUS server version is 2.1.0.
------------------------------------------------dictionary.batm
------------------------------------------------VENDOR
BATM
738
ATTRIBUTE
3.
BATM-privilege-profile
string
BATM
Assign a privilege level to all other users in the users configuration file, as shown in the
following example:
------------------------------------------------raddb/users
------------------------------------------------admin
net-admins
tech
users
guests
4.
Page 12
"adminpass"
"net-adminspass"
"techpass"
"userspass"
"guestspass"
Add the following line to the dictionary file (in the RADIUS-configuration folder):
$INCLUDE dictionary.batm
5.
Add the subnetwork address from which NAS is connected to the clients.conf file:
------------------------------------------------raddb/clients.conf
------------------------------------------------client 10.3.0.0/16 {
secret
= secretkey
}
RADIUS Commands
This section describes the command hierarchy for RADIUS configuration and provides a list of
available commands as well as a configuration example.
Command Hierarchy
device-name#
+ config terminal
+ system
+ security
- [no] radius-server
Page 13
- show radius-statistics
- clear-radius-statistics statistics
Command Descriptions
Table 4: RADIUS Commands
Command
Description
config terminal
system
security
radius-server
no radius-server
host A.B.C.D
NOTE
When the RADIUS server is
unavailable (either shut down or
disconnected), the device retransmits
the request three times. On
retransmission timeout for the third
try, the device attempts
authentication using the local
database.
No RADIUS servers are configured
no host
port <number>
1812
no port
Page 14
Restores to default
Command
Description
deadtime <minutes>
3 minutes
no deadtime
Restores to default
key KEY
no key
key-storage-type {local |
file}
Local
no key-storage-type
Restores to default
retransmit <count>
3 retries
no retransmit
Restores to default
timeout <seconds>
3 seconds
no timeout
source-address A.B.C.D
Restores to default
Specifies the source address of RADIUS packets:
Page 15
Command
dscp-mapping <value>
Description
Specifies a DSCP priority of packets sent to the
RADIUS server:
no dscp-mapping
show radius-statistics
clear-radius-statistics statistics
Configuration Example
1.
Select the RADIUS server and define the shared secret key:
device-name#config terminal
device-name(config)#system
device-name(config-system)#security
device-name(config-security)#radius-server host 10.2.42.137
device-name(config-host-10.2.42.137)#exit
device-name(config-security)#radius-server key batm
2.
3.
4.
5.
Page 16
privilege-profile net-admins
!
privilege-profile technicians
!
privilege-profile users
!
!
!
6.
Configuration Results
When accessing the device using the username richy, the RADIUS server sends a REJECT
reply:
Username:richy
Password:
Username:
When accessing the device using the username admin and the password adminpass, the
RADIUS server sends an ACCEPT reply, authenticating the user:
Username:admin
Password:adminpass
device-name#
Page 17
TACACS+ Negotiation
When a user attempts to connect to the device, the following actions occur:
1.
NAS mediates between the user and the TACACS+ server. NAS prompts for a username.
2.
When the user types a username at the prompt, NAS prompts for a password.
3.
When the user types a password, NAS sends the username and password to the TACACS+
server.
The TACACS+ server may request additional identifying information, other than the user
name and password, for user authentication.
4.
When the user enters the required information, the TACACS+ server returns one of the
following responses:
Table 5: TACACS+ Server Responses
Page 18
Response
Description
ACCEPT
REJECT
ERROR
CONTINUE
Page 19
TACACS+ Commands
Commands Hierarchy
device-name#
+ config terminal
+ system
+ security
- [no] tacplus
Page 20
Commands Descriptions
Table 6: TACACS+ Commands
Command
Description
config terminal
system
security
tacplus
no tacplus
host A.B.C.D
NOTE
If the TACACS+ server is
unavailable (shut down or
disconnected), the device
retransmits the request three
times. On retransmission timeout
for the third try, the device
attempts authentication using the
local database.
no host
description DESCRIPTION
no description
DESCRIPTION: a string of
<1255> characters
key KEY
no key
timeout <seconds>
3 seconds
Page 21
Command
Description
no timeout
source-address A.B.C.D
Restores to default
Specifies the source address of TACACS+
packets:
dscp-mapping <value>
no dscp-mapping
Configuration Example
Device Configuration:
1.
Select the TACACS+ server and define the shared encryption key:
device-name#config terminal
device-name(config)#system
device-name(config-system)#security
device-name(config-security)#tacplus host 10.2.42.137
device-name(config-security)#tacplus key TacacsPlus
2.
3.
Configuration Results
When accessing the device using username richy, the TACACS+ server sends a REJECT
reply:
Username:richy
Page 22
Password:
Username:
When accessing the device using username admin and password radminpass, the TACACS+
server sends an ACCEPT reply, authenticating the user:
Username:admin
Password:adminpass
device-name#
Page 23
Page 24
Feature
RADIUS
TACACS+
Communication
Protocol
UDP
TCP
Authentication and
Authorization
Packet Encryption
Router Management
Multiprotocol Support
Novell Asynchronous
Services Interface (NASI)
Telnet
Telnet is a network protocol used to provide a bidirectional communications facility using a virtual
terminal connection. User data is transmitted over the Transmission Control Protocol (TCP).
Telnet Commands
Commands Hierarchy
device-name#
+ config terminal
+ system
+ telnet-server
Commands Descriptions
Table 8: Telnet Commands
Command
Description
device-name#
Operational mode
port 23
The Telnet connection is password-protected.
The default password is admin. The
default user name is admin too.
config terminal
system
telnet-server
Page 25
Command
Description
access source-ip A.B.C.D/M
no access source-ip
port <value>
port 23
no port <value>
Restores to default
source-address A.B.C.D
Restores to default
dscp-mapping <value>
Page 26
no dscp-mapping
shutdown
no shutdown
OpenSSH
F-Secure SSH
SecureCRT
To connect to the device, use the IP address for the device in the SSH client.
SSH Commands
Commands Hierarchy
device-name#
+ config terminal
+ system
- [no] ssh-server
- [no] shutdown
Commands Descriptions
Table 9: SSH Commands
Command
Description
device-name#
Operational mode
Page 27
Command
Description
system
ssh-server
no ssh-server
no access source-ip
source-address A.B.C.D
source-address
port <value>
Restores to default
Specifies the port through which the SSH
connection is established:
port 22
no port
dscp-mapping <value>
Restores to default
Specifies a DSCP priority of packets sent from
SSH server:
no dscp-mapping
Page 28
Command
Description
shutdown
no shutdown
Page 29
- [no] router
Configuration Commands
Table 10: ARP Prioritization Commands
Command
Description
config terminal
system
router
no router
be
Page 30
Command
no arp priority-mapping fc
Description
Restores to default
Page 31
Page 32
Feature
Standards
MIBs
RFCs
User-Privilege
Levels
Not supported
Not supported
Not supported
RADIUS
Not supported
Not supported
TACACS+
Not supported
Not supported
draft-grant-tacacs-02tacrfc.1.78.txt draft
SSH
Not supported
Not supported
Not supported
Telnet
Not supported
Not supported
Not supported
Table of Figures
Figure 1: Four Ports Combined into a Link Aggregation Group ................................................. 13
Figure 2: Example of Two LAGs Configured on the Same Device ............................................. 19
Page 1
List of Tables
Table 1: Ports Configuration Commands ........................................................................................... 6
Table 2: IP Interface Configuration Commands ............................................................................... 7
Table 3: Commands Used to Display and Clear Port Settings and Statistics ................................ 8
Table 4: LAGs Configuration Commands........................................................................................ 16
Table 5: Commands Used to Display and Clear LAG Settings and Statistics ............................. 18
Table 6: Resilient Links Commands .................................................................................................. 23
Table 7: Descriptions of the Storm-Control Configuration Commands ..................................... 25
Page 2
T-Marc3208SH
Resilient Links
A resilient link consists of a main link and a standby (backup) link that together form a
resilient-link pair. Resilient links protect critical links and prevent network downtime.
Traffic Storm-Control
The traffic storm-control feature prevents LAN ports from being disrupted by a
broadcast, multicast, and/or unicast traffic storm.
Page 3
Device Port: Device ports are Layer 2 only interfaces associated with a physical port.
Software Interface: A logical, Layer 3 (IP) interface specifying various attributes such as IP
address and mask. A single port can be associated with more than one IP interface via Virtual
Local Area Network (VLAN) configuration.
Page 4
Command Hierarchy
device-name#
+ config terminal
+ port UU/SS/PP
- [no] flow-control
- [no] mtu <value>
- [no] self-egress-filter
- [no] shutdown
+ [no] router
Command Descriptions
The following tables list separate configuration commands for ports and interfaces. Commands
used to display/clear port settings and statistics are also included:
Table 3: Commands Used to Display and Clear Port Settings and Statistics
Page 5
Description
config terminal
port UU/SS/PP
ethertype <value>
no ethertype
Restores to default
description DESCRIPTION
no description
speed {10 | 100 | 1000
auto}
Auto
no speed
Restores to default
Auto
no duplex
Restores to default
default-vlan <vlan-id>
Page 6
no default-vlan
Restores to default
flow-control
no flow-control
Restores to default
Command
mtu <value>
Description
Specifies the maximum packet size allowed for
the port.
The port can send frames larger than the
configured MTU but cannot accept frames of that
size.
1544 Bytes
no mtu
Restores to default
self-egress-filter
NOTE
Restores to default
shutdown
no shutdown
Description
config terminal
router
no router
NOTE
Page 7
Command
no interface {outBand0 | loN |
swN}
Description
Removes the created IP interface:
NOTE
To remove the created IP interface,
remove the IP interface from all
VLANs of which it is a member.
description DESCRIPTION
no description
address A.B.C.D/M
no address
mtu <value>
1544 Bytes
no mtu
Restores to default
shutdown
no shutdown
Table 3: Commands Used to Display and Clear Port Settings and Statistics
Page 8
Command
Description
Command
Description
2.
3.
4.
5.
6.
: 1/1/1
Description
: 1/1/1
Admin State
: up
Port State
: down
Config Duplex
: full
Operational Duplex
: unknown
Config Speed
: 1000
------------------------------------------------------------------------------Flow Control
: disabled
Dual Port
: No
Active Link
: No-Link
Page 9
------------------------------------------------------------------------------Default VLAN
: 1
MAC Learning
LAG ID
: N/A
MTU[Bytes]
: 4096
===============================================================================
===============================================================================
Transceiver Data
===============================================================================
Transceiver Type
: Unknown
Cable Connector
: Unknown
Vendor Name
: N/A
Encoding
: Unknown
Manufacture Date
: N/A
Media
: n/a
Serial Number
: N/A
Part Number
: N/A
Revision Level
: N/A
Fibre Channel:
: Unknown
Media : Unknown
InfiniBAND : Unknown
Tech
10G
: Unknown
Speed : unknown
: Unknown
ESCON
: Unknown
Length: unknown
SONET
: Unknown
------------------------------------------------------------------------------Diagnostic:
Bitrate:
Nominal: 0
Internal Calibration
: no
External Calibration
: no
: no
: no
===============================================================================
7.
Admin
Port
Id
State
State MTU
Cfg
LAG
Speed
Duplex
Dual Port
Id
Properties
-----------------------------------------------------------------------------1/1/1
Enable
Down
4096
N/A
Unknown Unknown No
not-installed
1/1/2
Enable
Down
1544
N/A
Unknown Unknown No
not-installed
1/1/3
Enable
Down
1544
N/A
Unknown Unknown No
not-installed
1/1/4
Enable
Down
1544
N/A
Unknown Unknown No
not-installed
1/2/1
Enable
Up
1544
N/A
1G
RJ45
1/2/2
Enable
Down
1544
N/A
not-installed
1/2/3
Enable
Down
1544
N/A
not-installed
1/2/4
Enable
Down
1544
N/A
not-installed
1/2/5
Enable
Down
1544
N/A
not-installed
1/2/6
Enable
Down
1544
N/A
not-installed
1/2/7
Enable
Down
1544
N/A
100BASE-SX-MM-SFP
1/2/8
Enable
Up
1544
N/A
1G
1000BASE-SX-MM-SFP
1/3/9
Enable
Up
1544
N/A
RJ45
1/4/9
Enable
Down
1544
N/A
not-installed
Full
Full
Yes
Yes
===============================================================================
Number of ports: 14
Number of link up ports: 3
Page 10
8.
Output
------------------------------------------------------------------------------Unicast Packets
168
132
Multicast Packets
Broadcast Packets
198
Flow Control
Discards
Errors
-------------------------------------------------------------------------------Total
171
335
===============================================================================
===============================================================================
Ethernet Statistics in Packets
===============================================================================
RX CRC Errors
RX Undersize
TX Collisions
------------------------------------------------------------------------------Input
Output
------------------------------------------------------------------------------Fragments
Oversize
Jabbers
------------------------------------------------------------------------------Octets
48583
Packets
506
Packets of 64 Octets
264
142
97
-------------------------------------------------------------------------------Total
171
335
===============================================================================
===============================================================================
Rates in Bytes per Second
===============================================================================
Input
Output
===============================================================================
Page 11
2.
3.
4.
Page 12
Static LAGs, which consist of individual Gigabit Ethernet links bundled into a single logical
link, treat multiple device ports as one device port. These port groups act as a single logical
port for high-bandwidth connections between two network devices. A static LAG balances
the traffic load across the links in the channel. If a physical link within the static LAG fails,
traffic previously carried over the failed link moves to the remaining links.
Most protocols can operate using LAG infrastructure as though all ports in the group
were a single, physical port.
Dynamic LAGs dynamically adapt aggregated links to changes in traffic conditions using the
Link Aggregation Control Protocol (LACP) to accommodate load sharing and automatic
readjustments in case of LAG link-failure and recovery.
Page 13
LAG Configuration
You can configure both static and dynamic LAGs simultaneously, assuming the following
restrictions:
Both static and dynamic LAGs receive unique identifiers from the same LAG ID pool. Each
LAG, whether static or dynamic, must have its own LAG ID number.
Each port can only belong to a single LAG but that LAG can be either static or dynamic.
LACP Modes
LACP has two operational modes:
Active: When active, the port can start LACP negotiation and as a result form a link with
another device. The other device can be either active or passive.
LACP Parameters
The following factors define the ability of a port to aggregate with other ports:
Physical characteristics such as, data transfer rate, duplex capability, and medium type
Page 14
1.
Enter the System ID. The System ID identifies the LACP system negotiating with other
LACP systems. The System ID is always the MAC address for the device.
2.
Define System Priority. System priority, along with port priority, provides the means for
connected LACP ports to determine dynamically an exchange policy.
3.
Enter the Administrative key to define the ability of the port to aggregate with other ports.
4.
Define port priority. Port and system priority work together so that connected LACP ports
can dynamically determine an exchange policy.
5.
NOTE
When enabled, LACP attempts to group the maximum of eight compatible ports in a
LAG. However, if LACP is unable to aggregate compatible ports (for example, due
to remote device limitations), these ports remain in a hot standby state to be used
when one of the channeled ports fail.
LAG Commands
In this section, the command hierarchy used by LAGs is defined. Also presented is a list of useable
commands and configuration examples.
Command Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] lag
Page 15
Command Descriptions
In this section, configuration commands are described in the following tables:
Table 5: Commands Used to Display and Clear LAG Settings and Statistics
Description
config terminal
ethernet
lag
no lag
L2
no distribution-type
Restores to default
lag-id agN
no lag-id agN
description DESCRIPTION
Page 16
DESCRIPTION: a string of
1255 characters (spaces are
allowed)
no description
lacp enable
no lacp enable
Restores to default
Command
Description
lacp administrative-key
<number>
1
no administrative-key
Restores to default
lacp id xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx: user-defined
system ID, in a MAC address format
Restores to default
no lacp marker
Restores to default
Active
no lacp mode [active |
passive]
32768
no lacp priority
Restores to default
Page 17
Command
Description
port UU/SS/PP
no port [UU/SS/PP]
priority <number>
32768
no priority
Restores to default
Table 5: Commands Used to Display and Clear LAG Settings and Statistics
Command
Description
Page 18
Configuring Device 1:
In the following example ports 1/1/1, 1/1/2,
ag1 and ag2 on which LACP is enabled.
1.
Create static LAGs ag1 and ag2. Add relevant ports to both LAGs:
device-name(config)#ethernet
device-name(config-ethernet)#lag lag-id ag1
device-name(config-lag-id-ag1)#port 1/1/1
device-name(config-port-1/1/1)#port 1/1/2
device-name(config-port-1/1/2)#exit
device-name(config)#ethernet
device-name(config-ethernet)#lag lag-id ag2
device-name(config-lag-id-ag2)#port 1/1/3
device-name(config-port-1/1/3)#port 1/1/4
device-name(config-port-1/1/4)#exit
2.
3.
Page 19
Operational Status: up
LACP: enabled
LACP Mode: active
System ID: 005043b5aa9c
System Priority: 32768
Administrative Key: 1
Marker: disabled
Port
Admin Status
Oper Status
Priority
Aggr Status
----------------------------------------------------------1/1/1
up
up
32768
success
1/1/2
up
up
32768
success
device-name#show ethernet lag lag-id ag2 details
Interface Name ag2
Mode: network
Distribution Type: L2
Operational Status: up
LACP: enabled
LACP Mode: active
System ID: 005043b5aa9c
System Priority: 32768
Administrative Key: 1
Marker: disabled
Port
Admin Status
Oper Status
Priority
Aggr Status
----------------------------------------------------------1/1/3
up
up
32768
success
1/1/4
up
up
32768
success
Configuring Device 2:
In the following example ports 1/1/1 and 1/1/2 are added to LAG ag1 on which LACP is enabled.
1.
2.
3.
Page 20
LACP: enabled
LACP Mode: active
System ID: 005043b5aa66
System Priority: 32768
Administrative Key: 1
Marker: disabled
Port
Admin Status
Oper Status
Priority
Aggr Status
----------------------------------------------------------1/1/1
up
up
32768
success
1/1/2
up
up
32768
success
Configuring Device 3:
In the following example ports 1/1/3 and
enabled.
1.
2.
3.
Page 21
Resilient Links
Resilient links protect critical links and prevent network downtime. A resilient link consists of a
main link and a standby (backup) link that together form a resilient-link pair. Under normal
network conditions, the main link carries network traffic. In case of signal loss, the device
immediately switches to the standby link. There is no session timeout since switchover to the
standby link occurs in less than one second.
If the main link has a higher bandwidth than its standby or if the main link is configured as a
preferred link, the device switches traffic back to the main link as soon as the connection recovers.
Otherwise, you must manually switch traffic back to the main link.
Define a resilient-link pair only on one end of the link. This provides a fully redundant
network, even when connecting the device to other devices, such as routers and servers.
When configuring a VLAN, the resilient link ports must belong to the same VLAN.
Page 22
Command Hierarchy
device-name#
+ config terminal
+ ethernet
- primary-port UU/SS/PP
Command Descriptions
Table 6: Resilient Links Commands
Command
Description
config terminal
ethernet
resilient-link
no resilient-link
backup-mode {standby | shutdown}
Standby
backup-port UU/SS/PP
primary-port UU/SS/PP
Configuration Example
In the following example ports 1/1/1 and 1/1/2 define a resilient-link pair res1.
Page 23
1.
res1:
device-name(config-ethernet)#resilient-link res1
2.
3.
4.
Page 24
Traffic Storm-Control
The traffic storm-control feature prevents LAN ports from being disrupted by a broadcast,
multicast, and/or unicast traffic storm. This mechanism regulates the rate at which devices forward
the traffic. Traffic storm-control monitors incoming traffic rates over a 1-second storm-control
interval and, compares this traffic rate with the traffic storm-control rate that you configure. When
the port threshold is met, all incoming traffic on the port is dropped.
Storm-Control Commands
Storm-Control Commands Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] storm-control
Description
config terminal
ethernet
storm-control
no storm-control
port UU/SS/PP
Selects a port:
no port UU/SS/PP
Page 25
Command
Description
traffic-type broadcast [ratethreshold <rate>]
Restores to default
Restores to default
Restores to default
Page 26
no traffic-type all
Restores to default
shutdown
Command
Description
no shutdown
Page 27
Page 28
Feature
Standards
MIBs
RFCs
Public MIBs:
RFC 1213,
Management
Information Base for
Network Management
of TCP/IP-based
internets: MIB-II
(interface table and
configL2IfaceTable)
RMON MIB
Private MIB, PRVTSWITCH-MIB.mib
Link Aggregation
Groups (LAGs)
IEEE 802.3ad
Private MIB,
PRVT-PORTSAGGREGATIONMIB.mib
Not supported
Resilience Links
Not supported
Private MIB,
PRVT-RESILIENTLINK-MIB.mib
Not supported
Table of Figures
Figure 1: IEEE 802.1Q Frame Tag Structure .................................................................................... 4
Figure 2: VLANs in Ingress Traffic ..................................................................................................... 5
Figure 3: VLANs in Egress Traffic ...................................................................................................... 5
Figure 4: VLAN Configuration Flow .................................................................................................. 7
Figure 5: Switching Decisions without the Super VLAN Agent ................................................... 15
Figure 6: Switching Decisions with the Super VLAN Agent......................................................... 15
Figure 7: Super VLAN Ring Mode Configuration Example ......................................................... 16
List of Tables
Table 1: VLAN Commands .................................................................................................................. 8
Page 1
Page 2
T-Marc3208SH
Super VLANs
The Super VLAN is a mechanism for separating users within one VLAN into multiple
broadcast domains.
Page 3
Set up individual VLANs for a service or group of services offered by the organization
Enforce rule-based polices (such as limiting the type of traffic permitted to pass between users
in a VLAN)
Prioritize VLAN traffic to ensure that Service Level Agreements (SLAs) are met.
VLAN Tagging
The VLAN Tagging Standard, IEEE 802.1Q, requires packets to be tagged at the port with a
unique VLAN ID. An Ethernet Frame, tagged with a VLAN ID inserted into the header,
associates that frame with a specific VLAN. Tagged packets cannot be shared between VLANs
with different VLAN IDs.
VLAN tagging makes it possible for a port that interconnects devices to carry traffic for multiple
VLANs over the same physical connection.
A port can belong to one or more VLANs. However, only one VLAN can be defined as the
default for that port. Initially, all device ports are defined as members of a VLAN named Default
with a default VLAN value of one (1).
Ingress Traffic
The following flow diagram shows how the combination of VLAN membership and default
VLAN definition for the port has a direct effect on incoming (ingress) traffic. When the port
receives tagged packets and the port is a member of the VLAN, the packets are redirected to
Page 4
ports that are members of the same VLAN. If not a member of the VLAN, the port drops the
tagged packets. For untagged packets, the port adds a VLAN tag according to its default
VLAN ID and then processes as usual.
Egress Traffic
For each VLAN, a member port is further defined as being either a tagged or untagged member
which has a direct effect on outgoing (egress) traffic:
If the port is an untagged member of a VLAN, the port removes the VLAN ID before
forwarding frames for that VLAN.
If the port is a tagged member of a VLAN, the port forwards frames with the VLAN ID as is.
Page 5
Management VLAN
The Management VLAN controls device management. By connecting to any port assigned to the
Management VLAN, the device administrator can:
Enter Command Line Interface (CLI) commands to the device using SSH or Telnet (Telnet is
disabled by default)
Upload/download files, such as software images, using TFTP and FTP file transfer protocols
The Management VLAN also isolates the management IP address of the device from data traffic
passing through the device to prevent unauthorized access and malicious attacks.
To set up the Management VLAN, enable management access (disabled initially for all VLANs). In
VLAN configuration mode, use the management command. More than one Management VLAN
can be defined for a device.
To delete an existing Management VLAN, first disable management access. In VLAN
configuration mode, use the no management command. Once disabled, Management VLAN can be
deleted.
Page 6
Page 7
VLAN Commands
This section describes the command hierarchy for a Virtual Local Area Network (VLAN) as well as
command descriptions and a configuration example.
Command Hierarchy
device-name#
+ config terminal
Command Descriptions
Table 1: VLAN Commands
Command
Description
config terminal
Page 8
cpu
no cpu
Command
no tagged [UU/SS/PP | PORT-RANGE]
name VLAN-NAME
Description
Removes a tagged port(s) from the specified
VLAN:
PORT-RANGE: (optional) a
hyphenated range of ports is in
format UU/SS/PP-UU1/SS1/PP1
PORT-RANGE: (optional) a
hyphenated range of ports is in
format UU/SS/PP-UU1/SS1/PP1
no name
management
no management
routing-interface swN
no routing-interface
show vlan [detailed id VLAN-ID]
detailed: configuration
information for the specified VLAN
Page 9
device-name#
+ config terminal
+
service
- [no] management
- [no] shutdown
Description
config terminal
service
no service
dot1q <service-id>
no dot1q [<service-id>]
description <value>
Page 10
no description
cpu
Command
Description
service instance
no cpu
NOTE
c-vlan {<cvlan-id> |
untagged}
Page 11
Command
Description
access-groups-rule-sequence
<number>
NOTE
When applying the same ACL type
(for example, IP or MAC ACLs) to
an already used sequence number,
remove and apply the ACL again.
This action is not required when
applying different ACL types to the
same sequence number.
For more information about configuring and
applying ACLs, refer to chapter Access Control
Lists (ACLs) of this User Guide.
no access-groups-rulesequence [<number>]
shutdown
no shutdown
management
no management
routing-interface swN
no routing-interface
Page 12
Command
Description
VLAN:
untagged
no untagged
shutdown
no shutdown
ethertype <value>
no ethertype
Restores to default
priority <value>
no priority
show service dot1q
shutdown
no shutdown
2.
3.
Page 13
4.
5.
6.
7.
Super VLANs
A Super Virtual Local Area Network (VLAN) further divides members of one VLAN into
multiple, virtual broadcast domains known as sub-VLANs. In a Super VLAN, the system
Page 14
administrator uses the same IPv4 subnet and default gateway IP address for all users in the same,
switched infrastructure resulting in decreased IPv4 address consumption and eliminating the need
for a dedicated IP subnet for each VLAN.
Each sub-VLAN is a broadcast domain isolated at Layer 2. Communication between members of
different VLANs uses the IP address of the Super VLAN virtual interface as the IP address of the
gateway. Because multiple VLANs share the same virtual interface IP address, IP address usage is
minimized.
The following example illustrates traffic through the device without a Super VLAN. Traffic
entering the user device port is not restricted to the uplink port, therefore, all broadcast, unknown,
and multicast packets are spread across all VLANs on the device.
With Super VLAN configuration, the Super VLAN agent overrides switching/routing decisions
and instead directs traffic to the Super VLAN uplink port.
Super VLAN layer 2: Suitable for a Layer-2 switching environment, where the sub-VLANs and
Super VLAN share the same IP subnet mask. The Super VLAN provides enhanced security
between customers by disallowing communication between sub-VLANs regardless of whether
the sub-VLANs are on the same LAN.
Super VLAN ring topology: Suitable for ring topology networks using the Multiple Spanning
Tree Protocol (MSTP). Traffic flows either clockwise or counterclockwise. Both ports
Page 15
connected to the ring are uplink ports, while the rest of the ports are referred to as user ports.
The Super VLAN uplink must be one of the two ports connected to the rest of the ring.
Use this topology when the Super VLAN port has to be the root port of the bridge. The
Super VLAN uplink-port is selected dynamically by the bridge between the two, uplink
ports. If a topology change occurs, the Super VLAN uplink changes automatically and the
new Root port is selected as a Super VLAN uplink port.
In the figure below, one of the clients connected to device D sends broadcast traffic. The
traffic travels counterclockwise only since the Super VLAN active uplink-port is the root
port. If the link between device B and A is disconnected, a topology change occurs and
Device D selects a new Super VLAN uplink-port. As a result, traffic flows clockwise only.
Dynamic Super VLAN takes effect on all the bridges, except for the root bridge since it
does not have a root port (only designated ports).
Super-VLAN Commands
This section describes the Super Virtual Local Area Network (VLAN) and provides both command
descriptions and a configuration example.
Page 16
Command Hierarchy
device-name#
+ config terminal
Command Descriptions
Table 3: Super-VLAN Commands
Command
Description
config terminal
Disabled
no super-vlan
ring-ports {UU1/SS1/PP1 | agN1}
{UU2/SS2/PP2 | agN2}
Restores to default
no ring-ports
Page 17
Command
preferred-port {UU/SS/PP | agN}
Description
Selects a preferred uplink port for the SuperVLAN ring-topology mechanism:
no preferred-port
vlan <vlan-id>
no target-port
show super-vlan ring-ports [{UU1/SS1/PP1
| agN1} {UU2/SS2/PP2 | agN2} activeport]
show super-vlan
Example
The below example demonstrates how to configure Super-VLAN mechanism for a network with a
ring topology:
1.
Page 18
2.
3.
4.
Target port
Ring ports
Preferred port
Active port
C-Vlan
Vlan-
---------------------------------------------------------------------------------------------------------1/1/1
1/1/2
1/1/3
1/1/2
1/1/2
---------------------------------------------------------------------------------------------------------================================================================================================
===========
Page 19
Standards
MIBs
RFCs
Virtual LANs
IEEE 802.1Q-1998
IEEE 802.1Q-2003
IEEE 802.1P
IEEE 802.1u-2001
Public MIBs:
No standards are
supported by this
feature.
Private MIB,
PRVT-SUPERVLAN-MIB.mib
Super VLANs
Page 20
IEEE 802.1Q
Q-BRIDGEMIB.mib
Table of Figures
Figure 1: TLS Tunneling Configuration .............................................................................................. 2
Figure 2: TLS Configuration Flow ....................................................................................................... 4
List of Tables
Table 1: TLS Commands....................................................................................................................... 6
Table 2: Predefined Protocols ............................................................................................................ 10
Table 3: Default Multicast MAC Addresses (Tunnel MAC address)............................................ 11
Page 1
T-Marc3208SH
TLS Tunneling
Use TLS tunneling to deploy secure TLS through IEEE 802.1Q standard tags. Service providers
can use a separate service VLAN (S-VLAN) to support customers who have multiple VLANs,
while preserving the customer VLAN IDs and maintaining traffic segregation in VLANs (CVLANs) for individual customers.
TLS tunneling expands the VLAN space by adding an additional 802.1Q tag (the tunnel ID) to all
previously-tagged packets when they enter the service provider infrastructure, as illustrated in the
following figure.
The new frame contains the original C-VLAN tag and the new S-VLAN tag.
A port configured to support TLS tunneling is known as a tunnel port. When you configure
tunneling, you assign a tunnel port to a VLAN that you dedicate to tunneling.
Three types of ports are defined on the network devices that are deployed by the service provider:
Page 2
Residential port: a port that is connected to a user and does not participate in TLS. Packets that
are transmitted through this port have no tag added.
Access (SAP) port: a port that is connected to a user and participates in TLS. Packets that are
transmitted through this port have no tag added.
Core (SDP) port: a port that is connected to the service providers network. All packets that are
transmitted through this port are either control packets or packets with an additional tag. If the
packets arrive from an access (user) port the additional tag header will be added. If the packets
arrive from a residential port the additional tag header is not added.
An access port (SAP) receives tagged customer traffic from a port on the customer device. The
access port (SAP) leaves the 802.1Q tag intact and forwards the traffic to a SDP port. The SDP
port adds a second 2-byte EtherType field (0x8100) followed by a 2-byte field containing the
priority (CoS) and the VLAN.
After the traffic exists the provider network, the core port (SDP) now strips the 2-byte EtherType
field (0x8100) and the 2-byte length field and transmits the traffic with the 802.1Q tag still intact to
the customer device. The port on the customer device strips the 802.1Q tag and puts the traffic into
the appropriate customer VLAN.
Page 3
Page 4
TLS Commands
TLS Commands Hierarchy
device-name#
+ config terminal
+ l2-tunneling
- global-tunnel-mac HH:HH:HH:HH:HH:HH
- standard-mac HH:HH:HH:HH:HH:HH
- tunnel-mac HH:HH:HH:HH:HH:HH
- [no] use-global-tunnel-mac
- [no] shutdown
+ service
- [no] shutdown
Page 5
Description
config terminal
l2-tunneling
global-tunnel-mac
HH:HH:HH:HH:HH:HH
HH:HH:HH:HH:HH:HH: in hexadecimal
format
no profile [PROFILE-NAME]
no protocol [PROTOCOL-NAME]
Page 6
Command
Description
no protocol [PROTOCOL-NAME]
0x8100
no ethertype
Restores to default
standard-mac
HH:HH:HH:HH:HH:HH
tunnel-mac HH:HH:HH:HH:HH:HH
HH:HH:HH:HH:HH:HH: in hexadecimal
format (see Table 3)
HH:HH:HH:HH:HH:HH: in hexadecimal
format
use-global-tunnel-mac
no use-global-tunnel-mac
shutdown
no shutdown
service
tls <service-id>
NOTE
no description
cpu
Page 7
Command
Description
no cpu
NOTE
Page 8
Specifies the type of the customer VLAN (CVLAN) to be tunneled and enters C-VLAN
Configuration mode:
Command
Description
tunnel-profile {PROFILENAME | discard-all |
tunnel-all | tunnelbpdu}
no tunnel-profile
{PROFILE-NAME |
discard-all | tunnelall | tunnel-bpdu}
no ethertype
Restores to default
Page 9
Command
Description
precedence {backup |
primary}
no tunnel-profile
{PROFILE-NAME |
discard-all | tunnelall | tunnel-bpdu}
shutdown
no shutdown
Page 10
Description
Specifies that PDUs intended for the reserved MAC address
used exclusively by All Bridges are tunneled/discarded
Specifies that PDUs intended for MAC addresses from the
bridge block that are not related to specific protocols are
tunneled/discarded
Protocol
Description
dot1x
efm-oam
e-lmi
garp
lacp
lldp
pvst
pb-stp
stp
MAC Address
xSTP
01-A0-12-FF-FF-00
LACP/LAMP
01-A0-12-FF-FF-02
01-A0-12-FF-FF-02
01-A0-12-FF-FF-03
E-LMI
01-A0-12-FF-FF-07
LLDP (802.1AB)
01-A0-12-FF-FF-0E
01-A0-12-FF-FF-0X
NOTE
X denotes a random digit from 0 to F. If found
in the original MAC, the digit is preserved in
the replacement MAC.
All Bridges
01-A0-12-FF-FF-10
01-A0-12-FF-FF-2X
NOTE
X denotes a random digit from 0 to F. If found
in the original MAC, the digit preserved in the
replacement MAC.
Provider bridge STP
01-A0-12-FF-FF-08
PVST
01-A0-12-CC-CC-CD
When you configure the destination MAC address for encapsulated PDUs, you must leave the last
byte of the MAC address for protocols Bridge block of protocols and GARP Block of protocols as default
values:
Page 11
Example:
Page 12
ethertype
0x8809
!
.
.
.
Configuration Example
1.
2.
3.
4.
Define SAP on ports 1/1/1. Apply tunnel profile tunnel-all on the SAP:
device-name(config-tls-5)#sap 1/1/1
device-name(config-sap-1/1/1)#c-vlan all
device-name(config-c-vlan-all)#tunnel-profile tunnel-all
5.
Define SDP on a port 1/1/2. Apply tunnel profile STP on the SDP:
device-name(config-c-vlan-all)#sdp s-vlan 10
device-name(config-s-vlan-10)#port 1/1/2
device-name(config-interface-1/1/2)#tunnel-profile stp
device-name(config-interface-1/1/2)#commit
Commit complete.
Page 13
Page 14
Features
Standards
MIBs
RFCs
Transparent LAN
Services (TLS)
No standards are
supported by this
feature.
Private MIBs:
PRVT-SERVMIB.mib
PRVTL2TUNNELINGMIB.mib
Page 1
Commands Hierarchy27
Commands Descriptions 28
Configuration Examples 36
Example 1 36
Example 2 43
Fast Ring Configuration Example 47
Fast Ring with Border Bridge Configuration Example 51
Supported Standards, MIBs, and RFCs55
Table of Figures
Figure 1: The Spanning Tree Port States ............................................................................................ 6
Figure 2: Topology Change ................................................................................................................... 7
Figure 3: Topology Change with TC Message ................................................................................... 8
Figure 4: BPDU Message Age Parameter ........................................................................................... 8
Figure 5: Calculating the Diameter ...................................................................................................... 9
Figure 1: Proposal and Agreement Handshaking for Rapid Convergence .................................. 13
Figure 2: Sequence of Events during Rapid Convergence ............................................................. 14
Figure 3: RSTP BPDU Flags .............................................................................................................. 15
Figure 6: MSTP within a Region ........................................................................................................ 16
Figure 7: MSTP in Ring Topology in a Link-Down Event ............................................................ 19
Figure 8: MSTP in Ring Topology with a Device in Link-Down Event ..................................... 20
Figure 9: Schematic MSTI Configuration ......................................................................................... 36
Figure 10: Link Failure between Two Devices................................................................................. 44
Figure 11: Fast Ring Topology ........................................................................................................... 47
Figure 12: Fast Ring Topology ........................................................................................................... 51
List of Tables
Table 1: STP States ................................................................................................................................. 5
Table 2: STP Timers............................................................................................................................... 8
Table 3: MSTI Parameters................................................................................................................... 16
Table 4: BiNOX BPDU Parsed According to IEEE 802.1s ......................................................... 22
Table 5: Cisco BPDU Parsed by a Telco Systems Device.............................................................. 23
Table 6: Configuration Commands.................................................................................................... 28
Table 7: MSTP Link-types................................................................................................................... 35
Table 8: Default Path Cost Configuration (IEEE802.1s)............................................................... 35
Page 2
T-Marc3208SH
Overview
The following standards are employed in Telco Systems ring topology management:
Spanning Tree Protocol
Description
In the following sections, specific information is provided on each of the spanning tree protocols.
Page 3
Description
Select a Designated
Bridge per Network
Segment
After selecting the Root bridge, STP selects one Designated Bridge
for each network segment. The Designated Bridge is closest to the
Root and has a Designated port used to forward packets from the
segment to the Root Bridge.
As the final step, STP selects a Root Port (per bridge) that sends data
towards the Root Bridge. In order to avoid loops, all other ports that
provide redundant paths to the Root Bridge are set as Alternate Ports.
These ports do not forward traffic unless the Root Port goes down.
Each bridge has only one Root Port, a single path toward the Root
bridge.
Root Bridge ID
Designated Bridge ID
Each bridge port has an assigned path cost, a user-definable parameter that determines the ports
preference to be included in the active spanning tree topology. During BPDU exchange, STP sums
up the path costs along all Designated ports (Designated path cost). This value then serves as the
bridges distance from the Root.
The lower the cost, the closer the device is to the Root. If two devices have identical path costs,
STP selects the path based on port priority and bridge IDs as a tiebreaker.
There are three BPDU types:
Page 4
The port cannot start forwarding until the new topology information propagates throughout
the switched LAN
Description
Blocking
The port does not forward frames. The port moves to this state after the
initialization phase when a different device/port was elected as Root.
If there is only one device in the network, no exchange occurs, the forwarddelay timer expires, and the ports move to Listening state.
A port in the Blocking state:
Discards frames
Discards frames switched from another port for forwarding
Does not learn MAC addresses
Receives BPDUs
A Blocking port can enter the Listening or Disabled states.
Listening
This is the first state a Blocking port transitions to when STP determines that
the port should participate in frame forwarding. The device processes
BPDUs and waits for possible new information that might cause the port to
return to the Blocking state.
A port in Listening state performs the same steps as Blocking state:
Discards frames
Discards frames switched from another port for forwarding
Does not learn MAC addresses
Receives BPDUs
From this state the port can enter Learning or Disabled states.
Learning
The second state the port enters when preparing to participate in frameforwarding. The port does not yet forward frames. However the port learns
source addresses from received frames and adds those addresses to the
filtering database.
A port in Learning the state:
Discards frames
Discards frames switched from another port for forwarding
Learns MAC addresses
Receives BPDUs
From this state the port can enter Forwarding or Disabled states.
Page 5
STP State
Description
Forwarding
The port forwards frames. The device processes BPDUs and waits for
possible new information that might cause the port to return to the Blocking
state to prevent a loop. A port in Forwarding state:
Receives BPDUs
From this state the port can enter Disabled state.
Disabled
A port in this state does not participate in frame forwarding and spanning
tree. The port performs the same steps as Blocking state but does not
receive BPDUs.
The following figure illustrates how a port moves through the states described in the previous table.
Page 6
Note that during the topology change, Devices C and D are not aware of the change. Frames sent
from Computer 1 are forwarded to Device B and there is no connection between Computers 1 and
2 until the address table ages out.
To avoid connection loss caused by a topology change, STP implements a mechanism called
Topology Change Notification (TCN) to flush out device MAC addresses.
Page 7
Description
Hello timer
Forward-delay timer
The time a port is in Listening and Learning states before the port begins
forwarding.
Maximum-age timer
(MaxAge)
Message Age
The Message Age value of all BPDUs sent by the Root is zero. Each subsequent device increments
the Message Age value by one as illustrated in the following figure:
After receiving a new BPDU equal to or greater than the recorded information on the port, all
BPDU information is stored, and the age timer begins to run, starting at the message age. If this age
timer reaches MaxAge before receiving another BPDU, the information ages out for that port.
For example, in the above figure:
Page 8
Device B and C receive a BPDU from Device A with message age value zero. On the port
going to Device A, it takes MaxAge seconds before the information ages out.
Device D and E receive a BPDU from Device B with message age value one. On the port
going to Device A, it takes MaxAge-1 seconds before the information ages out.
Device F receives a BPDU from Device E with message age value two. On the port going to
Device E, it takes MaxAge-2 seconds before the information ages out.
C-A-D-B-E
D-A-C-B-E
Page 9
Based on these formulas, lowering the Hello timer value will decrease other STP parameter values.
However, the decrease will also double the number of BPDUs sent/received by each Brdige,
causing additional load on the CPU.
Page 10
Description
Learning
Forwarding
As in STP, the port enters this state from the Learning state. The device
processes BPDUs and waits for possible new information that may cause
it to switch to the Discarding state to prevent a loop. A port in Forwarding
state:
Receives BPDUs
From this state, the port can only switch to Discarding state.
Discarding
STP states Disabled, Blocking, and Listening are merged into this state.
This state describes a port that does not forward user traffic in either
direction. The port discards received frames and no learning occurs. As a
result, there are no entries in the filtering database pointing to this port and
no traffic is forwarded across it.
In order to create a loop-free environment and to provide rapid convergence, RSTP selects the
device with the highest priority as the root bridge, assigns port roles, and determines the active
topology. RSTP assigns a role to each bridge port throughout the bridged LAN:
Table 2: RSTP Port Role Assignments
Port Role
Description
Root port
Provides the best path (lowest cost) for packets forwarded from a device
to the root device.
A Root port is in Forwarding state.
Designated port
Connects to the designated device that provides the best path for packets
forwarded from that LAN to the root device.
A Designated port is in Forwarding state.
Alternate port
Offers an alternative path to the one provided by the current Root port.
Alternate ports are in Discarding state.
This role is equivalent to the STP Blocking state.
Page 11
Port Role
Description
Backup port
Disabled port
discard frames
discard frames switched from another port for forwarding
do not learn MAC addresses
do not receive BPDUs
Description
Edge ports
NOTE
You should configure Edge ports only on ports
connected to end devices (such as hosts and printers).
Root ports
When RSTP selects a new Root port, it blocks the old Root port and
immediately transitions the new Root port to Forwarding state.
Point-to-point links
The following figure shows a rapid convergence example. In this example, Devices A and B are
connected through a point-to-point link and all the ports are in blocking state. Assume that Device
As priority is higher than Device Bs. The proposal-agreement handshaking proceeds as follows:
Page 12
The same handshaking process is repeated for each device that joins the active topology,
progressing from the root toward the leaves of the spanning tree as the network converges.0.
Today in most switched networks most links operate in full-duplex mode and are treated as pointto-point links by RSTP. This makes them candidates for rapid transition to Forwarding state.
Page 13
If a Designated port is in Forwarding state and is not configured as an edge port, it transitions to
Discarding state when RSTP forces it to synchronize with new root information. When RSTP
forces a port to synchronize with root information and the port does not satisfy any of the above
conditions, it transitions to Discarding state.
After synchronizing all ports, the device sends an agreement message to the designated device
corresponding to its Root port. At this point RSTP immediately transitions the port states to
Forwarding.
The sequence of events is displayed in the following figure:
Page 14
RSTP uses the Topology Change (TC) flag to indicate topology changes. Unlike STP, the RSTP
does not have a separate topology change notification (TCN) BPDU. However, for interoperability
with STP devices, the RSTP device processes and generates TCN BPDUs.
The Learning and Forwarding flags (bits 4 and 5) are determined according to the sending port.
Definition
MSTP Region
MST Instances
(MSTI)
Region name
Revision number of the region
MST InstancetoVLAN assignment map (each VLAN can be
mapped only to one instance)
Each bridge in the MSTP region contains up to 16 MSTIs which act like
separate RSTP bridges for a specific set of configured VLANs. All MSTIs
within the same region share the same protocol timers, but each instance
has its own topology parameters, such as root-device ID, root path-cost,
and active topology. By manipulating these parameters, systems
administrator can modify the spanning tree topology (defining forwarding
and blocked ports) for the MSTI VLANs to achieve traffic load-balancing
within the region.
MSTIs are identified by their instance ID:
Load balancing is supported only with the MST Region. The following figure illustrates load
balancing between two instances.
MSTI 1
MSTI 2
Page 15
Outside the region, spanning tree information is carried by MST instance 0. The MST region can
participate in Common Spanning Tree (CST ) of legacy xSTP bridges and other MSTP regions
connected to the MST region.
This region is responsible for combining and forwarding all Internal Spanning Tree (IST)
information to the CST, handling CST information and setting roles for regional boundary ports.
As a consequence, each MSTP region acts as a single RSTP bridge within the CST topology.
In each region:
One boundary port, which can be the root port for the region, connects the region to the CST
Root bridge (the CIST Root). This port is called the Master port.
Boundary ports that provide alternative paths from the region to the CIST Root are blocked
(set to Alternative).
Boundary ports that provide connectivy to Designated LANs can be set as Designated ports.
Page 16
Parameter
Description
Boundary Ports
Parameter
Description
IST Master
The IST master of an MST region is the bridge with the lowest bridge
identifier and the lowest path cost to the CST root.
If the CST root is outside the MST region, then one of the MST
bridges at the boundary is selected as the IST master. Other
bridges on the boundary that belong to the same region eventually
block the boundary ports that lead to the root.
If two or more bridges have an identical path to the root, you can
set a lower bridge priority value to make a specific bridge the IST
master.
The root path-cost and message age inside a region stay constant.
However the IST path cost is incremented and the IST remaining hops
are decremented at each hop.
Regional Root
The MSTI Regional root is the root bridge of each MSTI within a region.
In case of IST, it is the CIST Regional root. Therefore, the terms IST
Master and CIST Regional root are interchangeable.
Edge Ports
Link-Type
IST and MSTIs use a hop count mechanism similar to the IP time-to live
(TTL) mechanism. Users can configure the maximum MST bridge hop
count.
The MSTI root bridge sends a BPDU (or M-record) with the remaining
hop count. The bridge receiving the BPDU (or M-record) decrements the
remaining hop count by one.
If after decrementing, the hop count reaches zero, the bridge discards
the BPDU and ages out the port information. Non-root bridges propagate
the decremented count as the remaining hop count in the BPDUs they
generate.
Port Priority
The port priority determines the ports Forwarding state in case of a loop.
MSTP selects the port with the highest priority (lower priority value) first.
In case all ports have the same priority, MSTP selects the port with the
lowest number and blocks all other ports.
Page 17
Parameter
Description
Path Cost
MSTP uses the path cost when selecting the forwarding port in case of a
loop.
The default path-cost for the port derives from its link speed. However,
you can define lower cost values to ports you want selected first and
higher cost values to ports you want selected last.
In case all ports have the same path cost value, MSTP selects the port
with the lowest number and blocks all other ports.
Fast Ring: Use when all of the devices in the ring are Telco Systems devices
Interoperability Fast Ring: Use with devices that do not support MSTP or RSTP protocols
NOTE
Use standard MSTP as a ring solution if your network demands a topology different
from the one offered here.
Fast Ring
Use this solution when all the devices in the ring are Telco Systems devices.
Page 18
1.
Select one bridge to be the root bridge: set the priority for this bridge to the lowest value (0).
To avoid instability, do not enable the Fast Ring feature on this bridge.
2.
3.
To optimize network performance, increment the priority value for the bridge as you draw
away from the root bridge.
All the ports have equal priority thus one of Device 8's uplink ports are in Alternate state.
5.
The ring solution immediately changes the traffic flow to a new direction.
Page 19
Configure the two devices closest to the Router (Device 1 and Device 8) as Border Bridges to
avoid network-performance degrade.
7.
Do not define any MSTP priorities on Border Bridges. These are automatically set once the
bridges are set as border bridges.
8.
Increment the priority value for the bridge as you draw away from the root bridge, starting
with priority value 8192.
9.
Page 20
Cisco Compliance
The device can be placed into Cisco-Compliant Mode, which changes the BPDU format to
conform to the standard adopted for Cisco devices. When the device is not in Cisco-Compliant
Mode, the root port is synchronized only if the port receives an agreement together with the
proposal flag from the designated port.
In the standard IEEE 802.1s-compliant mode, MSTP sets the Agreement flag when:
the port is either a Designated or a Root port
and
all the device ports are synchronized (when all the ports participate only in loop-free
topologies)
In Cisco-compliant mode the Agreement flag is set also when the port is going to Alternate
role.
Table 2 displays a BPDU generated in IEEE 802.1s-compliant mode and includes two
M-records.
Table 3 displays a BPDU generated in Cisco-compliant mode, parsed in the format generated
by Cisco devices.
Page 21
80
00
00
00
00
00
40
a0
00
00
c2
00
80
0f
00
00
14
12
00
00
00
03
00
00
00
00
da
11
00
00
00
02
00
00
00
00
65
29
80
80
00
4e
a0
00
00
00
22
92
80
80
00
80
12
60
00
00
bd
28
28
28
a0
00
11
00
00
00
08
4e
4e
12
00
29
00
00
00
f3
80
80
11
a0
92
00
00
01
cd
01
02
29
12
80
00
00
60
00
00
00
92
11
0b
00
00
b0
00
a0
a0
00
29
00
00
00
d3
00
12
12
89
92
00
00
00
6e
00
11
11
42
00
14
00
00
cc
80
29
29
42
00
00
00
00
e1
00
92
92
00
60
eb
00
00
00
11
14
60
08
00
d5
5a
00
00
b7
00
01
a3
00
a2
00
00
00
c0
01
00
37
07
00
00
00
00
92
69
07
f1
eb
80
00
00
64
60
60
eb
c1
d5
01
00
00
b1
00
01
d5
00
a2
00
00
00
f4
00
00
a2
84
00
00
00
00
bb
07
07
00
42
00
14
00
00
1f
eb
eb
80
42
00
00
00
00
3c
d5
d5
01
Cisco-Compliant Dump
01
03
00
02
00
00
6d
a2
a2
14
80
00
00
00
00
00
4d
00
00
00
c2
00
60
0f
00
00
a3
00
00
00
03
00
00
00
00
00
00
00
00
02
00
00
00
00
94
00
00
00
68
07
00
00
00
c1
00
00
Page 22
Field Name
Content
ETH Dest.
01 80 c2 00 00 00
ETH Src
00 a0 12 11 29 92
ETH Len
00 89
LLC
42 42 03
Protocol Identifier
00 00
03
BPDU type
02
CIST Flags
4e
80 00 00 a0 12 11 29 92
00 00 00 00
80 00 00 a0 12 11 29 92
80 0b
Message age
00 00
MaxAge
14 00
Hello-time
02 00
Forward-delay
0f 00
Field Name
Content
00
00 60
00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 01 60
b0 d3 6e cc e1 45 40 14 da 65 22 bd
08 f3 cd
00 00 00 00
80 00 00 a0 12 11 29 92
28
MSTI1
Flags
MSTI Regional Root Identifier
MSTI Internal root path cost
MSTI Bridge Priority
MSTI Port Priority
4e
80 01 00 a0 12 11 29 92
00 00 00 00
80
80
28
MSTI2
Flags
MSTI Regional Root Identifier
MSTI Internal root path cost
MSTI Bridge Priority
MSTI Port Priority
4e
80 02 00 a0 12 11 29 92
00 00 00 00
80
80
28
Content
Notes
ETH Dest.
01 80 c2 00 00 00
ETH Src
00 08 a3 37 f1 c1
ETH Len
00 84
LLC
42 42 03
Protocol Identifier
00 00
03
BPDU type
02
CIST Flags
68
60 00 00 07 eb d5 a2 00
00 00 00 00
60 00 00 07 eb d5 a2 00
80 01
Page 23
Field Name
Content
Message age
00 00
MaxAge
14 00
Hello-time
02 00
Forward-delay
0f 00
00
Extra byte
00
00 5a
MSTI configuration
Identifier (Key, Revision,
Name) 50 Bytes.
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00 00 00 64 b1 f4 bb 1f 3c
6d 4d a3 00 94 c1 11 b7 c0 92
60 00 00 07 eb d5 a2 00
14 00
MSTI1
Page 24
Notes
MSTID
01
Flags
69
Field Name
Content
Notes
60 01 00 07 eb d5 a2 00
00 00 00 00
60 01 00 07 eb d5 a2 00
80 01
14 00
Page 25
Page 26
xSTP Commands
Commands Hierarchy
device-name#
+ config terminal
+ ethernet
+ spanning-tree
- [no] bpdu-tx
- [no] cisco-compliant
- [no] detect-bpdu-loss
- [no] edge-port
- [no] edge-port-flush
+ [no] protocol-fast-ring
- [no] shutdown
+ [no] protocol-mstp
Page 27
- [no] shutdown
- [no] protocol-rstp
- [no] shutdown
- [no] protocol-stp
- [no] shutdown
Commands Descriptions
Table 6: Configuration Commands
Command
Description
config terminal
ethernet
spanning-tree
hold-count <value>
3
no hold-count
Restores to default
forward-delay <interval>
15 seconds
no forward-delay
Restores to default
hello-time <interval>
2 seconds
no hello-time
Page 28
Restores to default
Command
Description
temporally-disabled: enables
learning, except for cases where
an MSTP topology change occurs and
learning is temporarily disabled
Standard
no learn-mode
Restores to default
max-age <interval>
20 seconds
no max-age
Restores to default
NOTE
The port command is accessible
only after enabling xSTP protocol
in the Spanning Tree
Configuration mode.
no port
bpdu-tx
no bpdu-tx
bpdu-rx
no bpdu-rx
cisco-compliant
no cisco-compliant
detect-bpdu-loss
no detect-bpdu-loss
edge-port
Page 29
Command
Description
no edge-port
Restores to default
edge-port-flush
no edge-port-flush
Restores to default
Auto
no link-type
Restores to default
no mstp instance-id
path-cost <cost>
Restores to default
shutdown
no shutdown
priority <priority>
128
Page 30
no priority
Restores to default
restricted-root
no restricted-root
restricted-tcn
no restricted-tcn
Command
Description
priority <priority>
32768
no priority
Restores to default
protocol-fast-ring
no protocol-fast-ring
border-bridge preferred-link
{UU/SS/PP | agN}
ring-ports {UU1/SS1/PP1 |
agN1} {UU2/SS2/PP2 |
agN2}
Page 31
Command
Description
no ring-ports [UU1/SS1/PP1 |
agN1] [UU2/SS2/PP2 |
agN2]
shutdown
no shutdown
protocol-mstp
no protocol-mstp
instance <value>
no instance
priority <priority>
32768
no priority
max-hops <hops>
Restores to default
Specifies the maximum number of hops allowed
in a region before discarding a BPDU:
40
no max-hop
Restores to default
region-name NAME
no region-name
Page 32
Command
Description
region-revision
<unsignedShort>
no region-revision
Restores to default
shutdown
Disables MSTP
no shutdown
Enables MSTP
vlan-per-instance <vlan-id>
Restores to default
Specifies an instance mapped to the desired
VLAN/s:
no instance-id
protocol-rstp
shutdown
Disables RSTP
no shutdown
Enables RSTP
protocol-stp
shutdown
Disables STP
no shutdown
Enables STP
provider-bridge-address {dot1ad |
dot1d}
dot1d
no provider-bridge-address
Page 33
Command
Description
Page 34
Description
Admin Link-Type
auto
Operational LinkType
point-to-point
shared
If you configure Admin link-type to auto, then you can determine the value of
Operational link-type in accordance with the specific procedures defined for
the device entity, as defined in Admin link-type (auto).
If the port is connected to a point-to-point LAN segment, then Operational
link-type is set to point-to-point, otherwise it is set to shared.
In the absence of a specific definition of how to determine whether the
device is connected to a point-to-point LAN segment or not, the value of linktype is shared.
Recommended Value
Recommended Range
Range
<=100 Kbps
200,000,000
20,000,000200,000,000
1200,000,000
1 Mbps
20,000,000
2,000,00020,000,000
1200,000,000
10 Mbps
2,000,000
200,0002,000,000
1200,000,000
100 Mbps
200,000
20,000200,000
1200,000,000
1 Gbps
20,000
2,000200,000
1200,000,000
10 Gbps
2,000
20020,000
1200,000,000
100 Gbps
200
202,000
1200,000,000
1 Tbps
20
2200
1200,000,000
10 Tbps
120
1200,000,000
Page 35
Configuration Examples
Example 1
In the following example, four devices are connected via VLANs V100 and V200 that are mapped
to two MST instances on each device. The example shows the redundancy achieved with MSTP.
After configuring the network, use the show
instances are configured correctly.
Configuring Device 1:
1.
Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device1(config)#vlan default 1
Device1(config-vlan-1)#no untagged 1/1/1
Device1(config-vlan-1)#no untagged 1/1/2
Device1(config-vlan-1)#no untagged 1/1/3
Device1(config-vlan-1)#no untagged 1/1/4
Device1(config-vlan-1)#exit
Device1(config)#vlan v100 100
Device1(config-vlan-100)#tagged 1/1/1
Device1(config-tagged-1/1/1)#tagged 1/1/3
Device1(config-tagged-1/1/3)#exit
Device1(config-vlan-100)#untagged 1/1/4
Device1(config-untagged-1/1/4)#top
Device1(config)#port 1/1/4
Device1(config-port-1/1/4)#default-vlan 100
Device1(config-port-1/1/4)#exit
Device1(config)#vlan v200 200
Device1(config-vlan-200)#tagged 1/1/2
Device1(config-tagged-1/1/2)#tagged 1/1/3
Device1(config-tagged-1/1/3)#top
2.
Enable MSTP:
Device1(config)#ethernet
Page 36
Device1(config-ethernet)#spanning-tree protocol-mstp
Device1(config-protocol-mstp)#no shutdown
3.
4.
Configuring Device 2:
1.
Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device2#configure
Device2(config)#vlan default 1
Device2(config-vlan-1)#no untagged 1/1/1
Device2(config-vlan-1)#no untagged 1/1/2
Device2(config-vlan-1)#no untagged 1/1/3
Device2(config-vlan-1)#no untagged 1/1/4
Device2(config-vlan-1)#exit
Device2(config)#vlan v100 100
Device2(config-vlan-100)#tagged 1/1/1
Device2(config-tagged-1/1/1)#tagged 1/1/3
Device2(config-tagged-1/1/3)#top
Device2(config)#vlan v200 200
Device2(config-vlan-200)#tagged 1/1/2
Device2(config-tagged-1/1/2)#tagged 1/1/3
Device2(config-tagged-1/1/3)#exit
Device2(config-vlan-200)#untagged 1/1/4
Device2(config-untagged-1/1/4)#top
Device2(config)#port 1/1/4
Device2(config-port-1/1/4)#default-vlan 200
Device2(config-port-1/1/4)#exit
2.
Enable MSTP:
Device2(config)#ethernet
Device2(config-ethernet)#spanning-tree protocol-mstp
Device2(config-protocol-mstp)#no shutdown
3.
4.
1, and 2:
Page 37
Configuring Device 3:
1.
Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device3#configure
Device3(config)#vlan default 1
Device3(config-vlan-1)#no untagged 1/1/1
Device3(config-vlan-1)#no untagged 1/1/2
Device3(config-vlan-1)#no untagged 1/1/4
Device3(config)#vlan v100 100
Device3(config-vlan-100)#tagged 1/1/1
Device3(config-tagged-1/1/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config-vlan-100)#untagged 1/1/4
Device3(config-untagged-1/1/4)#top
Device3(config)#port 1/1/4
Device3(config-port-1/1/4)#default-vlan 100
Device3(config-port-1/1/4)#exit
Device3(config)#vlan v200 200
Device3(config-vlan-200)#tagged 1/1/2
Device3(config-tagged-1/1/2)#tagged 1/1/3
Device3(config-tagged-1/1/3)#exit
Device3(config-vlan-200)#untagged 1/1/4
Device3(config-untagged-1/1/4)#top
Device3(config)#port 1/1/4
Device3(config-port-1/1/4)#default-vlan 200
Device3(config-port-1/1/4)#exit
2.
Enable MSTP:
Device3(config)#ethernet
Device3(config-ethernet)#spanning-tree protocol-mstp
Device3(config-protocol-mstp)#no shutdown
3.
Configuring Device 4:
1.
Create VLAN V200 and add the appropriate ports to each VLAN:
Device4#configure
Device4(config)#vlan default 1
Device4(config-vlan-1)#no untagged 1/1/1
Device4(config-vlan-1)#no untagged 1/1/2
Device4(config-vlan-1)#no untagged 1/1/4
Device4(config)#vlan v100 100
Device4(config-vlan-100)#tagged 1/1/1
Device4(config-tagged-1/1/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#exit
Device4(config-vlan-100)#untagged 1/1/4
Device4(config-untagged-1/1/4)#top
Page 38
Device4(config)#port 1/1/4
Device4(config-port-1/1/4)#default-vlan 100
Device4(config-port-1/1/4)#exit
Device4(config)#vlan v200 200
Device4(config-vlan-200)#tagged 1/1/1
Device4(config-tagged-1/1/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#exit
Device4(config-vlan-200)#untagged 1/1/4
Device4(config-untagged-1/1/4)#top
Device4(config)#port 1/1/4
Device4(config-port-1/1/4)#default-vlan 200
2.
Enable MSTP:
Device4(config-ethernet)#spanning-tree protocol-mstp
Device4(config-protocol-mstp)#no shutdown
3.
and 2:
Page 39
MST 1
VLANs mapped
Priority
Regional Root
RemainingHopCount
TimeSinceTopologyChange
TopChanges
Border Bridge
=
=
=
=
=
=
=
100
0
This bridge is the root
40
3039 (Sec)
5
disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/01 128 Designat frwrd
200000
0 00000.00A0122700C0 128.003
01/01/03 128 Designat frwrd
200000
0 00000.00A0122700C0 128.005
01/01/04 128 Designat frwrd
200000
0 00000.00A0120A0168 128.006
MST 2
VLANs mapped
= 200
Priority
= 32768
Regional Root
= 00002.00:A0:12:27:14:20
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 7
Border Bridge
= disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/02 128 Designat frwrd
200000
0 32768.00A0122700C0 128.004
01/01/03 128 Root
frwrd
200000
0 00000.00A012271420 128.005
Page 40
mstp detailed
= enabled
= ieee8021s
= 32768
= 0 (Sec)
= 4
= 32768.00:A0:12:27:00:80
= 20 (Sec)
= 2 (Sec)
= 15 (Sec)
= 20 (Sec)
= 2 (Sec)
= 15 (Sec)
= 3 (Sec)
= 40
= 3
= disabled
= standard
CIST Information
VLANs mapped
= 1..99,101..199,201..4094
Priority
= 32768
Regional Root
= 32768.00:A0:12:27:00:C0
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 4
Border Bridge
= disabled
No active ports are mapped to the MSTI
MST 1
VLANs mapped
= 100
Priority
= 32768
Regional Root
= 00001.00:A0:12:27:00:C0
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 4
Border Bridge
= disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/01 128 Alternat block
200000
200000 32768.00A0122700C0 128.004
01/01/03 128 Root
frwrd
200000
200000 00000.00A0122700C0 128.005
MST 2
VLANs mapped
= 200
Priority
= 0
Regional Root
= This bridge is the root
RemainingHopCount
= 40
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 4
Border Bridge
= disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/02 128 Designat frwrd
200000
0 00000.00A012271420 128.002
01/01/03 128 Designat frwrd
200000
0 00000.00A012271420 128.003
01/01/04 128 Designat frwrd
200000
0 00000.00A012271420 128.005
Page 41
BridgeHelloTime
BridgeForwardDelay
ProtoMigratioDelay
MaxHopCount
TxHoldCount
FastRing
LearnMode
=
=
=
=
=
=
=
2 (Sec)
15 (Sec)
3 (Sec)
40
3
disabled
standard
CIST Information
VLAN mapped
= 1..99,101..199,201..4094
Priority
= 32768
Regional Root
= This bridge is the root
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 3
Border Bridge
= disabled
No active ports are mapped to the MSTI
MST 1
VLANs mapped
= 100
Priority
= 32768
Regional Root
= 0001.00:A0:12:27:00:C0
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 2
Border Bridge
= disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/01 128 Root
frwrd
200000
0 00000.00A0122700C0 128.003
01/01/02 128 Designat frwrd
200000
0 32768.00A0122700C0 128.004
01/01/04 128 Designat frwrd
200000
0 32768.00A0122700C0 128.006
MST 2
VLANs mapped
= 200
Priority
= 32768
Regional Root
= 00002.00:A0:12:27:14:20
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 3
Border Bridge
= disabled
No active ports are mapped to the MSTI
Page 42
MaxAge
HelloTime
ForwardDelay
BridgeMaxAge
BridgeHelloTime
BridgeForwardDelay
ProtoMigratioDelay
MaxHopCount
TxHoldCount
FastRing
LearnMode
=
=
=
=
=
=
=
=
=
=
=
20 (Sec)
2 (Sec)
15 (Sec)
20 (Sec)
2 (Sec)
15 (Sec)
3 (Sec)
40
3
disabled
standard
CIST Information
VLAN mapped
= 1..99,101..199,201..4094
Priority
= 32768
Regional Root
= 32768.00:A0:12:27:00:80
RemainingHopCount
= 38
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 2
Border Bridge
= disabled
No active ports are mapped to the MSTI
MST 1
VLAN mapped
= 100
Priority
= 32768
Regional Root
= 00001.00:A0:12:27:00:C0
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 5
Border Bridge
= disabled
No active ports are mapped to the MSTI
MST 2
VLAN mapped
= 200
Priority
= 32768
Regional Root
= 00002.00:A0:12:27:14:20
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 2
Border Bridge
= disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/01 128 Root
frwrd
200000
0 00000.00A012271420 128.003
01/01/02 128 Designat frwrd
200000
0 32768.00A012271420 128.004
01/01/04 128 Designat frwrd
200000
0 32768.00A012271420 128.006
Example 2
In the example above if the direct link between Device 1 and Device 3 fails, MSTI1 is recalculated,
and port 1/1/2 in Device 3 changes its role from alternative to root.
Page 43
=
=
=
=
=
=
=
=
=
=
=
20 (Sec)
2 (Sec)
15 (Sec)
20 (Sec)
2 (Sec)
15 (Sec)
3 (Sec)
40
3
disabled
standard
CIST Information
VLANs mapped
= 1..99,101..199,201..4094
Priority
= 32768
CIST Root
= 32768.00:A0:12:27:00:80
RemainingHopCount
= 38
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 6
Border Bridge
= disabled
No active ports are mapped to the MSTI
MST 1
VLAN mapped
Priority
Regional Root
RemainingHopCount
Page 44
=
=
=
=
100
0
This bridge is the root
40
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 5
Border Bridge
= disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/03 128 Designat frwrd
200000
0 00000.00A0122700C0 128.005
01/01/04 128 Designat frwrd
200000
0 32768.00A0122700C0 128.006
MST 2
VLAN mapped
= 200
Priority
= 32768
Regional Root
= 00002.00:A0:12:27:14:20
RemainingHopCount
= 39
TimeSinceTopologyChange
= 3039 (Sec)
TopChanges
= 7
Border Bridge
= disabled
==========================================================================
Port
|Pri|Prt role|State|PCost
|DCost
|Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+------01/01/02 128 Designat frwrd
200000
0 32768.00A0122700C0 128.002
01/01/03 128 Root
frwrd
200000
0 00000.00A012271420 128.003
=
=
=
=
=
=
=
1..99,101..199,201..4094
32768
This bridge is the root
39
3039 (Sec)
3
disabled
Page 45
This topology change does not affect Device 2 and Device 4 output.
Page 46
Configuring Device 1:
1.
2.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device1(config)#vlan default 1
Device1(config-vlan-default/1)#no untagged 1/2/1
Device1(config-vlan-default/1)#no untagged 1/1/2
Device1(config)#vlan v10 10
Device1(config-vlan-10)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v20 20
Device1(config-vlan-20)#tagged 1/2/1
Page 47
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v30 30
Device1(config-vlan-30)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#commit
Configuring Device 2:
1.
2.
3.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device2(config)#vlan default 1
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config)#vlan v10 10
Device2(config-vlan-10)#untagged 1/1/1
Device2(config-untagged-1/1/1)#exit
Device2(config-vlan-10)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v20 20
Device2(config-vlan-20)#untagged 1/1/3
Device2(config-untagged-1/1/3)#exit
Device2(config-vlan-20)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v30 30
Device2(config-vlan-30)#untagged 1/1/4
Device2(config-untagged-1/1/4)#exit
Device2(config-vlan-30)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#port 1/1/1
Device2(config-port-1/1/1)#default-vlan 10
Device2(config-port-1/1/1)#port 1/1/3
Device2(config-port-1/1/3)#default-vlan 20
Device2(config-port-1/1/3)#port 1/1/4
Device2(config-port-1/1/4)#default-vlan 30
Page 48
1/1/1
1/1/2
1/2/1
1/1/3
1/1/4
Device2(config-port-1/1/4)#commit
Configuring Device 3:
1.
2.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device3(config)#vlan default 1
Device3(config-vlan-1)#no untagged 1/2/1
Device3(config-vlan-1)#no untagged 1/1/2
Device3(config)#vlan v10 10
Device3(config-vlan-10)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v20 20
Device3(config-vlan-20)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v30 30
Device3(config-vlan-30)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#commit
Configuring Device 4:
1.
2.
3.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device4(config)#vlan default 1
Device4(config-vlan-1)#no untagged 1/1/1
Device4(config-vlan-1)#no untagged 1/1/2
Device4(config-vlan-1)#no untagged 1/2/1
Device4(config-vlan-1)#no untagged 1/1/3
Device4(config-vlan-1)#no untagged 1/1/4
Device4(config)#vlan v10 10
Device4(config-vlan-10)#untagged 1/1/1
Device4(config-untagged-1/1/1)#exit
Device4(config- vlan-10)#tagged 1/2/1
Page 49
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config)#vlan v20 20
Device4(config-vlan-20)#untagged 1/1/3
Device4(config-untagged-1/1/3)#exit
Device4(config-vlan-20)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#vlan v30 30
Device4(config-vlan-30)#untagged 1/1/4
Device4(config-untagged-1/1/4)#exit
Device4(config-vlan-30)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#top
Device4(config)#port 1/1/1
Device4(config-port-1/1/1)#default-vlan 10
Device4(config-port-1/1/1)#port 1/1/3
Device4(config-port-1/1/3)#default-vlan 20
Device4(config-port-1/1/3)#port 1/1/4
Device4(config-port-1/1/4)#default-vlan 30
Device4(config-port-1/1/4)#commit
Configuring Device 5:
1.
2.
3.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device5(config)#vlan default 1
Device5(config-vlan-1)#no untagged 1/2/1
Device5(config-vlan-1)#no untagged 1/1/2
Device5(config)#vlan v10 10
Device5(config-vlan-10)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v20 20
Device5(config-vlan-20)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v30 30
Device5(config-vlan-30)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#commit
Page 50
Configuring Device 1:
Any xSTP protocol is not enabled on Device 1 but Device 1 forwards BPDUs.
1.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device1(config)#vlan default 1
Device1(config-vlan-default/1)#no untagged 1/2/1
Device1(config-vlan-default/1)#no untagged 1/1/2
Device1(config)#vlan v10 10
Device1(config-vlan-10)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v20 20
Device1(config-vlan-20)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v30 30
Device1(config-vlan-30)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#commit
Page 51
Configuring Device 2:
1.
Enable MSTP fast-ring, configure fast ring ports, and set border-bridge preferred-link:
Device2(config-spanning-tree)#protocol-fast-ring
Device2(config-protocol-fast-ring)#no shutdown
Device2(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
Device2(config-protocol-fast-ring)#border-bridge preferred-link 1/1/2
Device2(config-border-bridge)#exit
2.
3.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device2(config)#vlan default 1
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config-vlan-default/1)#no untagged
Device2(config)#vlan v10 10
Device2(config-vlan-10)#untagged 1/1/1
Device2(config-untagged-1/1/1)#exit
Device2(config-vlan-10)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v20 20
Device2(config-vlan-20)#untagged 1/1/3
Device2(config-untagged-1/1/3)#exit
Device2(config-vlan-20)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v30 30
Device2(config-vlan-30)#untagged 1/1/4
Device2(config-untagged-1/1/4)#exit
Device2(config-vlan-30)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#port 1/1/1
Device2(config-port-1/1/1)#default-vlan 10
Device2(config-port-1/1/1)#port 1/1/3
Device2(config-port-1/1/3)#default-vlan 20
Device2(config-port-1/1/3)#port 1/1/4
Device2(config-port-1/1/4)#default-vlan 30
Device2(config-port-1/1/4)#commit
1/1/1
1/1/2
1/2/1
1/1/3
1/1/4
Configuring Device 3:
1.
Page 52
Device3(config-protocol-fast-ring)#no shutdown
Device3(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
2.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device3(config)#vlan default 1
Device3(config-vlan-1)#no untagged 1/2/1
Device3(config-vlan-1)#no untagged 1/1/2
Device3(config)#vlan v10 10
Device3(config-vlan-10)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v20 20
Device3(config-vlan-20)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v30 30
Device3(config-vlan-30)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#commit
Configuring Device 4:
1.
2.
3.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device4(config)#vlan default 1
Device4(config-vlan-1)#no untagged 1/1/1
Device4(config-vlan-1)#no untagged 1/1/2
Device4(config-vlan-1)#no untagged 1/2/1
Device4(config-vlan-1)#no untagged 1/1/3
Device4(config-vlan-1)#no untagged 1/1/4
Device4(config)#vlan v10 10
Device4(config-vlan-10)#untagged 1/1/1
Device4(config-untagged-1/1/1)#exit
Device4(config- vlan-10)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config)#vlan v20 20
Device4(config-vlan-20)#untagged 1/1/3
Device4(config-untagged-1/1/3)#exit
Device4(config-vlan-20)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#vlan v30 30
Page 53
Device4(config-vlan-30)#untagged 1/1/4
Device4(config-untagged-1/1/4)#exit
Device4(config-vlan-30)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#top
Device4(config)#port 1/1/1
Device4(config-port-1/1/1)#default-vlan 10
Device4(config-port-1/1/1)#port 1/1/3
Device4(config-port-1/1/3)#default-vlan 20
Device4(config-port-1/1/3)#port 1/1/4
Device4(config-port-1/1/4)#default-vlan 30
Device4(config-port-1/1/4)#commit
Configuring Device 5:
1.
Enable MSTP fast-ring, configure fast ring ports, and set border-bridge preffer-link:
Device5(config-spanning-tree)#protocol-fast-ring
Device5(config-protocol-fast-ring)#no shutdown
Device5(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
Device5(config-protocol-fast-ring)#border-bridge preferred-link 1/2/1
Device5(config-border-bridge)#exit
2.
3.
Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device5(config)#vlan default 1
Device5(config-vlan-1)#no untagged 1/2/1
Device5(config-vlan-1)#no untagged 1/1/2
Device5(config)#vlan v10 10
Device5(config-vlan-10)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v20 20
Device5(config-vlan-20)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v30 30
Device5(config-vlan-30)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#commit
Page 54
Standards
MIBs
RFCs
IEEE 802.1d-1998
IEEE 802.1t-2001
IEEE 802.1w-2001
IEEE 802.1s-2002
No MIBs are
supported by this
feature.
Page 55
Page 1
Table of Figures
Figure 1: Initial IGMP Join Message ................................................................................................... 5
Figure 2: IGMP Configuration Flow ................................................................................................... 6
List of Tables
Table 1: IGMP Snooping Commands ................................................................................................. 8
Table 2: MVR Commands .................................................................................................................. 28
Page 2
T-Marc3208SH
Page 3
Dynamic Entries
The host can request to join or leave one or more multicast groups using the following IGMP
Report types:
IGMP Join Message: Host side request to join an IP multicast group by sending an
unsolicited IGMP Join Message that identifies the IP multicast group. The CPU creates a
multicast entry in the Multicast Forwarding table for that group and adds the port to the table.
The host associated with that port receives multicast traffic for that group.
On receipt of an IGMP Join Message on the host side, the device generates and sends an
IGMP Join Message on the transmitter side upstream, via the mrouter port, to the
multicast traffic source. By doing so, the device creates a logical connection between the
host and the source of the multicast traffic.
IGMP Leave Group Message: When the device receives an IGMP Leave Group message
(IGMP Version 2), the device deletes the port number for the host from the Multicast
Forwarding Table. When the device receives a Leave Group message from a host, the Group
timer is reset to the robustness value* last member query interval value (see the IGMP Snooping
Commands table).
If the user enables fast leave processing, the device handles requests to leave a multicast
group immediately to ensure optimal bandwidth management for all hosts on a switched
network even when the device manages several multicast groups simultaneously.
On the edge of the network, the multicast router connects to an IGMP Snooping device on the
transmitter side. The transmitter side port where the Mrouter connects becomes an Mrouter port
either through static configuration or automatically upon receipt of an IGMP Query from the
multicast traffic source side.
Page 4
When the device receives a transmitter side request, known as an IGMP Query, the device
automatically responds with an IGMP Join Message for any active Multicast groups maintained by
the device.
Static Entries
Along with IGMP Snooping-learned entries, the Multicast Forwarding table can also include static
entries. Create static entries using the IGMP Snooping commands for the Command Line Interface
(CLI) found in Table 1.
Page 5
NOTE
Static, or permanent, entries supersede dynamic changes creates through the IGMP
Snooping protocol.
Page 6
+ config terminal
- [no] router-alert-check
+ [no] router-timers
- [no] mrouter
- [no] mrouter-block
- [no] report-block
+ [no] igmp-snooping
- [no] mrouter
- [no] mrouter-block
+ service
- [no] report-block
+ [no] ip-igmp-snooping
- [no] router-alert-check
Page 7
+ [no] router-timers
- [no] mrouter
- [no] mrouter-block
- [no] report-block
- [no] mrouter
- [no] mrouter-block
- show igmp-snooping
- [no] report-block
Commands Descriptions
Table 1: IGMP Snooping Commands
Command
Description
config terminal
Page 8
source-specific: Single-Source
Multicast (SSM) mode is when only
the user initiating the session
is allowed to send data; other
users can receive only.
Command
Description
no multicast filter-mode
VLAN-NAME: a string of
<131> characters
VLAN-NAME: a string of
<131> characters
ip-igmp-snooping
no ip-igmp-snooping
Restores to default
router-alert-check
no router-alert-check
ip-tos-check
no ip-tos-check
router-timers
no router-timers
last-member-query-interval
<interval>
1 second
no last-member-query-interval
Restores to default
query-interval <interval>
125 seconds
no query-interval
Restores to default
robustness <value>
Page 9
Command
Description
no robustness
Restores to default
query-response-interval
<interval>
10 seconds
no query-response-interval
untagged UU/SS/PP
Restores to default
Enters in Configuration mode of specific
untagged port:
no untagged [UU/SS/PP]
tagged UU/SS/PP
no tagged [UU/SS/PP]
igmp-snooping
no igmp-snooping
Restores to default
explicit-tracking {enable |
disable}
Enabled
no explicit-tracking
Restores to default
Enabled
no igmp-snooping fast-leave
Restores to default
max-groups <unsignedInt>
1024
Page 10
no max-groups
Restores to default
mrouter
no mrouter
Restores to default
Command
Description
mrouter-block
no mrouter-block
Restores to default
report-block
no report-block
Restores to default
multicast-static-group UU/SS/PP
no multicast-static-group
[UU/SS/PP]
multicast-static-group NAME
no multicast-static-group
ip A.B.C.D
no ip-source A.B.C.D
A1.B1.C1.D1
mac <mac:hexList>
no mac <mac:hexList>
NAME: a string
no ip A.B.C.D
Page 11
Command
Description
service
NOTE
SAP and SDP ports have to be
untagged members of the default
VLAN.
vpls <vpls-id>
no vpls [<vpls-id>]
ip-igmp-snooping
no ip-igmp-snooping
Restores to default
router-alert-check
no router-alert-check
router-timers
no router-timers
last-member-query-interval
<interval>
1 second
no last-member-queryinterval
Restores to default
query-interval <interval>
125 seconds
no query-interval
Restores to default
robustness <value>
2 packets
no robustness
Restores to default
query-response-interval
<interval>
Page 12
Command
Description
10 seconds
no query-response-interval
spoke-sdp <spoke-sdp-id>
Restores to default
Configures a spoke binding between a VPLS
and a Service Distribution Point (SDP) and
enters Spoke-sdp Configuration mode:
no spoke-sdp [<spoke-sdp-id>]
spoke-sdp-id: (optional) an
existing SDP ID to bind to the
specified service ID, in the
range of <1-4294967295>
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 13
Command
Description
no igmp-snooping
Restores to default
explicit-tracking {enable |
disable}
Enabled
no explicit-tracking
Restores to default
fast-leave {enable |
disable}
Enabled
no fast-leave
Restores to default
max-groups <unsignedInt>
1024
Page 14
no max-groups
Restores to default
mrouter
no mrouter
Restores to default
Command
Description
report-block
no report-block
Restores to default
mrouter-block
no mrouter-block
Restores to default
show igmp-snooping
Page 15
Configuration Example 1
In the following example IGMP snooping is configured on VLAN 100. The multicast router that
sends IGMP queries is connected to port 1/2/5. The multicast host that sends the IGMP report is
connected to port 1/2/4:
1.
2.
Enable IGMP snooping on the specified VLAN and configure last-member-query interval:
device-name(config)#vlan v100 100
device-name(config-vlan-v100/100)#ip-igmp-snooping
device-name(config-ip-igmp-snoopping)#router-timers last-member-queryinterval 20
device-name(config-vlan-v100/100)#untagged 1/2/4
device-name(config-untagged-1/2/4)#igmp-snooping
device-name(config-vlan-v100/100)#untagged 1/2/5
device-name(config-untagged-1/2/5)#igmp-snooping
3.
Display IGMP snooping queries and reports information (the multicast router with source IP
address 100.1.1.33 is connected to port 1/2/5 and a multicast host joines a multicast group
with IP address 224.2.2.2 on port 1/2/4):
device-name#show igmp-snooping vlan 100 mrouters
================================================================================
Vlan ID 100 - IGMP Snooping Mrouters
================================================================================
Port ID: 1/2/5
Mrouters: 1
-------------------------------------------------------------------------------Mrouter Ip:
100.1.1.33
Type: Dynamic
Group Ip:
224.2.2.2
Age: 244s
--------------------------------------------------------------------------------
================================================================================
Vlan ID 100 - IGMP Snooping
================================================================================
Port ID: 1/2/5
Groups: 0
================================================================================
================================================================================
Port ID: 1/2/4
Groups: 0
================================================================================
================================================================================
Vlan ID 100 - IGMP Snooping
================================================================================
Port ID: 1/2/5
Groups: 0
================================================================================
================================================================================
Port ID: 1/2/4
Groups: 1
================================================================================
================================================================================
Group IP: 224.2.2.2
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.50
Forward
258s
100.1.1.11
258s
Page 16
Configuration Example 2
In the following example, IGMP Snooping is configured on VPLS-MTU 1010. The multicast
router that sends IGMP queries is connected to SAP 1/1/3: The multicast host that sends the
IGMP report is connected to SAP 1/1/3::.
1.
Page 17
Device_1(config-interface-1.1.172.101)#passive
Device_1(config-interface-1.1.172.101)#exit
Device_1(config-area-0.0.0.2)#interface 11.0.10.1
Device_1(config-interface-11.0.10.1)#exit
Device_1(config-area-0.0.0.2)#interface 11.0.20.1
Device_1(config-interface-11.0.20.1)#commit
Commit complete.
Device_1(config-interface-11.0.20.1)#exit
Device_1(config-area-0.0.0.2)#exit
Device_1(config-ospf)#trafic-engineering
Device_1(config-ospf)#commit
Commit complete.
Device_1(config-ospf)#exit
Device_1(config-router)#mpls lsr-id 1.1.172.101
Device_1(config-mpls)#ldp
Device_1(config-ldp)#interface lo1
Device_1(config-interface-lo1)#interface sw10
Device_1(config-interface-sw10)#interface sw20
Device_1(config-interface-sw20)#commit
Commit complete.
Device_1(config-interface-sw20)#exit
Device_1(config-ldp)#targeted-peer 1.1.3.1
Device_1(config-targeted-peer-1.1.3.1)#targeted-peer 1.1.4.1
Device_1(config-targeted-peer-1.1.4.1)#exit
Device_1(config-ldp)#distribute ingress ospf
Device_1(config-distribute)#egress ip 1.1.172.101/32
Device_1(config-ip-1.1.172.101/32)#exit
Device_1(config-distribute)#exit
Device_1(config-ldp)#exit
Device_1(config-router)#rsvp-te
Device_1(config-rsvp-te)#commit
Commit complete.
Device_1(config-rsvp-te)#exit
Device_1(config-router)#end
Device_1#
Device_1#show router ospf neighbor
2.
Neighbor ID
Pri
RXmtL RqstL DBsmL
State
Dead Time
Uptime
Address
Interface
1.1.3.1
0
0
Full/DROther
00:00:32
0d 00:00:17
11.0.10.2
sw10:11.0.10.1
1.1.4.1
0
0
Full/DROther
00:00:32
0d 00:00:17
11.0.20.2
sw20:11.0.20.1
Page 18
Device_1(config-vpls-1010)#mode mtu-s
Device_1(config-vpls-1010)#redundancy-mode none
Device_1(config-vpls-1010)#sap 1/1/3::
Device_1(config-sap-1/1/3::)#sap 1/1/3::
Device_1(config-sap-1/1/3::)#no shutdown
Device_1(config-sap-1/1/3::)#learn-new-mac-address
Device_1(config-sap-1/1/3::)#exit
Device_1(config-vpls-1010)#spoke-sdp 1
Device_1(config-spoke-sdp-1)#no shutdown
Device_1(config-spoke-sdp-1)#learn-new-mac-address
Device_1(config-spoke-sdp-1)#exit
Device_1(config-vpls-1010)#spoke-sdp 2
Device_1(config-spoke-sdp-2)#no shutdown
Device_1(config-spoke-sdp-2)#learn-new-mac-address
Device_1(config-spoke-sdp-2)#backup
Device_1(config-spoke-sdp-2)#commit
Commit complete.
Device_1(config-spoke-sdp-2)#end
3.
4.
SDP Peer
Role
Up time
Adm
Opr
===============================================================================
1010
1.1.3.1
Prim
00:00:21
Up
Up
1010
1.1.4.1
Prim
00:00:00
Up
Stndby
VIs
Mrouter
IGMP Status
Groups
-------------------------------------------------------------------------------1010
0(0)
UP
Page 19
================================================================================
Services: 1
Groups: 0
================================================================================
5.
1/1/3::
Groups: 0
================================================================================
================================================================================
SDP :
1010:1.1.4.1
Groups: 0
================================================================================
================================================================================
SDP :
1010:1.1.3.1
Groups: 10
================================================================================
================================================================================
Group IP: 239.1.1.1
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.50
Forward
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.2
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.50
Forward
256s
100.1.1.11
100.1.1.51
Forward
256s
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.3
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.50
Forward
256s
100.1.1.11
100.1.1.51
Forward
256s
100.1.1.11
100.1.1.52
256s
Forward
256s
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.4
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.52
Forward
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.5
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.53
Forward
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.6
Mode: Exclude
ExpTimer: 258s
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
--------------------------------------------------------------------------------
Page 20
100.1.1.10
Block
================================================================================
Group IP: 239.1.1.7
Mode: Exclude
ExpTimer: 258s
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.10
Block
100.1.1.11
Block
================================================================================
6.
Page 21
Device_2(config-area-0.0.0.1)#interface 12.0.20.1
Device_2(config-interface-12.0.20.1)#exit
Device_2(config-area-0.0.0.1)#exit
Device_2(config-ospf)#commit
Commit complete.
Device_2(config-ospf)#exit
Device_2(config-router)#mpls lsr-id 1.1.172.102
Device_2(config-mpls)#ldp
Device_2(config-mpls)#interface lo1
Device_2(config-interface-lo1)#interface sw10
Device_2(config-interface-sw10)#interface sw20
Device_2(config-interface-sw20)#commit
Commit complete.
Device_2(config-interface-sw20)#exit
Device_2(config-mpls)#ld
Device_2(config-ldp)#targeted-peer 1.1.3.2
Device_2(config-targeted-peer-1.1.3.2)#exit
Device_2(config-ldp)#targeted-peer 1.1.4.2
Device_2(config-targeted-peer-1.1.4.2)#exit
Device_2(config-ldp)#distribute ingress ospf
Device_2(config-distribute)#egress ip 1.1.172.102/32
Device_2(config-ip-1.1.172.102/32)#exit
Device_2(config-distribute)#exit
Device_2(config-ldp)#rs
Device_2(config-rsvp-te)#commit
Commit complete.
Device_2(config-rsvp-te)#end
Device_2#
Device_2#show router ospf neighbor
7.
Neighbor ID
Pri
RXmtL RqstL DBsmL
State
Dead Time
Uptime
Address
Interface
1.1.3.2
0
0
Full/DROther
00:00:38
0d 00:00:21
12.0.10.2
sw10:12.0.10.1
1.1.4.2
0
0
Full/DROther
00:00:38
0d 00:00:21
12.0.20.2
sw20:12.0.20.1
Page 22
Device_2(config-spoke-sdp-1)#no shutdown
Device_2(config-spoke-sdp-1)#learn-new-mac-address
Device_2(config-spoke-sdp-1)#exit
Device_2(config-vpls-1010)#spoke-sdp 2
Device_2(config-spoke-sdp-2)#backup
Device_2(config-spoke-sdp-2)#no shutdown
Device_2(config-spoke-sdp-2)#learn-new-mac-address
Device_2(config-spoke-sdp-2)#commit
Commit complete.
Device_2(config-spoke-sdp-2)#end
8.
9.
SDP Peer
Role
Up time
Adm
Opr
===============================================================================
1010
1.1.3.2
Prim
00:00:24
Up
Up
1010
1.1.4.2
Prim
00:00:00
Up
Stndby
1/1/3::
Groups: 10
================================================================================
================================================================================
Group IP: 239.1.1.1
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.50
Forward
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.2
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
Page 23
-------------------------------------------------------------------------------100.1.1.50
Forward
256s
100.1.1.11
100.1.1.51
Forward
256s
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.3
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.50
Forward
256s
100.1.1.11
100.1.1.51
Forward
256s
100.1.1.11
100.1.1.52
256s
Forward
256s
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.4
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.52
Forward
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.5
Mode: Include
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.53
Forward
256s
100.1.1.11
256s
================================================================================
Group IP: 239.1.1.6
Mode: Exclude
ExpTimer: 258s
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.10
Block
================================================================================
Group IP: 239.1.1.7
Mode: Exclude
ExpTimer: 258s
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.10
Block
100.1.1.11
Block
================================================================================
Group IP: 239.1.1.8
Mode: Exclude
ExpTimer: 258s
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------================================================================================
Group IP: 239.1.1.9
Mode: Exclude
ExpTimer: 258s
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------================================================================================
Group IP: 239.1.1.10
Mode: Exclude
ExpTimer: 258s
-------------------------------------------------------------------------------SrcIp
Mode
Joined Host
ExpTime
-------------------------------------------------------------------------------100.1.1.13
Block
================================================================================
SDP :
1010:1.1.4.2
Groups: 0
================================================================================
================================================================================
Page 24
SDP :
1010:1.1.3.2
Groups: 0
================================================================================
Page 25
MVR Modes
The device supports two MVR modes of operation:
In the dynamic mode, the device performs standard IGMP snooping. When the device receives
an IGMP report for a particular group-on MVR receiver port, it forwards the IGMP report to
the multicast router, connected to any MVR source port. The multicast router only forwards
multicast streams for groups for which reports are received. Receiver ports are treated as
members of the multicast VLAN for MVR multicast control and data traffic.
In the static mode, the device sends IGMP reports for all configured multicast groups to the
multicast router. The multicast router is forced to send multicast stream for all configured
groups. When the device receives an IGMP report on the receiver port, it immediately starts
switching the stream to the subscriber.
NOTE
The maximum number of multicast groups is 256.
Immediate Leave
If Immediate Leave is enabled on a receiver port, the port leaves a multicast group more quickly.
Without Immediate Leave, when the device receives an IGMP leave message from a subscriber on a
receiver port, it sends out an IGMP query on that port and waits for IGMP group membership
reports. If no reports are received within a configured time period, the receiver port is removed
from multicast group membership. With Immediate Leave, an IGMP query is not sent from the
receiver port on which the IGMP leave was received. As soon as the leave message is received, the
receiver port is removed from multicast group membership, which speeds up leave latency.
Page 26
MVR Commands
Commands Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] mvr
- [no] shutdown
Page 27
Commands Descriptions
Table 2: MVR Commands
Command
Description
config terminal
ethernet
mvr
no mvr
Restores to default
mc-group <id>
no mc-group
asm-group <value>
no asm-group
ssm-group <value>
no ssm-group
count <value>
1
no count
Page 28
Restores to default
Command
Description
grp-address A.B.C.D
no grp-address
Include
no mode
Restores to default
source-list <value>
1
no source-list
Restores to default
Page 29
Command
Description
Dynamic
no mvr-mode
Restores to default
mvr-source-ip A.B.C.D
0.0.0.0
no mvr-source-ip
Restores to default
mvr-vlan <vlan-id>
VLAN ID =1
no mvr-vlan
Restores to default
port UU/SS/PP
no port
explicit-tracking {false |
true}
True
Page 30
Command
Description
no explicit-tracking
Restores to default
Disabled
no fast-leave
Restores to default
mc-group <value>
id:
no mc-group
Restores to default
shutdown
no shutdown
members:
Page 31
Configuration Example 1
In the following example, MVR is configured in dynamic mode. The multicast router that receives
and sends multicast data is connected to port 1/1/1. The multicast host that receives multicast data
is connected to port 1/1/2:
1.
Enter Configuration mode of the MVR source VLAN v10 with ID 10:
device-name(config)#vlan v10 10
device-name(config-vlan-v10/10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#commit
2.
3.
Enable MVR on the specified ports and configure fast-leave on the receiver port:
device-name(config)#ethernet mvr
device-name(config-mvr)#no shutdown
device-name(config-mvr)#commit
device-name(config-mvr)#mvr-mode dynamic
device-name(config-mvr)#mvr-source-ip 11.11.11.11
device-name(config-mvr)#mvr-vlan 10
device-name(config-mvr)#port 1/1/1
device-name(config-port-1/1/1)#mvr-type source
device-name(config-port-1/1/1)#exit
device-name(config-mvr)#port 1/1/2
device-name(config-port-1/1/2)#mvr-type receiver
device-name(config-port-1/1/2)#fast-leave true
device-name(config-port-1/1/2)#commit
4.
5.
Page 32
Number of groups
: 0
Vlan list
: 10
V1 Querier Present Timer
: 0 secs
V2 Querier Present Timer
: 0 secs
------------------------------------------------------------------------Port id
: 1/1/2
MVR type
: Receiver
Explicit tracking
: Enabled
Fast leave
: Enabled
Number of groups
: 0
Vlan list
: 20
========================================================================
Configuration Example 2
In the following example, MVR is configured in static mode. Static groups are configured. The
multicast router that receives and sends multicast data is connected to port 1/1/1. The multicast
host that receives multicast data is connected to port 1/1/2:
1.
Enter Configuration mode of the MVR source VLAN v10 with ID 10:
device-name(config)#vlan v10 10
device-name(config-vlan-v10/10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#commit
2.
3.
4.
Configure static group with ASM entry and apply it to the receiver port:
device-name(config)#ethernet mvr
device-name(config-mvr)#mc-group k1
device-name(config-mc-group-k1)#asm-group 1 count 1 grp-address 224.2.2.2
device-name(config-asm-group-1)#commit
Page 33
device-name(config-asm-group-1)#exit
device-name(config-mc-group-k1)#exit
device-name(config-mvr)#port 1/1/2
device-name(config-port-1/1/2)#mc-group k1
device-name(config-port-1/1/2)#commit
5.
Configure static group with SSM entry and apply it to the receiver port:
device-name(config)#ethernet mvr
device-name(config-mvr)#mc-group k2
device-name(config-mc-group-k2)#ssm-group 1 grp-address 224.3.3.3 mode
include source-list 10.5.5.5
device-name(config-ssm-group-1)#commit
device-name(config-ssm-group-1)#exit
device-name(config-mc-group-k2)#exit
device-name(config-mvr)#port 1/1/2
device-name(config-port-1/1/2)#mc-group k2
device-name(config-port-1/1/2)#commit
6.
7.
Page 34
Standards
MIBs
RFCs
IGMP Snooping
Not supported
Not supported
Multicast VLAN
Registration (MVR)
Not supported
Not supported
Not supported
Page 35
Table of Figures
Figure 1: LLDPDU Frame Structure................................................................................................... 3
Figure 2: Example for Configuring LLDP on two Devices............................................................. 8
List of Tables
Table 1: LLDP Commands ................................................................................................................... 4
Page 1
T-Marc3208SH
TLV Format
In an LLDPDU, the chassis ID, port ID, and TTL TLV are the first three TLVs. The optional
TLVs are placed after the TTL TLV. The end of LLDPDU TLV is placed last. There is no
restriction regarding the length of LLDPDUs. The restriction comes from the transport layer, for
example in 802.3 MAC environments the maximum size of the PDU is 1500 bytes.
The figure below provides the LLDPDU structure and the mandatory LLDPDU TLV structure
details:
Page 2
TTL TLVIndicates how long (in seconds) the LAN device's information received in the
LLDPDU is to be treated as valid information
The optional TLVs defined as part of LLDP are grouped into Basic Management TLV Set (Port
description, System name, System description, System capabilities, Management address).
Page 3
+ config terminal
+ [no] ethernet
+ [no] lldp
- [no] shutdown
Commands Descriptions
Table 1: LLDP Commands
Command
Description
config terminal
ethernet
lldp
Page 4
Command
Description
advertise-basic {managementaddress | port-description
| system-capabilities |
system-description |
system-name}
port-description: configures an
LLDP-enabled port to advertise its
port description
management-address: configures an
LLDP-enabled port to advertise the
devices management address
system-capabilities: configures an
LLDP-enabled port to advertise its
system capabilities
system-description: configures an
LLDP-enabled port to advertise the
system description
no advertise-basic
{management-address | portdescription | systemcapabilities | systemdescription | system-name}
rx-tx
no mode
reinit-delay <value>
Restores to default
Specifies the minimum time an LLDP port waits
before reinitializing LLDP transmission:
2 seconds
no reinit-delay
shutdown
no shutdown
Page 5
Command
transmit-delay <value>
Description
Specifies the delay between successive LLDP
frame transmissions initiated by value/status
changes in the LLDP local systems MIB:
NOTE
Transmit-delay can be set only to
values smaller than (0.25 * transmitinterval).
2 seconds
no transmit-delay
transmit-hold <value>
4 seconds
no transmit-hold
transmit-interval <value>
NOTE
Transmit-interval can be set only to
values bigger than (4 * transmitdelay).
The values of transmit-interval and
transmit-delay are mutually
dependent on each other:
transmit-interval is from 5 to
32768 (5 can be set when
transmit-delay is set to its
minimum value of 1)
Page 6
Command
Description
Page 7
Configuration Example
The following example shows how to configure LLDP on two devices.
Device1 Configuration:
1.
device-name#config terminal
Entering configuration mode terminal
device-name(config)#ethernet
device-name(config-ethernet)#lldp
device-name(config-lldp)#no shutdown
device-name(config-lldp)#commit
2.
3.
management-address
port-description
system-capabilities
system-description
system-name
Page 8
Chassis Id Subtype
: MAC address
System ChassisId
: 00:a0:12:96:24:21
System Name
: device-name
System Description
: device-name Service Demarcation Switch
software version 2.4R3 Sun Jun 3 14:44:48 EEST 2012
System capabilities supported
: Bridge
Router
System capabilities enabled
: Bridge
Router
:
:
:
:
ipV4
010.003.155.009
ifIndex
2
4.
Page 9
System Description
: device-name Service Demarcation Switch
software version 2.4.R3 Sun Jun 3 14:44:48 EEST 2012
Port Description
: 1/1/2
System capabilities supported
: Bridge
Router
System capabilities enabled
: Bridge
Router
: (IPv4) 10.3.155.8
: ifIndex
: 2
Device2 Configuration:
5.
device-name#config terminal
Entering configuration mode terminal
device-name(config)#ethernet
device-name(config-ethernet)#lldp
device-name(config-lldp)#no shutdown
device-name(config-lldp)#commit
6.
7.
management-address
port-description
system-capabilities
system-description
system-name
Page 10
: Bridge
Router
:
:
:
:
ipV4
010.003.155.009
ifIndex
2
8.
: Bridge
Router
Page 11
Page 12
: (IPv4) 10.3.155.8
: ifIndex
: 2
Standards
MIBs
RFCs
Link Layer
Discovery Protocol
(LLDP)
IEEE 802.1AB
Not supported
Page 13
Page 1
Table of Figures
Figure 1: ACL Configuration Flow ...................................................................................................... 7
List of Tables
Table 1: Traffic Counting Commands................................................................................................. 8
Table 2: Monitoring Profile Commands ............................................................................................. 8
Table 3: IP ACLs Configuration Commands ................................................................................... 19
Table 4: IP ACLs Show Commands .................................................................................................. 35
Table 5: IPv6 ACLs Configuration Commands............................................................................... 40
Table 6: MAC ACLs Configuration Commands ............................................................................. 56
Table 7: MAC ACLs Show Commands ............................................................................................ 66
Table 8: EtherType ACLs Configuration Commands .................................................................... 73
Table 9: EtherType ACLs Show Commands ................................................................................... 84
Table 10: Traffic Types ........................................................................................................................ 84
Table 11: Monitoring Profiles ............................................................................................................. 85
Table 12: Valid ToS Values ................................................................................................................. 85
Table 13: Valid Precedence Values .................................................................................................... 85
Table 14: Valid ICMP Message Type Values ................................................................................... 86
Table 15: Valid ICMP Code Values ................................................................................................... 87
Table 16: Valid TCP Port Literal Values........................................................................................... 87
Table 17: Valid UDP Port Literal Values.......................................................................................... 88
Table 18: Valid FC Values ................................................................................................................... 90
Table 19: Known EtherType Values ................................................................................................. 90
Page 2
T-Marc3208SH
Overview
An Access Control List (ACL) is a set of numbered rules that are processed in sequential order.
Packet parameters are tested against conditions defined in the ACL; the first condition matched
determines the action taken by the port.
Using ACLs, system administrators can filter packets passing through the port according to defined
criteria. The main advantages to ACLs are as follows:
Security: Manage network security policies by forwarding or dropping traffic on ingress to the
port.
Traffic Control: Manipulate traffic flow, reduce bottlenecks, and congestion by enforcing
redirection rules.
Traffic Rate Limitation: Control traffic rates by port, by group of ports or by SAP, according
to user-defined criteria.
Quality of Service (QoS): Assign packet-handling priority to data flow by sorting into eight
priority queues based on ACL criteria. You can also use ACLs to remark VPT and ToS/DSCP
values.
ACL Type
Each ACL is identified by a unique name or a number. There are four basic ACL types and each
type matches specific fields in a packet:
ACL Type
Numerical Range
Matches
Standard IP
1-99
Extended IP
IPv6
Extended MAC
100-199
400-499
Page 3
ACL Type
Numerical Range
Matches
EtherType
500-599
Processing Options
Apply ACLs to both ingress (inbound) and egress (outbound) traffic:
Ingress: Process incoming packets to the port according to matched conditions defined with
the ACL. Packets that pass definied criteria are handled by the port. Packets that do not pass
the defined criteria are discarded, thereby reducing the load on the outbound interface.
Egress: Process packets at Egress mainly to shape traffic, remark, and collect statistics. To a
lesser extent, ACLs at the outbound port can also be used to filter traffic. As with packets
received at an inbound port, packets are matched to ACL conditions; packets that meet one of
the defined criteria are passed through the port.
Egress ACLs do not filter packets originated by the device (such as outgoing Telnet
session packets, NTP service packets, and various broadcast packets, such as ARP
request).
Page 4
NOTE
Rules of the VLAN-ACL take precedence over any other configured ACLs.
Rules of Ingress and Egress ACLs are matched sequentially starting with the lowest
numbered rule.
Once created, users can remove existing rules and/or add new rules to the ACL.
The device tests packets only the first match is found. That match defines whether to permit
or deny the packet.
If the packet does not match any of the conditions defined for the ports ACLs:
On Ingress: The packet is denied because the last rule is an implicit deny statement.
On Egress: Packet is permitted (unless the user configures a rule to implicitly deny
packets that do not match any of the rules).
VLAN-based ACL (VLAN translation): Packet is permited.
Egress ACLs have no default rule. All options defined in an ACG are applied only on traffic
that is excplicitly defined in permit rule.
VLAN-based ACLs have no default rule. All options defined in ACG are applied only on
traffic that is excplicitly defined in permit rule.
Processing occurs using the order in which the ACLs were applied (via ACGs).
During periods of heavy network traffic, congestion can cause incoming packets to be dropped. To
prevent congestion on provider networks, system administrators can allocate a specific bandwidth
per user port or traffic. A traffic rate limiter monitors the incoming traffic by:
The Single Rate Three Color Marker (srTCM) meters a traffic stream and marks packets according
to three parameters:
Parameter
Description
Result
Page 5
Description
Result
Exceed Action
Once the packet is classified as exceeding a particular rate limit, the device either:
Color-Blind:, Packets are considered green upon entering the metering process and are
marked as yellow or red if the traffic class exceeds the configured bandwidth limits
Color-Aware:Assumes the packet stream is colored, ingress by rate limiter, egress by rate
limiter or QoS policy, before entering the metering process. The device forwards green
packets. Yellow and red packets are forwarded according to the defined rate-limit.
Page 6
+ config terminal
+ system
Page 7
Description
config terminal
system
L2
no traffic-counting-mode
Restores to default
ACL Commands
In this section, command hierarchies are described and definitions for individual commands are
provided. Also included are examples.
+ config terminal
Description
config terminal
access-group-monitoring-profile
<profile-id>
no access-group-monitoring-profile
[<profile-id>]
Page 8
enable-statistics PROFILE
Defines statistics:
no enable-statistics [PROFILE]
PROFILE
+ config terminal
- [no] untagged
- destination-ip A.B.C.D/MASK
+ protocol TYPE
- [no] established
- source-ip A.B.C.D/MASK
Page 9
port UU/SS/PP
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] color-aware
- [no] ebs <value>
Page 10
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] set-green-to-fc <value>
- [no] color-aware
- [no] ebs <value>
Page 11
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
Page 12
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
Page 13
- [no] service
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] color-aware
- [no] ebs <value>
Page 14
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
Page 15
- [no] copy-inner-vpt-to-outer-vpt
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] color-aware
- [no] ebs <value>
Page 16
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
Page 17
- [no] color-aware
- [no] ebs <value>
- show port UU/SS/PP access-groups-rule-sequence <number> ip-accessgroup-standard [NAME | <acl-number>] [in | out | vlan] [monitoringprofile <profile-id> [statistics [fbrs-green-bps | fbrs-green-fps |
fbrs-match-counter-bps | fbrs-match-counter-fps | fbrs-not-green-bps
| fbrs-not-green-fps | fbrs-not-red-bps | fbrs-not-red-fps | fbrsred-bps | fbrs-red-fps | fbrs-yellow-bps | fbrs-yellow-fps | greenbps | green-fps | match-counter-bps | match-counter-fps | not-greenbps | not-green-fps | not-red-bps | not-red-fps | red-bps | red-fps
| yellow-bps | yellow-fps]]]
- show port UU/SS/PP access-groups-rule-sequence <number> ip-accessgroup-extended [NAME | <acl-number>] [in | out | vlan] [monitoringprofile <profile-id> [statistics [fbrs-green-bps | fbrs-green-fps |
fbrs-match-counter-bps | fbrs-match-counter-fps | fbrs-not-green-bps
| fbrs-not-green-fps | fbrs-not-red-bps | fbrs-not-red-fps | fbrsred-bps | fbrs-red-fps | fbrs-yellow-bps | fbrs-yellow-fps | greenbps | green-fps | match-counter-bps | match-counter-fps | not-greenbps | not-green-fps | not-red-bps | not-red-fps | red-bps | red-fps
| yellow-bps | yellow-fps]]]
Page 18
Description
config terminal
description DESCRIPTION
NAME: a string of
<110> characters
no description
DESCRIPTION: a string of
<130> characters
rule <value>
no rule [<value>]
no inner-vlan [<vlan-id>]
[inner-vlan-mask [<vlanmask>]]
Page 19
Command
inner-vpt <priority>
Description
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no inner-vpt [<priority>]
source-ip A.B.C.D/MASK
untagged
no untagged
Restores to default
vpt <priority>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no vpt [<priority>]
dscp <value>
no dscp [<value>]
Page 20
Command
description DESCRIPTION
Description
NAME: a string of
<110> characters
no description
DESCRIPTION: a string of
<130> characters
rule <value>
no rule [<value>]
destination-ip A.B.C.D/MASK
no inner-vlan [<vlan-id>]
[inner-vlan-mask [<vlanmask>]]
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
Page 21
Command
Description
inner-vpt <priority>
no inner-vpt
precedence TYPE
no precedence
protocol TYPE
established
no established
icmp-code <value>
no icmp-code
icmp-type <value>
no icmp-type
tcp-source-port <value>
Page 22
no tcp-source-port
tcp-destination-port <value>
Command
Description
TCP port names when filtering TCP packets only:
no tcp-destination-port
udp-source-port <value>
no udp-source-port
udp-destination-port <value>
no udp-destination-port
source-ip A.B.C.D/MASK
tos <value>
no tos
untagged
no untagged
Restores to default
Page 23
Command
Description
vpt <priority>
no vpt [<priority>]
port UU/SS/PP
no dscp [<value>]
dscp <value>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
service
single-rate-limit: configures a
rate limit for the parent group
Page 24
Command
Description
1/2/8
NOTE
Page 25
Command
Description
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
Page 26
Command
Description
VLAN):
NOTE
access-groups-rule-sequence
<number>
NOTE
Page 27
Command
Description
no ip-access-group-standard
[NAME | <acl-number>] [in
| out | vlan]
fc <value>
no fc [<value>]
monitoring-profile <profileid>
Page 28
Removes FC mapping:
Command
Description
profiles can be defined.
no monitoring-profile
[<profile-id>]
cbs <value>
100 KB
no cbs
Restores to default
cir <value>
1000 kbps
no cir
Restores to default
color-aware
no clor-aware
Restores to default
pbs <value>
100 KB
no pbs
Restores to default
pir <value>
1000 kbps
no pir
Restores to default
ebs <value>
100 KB
no ebs
Restores to default
Page 29
Command
Description
exceed-action {drop |
mark-yellow | mark-red}
Drop
no exceed-action [drop |
mark-yellow | mark-red]
redirect UU/SS/PP
Restores to default
(valid only for ingress ACLs) Redirects matching
traffic to the specified port:
no redirect [UU/SS/PP]
vlan <vlan-id>
NOTE
The port on which the newlytagged packets arrive must be a
tagged member of vlan on which
the packet arrives before being retagged.
no vlan [<vlan-id>]
add-vlan <vlan-id>
no dscp [<value>]
inner-vpt <priority>
Page 30
dscp <value>
no add-vlan [<vlan-id>]
Command
Description
range of <07>
no inner-vpt [<priority>]
vpt <priority>
no vpt [<priority>]
copy-inner-vpt-to-outer-vpt
no copy-inner-vpt-to-outervpt
Restores to default
ip-access-group-extended {NAME
| <acl-number>} {in | out |
vlan}
no ip-access-group-extended
[NAME | <acl-number>] [in |
out | vlan]
fc <value>
NAME: a string of
<110> characters
no fc [<value>]
Removes FC mapping:
Page 31
Command
Description
yellow}
monitoring-profile <profileid>
Disabled
no monitoring-profile
[<profile-id>]
cbs <value>
100 KB
no cbs
Restores to default
cir <value>
1000 kbps
no cir
Restores to default
color-aware
no clor-aware
Restores to default
pbs <value>
100 KB
no pbs
Restores to default
pir <value>
Page 32
Command
Description
1000 kbps
no pir
Restores to default
ebs <value>
100 KB
no ebs
Restores to default
parent <id>
no parent
exceed-action {drop |
mark-yellow | mark-red}
Drop
no exceed-action [drop |
mark-yellow | mark-red]
redirect UU/SS/PP
Restores to default
(valid only for ingress ACLs) Redirects matching
traffic to the specified port:
no redirect [UU/SS/PP]
vlan <vlan-id>
dscp <value>
no add-vlan [<vlan-id>]
add-vlan <vlan-id>
no vlan [<vlan-id>]
Page 33
Command
Description
no dscp [<value>]
inner-vpt <priority>
no inner-vpt [<priority>]
vpt <priority>
no vpt [<priority>]
copy-inner-vpt-to-outer-vpt
no copy-inner-vpt-to-outervpt
Restores to default
set-green-to-dscp <value>
no set-green-to-dscp
set-green-to-vpt <value>
no set-green-to-vpt
set-red-to-dscp <value>
no set-red-to-dscp
set-red-to-vpt <value>
no set-red-to-vpt
set-yellow-to-dscp <value>
no set-yellow-to-dscp
Page 34
Command
Description
set-yellow-to-vpt <value>
no set-yellow-to-vpt
set-green-to-fc <value>
no set-green-to-fc
set-red-to-fc <value>
no set-red-to-fc
set-yellow-to-fc <value>
no set-yellow-to-fc
Description
NAME: a string of
<110> characters
monitoring-profile statistics:
counts match packets
NOTE
Statistics counters are reset
whenever a new ACL/monitoring
profile is applied on a port/SAP
port.
Page 35
Command
Description
NAME: a string of
<110> characters
monitoring-profile statistics:
counts match packets
NOTE
Statistics counters are reset
whenever a new ACL/monitoring
profile is applied on a port/SAP
port.
Page 36
Command
Description
NOTE
Statistics counters are reset
whenever a new ACL/monitoring
profile is applied on a port/SAP
port.
+ config terminal
+ system
+ [no] resource-management
- [no] ipv6-access-list
- destination-ip IPv6-PREFIX/LENGTH
- [no] established
- source-ip IPv6-PREFIX/LENGTH
- [no] traffic-class <value>
- [no] untagged
Page 37
port UU/SS/PP
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] redirect UU/SS/PP
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] redirect UU/SS/PP
Page 38
- [no] service
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] redirect UU/SS/PP
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
Page 39
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- show port UU/SS/PP [access-groups-rule-sequence <number>] ipv6access-group NAME [in] [monitoring-profile <profile-id> [statistics
[fbrs-green-bps | fbrs-green-fps | fbrs-match-counter-bps | fbrsmatch-counter-fps | fbrs-not-green-bps | fbrs-not-green-fps | fbrsnot-red-bps | fbrs-not-red-fps | fbrs-red-bps | fbrs-red-fps | fbrsyellow-bps | fbrs-yellow-fps | green-bps | green-fps | matchcounter-bps | match-counter-fps | not-green-bps | not-green-fps |
not-red-bps | not-red-fps | red-bps | red-fps | yellow-bps | yellowfps]]]
- show running-config ipv6 access-list
Description
config terminal
system
resource-management
Page 40
Command
Description
no resource-management
ipv6-access-list
no ipv6-access-list
description DESCRIPTION
no description
DESCRIPTION: a string of
<130> characters
rule <value>
no rule [<value>]
dscp <value>
no dscp [<value>]
Page 41
Command
Description
FF:FF:FF:FF. Use 0 for meaningful
bits (exact-match) and F for
meaningless bits (any). The last
12 bits are meaningful.
inner-vpt <priority>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no inner-vpt <priority>
destination-ip IPv6-
PREFIX/LENGTH
IPv6-PREFIX/LENGTH: destination
IPv6 network, in hexadecimal and
using 16-bit values between colons
(documented in RFC 3513). Enter
any as an abbreviation for the
IPv6 prefix ::/0.
protocol TYPE
established
no established
icmp-code <value>
Page 42
Command
Description
no icmp-code
icmp-type <value>
no icmp-type
tcp-source-port <value>
no tcp-source-port
tcp-destination-port <value>
no tcp-destination-port
udp-source-port <value>
no udp-source-port
udp-destination-port <value>
no udp-destination-port
source-ip IPv6-PREFIX/LENGTH
Page 43
Command
Description
any as an abbreviation for the
IPv6 prefix ::/0.
vpt <priority>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no vpt [<priority>]
traffic-class <value>
no traffic-class [<value>]
untagged
no untagged
Restores to default
port UU/SS/PP
service
Page 44
Command
Description
Configuration mode
Page 45
Command
Description
NOTE
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
NOTE
Page 46
Command
Description
<1-14>
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
access-groups-rule-sequence <number>
Page 47
Command
Description
NOTE
When applying the same ACL type
(for example, IP or MAC ACLs) to
an already used sequence number,
remove and apply the ACL again.
This action is not required when
applying different ACL types to the
same sequence number.
no access-groups-rule-sequence
[<number>]
ipv6-access-group NAME in
fc <value>
no fc [<value>]
Removes FC mapping:
monitoring-profile <profileid>
Page 48
no monitoring-profile
[<profile-id>]
Command
Description
no rate-limit [dual | single]
cbs <value>
100 KB
no cbs
Restores to default
cir <value>
1000 kbps
no cir
Restores to default
color-aware
no clor-aware
Restores to default
pbs <value>
100 KB
no pbs
Restores to default
pir <value>
1000 kbps
no pir
Restores to default
ebs <value>
100 KB
no ebs
Restores to default
Drop
Page 49
Command
Description
no exceed-action [drop |
mark-yellow | mark-red]
set-green-to-fc <value>
Restores to default
(valid only for ingress ACLs) Maps traffic marked
green to a Forwarding Class (FC):
no set-green-to-fc
set-red-to-fc <value>
no set-red-to-fc
set-yellow-to-fc <value>
no set-yellow-to-fc
copy-inner-vpt-to-outer-vpt
no copy-inner-vpt-to-outer-vpt
Restores to default
redirect UU/SS/PP
no redirect [UU/SS/PP]
Page 50
show port UU/SS/PP [access-groupsrule-sequence <number>] ipv6access-group NAME [in] [monitoringprofile <profile-id> [statistics
[fbrs-green-bps | fbrs-green-fps |
fbrs-match-counter-bps | fbrs-matchcounter-fps | fbrs-not-green-bps |
fbrs-not-green-fps | fbrs-not-redbps | fbrs-not-red-fps | fbrs-redbps | fbrs-red-fps | fbrs-yellow-bps
| fbrs-yellow-fps | green-bps |
green-fps | match-counter-bps |
match-counter-fps | not-green-bps |
not-green-fps | not-red-bps | notred-fps | red-bps | red-fps |
yellow-bps | yellow-fps]]]
NAME: a string of
<110> characters
monitoring-profile statistics:
counts match packets
NOTE
Statistics counters are reset
whenever a new ACL/monitoring
profile is applied on a port.
Command
Description
+ config terminal
+ port UU/SS/PP
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
Page 51
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
Page 52
- [no] copy-inner-vpt-to-outer-vpt
- [no] set-green-to-fc <value>
- [no] color-aware
- [no] ebs <value>
- [no] service
c-vlan {<cvlan-
- [no] color-aware
- [no] ebs <value>
Page 53
- [no] copy-inner-vpt-to-outer-vpt
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] color-aware
- [no] ebs <value>
Page 54
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
- show port UU/SS/PP [access-groups-rule-sequence <number>] mac-accessgroup [NAME | <acl-number>] [in | out | vlan] [monitoring-profile
<profile-id> [statistics [fbrs-green-bps | fbrs-green-fps | fbrsmatch-counter-bps | fbrs-match-counter-fps | fbrs-not-green-bps |
fbrs-not-green-fps | fbrs-not-red-bps | fbrs-not-red-fps | fbrs-redbps | fbrs-red-fps | fbrs-yellow-bps | fbrs-yellow-fps | green-bps |
green-fps | match-counter-bps | match-counter-fps | not-green-bps |
not-green-fps | not-red-bps | not-red-fps | red-bps | red-fps |
yellow-bps | yellow-fps]]]
Page 55
Description
config terminal
description DESCRIPTION
NAME: a string of
<110> characters
no description
DESCRIPTION: a string of
<130> characters
rule <value>
no rule [<value>]
da-type <type>
no da-type [<type>]
destination_mac
HH:HH:HH:HH:HH:HH
destination_mac_mask
HH:HH:HH:HH:HH:HH
Page 56
Command
Description
MAC addresses
no inner-vlan [<vlan-id>]
[inner-vlan-mask [<vlanmask>]]
inner-vpt <priority>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no inner-vpt [<priority>]
precedence TYPE
source_mac HH:HH:HH:HH:HH:HH
source_mac_mask
HH:HH:HH:HH:HH:HH
tos <value>
no precedence
no tos
untagged
no untagged
Restores to default
Page 57
Command
Description
bits (exact-match) and F for
meaningless bits (any). The last
12 bits are meaningful.
vpt <priority>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no vpt [<priority>]
dscp <value>
port UU/SS/PP
ethernet lag lag-id agN
no dscp [<value>]
service
Page 58
single-rate-limit: configures a
rate limit for the parent group
Command
Description
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
NOTE
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 59
Command
Description
values are: 1/3/9 and 1/4/9 .
Page 60
Command
Description
NOTE
access-groups-rule-sequence
<number>
Page 61
Command
Description
NOTE
When applying the same ACL type
(for example, IP or MAC ACLs) to
an already used sequence number,
remove and apply the ACL again.
This action is not required when
applying different ACL types to the
same sequence number.
no access-groups-rule-sequence
[<number>]
mac-access-group {NAME | <aclnumber>} {in | out | vlan}
no mac-access-group [NAME |
<acl-number>] [in | out |
vlan]
fc <value>
NAME: a string of
<110> characters
no fc [<value>]
Page 62
Removes FC mapping:
Command
Description
monitoring-profile <profileid>
no monitoring-profile
[<profile-id>]
cbs <value>
100 KB
no cbs
Restores to default
cir <value>
1000 kbps
no cir
Restores to default
color-aware
no clor-aware
Restores to default
pbs <value>
100 KB
no pbs
Restores to default
pir <value>
1000 kbps
no pir
Restores to default
ebs <value>
Page 63
Command
Description
Burst Size (EBS):
100 KB
no ebs
exceed-action {drop |
mark-yellow | mark-red}
Restores to default
Specifies the action performed once the packet is
classified as exceeding a particular rate limit:
Drop
no exceed-action [drop |
mark-yellow | mark-red]
parent <id>
Restores to default
(valid only for ingress ACLs) Applies the
configured parent rate-limiter:
no parent
redirect UU/SS/PP
no redirect [UU/SS/PP]
Page 64
no dscp [<value>]
dscp <value>
no add-vlan [<vlan-id>]
add-vlan <vlan-id>
no vlan [<vlan-id>]
vlan <vlan-id>
Command
Description
inner-vpt <priority>
no inner-vpt [<priority>]
vpt <priority>
no vpt [<priority>]
copy-inner-vpt-to-outer-vpt
no copy-inner-vpt-to-outer-vpt
Restores to default
set-green-to-dscp <value>
no set-green-to-dscp
set-green-to-vpt <value>
no set-green-to-vpt
set-red-to-dscp <value>
no set-red-to-dscp
set-red-to-vpt <value>
no set-red-to-vpt
set-yellow-to-dscp <value>
no set-yellow-to-dscp
set-yellow-to-vpt <value>
Page 65
Command
Description
no set-yellow-to-vpt
set-green-to-fc <value>
no set-green-to-fc
set-red-to-fc <value>
no set-red-to-fc
set-yellow-to-fc <value>
no set-yellow-to-fc
Description
NAME: a string of
<110> characters
NOTE
Statistics counters will be reset
whenever a new ACL/monitoring
profile is applied on a port/SAP
port.
show running-config mac access-list
Page 66
Command
Description
Page 67
+ config terminal
- [no] untagged
+
port UU/SS/PP
- cir <value>
- color-aware
- ebs <value>
- pbs <value>
- pir <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] set-green-to-fc <value>
Page 68
- cir <value>
- color-aware
- ebs <value>
- pbs <value>
- pir <value>
- [no] color-aware
- [no] ebs <value>
Page 69
- [no] color-aware
- [no] ebs <value>
+ [no] service
c-vlan {<cvlan-
- [no] copy-inner-vpt-to-outer-vpt
+ [no] rate-limit {dual | single}
- [no] cbs <value>
- [no] color-aware
- [no] ebs <value>
Page 70
- [no] color-aware
- [no] ebs <value>
- [no] copy-inner-vpt-to-outer-vpt
+ [no] rate-limit {dual | single}
- [no] cbs <value>
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
Page 71
- [no] color-aware
- [no] ebs <value>
- [no] color-aware
- [no] ebs <value>
- show port UU/SS/PP [access-groups-rule-sequence <number>] ether-typeaccess-group [NAME | <acl-number>] [in | out | vlan] [monitoringprofile <profile-id> [statistics [fbrs-green-bps | fbrs-green-fps |
fbrs-match-counter-bps | fbrs-match-counter-fps | fbrs-not-green-bps
| fbrs-not-green-fps | fbrs-not-red-bps | fbrs-not-red-fps | fbrsred-bps | fbrs-red-fps | fbrs-yellow-bps | fbrs-yellow-fps | greenbps | green-fps | match-counter-bps | match-counter-fps | not-greenbps | not-green-fps | not-red-bps | not-red-fps | red-bps | red-fps
| yellow-bps | yellow-fps]]]
Page 72
Description
config terminal
description DESCRIPTION
NAME: a string of
<110> characters
no description
DESCRIPTION: a string of
<130> characters
rule <value>
no rule [<value>]
Page 73
Command
no inner-vlan [<vlan-id>]
[inner-vlan-mask [<vlanmask>]]
inner-vpt <priority>
Description
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no inner-vpt [<priority>]
precedence TYPE
no precedence
tos <value>
Page 74
no tos
Command
Description
FF:FF:FF:FF. Use 0 for meaningful
bits (exact-match) and F for
meaningless bits (any). The last 12
bits are meaningful.
vpt <priority>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
no vpt [<priority>]
untagged
no untagged
Restores to default
dscp <value>
no dscp [<value>]
port UU/SS/PP
ethernet lag lag-id agN
service
single-rate-limit: configures a
rate limit for the parent group
Page 75
Command
Description
(depends on the link capacity) kbps
NOTE
Page 76
Command
Description
<1-14>
Page 77
Command
Description
NOTE
Page 78
Command
Description
access-groups-rule-sequence
<number>
NOTE
When applying the same ACL type
(for example, IP or MAC ACLs) to
an already used sequence number,
remove and apply the ACL again.
This action is not required when
applying different ACL types to the
same sequence number.
no access-groups-rule-sequence
[<number>]
ether-type-access-group {NAME |
<acl-number>} {in | out |
vlan}
no ether-type-access-group
[NAME | <acl-number>] [in
| out | vlan]
fc <value>
NAME: a string of
<110> characters
no fc [<value>]
Removes FC mapping:
Page 79
Command
Description
color {red | green |
yellow}
monitoring-profile <profileid>
no monitoring-profile
[<profile-id>]
cbs <value>
100 KB
no cbs
Restores to default
cir <value>
1000 kbps
no cir
Restores to default
color-aware
no clor-aware
Restores to default
pbs <value>
100 KB
no pbs
Restores to default
pir <value>
Page 80
Command
Description
(depends on the link capacity) kbps
1000 kbps
no pir
Restores to default
ebs <value>
100 KB
no ebs
Restores to default
exceed-action {drop |
mark-yellow | mark-red}
Drop
no exceed-action [drop |
mark-yellow | mark-red]
Restores to default
parent <id>
no parent
redirect UU/SS/PP
no redirect [UU/SS/PP]
no vlan [<vlan-id>]
vlan <vlan-id>
copy-inner-vpt-to-outer-vpt
no copy-inner-vpt-to-outervpt
Restores to default
add-vlan <vlan-id>
Page 81
Command
Description
no add-vlan [<vlan-id>]
dscp <value>
no dscp [<value>]
inner-vpt <priority>
no inner-vpt [<priority>]
vpt <priority>
set-green-to-dscp <value>
no vpt [<priority>]
no set-green-to-dscp
set-green-to-vpt <value>
no set-green-to-vpt
set-red-to-dscp <value>
no set-red-to-dscp
set-red-to-vpt <value>
no set-red-to-vpt
set-yellow-to-dscp <value>
Page 82
Command
Description
no set-yellow-to-dscp
set-yellow-to-vpt <value>
no set-yellow-to-vpt
set-green-to-fc <value>
no set-green-to-fc
set-red-to-fc <value>
no set-red-to-fc
set-yellow-to-fc <value>
no set-yellow-to-fc
Page 83
Description
show port UU/SS/PP [access-groups-rulesequence <number>] ether-type-accessgroup [NAME | <500-599>] [in | out |
vlan] [monitoring-profile <profileid> [statistics [fbrs-green-bps |
fbrs-green-fps | fbrs-match-counterbps | fbrs-match-counter-fps | fbrsnot-green-bps | fbrs-not-green-fps |
fbrs-not-red-bps | fbrs-not-red-fps |
fbrs-red-bps | fbrs-red-fps | fbrsyellow-bps | fbrs-yellow-fps | greenbps | green-fps | match-counter-bps |
match-counter-fps | not-green-bps |
not-green-fps | not-red-bps | notred-fps | red-bps | red-fps | yellowbps | yellow-fps]]]
NAME: a string of
<110> characters
NOTE
Statistics counters will be reset
whenever a new ACL/monitoring
profile is applied on a port/SAP
port.
show running-config ether-type accesslist
Page 84
Traffic Type
Description
unknown-unicast
Traffic Type
Description
known-unicast
known-multicast
unknown-multicast
broadcast
Meaning
match-counter-fps
match-counter-bps
rate-limit-statistics-red-notred-fps
rate-limit-statistics-red-notred-bps
rate-limit-statistics-green-notgreen-fps
rate-limit-statistics-green-notgreen-bps
rate-limit-statistics-green-red-fps
rate-limit-statistics-green-red-bps
rate-limit-statistics-green-yellow-fps
rate-limit-statistics-green-yellow-bps
rate-limit-statistics-red-yellow-fps
rate-limit-statistics-red-yellow-bps
Description
Value
max-reliability
max-throughput
min-delay
min-monetary-cost
normal
Normal TOS
Description
critical
Critical precedence
flash
Flash precedence
Page 85
Description
flash-override
immediate
Immediate precedence
internet
network
priority
Priority precedence
routine
Routine precedence
Page 86
Description
Value
alternate-address
conversion-error
31
35
36
echo
Echo (ping)
echo-reply
Echo reply
information-reply
Information replies
16
information-request
Information requests
15
ipv6-i-am-here
IPv6 I-Am-Here
34
ipv6-where-are-you
IPv6 Where-Are-You
33
mask-reply
17
mask-request
18
mobile-redirect
32
mobile-registration-reply
35
mobile-registrationrequest
36
parameter-problem
Parameter Problem
12
photuris
Photuris
40
redirect
All redirects
router-advertisement
Router Advertisement
router-solicitation
Router Solicitation
10
skip
SKIP
39
source-quench
Source Quench
time-exceeded
Time Exceeded
11
timestamp-reply
Timestamp Reply
14
timestamp-request
Timestamp
13
traceroute
Traceroute
30
unreachable
Destination unreachable
Description
Value
administrativelyprohibited
13
dod-host-prohibited
10
dod-net-prohibited
host-isolated
host-precedenceunreachable
14
host-tos-unreachable
12
host-unknown
host-unreachable
Host is unreachable
net-tos-unreachable
11
net-unreachable
Net is unreachable
network-unknown
packet-too-big
port-unreachable
Port is unreachable
precedence-cutoff
15
protocol-unreachable
Protocol is unreachable
source-route-failed
Description
Value
bgp
179
chargen
Character generator
19
daytime
Daytime
13
discard
Discard
domain
53
echo
Echo
exec
Exec (rsh)
512
finger
Finger
79
ftp
21
ftp-data
20
gopher
Gopher
70
hostname
102
ident
Ident protocol
113
Page 87
Description
Value
irc
194
klogin
Kerberos login
543
kshell
Kerberos shell
544
login
Login (rlogin)
513
lpd
Printer service
515
nntp
119
pim-auto-rp
PIM Auto-RP
496
pop2
109
pop3
110
smtp
25
sunrpc
111
syslog
Syslog
514
tacacs-ds
49
talk
Talk
517
telnet
Telnet
23
time
Time
37
uucp
540
whois
Nickname
43
www
80
Page 88
Description
Value
biff
512
bootps
67
bootpc
68
discard
Discard
dnsix
195
domain
53
echo
Echo
isakmp
500
mobile-ip
Mobile IP registration
434
nameserver
42
netbios-dgm
138
netbios-ns
137
netbios-ss
139
ntp
123
Description
Value
pim-auto-rp
PIM Auto-RP
496
rip
520
snmp
161
snmptrap
SNMP Traps
162
sunrpc
111
syslog
Syslog
514
tacacs-ds
49
talk
Talk
517
tftp
69
time
Time
37
who
Who service
513
xdmcp
177
Page 89
Description
be
l2
af
l1
h2
ef
h1
nc
Description
0x00000x05DC
0x0800
IP (Internet Protocol)
0x0806
0x8035
0x80F3
0x8137
0x86DD
0x880B
0x880C
0x8847
0x8848
0x8863
0x8864
0x88BB
0x8E88
0xFFFF
Reserved
NOTE
Permitting EtherType code 0x8XXX allows tagged traffic since EtherType 0x8100 is
used.
Page 90
2.
3.
4.
5.
6.
7.
8.
Page 91
duplex
auto
learn-new-mac-addresses
no shutdown
qos-ingress-policy
defInPol
qos-egress-policy
defEgPol
access-groups-rule-sequence 1
ip-access-group-standard 3 in
rate-limit single
cir 5000
cbs 50
!
exit
!
exit
!
!
2.
3.
4.
5.
6.
Page 92
7.
2.
3.
Apply the configured ACL on port 1/1/1 and redirect the matching traffic to the VLAN 200
by changing the VLAN ID in the packet header:
device-name(config)#port 1/1/1
Page 93
device-name(config-port-1/1/1)#access-groups-rule-sequence 1
device-name(config-access-groups-rule-sequence-1)#ip-access-group-extended
100 vlan
device-name(config-ip-access-group-extended-100/vlan)#vlan 200
device-name(config-ip-access-group-extended-100/vlan)#commit
Commit complete.
4.
Apply the configured ACL on port 1/1/2 and limit the outgoing traffic to 5M, and remark
dscp value with 44:
device-name(config)#port 1/1/2
device-name(config-port-1/1/2)#
device-name(config-port-1/1/1)#access-groups-rule-sequence 1
device-name(config-access-groups-rule-sequence-1)#ip-access-group-extended
100 out
device-name(config-ip-access-group-extended-100/out)#rate-limit single cir
5000 cbs 16
device-name(config-rate-limit-single)#exit
device-name(config-ip-access-group-extended-100/out)#dscp 44
device-name(config-ip-access-group-extended-100/out)#commit
Commit complete.
2.
Create ACLs:
device-name(config)#ip access-list standard 66
device-name(config-standard-66)#rule 1
device-name(config-rule-1)#action permit
device-name(config-rule-1)#source-ip 1.0.0.1/32
device-name(config-rule-1)#vpt 2
device-name(config-rule-1)#ip access-list standard 67
device-name(config-standard-67)#rule 1
device-name(config-rule-1)#action permit
device-name(config-rule-1)#source-ip 1.0.0.2/32
device-name(config-rule-1)#vpt 3
device-name(config-rule-1)#ip access-list standard 68
device-name(config-standard-68)#rule 1
device-name(config-rule-1)#action permit
device-name(config-rule-1)#source-ip 1.0.0.3/32
Page 94
device-name(config-rule-1)#vpt 4
device-name(config-rule-1)#commit
Commit complete.
3.
Apply ACGs (on the ingress traffic only) on a SAP port with defined traffic rate-limit:
device-name(config-vpls-2)#sap 1/1/1:20:
device-name(config-sap-1/1/1:20:)#access-groups-rule-sequence 1
device-name(config-access-groups-rule-sequence-1)#ip-access-group-standard
66 in
device-name(config-ip-access-group-standard-66/in)#monitoring-profile 10
device-name(config-ip-access-group-standard-66/in)#access-groups-rulesequence 2
device-name(config-access-groups-rule-sequence-1)#ip-access-group-standard
67 in
device-name(config-ip-access-group-standard-67/in)#monitoring-profile 5
device-name(config-ip-access-group-standard-67/in)#access-groups-rulesequence 3
device-name(config-access-groups-rule-sequence-1)#ip-access-group-standard
68 in
device-name(config-ip-access-group-standard-68/in)#rate-limit single cir
5000 cbs 16
device-name(config-ip-access-group-standard-68/in)#monitoring-profile 10
device-name(config-rate-limit-single)#commit
Commit complete.
Apply ACGs (on ingress traffic only) on a SAP port with defined traffic rate-limit::
device-name(config)#service
device-name(config-service)#tls 1
device-name(config-tls-1)#sap 1/1/1
device-name(config-sap-1/1/1)#c-vlan 12
device-name(config-c-vlan-12)#access-groups-rule-sequence 1
device-name(config-access-groups-rule-sequence-1)#ip-access-group-extended
100 in
device-name(config-ip-access-group-extended-100/in)#rate-limit dual
device-name(config-rate-limit-dual)#cir 1000
device-name(config-rate-limit-dual)#cbs 16
device-name(config-rate-limit-dual)#pir 2000
device-name(config-rate-limit-dual)#pbs 16
device-name(config-rate-limit-dual)#exceed-action mark-yellow
device-name(config-rate-limit-dual)#color-aware
device-name(config-rate-limit-dual)#monitoring-profile 10
device-name(config-monitoring-profile-10)#sdp s-vlan 10
device-name(config-s-vlan-10)#port 1/1/2
device-name(config-port-1/1/2)#commmit
device-name(config-port-1/1/2)#end
2.
Page 95
service
tls 1
sap 1/1/1
c-vlan 12
access-groups-rule-sequence 1
ip-access-group-extended 100 in
rate-limit dual
cir
1000
cbs
16
pir
2000
pbs
16
exceed-action mark-yellow
color-aware
!
monitoring-profile 10
!
!
!
!
!
!
!
Page 96
device-name(config-access-list-3000)#rule 1
device-name(config-rule-1)#action deny
device-name(config-rule-1)#source-ip 2001::9/128
device-name(config-rule-1)#destination-ip 2001::a/128
device-name(config-rule-1)#exit
device-name(config-access-list-3000)#rule 2
device-name(config-rule-2)#action permit
device-name(config-rule-2)#source-ip 2001::8/126
device-name(config-rule-2)#destination-ip 2001::1/128
2.
Page 97
Page 98
Feature
Standards
MIBs
RFCs
Access Control
Lists (ACLs)
No standards are
supported by this
feature.
Private MIB,
PRVT-SWITCHACCESS-LISTMIB.mib
Page 1
QoS Commands 21
Configuration Examples 39
Supported Standards, MIBs, and RFCs42
Table of Figures
Figure 1: Port-based QoS Architecture ............................................................................................... 4
Figure 2: 802.1p Priority Header Fields .............................................................................................. 5
Figure 3: Type of Service (ToS) Header Fields .................................................................................. 6
Figure 4: Strict Priority Queuing ........................................................................................................ 10
Figure 5: Weighted Round-Robin Queuing ...................................................................................... 11
Figure 5: Service Ingress QoS Architecture ...................................................................................... 15
Figure 6: Combining Service Ingress QoS and Port-based QoS ................................................... 15
Figure 7: QoS Configuration Flow .................................................................................................... 20
List of Tables
Table 1: Modified Deficit Round-Robin Queuing Algorithms...................................................... 12
Table 2: QoS Default Configuration ................................................................................................. 13
Table 3: QoS Default Configuration ................................................................................................. 18
Table 4: QoS Profiles Configuration Commands ............................................................................ 22
Table 5: QoS Policy Configuration Commands .............................................................................. 32
Table 6: QoS Port Configuration Commands.................................................................................. 36
Table 7: QoS Display Configuration Commands ............................................................................ 38
Page 2
T-Marc3208SH
Voice applications demand small amounts of bandwidth. However, the bandwidth must be
constant and predictable because voice applications are typically sensitive to latency (interpacket delay) and jitter (variation in inter-packet delay).
Video applications have similar needs as voice applications with the exception that bandwidth
requirements are somewhat larger depending on encoding.
Some applications can transmit large amounts of data for multiple streams in one spike with
the expectation that the end-stations will buffer significant amounts of video-stream data. This
behavior presents a problem since the network infrastructure must be capable of buffering
transmitted spikes where there are speed differences involved (for example, going from
Gigabit Ethernet to Fast Ethernet).
Database applications such as those associated with ERP, typically do not demand significant
bandwidth and are tolerant of delay. The user can establish a minimum bandwidth using a
lower priority than that needed for delay-sensitive applications.
Web browsing applications cannot be generalized into a single category. Casual and
application-oriented traffic can be distinguished from each other by server source and
destination.
Page 3
Most browser-based applications have an asymmetric data flow (small data flows from
the browser client and large data flows from the server to the browser client). An
exception to this pattern may be created by some Java -based applications.
Web-based applications are generally tolerant of latency, jitter, and some packet loss:
however, small packet-loss may have a large impact on perceived performance due to the
nature of TCP.
File server applications typically pose the greatest demand on bandwidth. File server
applications are very tolerant of latency, jitter, and some packet loss depending on the network
operating system and the use of TCP or UDP.
QoS Mechanisms
The user can control Quality of Service behavior through the following mechanisms:
Page 4
Mapping inbound packets into eight Forwarding classes that correspond to eight outbound
queues. Existing QoS markers such as VPT and DSCP values can be used for mapping
purposes.
Controlling queue overflow states using the Congestion Avoidance and color-aware
mechanisms.
Scheduling packet trasmissions out of the outbound queues. Several basic scheduling
mechanisms are provided:
Strict Priority (SP)
Weighted Round-Robin (WRR)
Deficit Round-Robin (DRR)
In addition, several hybrid scheduling schemes are available, which combine the
Weighted/Deficit Round-Robin and Strict Priority mechanisms.
The device maps ingress traffic containing 802.1p prioritization information, to hardware queues
on the egress port of the device. The transmitting hardware queue determines bandwidth
management and priority characteristics used in packet transmission and exact mapping depends on
the employed trust mode.
By default, 802.1p priority information is not replaced or manipulated. Priority information
observed on ingress is preserved during packet transmission and is not affected by the switching or
routing configuration of the device. The device is capable of using the 802.1p priority information
Page 5
of incoming traffic for internal QoS mapping and handling or ignore it (default untrusted mode)
changing, however in any case the 802.1p priority information is kept during transmission of an
802.1Q tagged frame (unless the device is configured to remark it)
The device examines the first six of eight ToS bits, known as the Differentiated Services Code
Point (DSCP), for incoming packets arriving on the ingress port. Depending on the trust mode
assigned to the packet and based on the DSCP, the device can assign the QoS priority used to
subsequently transmit the packet. QoS priority:
Controls the hardware queue used to transmit packets out of the device
Class of service information can be carried throughout the network infrastructure without
repeated complex traffic policies at each device location
Application software can observe and manipulate DSCP information without performance
penality.
This classification is performed according to the configured mapping profile and the trust mode for
the port. During this process, a "color" is assigned to each packet in addition to the FC.
The FC value determines the transmission queue and the color will be used for the Congestion
Avoidance mechanism.
There are eight FC values representing eight transmission queues with different priorities (low to
high):
be queue 1
l2 queue 2
af queue 3
l1 queue 4
h2 queue 5
ef queue 6
h1 queue 7
nc queue 8
A single packet can be assigned to one of the eight queues for transmission. The order of packet
transmission out of the queues occurs according to the configured QoS scheduling algorithm (Strict
Priority by default).
For example, a packet received with VPT 2 and classified as the Forwarding Class be (and by
extension, to transmission queue 1), will be served in queue1 but it will egress the device with the
received VPT 2.
By default, the QoS markers (VPT \DSCP) for incoming traffic to a port are ignored (untrusted
mode) and all traffic is mapped to FC "be", assigned with "green" color and transmitted via queue
1.
Profiles
A profile includes a set of configurable values that can be applied within a QoS policy. The device
supports the following QoS Profile types:
Mapping Profile: Maps L2(VPT or L3 (DSCP) marked traffic (or both) to particular
Forwarding Classes (FCs) and traffic colors.
Remarking profile: Specifies the VPT or DSCP remarking per egress according to FC and
color.
Port-Related Policies
The device supports the following port-related QoS policies:
Page 7
Applies mapping of VPT/DSCP values to Forwarding Class (FC) and traffic color
through a mapping profile.
Applies trust mode of the VPT/DSCP values to the ingress traffic.
Description
Shaper profiles: 8
Order of Configuration
1.
2.
Page 8
Untrusted (default): For incoming traffic, VPT\DSCP fields are ignored and all incoming
traffic is mapped to a single Forwarding Class and color, according to untrust-to-fc command
configuration.
VPT-trusted: Incoming traffic carrying VPT will be mapped according to a "global" or userdefined mapping profile.
VPT and DSCP trusted: VPT and DSCP incoming traffic will be mapped according to a
"global" or user defined mapping profile.
Traffic Scheduling
Traffic scheduling controls congestion by determining transmission order for packets based on
assigned priorities. Traffic scheduling requires:
Setting the method for timing the transmission of packet out of the queues
Using scheduling features, packets accumulate at port queues waiting for transmission. Packets are
scheduled for transmission according to their assigned priority and the configured queuing
mechanism. The device determines the order of packet transmission by controlling which packets
are placed in which queue and how those queues are serviced with respect to each other.
Scheduling Methods
The following scheduling methods are available:
Hybrid Scheduling
Page 9
Strict Priority Scheduling provides absolute preferential treatment to high priority traffic ensuring
that mission-critical traffic traversing various WAN links gets priority treatment. In addition, SP
provides a faster response time than do other methods of queuing.
Page 10
Hybrid Scheduling
The Hybrid Scheduling method combines Strict Priority queuing and Weighted Round Robin
scheduling. Queues with higher priority are serviced with SP while the remaining queues are
serviced in accordance with WRR once the higher priority queues are empty.
SP/WRR hybrid scheduling guarantees immediate delivery of packets from high-ranking queues
while avoiding starvation of the lowest-ranking queues.
Table 2 explains the available hybrid scheduling algorithms.
Table 2: Hybrid Scheduling Algorithms
Algorithm Name
Algorithm Description
Hybrid 1
Hybrid 2
Hybrid 3
Hybrid 4
Hybrid 5
Hybrid 6
Page 11
algorithm sends from the next queue. When sending frames from a queue, DRR keeps track of the
number of data bytes de-queued in excess of the configured value.
When sending from the queue again, less data is de-queued to compensate for the excess data
previously sent. As a result, the average amount of data de-queued per queue is close to the
configured value.
Two variables define each DRR/MDRR queue:
Quantum Value: An average number of bytes served in each round. The quantum value is 2
KB.
Deficit Counter:Tracks the number of transmitted bytes per queue in each round. Initially,
the counter holds the quantum value.
For each queue, the mechanism sends packets as long as the deficit counter is greater than zero.
Each sent packet decreases the deficit counter by a value equal to its length in bytes. You cannot
send a queue after the deficit counter drops to zero or moves into negative numbers. DRR serves
more packets at a time if the packet size is less than the quantum value.
Each DRR queue can receive a relative weight with one of the queues from the group defined as a
priority queue. The weights assign relative bandwidth for each queue when the port is congested.
NOTE
DRR scheduling using fixed packet size behaves the same as Weighted Round
Robin.
Algorithm Description
MDRR 1
MDRR 2
MDRR 3
MDRR 4
MDRR 5
MDRR 6
Traffic Shaping
When congestion occurs, output or egress traffic is shaped on a per-port, per-service, and perqueue basis. Output traffic monitoring verifies that the traffic conforms to the rate configured for
the device. When excessive traffic is detected on the device, the output port applies traffic shaping
and controls excess traffic. If the device queues overflow, traffic is dropped.
Page 12
The shaping implementation in the device uses CIR to limit the traffic rate and CBS to allow
temporary bursts to breach the CIR as part of the Service Level Agreement.
Default Value
defMapProf
Global
This profile implements the default mapping on device, see Table 8:
Mapping Profile Default Configuration
QoS scheduling
algorithm
Strict Priority
untrust
green
User priority
fc=be
DSCP value
Traffic shaping
Disabled
defMapProf
Global
Priority
Mapping
VPT
FC
Color
be
green
DSCP
untrust
Page 13
global
Priority
Mapping
VPT
DSCP
FC
Color
be
green
l2
green
af
green
l1
green
h2
green
ef
green
h1
green
nc
green
0-7
be
green
8-15
l2
green
16-23
af
green
24-31
l1
green
32-39
h2
green
40-47
ef
green
48-55
h1
green
56-63
nc
green
Policy Type
Profile Type/Name
Mapping
Scheduling
Trust Mode
defInPol
ingress
defMapProf
untrust
defEgPol
egress
Page 14
Page 15
It is possible to combine Service-based QoS and Port-based QoS on the same device to gain
enhanced and granular Service Level Agreement requirements as in the preceding figure.
Profiles
A profile includes a set of configurable values that can be applied within a QoS policy. The device
supports the following QoS Profile types:
Mapping Profile: Maps L2(VPT or L3 (DSCP) marked traffic (or both) to particular
Forwarding Classes (FCs) and traffic colors.
Port-Related Policies
The device supports the following port-related QoS policies:
Page 16
Service-Related Policies
The device supports the following service-related QoS policies:
Description
Shaper profiles: 8
Order of Configuration
3.
4.
Define and configure the ingress/egress policies and service ingress policies.
Port Ingress Policy: Map VPT and DSCP bits for incoming traffic to internal Forwarding
Class (FC), color, and trust mode. The FC groups in ingress policies are mapped to
queues.
Port Egress Policy: Define the queueing mechanism (scheduling) and shaper profile.
Service ingress policy includes configuring the shaper and scheduling profiles.
5.
Apply the configured policies to ports/Service SAP. Once applied, QoS profiles and policies
can be modified. For updating the configuration of any service or port, the applied policies
must first be first removed from that configuration. You are not able to delete profiles and
polices attached to port or SAP.
Page 17
Default Value
defMapProf
Global
This profile implements the default mapping on device, see Table 8:
Mapping Profile Default Configuration
QoS scheduling
algorithm
Strict Priority
untrust
green
User priority
fc=be
DSCP value
Traffic shaping
Disabled
defMapProf
Global
Page 18
Priority
Mapping
VPT
FC
Color
be
green
DSCP
untrust
global
Priority
Mapping
VPT
DSCP
FC
Color
be
green
l2
green
af
green
l1
green
h2
green
ef
green
h1
green
nc
green
0-7
be
green
8-15
l2
green
16-23
af
green
24-31
l1
green
32-39
h2
green
40-47
ef
green
48-55
h1
green
56-63
nc
green
Policy Type
Profile Type/Name
Mapping
Scheduling
Trust Mode
defInPol
ingress
defMapProf
untrust
defEgPol
egress
Page 19
Page 20
QoS Commands
QoS Profile Configuration Commands
Commands Hierarchy
+ config terminal
+ qos
+ dscp-to-fc <dscp-marking>
+ vpt-to-fc <vpt-marking>
Page 21
Commands Descriptions
Table 4: QoS Profiles Configuration Commands
Command
Description
qos
mapping-profile {| PROFILE-NAME}
Page 22
Command
any-dscp-to-fc fc {be | l2 | af | l1
| h2 | ef | h1 | nc}
Description
Assigns the specified Forwarding Class (FC) to
all DSCP-marked ingress traffic, without
reference to its actual DSCP-marking:
no any-dscp-to-fc fc
Restores to default
no any-vpt-to-fc color
Restores to default
any-vpt-to-fc fc {be | l2 | af | l1
| h2 | ef | h1 | nc}
no any-vpt-to-fc fc
Restores to default
description DESCRIPTION
no description
dscp-to-fc <dscp-marking>
Page 23
Command
no dscp-to-fc [<dscp-marking>]
Description
Deletes from profile the DSCP-to-FC/color
mapping for the specified DSCP marking or,
when used without a parameter, deletes all
configured DSCP-to-FC/color mappings.
set-to-fc {be | l2 | af | l1 | h2
| ef | h1 | nc}
no set-to-fc
vpt-to-fc <vpt-marking>
Restores to default
Enters the VPT-to-FC mode for the specified
VPT marking for configuring the mapping of the
ingress traffic bearing that marking to a
particular color and forwarding class:
no vpt-to-fc [<vpt-marking>]
no color
Page 24
Restores to default
Command
set-to-fc {be | l2 | af | l1 | h2
| ef | h1 | nc}
remarking-profile PROFILE-NAME
Description
Maps the traffic with the configured VPT
marking to the specified FC:
no remarking-profile [PROFILE-NAME]
description DESCRIPTION
no description DESCRIPTION
fc-to-dscp {be | l2 | af | l1 | h2 |
ef | h1 | nc} {green | yellow}
be: specifies be FC
l2: specifies l2 FC
af: specifies af FC
l1: specifies l1 FC
h2: specifies h2 FC
ef: specifies ef FC
h1: specifies h2 FC
nc: specifies nc FC
If queues are not explicitly remarked to userdefined DSCP values, the queues are
remarked with dscp 0.
Page 25
Command
no fc-to-dscp {be | l2 | af | l1 |
h2 | ef | h1 | nc} {green |
yellow}
dscp <value>
Description
Removes the configured FC-to-DSCP
remarking:
no dscp
fc-to-vpt {be | l2 | af | l1 | h2 |
ef | h1 | nc} {green | yellow}
Page 26
be: specifies be FC
l2: specifies l2 FC
af: specifies af FC
l1: specifies l1 FC
h2: specifies h2 FC
ef: specifies ef FC
h1: specifies h2 FC
nc: specifies nc FC
Command
no fc-to-vpt {be | l2 | af | l1 | h2
| ef | h1 | nc} {green | yellow}
vpt <value>
Description
Removes the configured FC-to-VPT remarking:
no vpt
scheduling-profile <profile-id>
no scheduling-profile [<profile-id>]
Page 27
Command
Description
algorithm
queue1-weight <value>
no queue1-weight
queue2-weight <value>
no queue1-weight
queue3-weight <value>
no queue1-weight
queue4-weight <value>
no queue1-weight
queue5-weight <value>
Page 28
Command
Description
no queue1-weight
queue6-weight <value>
no queue1-weight
queue7-weight <value>
no queue1-weight
description DESCRIPTION
no description DESCRIPTION
shaper-profile port <profile-id>
cbs <cbs>
100 KB
no cbs
Restores to default
cir <cir>
1000 kbps
no cir
Restores to default
description DESCRIPTION
no description DESCRIPTION
shaper-profile service <profile-id>
Page 29
Command
no shaper-profile service [<profileid>]
Description
Deletes the specified service shaper profile or,
when used without a parameter, deletes all
service shaper profiles.
cbs <cbs>
100 KB
no cbs <cbs>
Restores to default
cir <cir>
1000 kbps
no cir <cir>
Restores to default
description DESCRIPTION
no description DESCRIPTION
Page 30
Page 31
Commands Descriptions
Table 5: QoS Policy Configuration Commands
Command
Description
qos
port-egress-policy POLICY-NAME
description DESCRIPTION
no description
queue <queue-id>
no queue <queue-id>
shaper-profile <profile-id>
scheduling-profile <profile-id>
no shaper-profile
no scheduling-profile
shaper-profile <profile-id>
no shaper-profile
Page 32
Command
remarking-profile <profile-id>
Description
Assigns a remarking profile to the configured
policy. The profile is selected from the
available remarking profiles.
no remarking-profile
port-ingress-policy POLICY-NAME
description DESCRIPTION
no description DESCRIPTION
mapping-profile PROFILE-NAME
no mapping-profile
trust-priority-and-dscp: trusts
all DSCP- and VPT-marked ingress
traffic; the DSCP-marked traffic
has higher precedence than the
VPT traffic
Restores to default
Page 33
Command
untrust-to-fc fc {be | l2 | af | l1 |
h2 | ef | h1 | nc} color {green |
yellow}
no untrust-to-fc fc {be | l2 | af |
l1 | h2 | ef | h1 | nc} color
{green | yellow}
service-ingress-policy POLICY-NAME
Description
Assigns a specific FC and color to all untrusted
ingress traffic:
no service-ingress-policy POLICY-NAME
description DESCRIPTION
no description DESCRIPTION
queue <queue-id>
no queue <queue-id>
shaper-profile <profile-id>
no shaper-profile
Page 34
Command
Description
scheduling-profile <profile-id>
no scheduling-profile
shaper-profile <profile-id>
no shaper-profile
+ config terminal
+ port UU/SS/PP
+ service
Page 35
Commands Descriptions
Table 6: QoS Port Configuration Commands
Command
Description
config terminal
port UU/SS/PP
qos-egress-policy POLICY-NAME
no qos-egress-policy
qos-ingress-policy POLICY-NAME
no qos-ingress-policy
service
tls <service-id>
no tls <service-id>
qos-ingress-policy POLICY-NAME
no qos-ingress-service-policy
POLICY-NAME
Page 36
Command
Description
NOTE
apply-qos-policy
no apply-qos-policy
Page 37
Commands Descriptions
Table 7: QoS Display Configuration Commands
Command
Description
Page 38
Command
Description
NAME
show service
Configuration Examples
Configuring QoS Shaper per Port
1.
2.
3.
Page 39
2.
3.
2.
Create a TLS service and apply the QoS service policy on one of the SAPs:
device-name(config)#service tls 100
device-name(config-tls-100)#qos-ingress-policy 22
device-name(config-tls-100)#sdp s-vlan 100 interface 1/1/1
device-name(config-interface-1/1/1)#sap 1/1/2 c-vlan 33 apply-qos-policy
device-name(config-c-vlan-33)#sap 1/1/2 c-vlan 44
device-name(config-c-vlan-44)#commit
Commit complete.
3.
4.
Configure both ACLs to match only the traffic from the configured C-VLANs; apply rate limit
on physical port 1/1/2 which is also a SAP in C-VLAN 33:
device-name(config-rule-1)#port 1/1/2
Page 40
device-name(config-port-1/1/2)#access-groups-rule-sequence 1 ip-accessgroup-standard 70 in
device-name(config-ip-access-group-standard-70/in)#commit
Commit complete.
device-name(config-ip-access-group-standard-70/in)#exit
device-name(config-port-1/1/2)#access-groups-rule-sequence2 ip-accessgroup-standard 71 in
device-name(config-ip-access-group-standard-71/in)#rate-limit single cir
7000 cbs 16
device-name(config-rate-limit-single)#commit
Commit complete.
NOTE
On SAP 1/1/2:33:, QoS service policy with shaper 5M has been configured,
and, on sap 1/1/2:44:ACL with rate-limit 7M.
5.
Apply rate limit on physical port 1/1/2 which is also a SAP in C-VLAN 44:
device-name(config)#port 1/1/2
device-name(config-port-1/1/2)#access-groups-rule-sequence 3 ip-accessgroup-standard 70 in
device-name(config-ip-access-group-standard-70/in)#rate-limit single cir
2000 cbs 16
device-name(config-rate-limit-single)#commit
Commit complete.
NOTE
Because the rate limit is lower than the shaper, on SAP 1/1/2:33:, rate-limit of 2M
applied instead of the shaper per ingress of 5M.
Page 41
Page 42
Feature
Standards
MIBs
RFCs
Quality of Service
(QoS)
MEF-10
(Ethernet Services
Attributes Phase I)
Private MIB,
PRVT-QOSMIB.mib
Not supported
Page 1
Page 2
Table of Figures
Figure 1: OAM Ethernet Tools ............................................................................................................ 6
Figure 2: MEP1 and MEP3 Send a Multicast CC Frame ................................................................. 7
Figure 3: MEP4 and MEP2 Send a Multicast CC Frame ................................................................. 7
Figure 4: Loopback Operation ............................................................................................................. 8
Figure 5: Link Trace Operation ............................................................................................................ 9
Figure 6: CFM Configuration Flow ................................................................................................... 11
Figure 7: End-to-End OAM Configuration ..................................................................................... 28
Figure 8: Managing Provider Devices Using the EFM 802.3ah Standard ................................... 29
Figure 9: Managing Customer Devices (Passive) Using the EFM 802.3ah Standard ................. 30
Figure 10: EFM-OAM Configuration Flow ..................................................................................... 35
Figure 11: Example Configuring of Two Devices using EFM-OAM .......................................... 45
Figure 12: Network with two R-APS Instances (Traffic flowing in different directions) ......... 50
Figure 13: R-APS Configuration Flow .............................................................................................. 52
Figure 14: Protecting Services Using EPS ........................................................................................ 63
Figure 15: EPS Configuration Flow................................................................................................... 64
Figure 16: ITU-T Y.1731 SAA In-Service Configuration Flow .................................................... 85
Figure 17: Two Devices in SAA In-Service Test Mode.................................................................. 92
Figure 18: Unidirectional Test ............................................................................................................ 95
Figure 19: End-to-End Unicast Loopback Test .............................................................................. 96
Figure 20: SAA Out-of-Service Throughput Configuration Flow ................................................ 97
Figure 21: Two Devices in SAA Out-of-Service Throughput Test Mode ................................. 105
Figure 22: ITU-T Y.1731-SLM In-Service Configuration Flow .................................................. 110
Figure 23: Event Propagation Configuration Flow ....................................................................... 121
Figure 24: Example for Configuring Event Propagation ............................................................. 126
List of Tables
Table 1: Defects and Priorities ........................................................................................................... 10
Table 2: CFM Configuration Commands ......................................................................................... 15
Table 3: CFM Display Commands..................................................................................................... 25
Table 4: EFM Configuration Commands ......................................................................................... 37
Table 5: EFM Display Commands .................................................................................................... 42
Table 6: Log messages employed by the EFM-OAM protocol..................................................... 43
Table 7: R-APS Commands ................................................................................................................ 54
Table 8: EPS Commands .................................................................................................................... 65
Table 9: Y.1564 Test Commands ....................................................................................................... 73
Table 10: ITU-T Y.1731 SAA In-Service Test Commands ........................................................... 86
Table 11: SAA Out-of-Service Throughput Commands ................................................................ 99
Table 12: ITU-T Y.1731-SLM SAA In-Service Test Commands ............................................... 111
Table 13: Event Propagation Commands ....................................................................................... 122
Page 3
T-Marc3208SH
Page 4
ITU-T Y.1731 SAA In-Service Test and RFC 2544 SAA Out-of-Service Throughput Test
SAA tests provider automate pro-active testing of all service elements.
Event Propagation
The Event Propagation feature allows you to configure automatic actions executed upon
the occurrence of specific events.
Discovery and verification of the frame path addressed to and from specified network users
Ethernet CFM defines proactive and diagnostic fault localization procedures for point-to-point and
multipoint Ethernet Virtual Connections (EVC) that span one or more links.
Fault Isolation: Identification and isolation of the fault point within the service path
Page 5
CFM Purpose
Bridges are used increasingly in networks operated by multiple, independent organizations. In such
networks, each organization maintains restricted access to its equipment. CFM assists in detection,
verification, and isolation of connectivity failures in networks where multiple organizations are
involved in the provision and use of Ethernet services such as customers, service providers, and
operations.
Customers purchase Ethernet service from service providers who in turn may utilize their own
network or the network of other operators to provide connectivity for the requested service.
Customers themselves may be service providers. For example, a customer may be an Internet
service provider that sells Internet connectivity.
Operators need minimal Ethernet OAM as opposed to providers that need more comprehensive
Ethernet OAM for themselves as well as the ability to provide their customers with better
monitoring functionality.
In order to validate service quality and perform fault verification on Maintenance End Points
(MEP) and Maintenance Intermediate Points (MIPs) belonging to the organization, each
organization defines its own maintenance domain. MEPs and MIPs are then linked to the relevant
domain creating a Maintenance Association (MA).
Page 6
A CCM timeout is used to detect connectivity faults (such as a software failure, memory corruption,
or problems with configuration). A CCM loss is assumed when a MEP does not receive the next
CCM from a remote MEP within the CCM timeout.
If a MEP on a local bridge (local MEP) stops receiving periodic CCMs from a peer MEP on a
remote bridge (remote MEP), the receiving MEP assumes that a failure in the remote bridge or in
the continuity of the path has occurred. If the MEP does not receive three consecutive CCMs, the
MEP declares a connectivity loss.
Page 7
In this case, the bridge can notify the network management application about the failure and initiate
fault verification and fault isolation either automatically or by operator command.
Since a short CCM interval rate is a key point in ensuring fast connection-failure detection, the
systems administrator can define a CCM interval rate of down to 3.3 milliseconds.
In cases where a MEP is deliberately taken out of commission, status indication for the MEP is sent
to other peer MEPs to avoid triggering false fault detections.
CFM also provides an alarm suppression mechanism in cases where a network fault affects more
than one VLAN and where different MEPs generate an alarm for the same common fault.
In the Figure 4 two maintenance entities are shown: one comprising the yellow MEPs and MIPs, the
other comprising orange MEPs and MIPs.
Page 8
Each MP along the path returns a unicast Linktrace Reply (LTR) back to the originating MEP. The
MEP then sends a single LTM to the next hop along the trace path. In this way, the MEP
determines the MAC Address and location, in relation to the originating MEP, for all MIPs along
the MA.
For the Ethernet, fault isolation is more challenging since MAC addresses age and erase the
information needed to locate the fault. Possible ways to address this issue are:
Maintain information about the destination MEP at the MIPs along the path using CCMs
Maintaining the path visibility at the source MEPs through periodic LTMs (in intervals larger
than the CCM rate interval)
Discover normal data paths through the network when the network is fault-free. Path
discovery can prove helpful when Linktrace cannot provide the information needed to isolate
a fault.
Issue LBMs to MPs along normal data paths to retrieve additional information.
Page 9
DefRDICCM: Last CCM received by the MEP from a remote MEP contained the RDI bit
DefMACstatus: Last CCM received by the MEP from a remote MEP indicating that the
MAC Address associated with the transmitting MEP is reporting an error status
DefRemoteCCM: The MEP is not receiving CCMs from one of the MEPs in its configured
list
HighestDefect: Represents the highest priority defect currently detected by the MEP
HighestDefectPri: Represents the priority of the defect, expressed as an integer, named in the
HighestDefect variable
Page 10
Priority
Variable
HighestDefect
HighestDefectPri
Disable
Disable
xconCCMdefect
DefXconCCM
errorCCMdefect
DefErrorCCM
someRMEPCCMdefect
DefRemoteCCM
someMACstatusDefect
DefMACstatus
someRDIdefect
DefRDICCM
Importance
most
least
Page 11
CFM Commands
Commands Hierarchy
device-name#
+ config terminal
+ [no] oam
+ [no] cfm
+ [no] shutdown
- [no] ais-lck-receive
+ [no] ais-lck-transmit
- [no] fault-notification-minimal-defect
{all-defects | broken-ccm | crossconnect | mac-status | none | remotefailure}
- [no] fault-notification-reset-delay
<value>
Page 12
- [no] round-trip-jitter-monitoring
- [no] round-trip-latency-monitoring
- [no] results-bucket-size <size>
- [no] shutdown
Page 13
Page 14
Commands Descriptions
Table 2: CFM Configuration Commands
Command
Description
config terminal
oam
no oam
cfm
no cfm
shutdown
Disables CFM
no shutdown
Enables CFM
domain DOMAIN-NAME
no domain DOMAIN-NAME
level <level>
Specifies a MD level:
Provider MA levels: 34
Customer MA levels: 57
ma MA-NAME
service <id>
no service [<id>]
vlan <vlan-id>
no vlan [<vlan-id>]
Page 15
Command
Description
ais-lck-receive
no ais-lck-receive
ais-lsk-transmit
no ais-lsk-transmit
ais-lck-interval {1min |
1sec}
1sec
no ais-lck-interval
Restores to default
ais-lck-level <level>
no ais-lck-level
ais-lck-priority
<priority>
6
no ais-lck-priority
Restores to default
ais-lck-vlan <vlan-id>
no ais-lck-vlan
format {icc | ieee |
primaryVid}
ieee
hello-interval <value>
1 second
no hello-interval
Restores to default
Page 16
Command
Description
no mep <id>
bind-to
{UU/SS/PP:[<svlanid>]:[<cvlan-id>]: |
UU/SS/PP:[<cvlanid>]:
| {UU/SS/PP |
agN}[:[igmp] |
:[<vlan-id>]:[igmp] |
UU1/SS1/PP1:<cescircuit>:{ces | cesoos}}
no shutdown
ccm-enabled
no ccm-enabled
Restores to default
Disabled
ccm-priority
6
no ccm-priority
Restores to default
Page 17
Command
Description
fault-notification-delay
<value>
Restores to default
fault-notificationreset-delay <value>
Restores to default
Restores to default
Page 18
Command
Description
MEP exists on a lower MD Level
defer
no mip-policy
sender-id-content {hostname
| defer | all |
management-address |
none}
defer
no sender-id-content
format {none | string}
Restores to default
Specifies the format of the domain name:
none
no mip-policy
Restores to default
Page 19
Command
Description
sender-id-content {hostname
| defer | all |
management-address |
none}
defer
no sender-id-content
Restores to default
threshold-profile <threshold-
profile id>
Restores to default
Specifies one-way jitter error monitoring:
350 milliseconds
no one-way-jitter-error
Restores to default
one-way-jitter-warning <value>
300 milliseconds
Page 20
no one-way-jitter-warning
Restores to default
one-way-jitter-monitoring
Command
Description
no one-way-jitter-monitoring
frame-loss-error <error
threshold>
Restores to default.
frame-loss-warning <warning
threshold>
8% frame loss
no frame-loss-warning
Restores to default
frame-loss-monitoring
no frame-loss-monitoring
round-trip-jitter-error
<value>
700 milliseconds
no round-trip-jitter-error
Restores to default
round-trip-jitter-error-period
<value>
90 seconds
no round-trip-jitter-errorperiod
Restores to default
round-trip-jitter-warning
<value>
600 milliseconds
no round-trip-jitter-warning
Restores to default
round-trip-jitter-warningperiod <value>
180 seconds
no round-trip-jitter-warningperiod
Restores to default
round-trip-jitter-monitoring
Page 21
Command
Description
<true | false>
True
no round-trip-jitter-monitoring
Restores to default.
round-trip-latency-error
<value>
2000 milliseconds
no round-trip-latency-error
Restores to default
round-trip-latency-error-period
<value>
90 seconds
no round-trip-latency-errorperiod
Restores to default
round-trip-latency-warning
<value>
1600 milliseconds
no round-trip-latency-warning
Restores to default
round-trip-latency-warningperiod <value>
180 seconds
no round-trip-latency-warningperiod
Restores to default
round-trip-latency-monitoring
no round-trip-latencymonitoring
results-bucket-size <size>
20 results
no results-bucket-size
Restores to default
priority <priority>
0
no priority
Restores to default
rate <rate>
1 packet
Page 22
Command
Description
no rate
Restores to default
payload-size <value>
0
no payload-size
Restores to default
description <string>
no description
update-interval <value>
20 seconds
no update-interval
test <id> DOMAIN-NAME MA-
NAME
Restores to default
Tests connectivity:
DOMAIN-NAME:
characters
a string of <1-22>
threshold-profile-id <id>
no threshold-profile-id
repeat-interval <value>
no repeat-interval number
shutdown
no shutdown
Page 23
Command
Description
linktrace destination MEP ID, in
the range of <18191>
2 seconds
2 seconds
0 bytes
5 seconds
3 messages
clear oam cfm remote-mep-table domain-name
NAME ma NAME remote-mep <id>
Page 24
Command
Description
Description
DOMAIN-NAME: displays
connectivity statistics for the
specified domain
domain-name DOMAIN-NAME: a
string of <1-22> characters
Configuration Example
1.
Enable CFM:
device-name(config)#oam cfm
device-name(config-cfm)#no shutdown
Page 25
2.
Create a maintenance domain with a specified name d7 and level 7 and create a MA ma7 within
a specified domain:
device-name(config-cfm)#domain d1 level 1
device-name(config-domain-d7)#ma ma1 vlan 501
3.
Specify the identification data sent to the remote MEPs creation policy on the specified MA:
device-name(config-ma-ma7)#sender-id-content all
device-name(config-ma-ma7)#mip-policy explicit
4.
device-name(config-ma-ma1)#mep 601
device-name(config-mep-601)#bind-to 1/1/2
device-name(config-mep-601)#ccm-enabled
device-name(config-mep-601)#no shutdown
device-name(config-mep-601)#exit
device-name(config-ma-ma1)#exit
device-name(config-domain-d1)#exit
5.
Create a profile with ID 4 and configure the profile priority, rate, round-trip jitter, frame loss,
and latency errors monitoring:
device-name(config-cfm)#threshold-profile 4
device-name(config-threshold-profile-4)#priority 2
device-name(config-threshold-profile-4)#rate 2
device-name(config-threshold-profile-4)#round-trip-jitter-error 100
device-name(config-threshold-profile-4)#frame-loss-error 20
device-name(config-threshold-profile-4)#no frame-loss-monitoring
device-name(config-threshold-profile-4)#round-trip-latency-error 200
device-name(config-cfm)#no shutdown
device-name(config-cfm)#commit
Commit complete.
device-name(config-cfm)#end
6.
=======================================================
| MEP |
Port
| Adm
|CCM| Oper | Alarm | CCM
|
|
|
| State |En | State | Level |Priority|
|-----+----------+-------+---+-------+-------+--------+
Page 26
Page 27
T-Marc3208SH
Page 28
Potential Applications
Service providers use the link layer EFM for demarcation point OAM services.
Using the Ethernet demarcation service, providers can manage remote devices (defined as passive
devices) without utilizing an IP layer. Instead, they can utilize link-layer SNMP counter request and
reply, loopback testing, and other techniques that are controlled remotely.
Installation Configurations
The following configuration shows how to manage the provider device (CPE passive device) using
the 802.3ah standard.
Page 29
The configuration below illustrates how to manage customer devices using EFM 802.3ah.
Figure 9: Managing Customer Devices (Passive) Using the EFM 802.3ah Standard
Page 30
Discovery: Ability of the local Data Terminating Entity (DTE) to discover other EFM-OAM
enabled DTEs and exchange information about OAM entities, capabilities, and configuration
Link Monitoring: Process used to detect and indicate link faults to a peer
Remote Failure Detection: Used by the OAM device to convey error conditions to its peer via
a flag in the OAMPDUs
Discovery
In the first phase, EFM-OAM enabled DTEs identify other DTEs along with their OAM
capabilities using Information OAMPDUs, advertising the following information:
OAM configuration (capabilities): OAM capabilities of the local DTE. Using this
information, a peer can determine what functions are supported and accessible (for example,
loopback capability).
OAM mode: OAM mode of the DTE, also used to determine DTE functionality:
Active Mode: The DTE instigates OAM communications and issues queries and
commands to the remote device.
Passive Mode: The DTE generally waits for the peer DTE to instigate OAM
communications and then responds. The DTE does not instigate commands and queries.
For more information about the rules for active and passive mode DTEs, refer to Rules
for Active Mode and Rules for Passive Mode below.
The mode combinations are:
One active and one passive OAM DTE
Two active OAM DTEs
Once OAM support is detected and OAM expectations are met, both ends of the link exchange
the above information and enable OAM on the link. However, the link loss or failure to receive
OAMPDUs for a predefined interval causes the discovery process to start again.
Timers
Two configurable timers control the protocol:
Keep-Alive Timer: Determines the time interval during which OAMPDUs are expected from
the peer
An additional one-second, non-configurable timer is used for error aggregation. This timer is
necessary for the Link Monitoring Process to generate link quality events.
Page 31
Flags
Each OAMPDU includes a Flags field that describes the discovery process status. There are three
possible status values:
Stable: Discovery is complete. The remote device can start sending any type of OAMPDU.
Process Overview
The discovery process allows a local Data Terminating Entity (DTE) to detect OAM on a remote
DTE. Once OAM support is detected, both ends of the link exchange state and configuration
information (such as mode, PDU size, loopback support, etc.). If both DTEs are satisfied with the
settings, OAM is enabled on the link. However, link loss or failure to receive OAMPDUs during
the defined, keep alive time interval (for example, 5 seconds) may cause the discovery process to
restart.
DTEs may either be in active or passive mode:
Active mode DTEs instigate OAM communications and can issue queries and commands to a
remote device.
Passive mode DTEs generally wait for the peer device to instigate OAM communications and
respond to, but do not instigate, commands and queries.
Rules of what DTEs in active or passive mode can do are discussed in the following sections.
Page 32
Responds to Variable Request PDUs (does not respond to Variable Request PDUs from devices
in Passive mode)
Reacts to Loopback Control (does not react to Loopback Control PDUs from devices in Passive
mode)
Errored Symbol per second: The number of coding symbol errors, such as a violoation of
4B/5B coding, occurring during a specific period exceeds the defined threshold.
Errored Frame per second: The number of frame errors detected during a specific period
exceeds the defined threshold.
802.3ah OAM does not guarantee delivery of OAMPDUs. As a result, to reduce the probability of
losing a notification, the Event Notification OAMPDU can be sent multiple times. The Event
Notification OAMPDU has a sequence number so that duplicate events can be recognized. .
The Link Monitoring process operates on all enabled EFM OAM links.
Link Fault: Link Fault condition is detected when the receiver loses the signal. This condition
is sent once per second in the Information OAMPDU.
Dying Gasp: Detected when the receiver goes down. The Dying Gasp condition is considered
as unrecoverable. Conditions for dying gasp:
Management of the reload command
Device power down (incidental / deliberate)
Critical Event: When a critical event occurs, the device is unavailable, resulting from a
malfunction, and must be restarted by you. Critical events can be sent immediately and
continually. Conditions for critical events:
Fatal error mess any task on the device (suspend)
When a link receives no signal from its peer at the physical layer (for example, if the laser
is malfunctioning), the local entity sets this flag to let the peer know that the transmit path
is inoperable.
Page 33
Since these conditions are severe, OAMPDUs updated with these flags are not subject to normal
rate limiting policy.
Storm Loopback
Employs hardware-created frames at wire-speed to test the link under extreme, high-load
conditions. Upon return from the remote peer, hardware-created frames are discarded on the active
device. Storm Loopback tests and displays counters for both the local and remote peer.
CAUTION
Starting EFM-OAM loopback on a xSTP Ring topology with traffic forwarding
enabled, can cause serious problems.
Page 34
Page 35
EFM-OAM Commands
Command Hierarchy
device-name#
+ config terminal
+ [no] oam
+ [no] efm
+ [no] shutdown
- [no] critical-event-enable
- [no] dying-gasp-enable
- [no] error-frame-event-notification-enable
- [no] error-symbol-period-event-notification-enable
- [no] error-symbol-period-threshold <period
threshold>
- [no] log-events
- [no] remote-event
+ port UU/SS/PP
Page 36
Commands Descriptions
Table 4: EFM Configuration Commands
Command
Description
config terminal
oam
no oam
efm
no efm
shutdown
Disables EFM
no shutdown
no event-config
critical-event-enable
no critical-event-enable
dying-gasp-enable
no dying-gasp-enable
error-frame-event-notificationenable
no error-frame-eventnotification-enable
error-frame-threshold <frame
threshold>
Page 37
Command
Description
system log and to the feature history.
Additionally, the event counters are updated.
256
no error-frame-threshold
Restores to default.
error-frame-window value>
20
no error-frame-window
Restores to default
error-symbol-period-eventnotification-enable
no error-symbol-period-eventnotification-enable
Restores to default
error-symbol-period-threshold
<periodthreshold>
256
no error-symbol-periodthreshold
Restores to default
error-symbol-period-window
<value>
20 seconds
no error-symbol-period-window
hello-interval <value>
Restores to default
Specifies the hello interval.
The hello interval is the time interval between
two PDUs, expressed in milliseconds. This
mechanism is used to inform the neighboring
device that the local device is operative. When
the local device receives no PDU within the
defined keep-alive interval, the neighboring
device is considered inoperative.
1000 milliseconds
Page 38
Command
Description
NOTE
The standard hello interval is 1000
milliseconds. However, to reduce
overload, in some cases, it is possible
to set the range to up to 5000
milliseconds even though doing so
violates the standard.
NOTE
The keep-alive interval (keepalive-interval) must be twice as
long as the hello-interval.
no hello-interval
Restores to default
history-limit <value>
5000
no history-limit
Restores to default.
keep-alive-interval <value>
5000 milliseconds
no keep-alive-interval
Restores to default
log-events
no log-events
multiple-pdu-count <pdu-count>
5
no multiple-pdu-count
Restores to default
priority <priority-level>
0
no priority
Restores to default
Page 39
Command
Description
remote-event
no remote-event
100 packets
there is no delay
64 bytes
2 seconds
Page 40
Command
Description
10 seconds
port UU/SS/PP
efm accept-loopback-commands
no efm accept-loopback-commands
Restores to default
Enhanced
no efm mode
no efm event-forward-status
Page 41
Command
Description
1/2/8
no efm event-forward-shutdown
of-attempts>
number-of-attempts: number of
discovery attempts before
shutting down the port; the valid
range is <010> (0 disables the
feature)
0
no efm event-return-shutdown
passive
no efm role
Restores to default
efm shutdown
no efm shutdown
Description
Page 42
Command
Description
Severity
Description
EFM-OAM-RemoteCriticalEvent
Error
EFM-OAM-RemoteDyingGasp
Error
EFM-OAM-RemoteLinkFault
Warning
EFM-OAM-RemoteSpecificEvent
Notification
EFM-OAM-RemoteRateExceeded
Warning
EFM-OAM-RemoteErrored-Symbol-Event
Warning
Port UU/SS/PP:
EFM-OAM-RemoteErrored-Frame-Event
NOTE
This error requires special
attention
Warning
Port UU/SS/PP:
Page 43
Message
Severity
Description
EFM-OAM-RemoteErrored-Period-Event
Warning
Port UU/SS/PP:
EFM-OAM-RemoteErrored-Seconds-Event
Warning
Port UU/SS/PP:
EFM-OAM-LocalDyingGasp
Fatal
EFM-OAM-Local-LinkFault
Error
EFM-OAM-Local-ErroredSymbol-Event
Warning
EFM-OAM-Local-ErroredFrame-Event
Warning
Page 44
Message
Severity
Description
EFM-OAM-RemoteErrored-Seconds-Event
Warning
Configuration Example
The following example, based on Figure 11, demonstrates how to configure an Ethernet network
using the EFM-OAM protocol.
Configuring Device1:
1.
Page 45
Keep-alive Interval
: 5000 milliseconds
Remote Event
: True
Log Events
: True
Packets Counter
: Sent = 0, Received = 0
===========================================================================
Device1#
2.
3.
4.
5.
6.
Define the aging interval in seconds for the neighboring device that last sent packets:
Device1(config-efm)#keep-alive-interval 3000
Device1(config-efm)#exit
Device1(config-oam)#exit
7.
Enable EFM-OAM on the specified interface and set its mode to active:
Device1(config)#port 1/1/1
Device1(config-port-1/1/1)#efm role active
Configuring Device2:
1.
2.
3.
4.
5.
6.
Define the aging interval in seconds for the neighboring device that last sent packets:
Device2(config-efm)#keep-alive-interval 3000
Device2(config-efm)#exit
Device2(config-oam)#exit
Device2(config)#
7.
Page 46
Enable EFM-OAM on the specified interface and set its mode to active:
Operations, Administration, and Maintenance (OAM) (Rev. 01)
Device2(config)#port 1/1/1
Device2(config-port-1/1/1)#efm role active
Device2(config-port-1/1/1)#
Page 47
Remote Port
: N/A
Remote Mac
: 00:00:00:00:00:00
Remote Role
: Unknown
Remote Status
: Unknown
Remote Hostname
: Unknown
------------------------------------------------------------------------------Port 1/1/3
------------------------------------------------------------------------------Local Role
: Active
Local Status
: Stable
Remote Port
: 1/2/8
Remote Mac
: 00:a0:12:9a:1d:ad
Remote Role
: Active
Remote Status
: Stable
Remote Hostname
: device-name
-------------------------------------------------------------------------------
Page 48
T-Marc3208SH
R-APS Mechanism
Definitions
Ring Protection Link: one ring link is configured as the Ring Protection Link (RPL). To
prevent loops, this link is disabled under normal conditions. The RPL is disabled as long as the
primary path is active.
RPL Owner: A node adjacent to the RPL responsible for blocking its end of the ring under
normal conditions (when the ring is established and no requests are present in the ring). The
RPL Owner is also responsible for reverting the ring from the protected path to the primary.
RPL Neighbor: A node adjacent to the RPL that is responsible for blocking its end of the
ring under normal conditions like the RPL Owner. However, this node is not responsible for
reverting the ring.
Simple Node: all other nodes that participate only in the R-APS ring.
Ring Protection
A dedicated maintenance association (MA) is configured as the ring protection.
The R-APS ring uses a dedicated VLAN for Continuity Check Message (CCM) and Automatic
Protection Switching (APS) communication within this MA.
Each device in the MA must be configured with two Maintenance Association End Point (MEP)s,
both MEPs must be assigned to the dedicated VLAN.
Operation
Upon a failure detection, a signal-fail status bit is enabled in the APS messages sent
throughout the ring Upon receipt of an APS signal-fail message, the RPL Owner sends a
Operations, Administration, and Maintenance (OAM) (Rev. 01)
Page 49
switchover command to all the devices in the ring and enables RPL. Traffic is now sent via the
secondary path.
Figure 12: Network with two R-APS Instances (Traffic flowing in different directions)
Behavior of the system following recovery of the primary path is configurable. There are two
options:
Revertive Operation: When the primary path recovers, traffic is switched over to the primary
path and the RPL is blocked again. This mode is used in scenarios in which the primary path is
an optimized path, at the expense of an additional traffic interruption for switching back to this
path.
Non-Revertive Operation: Traffic continues to use the RPL, even when the primary path
recovers. This mode is used when there is no advantage in reverting to the primary path and
avoids a second traffic interruption.
Timing Configuration
The following configurable timers control aspects of R-APS behavior:
Guard Timer: To reduce the possibility of receiving outdated R-APS packets, R-APS packets
are blocked for a specified length of time after receiving a signal failure or clear message.
Wait-to-Restore Timer: Used in Revertive Mode, the Wait-To_Restore Timer defines the
length of time to wait after recovery of the primary path before reverting traffic. This timer
prevents flapping in case of frequent failures.
Hold-Off Timer: The amount of time to wait while attempting fault recovery before
declaring a signal-fail condition. This timer prevents flapping in case of short failures.
NOTE
Configuring timer values is optional. If not configured, the default values are
used.
Page 50
Page 51
Page 52
R-APS Commands
Commands Hierarchies
device-name#
+ config-terminal
+ ethernet
+ [no] ring-aps
- cfm-domain-level <value>
- control-vlan <vlan-id>
- disable-virtual-channel
- [no] description
- [no] rpl-port
- [no] revertive-mode
- [no] ring-id <id>
- [no] control-vlan
- [no] description
- [no] propagate-topology-changes
- [no] revertive-mode
- [no] ring-id <id>
Page 53
- [no] virtual-channel-vlan
Commands Descriptions
Table 7: R-APS Commands
Command
Description
config terminal
ethernet
ring-aps
no ring-aps
instance <value>
no instance [<value>]
cfm-domain-level <value>
description STRING
Providers MA levels: 34
no description
Page 54
Customers MA levels: 57
STRING: string of up to 256
characters
Command
Description
control-vlan <vlan-id>
disable-virtual-channel
Specifies a virtual channel for an R-APS ring. RAPS packets are forwarded through the blocked
ports ensuring that R-APS packets reach all
nodes in the ring. Otherwise, the ring becomes
segmented because R-APS packets cannot
reach all nodes in the ring.
no disable-virtual-channel
guard-timer <value>
NOTE
Configure this timer to a value
bigger than the maximum delay
an R-APS packet can have in
order to traverse the entire
sunring.
500 milliseconds
no guard-timer
Restores to default
hold-off-timer <value>
0 milliseconds
no hold-off-timer
Restores to default
no mode
Restores to default
monitor-vlan <vlan-range>
no monitor-vlan [<vlanrange>]
Page 55
Command
Description
port <id>
no port [<id>]
mep <value>
no mep [<value>]
port-id UU/SS/PP
Selects a port:
Restores to default:
rpl-port
no rpl-port
revertive-mode
no revertive-mode
ring-id <id>
1
no-ring-id [<id>]
Restores to default
simple node
Page 56
Command
Description
no role [rpl-neighbor | rplowner | simple-node]
Restores to default:
rpl-neighbor: optional
rpl-owner: optional
simple-node: optional
shutdown
no shutdown
subring <id>
no subring [<id>]
guard-timer <value>
500 milliseconds
no guard-timer
Restores to default
hold-off-timer <value>
0 milliseconds
no hold-off-timer
Restores to default
propagate-topology-changes
no propagate-topologychanges
Disable propagation
revertive-mode
no revertive-mode
Page 57
Command
Description
ring-id <id>
1
no-ring-id [<id>]
Restores to default
simple node
no role [rpl-neighbor |
rpl-owner | simple-node]
Restores to default:
rpl-neighbor: optional
rpl-owner: optional
simple-node: optional
shutdown
no shutdown
subring-port UU/SS/PP
Restores to default:
mep
Page 58
no mep
rpl-port
no rpl-port
Command
Description
virtual-channel-vlan <vlan-
id>
no virtual-channel-vlan
[<vlan-id>]
wait-to-restore-timer
<value>
5 minutes
no wait-to-restore-timer
wait-to-restore-time <value>
Restores to default
Specifies the length of time to wait after recovery
before reverting to the primary path:
5 minutes
no-wait-to-restore-timer
[<value>]
Restores to default
Page 59
Command
Description
Configuration Example
1.
Enable R-APS:
device-name(config)#ethernet
device-name(config-ethernet)#ring-aps
2.
3.
Page 60
Specify the CFM domain level for this instance (level 1):
device-name(config-instance-1)#cfm-domain-level 1
4.
5.
Specify the monitored VLAN ID. You can configure single VLAN, several VLAN or range of
VLAN:
device-name(config-instance-1)#monitor-vlan 23
device-name(config-instance-1)#exit
6.
7.
8.
9.
10. Specify the ring-ID that the instance belongs to (100 configured):
device-name(config-instance-1)#ring-id 100
12. Configure Port 0 as a port (configured as port 1/1/2, MEP 200, and as the rpl-port):
device-name(config-instance-1)#port 0
device-name(config-port-0)#port-id 1/1/2
device-name(config-port-0)#mep 200
device-name(config-port-0)#rpl-port
device-name(config-port-0)#exit
15. Commit current configuration (You may commit when R-APS instance (without Sub ring) is
configured or R-APS instance and Sub ring are configured):
Device-name(config-instance-1)#commit
17. Configure the port of the subring (port 1/2/3 ) NOTE only one sub ring port per sub-ring:
Operations, Administration, and Maintenance (OAM) (Rev. 01)
Page 61
device-name(config-subring-2)#subring-port 1/2/3
device-name(config-subring-port-1/2/3)#mep 500
21. Specify the virtual channel VLAN. Virtual Channel VLAN must be a monitored VLAN of the
main ring instance:
device-name(config-subring-2)#virtual-channel-vlan 23
Page 62
Backup (protection) path used by the EPS in case the primary path fails
Once these paths are determined, EPS periodically sends CFM-OAM CCMs (for more
information, see CFM-OAM Protocol Functionality).
Switchover Options
EPS switches the traffic over from one path to another in the following cases:
On user request
System administrators can lock the switchover, preventing traffic from switching over to the
backup path in any of the above cases.
In order to minimize unnecessary traffic, switchovers administrators can define a Hold off timer: This
timer postpones the switchover for a specified time. If the transport path does not recuperate by
the end of this time period, traffic is switched over.
Page 63
Page 64
EPS Commands
EPS Commands Hierarchy
device-name#
+ config terminal
+ service
- [no] admin-freeze
- [no] revertive
- [no] shutdown
Description
config terminal
service
tls <service-id>
no tls <service-id>
eps
no eps
Restores to default
admin-freeze
no admin-freeze
Page 65
Command
Description
cfm-domain-level <value>
no cfm-domain-level
hold-off-timer <value>
0 seconds
no hold-off-timer
Restores to default
primary-path {local-mep
<value> | remote-mep
<value>}
no primary-path {local-mep |
remote-mep}
revertive
no revertive
secondary-path {local-mep
<value> | remote-mep
<value>}
no secondary-path {local-mep |
remote-mep}
Page 66
shutdown
no shutdown
Command
Description
signal-degrade-cfm-test-id
<value>
no signal-degrade-cfm-test-id
wait-to-restore-timer <value>
5 minutes
no wait-to-restore-timer
show eps service <service-id> [detailed]
Restores to default
Displays the status of the EPS service for all
configured TLS services:
Configuration Example
Configuring Device 1:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#service tls 1024
device-name (config-tls-1024)#sdp s-vlan 2048 port 1/1/1 precedence primary
device-name(config-port-1/1/1)#exit
device-name(config-s-vlan-2048)#exit
device-name(config-tls-1024)#sdp s-vlan 4000 port 1/1/2 precedence backup
device-name(config-port-1/1/2)#exit
device-name(config-s-vlan-4000)#exit
device-name(config-tls-1024)#sap 1/1/24 c-vlan 3000
device-name(config-c-vlan-3000)#commit
Commit complete.
device-name(config-c-vlan-3000)#top
device-name(config)#oam cfm
device-name(config)#no shutdown
device-name(config-cfm)#domain d4
device-name(config-domain-d4)#level 4
device-name(config-domain-d4)#ma ma4
device-name(config-domain-d4)#service 1024
device-name(config-ma-ma4)#mep 1000 bind-to 1/1/24:3000: direction up ccmenabled
device-name(config-mep-1000)#no shutdown
device-name(config-mep-1000)#commit
Commit complete.
Page 67
device-name(config-mep-1000)#top
device-name(config)#service tls 1024
device-name(config-tls-1024)#eps
device-name(config-eps)#cfm-domain-level 4
device-name(config-eps)#hold-off-timer 100
device-name(config-eps)#primary-path local-mep 1000 remote-mep 2000
device-name(config-eps)#secondary-path local-mep 1000 remote-mep 2000
device-name(config-eps)#revertive
device-name(config-eps)#wait-to-restore-timer 0
device-name(config-eps)#no shutdown
device-name(config-eps)#commit
Commit complete.
device-name(config-eps)#end
device-name#show eps detailed
===============================================================================
Ethernet Protection Switching Detailed Information
===============================================================================
-----------------------------------------------------------------------------Service ID 1024
-----------------------------------------------------------------------------Admin Status: Enabled
Operational Status: Down
CFM Level: 4
SD CFM test ID: N/A
Hold off timer (ms): 100
Wait to restore timer (minutes): 0
Protection counter: 0
State changes: Allowed
Defects present: None
Last Event: unknown
Primary link - Local Mep: 1000, Remote Mep: 2000 - Status: Failed
Backup link - Local Mep: 1000, Remote Mep: 2000 - Status: Failed
APS data
LOCAL
REMOTE
Active state:
NoRequest
None
Active transport:
working
N/A
APS channel requested: Yes
N/A
APS connection type:
bidirectional
N/A
Protection Type:
1To1
N/A
Revertive mode:
Yes
N/A
===============================================================================
Configuring Device 2:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#service tls 1024
device-name(config-tls-1024)#sdp s-vlan 2048 port 1/1/1 precedence primary
device-name(config-port-1/1/1)#exit
device-name(config-s-vlan-2048)#exit
device-name(config-tls-1024)#sdp s-vlan 4000 port 1/1/2 precedence backup
device-name(config-port-1/1/2)#exit
device-name(config-s-vlan-4000)#exit
device-name(config-tls-1024)#sap 1/1/24 c-vlan 3000
Page 68
device-name(config-c-vlan-3000)#commit
Commit complete.
device-name(config-c-vlan-3000)#top
device-name(config)#oam cfm
device-name(config)#no shutdown
device-name(config-cfm)#domain d4
device-name(config-domain-d4)#level 4
device-name(config-domain-d4)#ma ma4
device-name(config-domain-d4)#service 1024
device-name(config-ma-ma4)#mep 2000 bind-to 1/1/2:3000: direction up ccmenabled
device-name(config-mep-2000)#no shutdown
device-name(config-mep-2000)#commit
commit complete.
device-name(config-mep-2000)#top
device-name(config)#service tls 1024
device-name(config-tls-1024)#eps
device-name(config-eps)#cfm-domain-level 4
device-name(config-eps)#hold-off-timer 100
device-name(config-eps)#primary-path local-mep 2000 remote-mep 1000
device-name(config-eps)#secondary-path local-mep 2000 remote-mep 1000
device-name(config-eps)#revertive
device-name(config-eps)#wait-to-restore-timer 0
device-name(config-eps)#no shutdown
device-name(config-eps)#commit
Commit complete.
device-name(config-eps)#end
device-name#show eps detailed
===============================================================================
Ethernet Protection Switching Detailed Information
===============================================================================
-----------------------------------------------------------------------------Service ID 1024
-----------------------------------------------------------------------------Admin Status: Enabled
Operational Status: Up
CFM Level: 4
SD CFM test ID: N/A
Hold off timer (ms): 100
Wait to restore timer (minutes): 0
Protection counter: 0
State changes: Allowed
Defects present: None
Last Event: unknown
Primary link - Local Mep: 2000, Remote Mep: 1000 - Status: Ok
Backup link - Local Mep: 2000, Remote Mep: 1000 - Status: Ok
APS data
LOCAL
REMOTE
Active state:
NoRequest
NoRequest
Active transport:
working
working
APS channel requested: Yes
Yes
APS connection type:
bidirectional
bidirectional
Protection Type:
1To1
1To1
Revertive mode:
Yes
Yes
Page 69
T-Marc3208SH
Bandwidth - this is a bit rate measure of the available or consumed data communication
resources expressed in bits/second or multiples of it (kilobits/s, megabits/s, etc.).
Frame transfer delay (FTD) (latency) - this is a measurement of the time delay between the
transmission and the reception of a frame. Typically this is a round-trip measurement, meaning
that the calculation measures both the near-end to far-end and far-end to near-end directions
simultaneously.
Frame delay variations (packet jitter) - this is a measurement of the variations in the time delay
between packet deliveries. As packets travel through a network to their destination, they are
often queued and sent in bursts to the next hop. There may be prioritization at random
moments, also resulting in packets being sent at random rates. Packets are therefore received at
irregular intervals. The direct consequence of this jitter is stress on the receiving buffers of the
end nodes where buffers can be overused or underused when there are large swings of jitter.
Frame loss - this is a measurement of the number of packets lost over the total number of
packets sent. Frame loss can be due to a number of issues such as network congestion or
errors during transmissions.
Key Objectives
The ITU-T Y.1564 methodology has the following main objectives:
Page 70
To ensure that all services carried by the network meet their SLA objectives at their maximum
committed rate, proving that under maximum load, network devices and paths can support all
the traffic as designed.
To perform medium- and long-term service testing, to validate that network elements can
properly carry all services while under stress during a soaking period.
Test Rates
ITU Y.1564 defines three test rates based on the MEF service attributes for Ethernet virtual circuit
(EVC) and UNI bandwidth profiles.
CIR denes the maximum transmission rate for a service where it is guaranteed certain
performance objectives; these objectives are typically defined and enforced via SLAs.
EIR denes the maximum transmission rate above the committed information rate
considered as excess traffic. This excess traffic is forwarded as the capacity allows and is not
subject to meeting any guaranteed performance objectives (best effort forwarding)
Overshoot rate denes a testing transmission rate above CIR or EIR and is used to ensure
that the DUT or network under test does not forward more traffic than specified by the CIR
or EIR of the service.
Methodology
The ITU-T Y.1564 is built around two key subtests, the service-configuration test and the serviceperformance test, which are performed in order:
Service configuration test-the test is designed to measure the ability of the device or the
network under test to properly forward in three different states:
In the CIR phase, where performance metrics for the service are measured and compared
to the SLA performance objectives
In the EIR phase, where performance is not guaranteed and the services transfer rate is
measured to ensure that CIR is the minimum bandwidth
In the discard phase, where the service is generated at the overshoot rate and the expected
forwarded rate is not greater than the committed information rate or excess rate
Service performance test-the test measures the ability of the device or network under test to
forward multiple services, while maintaining SLA conformance for each service. Services are
generated at the CIR, where performance is guaranteed, and pass/fail assessment is performed
on the key performance indicators (KPI) values for each service according to its SLA.
Bidirectional Test
The user can perform round-trip measurements with a loopback device. In this case, the results
reflect the average of both test directions, from the test set to the loopback point and back to the
test set. In this scenario, the loopback functionality can be performed by another test instrument in
Loopback mode or by a network interface device in Loopback mode.
Y.1564 Commands
Commands Hierarchy
device-name#
+ config terminal
+ [no] saa
Page 71
+ [no] y1564
- [no] shutdown
+ [no] y1564
- [no] ma MA-NAME
- mode bi-test-loopback
- mode bi-test-head
- [no] c-vlan-drop-eligible
- [no] s-vlan-drop-eligible
- [no] traffic-policing
Page 72
Command Descriptions
Table 9: Y.1564 Test Commands
Command
Description
config terminal
saa
no saa
profile PROFILE-NAME
no profile PROFILE-NAME
PROFILE-NAME: up to 32
characters, numbers and/or
letters
NOTE
You cannot remove a profile
associated with a running test.
type y1564
y1564
no y1564
frame-delay <value>
1000000us
no frame-delay
Restores to default
frame-loss-ratio <value>
8.000%
no frame-loss-ratio
Restores to default
Page 73
Command
Description
TEST-NAME: up to 32 characters
type y1564
profile PROFILE-NAME
PROFILE-NAME: up to 32
characters, numbers and/or
letters
y1564
no y1564
mode bi-test-loopback
no c-vlan
c-vlan-drop-eligible
no c-vlan-drop-eligible
Restores to default
c-vlan-priority <value>
6
no c-vlan-priority
Page 74
Restores to default
Command
Description
cir <value>
500000 kbps
no cir
Restores to default
cir-steps <value>
4
no cir-step
Restores to default
configuration-step-duration
<value>
1 second
no configuration-step-duration
Restores to default
data-size <value>
Example:
data-size [ 64 128 1530]
no data-size <value>
custom-data-size <value>
no custom-data-size <value>
domain DOMAIN-NAME
eir <value>
DOMAIN-NAME: up to 22
characters, numbers and/or
letters
0 Mbps
no eir
Restores to default
Page 75
Command
Description
function {both | configuration |
performance}
Both
no function
Restores to default
Restores to default
ma MA-NAME
MA-NAME: up to 22 characters,
numbers and/or letters
mep <value>
Page 76
Command
Description
pattern {none | null | null-crc
| prbs | prbs-crc}
PRBS
no pattern
Restores to default
performance-test-duration
<value>
15 minutes
no performance-test-duration
Restores to default
s-vlan-drop-eligible
NOTE
The throughput test priority
must be lower than the CCM
priority.
no s-vlan-drop-eligible
Restores to default
s-vlan-priority <value>
6
no s-vlan-priority
Restores to default
target-mep <value>
no target-mep
target-mac HH:HH:HH:HH:HH:HH
Page 77
Command
Description
no target-mac
timeout <value>
1000 msec
no timeout
Restores to default
traffic-policing
no traffic-policing
Restores to default
Configuration Example
The following example demonstrates how to configure Y.1564 test.
1.
Configure CFM:
device-name(config)#oam
device-name(config-oam)#cfm
device-name(config-cfm)#no shutdown
Page 78
Configure MA:
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 300
Configure CFM:
device-name(config-ma-ma6)#mep 3209
device-name(config-mep-3209)#bind-to 1/1/1
device-name(config-mep-3209)#no shutdown
device-name(config-mep-3209)#ccm-enabled
device-name(config-mep-3209)#exit
2.
Page 79
Configure CFM:
device-name(config)#oam
device-name(config-oam)#cfm
device-name(config-cfm)#no shutdown
Configure MA:
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 300
Configure CFM:
device-name(config-ma-ma6)#mep 3208
device-name(config-mep-3208)#bind-to 1/1/1
device-name(config-mep-3208)#no shutdown
device-name(config-mep-3208)#ccm-enabled
device-name(config-mep-3208)#exit
100.000 %
1000000 us
300000 us
Page 80
2
3
20
Y1
RFC_John
LAB_TEST
device-name#show
Test name
Test owner
Test type
Test mode
State
Status
Function
Profile name
Cfm domain
Cfm ma
Source mep
Target mep
CIR
CIR steps
EIR
Traffic Policing
Pattern
Priority
DE flag
C-vlan Id
C-vlan Priority
C-vlan DE flag
Config duration
Perform duration
Timeout
Loopback type
Datasize
2000, 9000
Custom Datasize
|2
|3
|20
|1
|John
|John
|2
|2
|N/A
|1
|3
|4
|rfc2544
|rfc2544
|rfc2544
|y1731
|rfc2544
|y1564
|Shutdown
|Shutdown
|Shutdown
|Shutdown
|Shutdown
|Enabled
|N/A
|N/A
|N/A
|N/A
|Stopped
|Finished
-----------------------------------------------------------------------| Step 1
CIR: 50000Kbps
Status: Pass
|
-----------------------------------------------------------------------| Size |
IR
|
FLR
|
FTD
|
FDV
|
+--------+-------------+-----------+-----------------+-----------------+
|
64 | 500000Kbps |
0.000 % |
17.354 us |
2.560 us |
+--------+-------------+-----------+-----------------+-----------------+
|
128 | 500000Kbps |
0.000 % |
21.335 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
|
256 | 500000Kbps |
0.000 % |
29.798 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
|
512 | 500000Kbps |
0.001 % |
46.169 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1024 | 500000Kbps |
0.003 % |
78.985 us |
1.024 us |
Page 81
+--------+-------------+-----------+-----------------+-----------------+
| 1280 | 500000Kbps |
0.004 % |
95.378 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1518 | 500000Kbps |
0.004 % |
110.517 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1522 | 500000Kbps |
0.004 % |
111.008 us |
2.048 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1526 | 500000Kbps |
0.004 % |
111.168 us |
1.536 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1530 | 500000Kbps |
0.004 % |
111.547 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1534 | 500000Kbps |
0.004 % |
111.692 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 2000 | 500000Kbps |
0.006 % |
141.074 us |
0.512 us |
+--------+-------------+-----------+-----------------+-----------------+
| 2500 | 500000Kbps |
0.008 % |
174.080 us |
0.000 us |
+--------+-------------+-----------+-----------------+-----------------+
| 9000 | 500000Kbps |
0.043 % |
446.637 us |
1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
Result: Pass
-----------------------------------------------------------------------| Step 2
CIR: 50000Kbps
Status: Pass
|
-----------------------------------------------------------------------| Size |
IR
|
FLR
|
FTD
|
FDV
|
+--------+-------------+-----------+-----------------+-----------------+
|
64 | 1000000Kbps | 99.646 % |
127.395 us |
786.944 us |
+--------+-------------+-----------+-----------------+-----------------+
Result: Pass
Page 82
An SAA includes measurements are specified by the ITU-T Y-1731 standard and interpreted by the
Metro Ethernet Forum (MEF) standards group.
SAA compares test results to predefined SLA thresholds and sends notification when the threshold
is crossed.
In case of simultaneously working SAA tests, it is recommended to use one second
interval. Otherwise high CPU use occurs.
Page 83
Page 84
Command Hierarchy
device-name#
+ config terminal
+ [no] saa
- profile PROFILE-NAME
+ [no] y1731
- domain DOMAIN-NAME
- mep <value>
Page 85
- [no] ma MA-NAME
- [no] shutdown
Command Descriptions
Table 10: ITU-T Y.1731 SAA In-Service Test Commands
Command
Description
config terminal
saa
no saa
profile PROFILE-NAME
no profile PROFILE-NAME
PROFILE-NAME: up to 32
characters, numbers and/or
letters
NOTE
You cannot remove a profile
associated with a running test.
type y1731
no y1731
delay-far-end <value>
1000000 microsecond
no delay-far-end
Restores to default
delay-near-end <value>
1000000 microsecond
no delay-near-end
Page 86
Restores to default
Command
Description
frameloss-far-end <value>
8%
no frameloss-far-end
Restores to default
frameloss-near-end <value>
8%
no frameloss-near-end
Restores to default
jitter-far-end <value>
300000 microseconds
no jitter-far-end
Restores to default
jitter-near-end <value>
300000 microseconds
no jitter-near-end
Restores to default
TEST-NAME: up to 32 characters
type y1731
PROFILE-NAME: up to 32
characters, numbers and/or
letters
y1731
no y1731
Page 87
Command
Description
mode {loopback | test}
Restores to default
domain DOMAIN-NAME
DOMAIN-NAME: up to 22
characters, numbers and/or
letters
mep <value>
ma MA-NAME
Page 88
MA-NAME: up to 22 characters,
numbers and/or letters
Command
Description
delay-method {average | ppercentile}
Average
no delay-method
Restores to default
delay-p-value <value>
50%
no delay-p-value
Restores to default
frequency <value>
1 second
no frequency
Restores to default
history <value>
96
no history
Restores to default
interval <value>
900 seconds
no interval
Restores to default
Page 89
Command
Description
jitter-method {ppercentile | peak-topeak | variance}
Variance
no jitter-method
Restores to default
jitter-p-value <value>
50%
no jitter-p-value
Restores to default
period <value>
1000 millisecond
no period
Restores to default
priority <value>
NOTE
To measure configured priority
correctly, change QoS traffic trust
mode from untrust to trust-priority on
the test-head devices, test-tail devices,
and all devices between.
no priority
Restores to default
target-mep <value>
no target-mep
Page 90
Command
Description
target-mac
HH:HH:HH:HH:HH:HH
no target-mac
timeout <value>
3 seconds
no timeout
Restores to default
shutdown
no shutdown
NOTE
Before enabling the SAA test,
use the commit command to
save the unapplied SAA test
configuration. After enabling
the SAA test, use again the
commit command to confirm
the change.
show saa test [name TEST-NAME owner TESTOWNER]
Page 91
Configuration Example
The following example shows how to configure the SAA In-Service test on two devices.
1.
2.
Page 92
device-name(config-y1731)#history 50
device-name(config-y1731)#interval 60
device-name(config-y1731)#jitter-method variance
device-name(config-y1731)#ma ma6
device-name(config-y1731)#mep 3208
device-name(config-y1731)#period 1000
device-name(config-y1731)#priority 6
device-name(config-y1731)#target-type mep
device-name(config-y1731)#target-mep 7124
device-name(config-y1731)#timeout 5
device-name(config-y1731)#commit
Commit complete.
device-name(config-y1731)#exit
device-name(config-test-test1/user)#no shutdown
device-nameconfig-test-test1/user)#commit
Commit complete.
device-name(config-test-test1/user)#end
3.
Interval Id: 2
Results
Timeouts: 0
Errors: 0
Delay
(NE):
Jitter
(NE):
FrameLoss (NE):
Sent Pkts (NE):
Rcvd Pkts (NE):
gathered: 120
Sent Pkts: 120
1.234 us
Delay
0.050 us
Jitter
0.001 %
FrameLoss
1000000
Sent Pkts
200000
Rcvd Pkts
(FE):
(FE):
(FE):
(FE):
(FE):
1.234 us
0.020 us
0.000 %
200000
999999
Page 93
4.
5.
6.
Page 94
Unidirectional type
Bi-directional type
CAUTION
Initiating these tests stops all traffic for evaluated services on test devices.
NOTE
Due to the heavy traffic flow, only one SAA throughput test can run on a test device at a
time.
Page 95
To perform the SAA Unidirectional Throughput test, define the following parameters:
PDU sizes for the selected test: the test calculates performance for each PDU size (64, 128,
256, 512, 1024, 1280, 1518, 2000, 9000 bytes), and displays the results per PDU size.
Maximum traffic rate and the ratio between constant and burst traffic: the test sends two
traffic streams from the test-head simultaneously:
Stream 1: The constant traffic rate (simulating the Committed Information Rate (CIR)).
The stream uses 90% of the maximum traffic rate by default.
Stream 2: The burst traffic rate (simulating the Committed Burst Size [CBS]). The stream
uses the remaining ten percent of the maximum traffic rate by default.
The test-tail calculates the packet count for each test sequence and sends the results to the testhead. The test-head reduces the test rate or continues to the next PDU size.
To ensure notification delivery, the test-tail keeps sending results until the test-head sends a
reply to the test-tail or until it reaches the configured timeout.
The test ends if the test-head does not receive the message.
The bi-directional throughput test generates test frames using 802.1ag LBM/LBR format.
To perform the SAA Bi-Directional throughput test, define the following parameters:
Page 96
PDU sizes for the selected test. The test calculates performance for each PDU size (64, 128,
256, 512, 1024, 1280, 1518, 1530, 2000, 9000 bytes), and displays test results per PDU size.
The test transmits PDUs at the defined CIR rate for the test duration to determine whether
the frame loss differs from the threshold.
After completing packet transmission, the test is suspended for a length of time equal to the
maximum latency at which all packets arrive.
Transmitted PDU has an ID (sequence number) and timestamp used for statistics calculation.
If frame loss is higher than the maximum frame loss percentage, the test-head repeats the test
at a lower rate until frame loss is within the configured SLA range.
Page 97
Command Hierarchy
device-name#
+ config terminal
+ [no] saa
- profile PROFILE-NAME
- [no] shutdown
+ [no] rfc2544
- mode bi-test-head
- mode bi-test-loopback
- mode uni-test-head
- mode uni-test-tail
- [no] c-vlan-drop-eligible
- domain DOMAIN-NAME
- mep <value>
- [no] s-vlan-drop-eligible
Page 98
Command Descriptions
Table 11: SAA Out-of-Service Throughput Commands
Command
Description
config terminal
saa
no saa
profile PROFILE-NAME
no profile PROFILE-NAME
PROFILE-NAME: up to 32
characters
NOTE
You cannot remove a profile
associated with a running test.
type rfc2544
no rfc2544
frameloss <value>
0
no frameloss
Restores to default
Page 99
Command
Description
TEST-NAME: up to 32 characters
type rfc2544
PROFILE-NAME: up to 32
characters, numbers and/or
letters
rfc2544
no rfc2544
burst-persentage <value>
bi-test-head: bi-directional
throughput test
bi-test-loopback: test-loopback
functionality during a bidirectional test
uni-test-head: unidirectional
throughput test
uni-test-tail: test-tail
functionality during a
unidirectional throughput test
10%
no burst-persentage
Restores to default
c-vlan <cvlan-id>
no c-vlan
Page 100
Command
Description
c-vlan-drop-eligible
no c-vlan-drop-eligible
Restores to default
c-vlan-priority <value>
6
no c-vlan-priority
Restores to default
cbs <value>
1 MB
no cbs
Restores to default
cir <value>
500000 kbps
no cir
Restores to default
data-size <value>
Example:
data-size [ 64 128 1530]
no data-size <value>
custom-data-size <value>
no custom-data-size <value>
Page 101
Command
Description
domain DOMAIN-NAME
duration <value>
DOMAIN-NAME: up to 22
characters, numbers and/or
letters
5 seconds
no duration
Restores to default
Restores to default
ma MA-NAME
MA-NAME: up to 22 characters,
numbers and/or letters
mep <value>
Page 102
Command
Description
mode {bi-test-head | bi-testloopback | uni-test-head |
uni-test-tail}
bi-test-head: bi-directional
throughput test
bi-test-loopback: test-loopback
functionality during a bidirectional test
uni-test-head: unidirectional
throughput test
uni-test-tail: test-tail
functionality during a
unidirectional throughput test
PRBS
no pattern
Restores to default
result-ack-timeout <value>
5 seconds
no result-ack-timeout
Restores to default
Page 103
Command
Description
s-vlan-drop-eligible
NOTE
The throughput test priority
must be lower than the CCM
priority.
no s-vlan-drop-eligible
Restores to default
s-vlan-priority <value>
6
no s-vlan-priority
Restores to default
target-mep <value>
no target-mep
target-mac HH:HH:HH:HH:HH:HH
no target-mac
timeout <value>
1 seconds
no timeout
Page 104
Restores to default
Command
Description
shutdown
no shutdown
NOTE
Before enabling the SAA test, use
the commit command to save the
unapplied SAA test configuration.
After enabling the SAA test, use
again the commit command to
confirm the change.
show saa test [name TEST-NAME owner TESTOWNER]
Configuration Example
The following example shows how to configure the SAA Out-of-Service Throughput test on two
devices.
Page 105
1.
2.
3.
Page 106
Profile name
Cfm domain
Cfm ma
Source mep
Target mep
CIR
Pattern
Priority
DE flag
Duration
Timeout
Datasize
Loopback type
:
:
:
:
:
:
:
:
:
:
:
:
:
1
d6
ma6
3208
7124
1000000
prbs
6
0
5 seconds
10 seconds
64, 128, 256, 512, 1024, 1280, 1518, 2000, 9000
oam
The Successful traffic rate is the total number of physically transferred bits per second over the
communication link, including useful data as well as protocol overhead.
The Net Successful rate is the capacity excluding the physical layer protocol overhead; it is
calculated by the following formula:
NetSuccRate = SuccRate*PDUSIZE/(PDUSIZE+160),
where SuccRate is the measured Successful traffic rate, PDUSIZE is the packets size, and the 160
bytes includes 96 interframe gap (IFG) bites, and 64 preamble bytes.
Page 107
1.
2.
3.
Page 108
Single-ended ETH-SLM
Each MEP transmits periodic dual-ended synthetic frames with ETH-SLM information to its peer
MEP in a point-to-point ME and facilitates frame loss measurements at the peer MEP.
Dual-ended ETH-SLM
The MEP sends frames with the ETH-SLM request information to its peer MEPs and receives
frames with ETH-SLM reply information from its peer MEPs to measure synthetic loss and delay.
Page 109
Command Hierarchy
device-name#
+ config terminal
+ [no] saa
Page 110
+ [no] y1731-slm
- profile PROFILE-NAME
+ [no] y1731-slm
- ma MA-NAME
- [no] drop-eligible
- [no] shutdown
Command Descriptions
Table 12: ITU-T Y.1731-SLM SAA In-Service Test Commands
Command
Description
config terminal
Page 111
Command
Description
saa
no saa
profile PROFILE-NAME
no profile PROFILE-NAME
PROFILE-NAME: up to 32
characters, numbers and/or
letters
NOTE
You cannot remove a profile
associated with a running test.
type y1731-slm
no y1731-slm
delay-far-end <value>
1000000 microsecond
no delay-far-end
Restores to default
delay-near-end <value>
1000000 microsecond
no delay-near-end
Restores to default
frameloss-far-end <value>
8%
no frameloss-far-end
Restores to default
frameloss-near-end <value>
8%
Page 112
Command
Description
no frameloss-near-end
Restores to default
jitter-far-end <value>
300000 microseconds
no jitter-far-end
Restores to default
jitter-near-end <value>
300000 microseconds
no jitter-near-end
Restores to default
TEST-NAME: up to 32 characters
type y1731-slm
PROFILE-NAME: up to 32
characters, numbers and/or
letters
y1731-slm
no y1731-slm
bi-test-head: bi-directional
Y1731-SLM test
bi-test-loopback: test-loopback
functionality during a bidirectional test
uni-test-head: unidirectional
Y1731-SLM test
uni-test-tail: test-tail
functionality during a
unidirectional Y1731-SLM test
Page 113
Command
Description
domain DOMAIN-NAME
DOMAIN-NAME: up to 22
characters, numbers and/or
letters
mep <value>
ma MA-NAME
frequency <value>
MA-NAME: up to 22 characters,
numbers and/or letters
1 second
no frequency
Restores to default
history <value>
96
no history
Restores to default
interval <value>
900 seconds
no interval
Restores to default
period <value>
1000 millisecond
Page 114
Command
Description
no period
Restores to default
priority <value>
NOTE
To measure configured priority
correctly, change QoS traffic trust
mode from untrust to trust-priority on
the test-head devices, test-tail devices,
and all devices between.
no priority
Restores to default
target-mep <value>
no target-mep
target-mac
HH:HH:HH:HH:HH:HH
no target-mac
drop-eligible
no drop-eligible
Restores to default
pdu-size <value>
Page 115
Command
Description
no pdu-size
Restores to default
test-id <value>
no test-id
gathering-interval <value>
value: 1sec,
2sec or
3sec
no gathering-interval
include-delay-measurement
no include-delaymeasurement
Restores to default
shutdown
no shutdown
NOTE
Before enabling the SAA test,
use the commit command to
save the unapplied SAA test
configuration. After enabling
the SAA test, use again the
commit command to confirm
the change.
show saa test [name TEST-NAME owner TESTOWNER]
Page 116
Command
Description
Example
The following example demonstrates how to configure bi-directional Y1731-SLM test:
1.
Page 117
Commit complete.
Device-name(config-test-111/111)#
2.
3.
Page 118
Interval
Period
Priority
Test-id
Pdu-size
DE flag
Gathering-int
Include-delay
Delay method
Jitter method
:
:
:
:
:
:
:
:
:
:
60 sec
1000 msec
6
111
1024
Unset
1 seconds
Yes
average
variance
Interval Id: 2
Delay
(NE):
Jitter
(NE):
FrameLoss (NE):
Sent Pkts (NE):
Rcvd Pkts (NE):
15.360 us
0.181 us
0.000 %
59
59
Page 119
T-Marc3208SH
Event Propagation
The Event Propagation feature allows you to configure automatic actions executed upon the
occurrence of specific events.
The feature acts upon receiving events from the events provider. It matches the received events
with pre-configured pairs of event-action and then forwards the matched action to the related
action performer.
To configure this feature, you have to define profiles grouping the event-action pairs. Profiles are
applied to various targets, such as SAPs or physical ports.
By enabling event propagation, the device:
restores the link to the peer device in case the event is reversed
To avoid flapping events, you can configure two timers per profile:
Event timer (hold-off): the interval from the time the event starts before the event propagation
disconnects a link or sends LDP MAC address withdraw message.
Revertive timer (wait-to-restore): the interval from the time the event is reversed before reversing the
Event Propagation action.
This feature is based on TLS and the CFM-OAM functionality. Therefore, it can function only on
devices where these features are enabled.
Page 120
Page 121
+ config terminal
status-
+ service
Description
config terminal
Page 122
id: a string of up to 32
characters, numbers and/or
letters
id: (optional) removes a specific
event-propagation profile
Command
Description
None
no reverse [link-restore | none]
Specifies the source from which the eventpropagation profile receives the configured
event:
Page 123
Command
Description
is dropped or LDP MAC address
withdraw message is sent.
0 milliseconds
0 seconds
no timer {hold-off | wait-torestore}
Restores to defaults
threshold <value>
1
no threshold
port {UU/SS/PP | agN}
event-propagation-profile
<id>
Restores to default
Enters Configuration Mode for a specific port:
no event-propagationprofile
service
tls <service-id> sap {UU/SS/PP |
agN} c-vlan {<cvlan-id> | all |
untagged}
Page 124
Command
Description
Configuration mode
event-propagation-profile <id>
no event-propagation-profile
show event-propagation [profile <id> |
session]
Page 125
Configuration Example
The following example shows how to configure event propagation on two devices (Device 1 and
Device 4).
Provider side is in domain 5 level 5 VLAN 10.
Customer side is in domain 6 level 6 VLAN 10.
In case of problem on level 5, you will receive ais-lck event on level 6. So if you receive such issue
an automatic action can be triggered in Device1 or Device2 based on above mentioned event.
Configure Device 1:
Configure CFM:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#exit
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config)#oam
device-name(config-oam)#cfm
device-name(config-cfm)#domain d6
device-name(config-domain-d6)#level 6
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 10
device-name(config-ma-ma6)#ais-lck-receive
device-name(config-ma-ma6)#ais-lck-transmit
device-name(config-ais-lck-transmit)#ais-lck-level 7
device-name(config-ais-lck-transmit)#ais-lck-priority 3
device-name(config-ais-lck-transmit)#ais-lck-vlan 10
device-name(config-ais-lck-transmit)#mep 602
device-name(config-mep-602)#bind-to 1/1/1
device-name(config-mep-602)#direction up
device-name(config-mep-602)#no shutdown
device-name(config-mep-602)#ccm-enabled
device-name(config-mep-602)#ccm-priority 5
Page 126
device-name(config-mep-602)#exit
device-name(config-ma-ma6)#exit
device-name(config-domain-d6)#exit
Configure Device 2:
Configure CFM:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#exit
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config-tagged-1/1/2)#exit
device-name(config-vlan-10)#exit
device-name(config)#oam cfm
device-name(config-cfm)#domain d5 level 5
device-name(config-domain-d5)#ma ma5 vlan 10
device-name(config-ma-ma5)#ais-lck-receive
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-level 6
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-priority 7
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-vlan 10
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#mep 1 bind-to 1/1/2 direction up
device-name(config-mep-1)#ccm-enabled
device-name(config-mep-1)#ccm-priority 5
device-name(config-mep-1)#exit
device-name(config-ma-ma5)#exit
device-name(config-domain-d5)#exit
device-name(config-cfm)#no shutdown
device-name(config-cfm)#commit
Configure Device 3:
Configure CFM:
Page 127
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#exit
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config-tagged-1/1/2)#exit
device-name(config-vlan-10)#exit
device-name(config)#oam cfm
device-name(config-cfm)#domain d5 level 5
device-name(config-domain-d5)#ma ma5 vlan 10
device-name(config-ma-ma5)#ais-lck-receive
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-level 6
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-priority 7
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-vlan 10
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#mep 2 bind-to 1/1/2 direction up
device-name(config-mep-1)#ccm-enabled
device-name(config-mep-1)#ccm-priority 5
device-name(config-mep-1)#exit
device-name(config-ma-ma5)#exit
device-name(config-domain-d5)#exit
device-name(config-cfm)#no shutdown
device-name(config-cfm)#commit
Configure Device 4:
Configure CFM:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#ex
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config)#oam cfm
device-name(config-cfm)#domain d6
device-name(config-domain-d6)#level 6
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 10
device-name(config-ma-ma6)#ais-lck-receive
device-name(config-ma-ma6)#ais-lck-transmit
device-name(config-ais-lck-transmit)#ais-lck-level 7
device-name(config-ais-lck-transmit)#ais-lck-priority 3
device-name(config-ais-lck-transmit)#ais-lck-vlan 10
device-name(config-ais-lck-transmit)#mep 601
Page 128
device-name(config-mep-601)#bind-to 1/1/1
device-name(config-mep-601)#direction up
device-name(config-mep-601)#no shutdown
device-name(config-mep-601)#ccm-enabled
device-name(config-mep-601)#ccm-priority 5
device-name(config-mep-601)#exit
device-name(config-ma-ma6)#exit
device-name(config-domain-d6)#exit
device-name(config-cfm)#no shutdown
Page 129
Page 130
Features
Standards
MIBs
RFCs
802.1ag
Connectivity Fault
Management (CFM)
IEEE 802.1ag-2007
(draft 8.1)Virtual
Bridged Local Area
Networks (Amendment
5: Connectivity Fault
Management).
Connectivity Fault
ManagementAn
Update on Bridging
Technologies (IEEE
Tutorial, July 18, 2005).
Public MIB,
IEEE8021-CFM-MIB
Private MIB,
PRVT-CFM-MIB.mib
These MIBs are used
for the Connectivity
Fault Management
(CFM) module for
managing IEEE
802.1ag.
RFC 2544,
Benchmarking
Methodology for
Network Interconnect
Devices
Intermediate
802.3ah EFM-OAM
Not supported
ITU-T G.8032v2
Ring Automatic
Protection
Switching (R-APS)
Not supported
ITU-T G.8031
Ethernet Protection
Switching (EPS)
Not supported
Not supported
SAA tests
Public MIB,
ping.mib
Private MIB,
PRVT-SAA-MIB.mib
RFC 2544
RFC 2925 allows
functionality for
creating of ping and
traceroute tests that
can be carried out
periodically on the
remote host.
Event Propagation
IEEE 802.1ag-2007
(Connectivity Fault
Management)
Not supported
Not supported
Table of Figures
Figure 1: SDH/SONET Network Synchronization Hierarchy ....................................................... 3
Figure 2: Clock Transmission over Traditional Ethernet ................................................................. 6
Figure 3: Clock Transmission over Synchronized Ethernet ............................................................ 7
Figure 4: Schematic Presentation of the System Synchronization Concept ................................ 10
Page 1
List of Tables
Table 1: Hierarchy of Quality Levels in Option I Synchronization Networks ............................. 5
Table 2: Hierarchy of Quality Levels in Option II Synchronization Networks ............................ 5
Table 3: ESMC PDU Format ............................................................................................................... 8
Table 4: General Structure of the TLV Field ..................................................................................... 9
Table 5: Structure and Content of TLV Field Containing an SSM ................................................. 9
Table 6: SyncE Commands ................................................................................................................. 13
Page 2
T-Marc3208SH
While PRC/PRS and SSU/BITS are usually implemented as standalone products with timing
functionality only (no data transmission), SEC/SMC/EEC are almost exclusively embedded in
networking products.
Page 3
ITU-T Recommendation G.781 specifies the following clock source quality levels corresponding to
4 base levels of synchronization quality for SDH networks or Synchronous Ethernet networks that
connect to or replace SDH (option I):
QL-DNU: While not used for synchronization, this signal is used when clock quality of the
source is either unknown, too low, or when use of the source risks formation of a
synchronization loop.
QL-INVx, -FAILED, -UNC, -NSUPP: Internal QLs inside the network equipment that are
never generated at an output port.
The following clock-source quality-levels are defined in the synchronization selection process of an
option II network corresponding to second generation quality levels.
QL-SMC: traceable to SONET clock self timed ([ITU-T G.813] or [ITU-T G.8262], option
II)
Table 1 and Table 2 show the clock source quality levels for SDH networks and for Synchronous
Ethernet networks that connect to or replace SONET, as specified by ITU-T Recommendation
G.781 (as option I and option II networks, respectively).
Page 4
Relative Quality
highest
QL-SSU-A
QL-SSU-B
QL-SEC
QL-DNU
QL-INVx, -FAILED, -UNC, -NSUPP
lowest
Relative Quality
highest
QL-STU
QL-ST2
QL-TNC
QL-ST3
QL-ST3E
QL-SMC
QL-ST4
QL-PROV (default position)
QL-DUS
QL-DNU
QL-INVx, -FAILED, -UNC, -NSUPP
lowest
Input with the highest quality level not experiencing a signal fail condition
Page 5
When multiple inputs have the same high quality level, the device selects the input with the
highest priority
When multiple inputs have the same high priority and quality level, the existing reference is
maintained when that reference belongs to the same group
Otherwise, the reference with the lowest Index in the group is selected.
If no clock source could be selected, the local clock oscillator is selected as reference.
Page 6
For 1000Base-T networks, manually configure ports to alternate the master and slave function
(in the clock path).
On 1000Base-X (fiber) and 10GBASE-X (10 gigabit) networks, where there is no bidirectional transmission on a single fiber, one fiber is always used for transmission and the
other for reception.
Gigabit or 10-Gigabit Ethernet Physical Layer Devices (PHYs) devices, which are capable of
providing recovered clock on one of their output pins, support SyncE. The recovered clock is
cleaned by the PLL and fed to the 25MHz crystal oscillator input pin on the PHY device. Newer
Ethernet PHY devices provide a dedicated pin for synchronization input. The advantage of this
approach is that frequency input can be higher than 25MHz resulting in lower jitter and avoidance
of potential timing loop problems within the PHY device.
Event Messages: An event message is sent whenever the clock quality level changes.
Information Messages. An information message is sent every second to signal that the
system is alive and working properly.
Page 7
Despite the fact that the average message rate is about one message/second, this messaging
arrangement ensures a short reaction time. If an information message (alive signal) is not received
within a five-second period, the clock considers the incoming ESMC protocol as having failed.
The ESMC protocol payload uses Type-Length-Values (TLVs) for content format. The clock
quality level is transmitted in a TLV containing the standard 4-bit, SSM quality level values defined
by ITU- T, ANSI and Telcordia.
The ESMC protocol is a unidirectional transmission channel. The Tx phase provides the necessary
information and clock states; the Rx phase always receives that information and states, but the
device may choose whether to use or ignore the information depending upon configuration.
ESMC contains:
an ESMC-specific header
a flag field
The use of flags and TLVs is aimed at improving SyncE link management and the associated
timing change. Table 3 presents the ESMC PDU format. Note that in the TLV field, padding
bits are added to ensure that the field length is an integer number of bytes and covers the
required minimum of 64 bytes.
Page 8
Octet Number
Field
Size
Content (HEX)
1-6
Destination Address
6 octets
Destination Address
=01-80-C2-00-00-02
(hex)
7-12
Source Address
6 octets
13-14
Slow Protocol
Ethertype
2 octets
Slow Protocol
Ethertype = 88-09
(hex)
15
1 octet
16-18
ITU OUI
3 octets
ITU-OUI = 00-19-A7
(hex)
19-20
ITU Subtype
2 octets
01
21
Version
4 bits
01
Event Flag
1 bit
Reserved
3 bits
Reserved
22-24
Reserved
3 octets
Reserved
25-1532
36-1490 octets
See Table
Octet Number
Field
Size
Content (HEX)
Last 4
Frame Check
Sequence (FCS)
4 octets
FCS
Table 4 and Table 5 show the structure of the TLV field, respectively its general structure and the
structure and content when containing an SSM. The ability to use TLV fields keeps the ESMC
protocol open to accommodating future extensions.
Table 4: General Structure of the TLV Field
Field
Size
Type
1 octet
Length
2 octets
up to 1387 octets
Size
Content (HEX)
Type
1 octet
01
Length
2 octets
04
Unused
4 bits
SSM
4 bits
SSM code
System synchronization consists mainly of locking a DPLL onto one of its clock references. There
can be multiple DPLLs in a device and there can be multiple clock sources connected to the
system. Potentially, any clock source can be configured as a clock reference for one or both DPLLs.
Each DPLL generates various internal/external output clocks that may have different frequencies
but are all locked onto a selected reference (see Figure 4).
In the process, the DPLL also cleans up any accumulated jitter/wander. If no acceptable reference
is currently available, the DPLL may go into holdover mode. In holdover mode, the DPLL trying
to preserve the lock on the last available clock reference based on collected history and use of a
clock oscillator (TCXO) available with the device. Before locking onto the first reference after
startup, the DPLL runs in Freerun mode, locked onto the internal TCXO generated clock.
Page 9
Clock Sources
The clock source is a logical entity corresponding to a physical input clock (Ethernet, BITS, etc.).
Specifics and configuration options depend on the input clock type. The T-Marc 3208SH supports
the following clock source types:
Page 10
There are also some special cases in which the reference is selected in a different manner:
Equal Reference: When the top-rated references have the same QL and priority, the
reference with lowest IfIndex (interface index) is selected.
Forced Switch: Applied to any Reference that is enabled and not locked-out.
Output Clocks
The T-Marc 3208SH supports the following types of output clocks:
SyncE Commands
This section describes the command hierarchy for SyncE, lists available commands, and provides a
configuration example.
Page 11
Command Hierarchy
NOTE
SyncE is supported only on Gigabit Ethernet SFP ports (100 Mbps and 1 Gbps);
the valid range is <1/1/1-1/1/4.
device-name#
+ config terminal
system
+ [no] sync-timing
- [no] esmc
- [no] reference-change-notify
- [no] lock-out
Page 12
- [no] shutdown
Command Descriptions
Table 6: SyncE Commands
Command
Description
config terminal
UU/SS/PP: 1/1/1-1/1/4
Page 13
Command
Description
system
UU/SS/PP: 1/1/1-1/1/4
wait-to-restore: wait-to-restore
timer
sync-timing
no sync-timing
ql-prov
no ql-prov-position [before |
after] [ql-dnu | ql-dus | qlinv | ql-prc | ql-prov | qlprs | ql-sec | ql-smc | qlssu-a | ql-ssu-b | ql-st2 |
ql-st3 | ql-st3e | ql-stu |
ql-tnc]
Restores to default
clock-output {UU/SS/PP |
out1}
bits-
no clock-output [UU/SS/PP |
bits-out1]
dpll <module-id>
UU/SS/PP: 1/1/1-1/1/4
(automatically assigned to DPLL
0)
UU/SS/PP: 1/1/1-1/1/4
no dpll
Page 14
Command
Description
esmc
no esmc
frequency {<value> | 0}
0: enables automatic
configuration of the clock
frequency
0
no frequency
clock-source {UU/SS/PP | bitsin<value>}
no clock-source [UU/SS/PP |
bits-in
<value>]
Restores to default
Enables clock source on the specified port:
UU/SS/PP: 1/1/1-1/1/4
UU/SS/PP: 1/1/1-1/1/4
esmc
no esmc
frequency {<value> | 0}
0: enables automatic
configuration of the clock source
frequency
0
no frequency
Restores to default
Page 15
Command
Description
ql-stu | ql-tnc}
Page 16
dnu):
Command
Description
II.
dus
no quality
shutdown
no shutdown
debug {{assert | drv | management
| selection} {true | false}|
packet {event {recv | send} |
informational {recv | send}}}
Restores to default
Enables the clock source
Disables the clock source
Enables displaying of additional log messages
related to:
selection: clock-selection
mechanism
quality-change-notify
no quality-change-notify
dpll <module-id>
no dpll <module-id>
reference-change-notify
no reference-change-notify
reference-clock {UU/SS/PP |
bits-in<value>}
UU/SS/PP: 1/1/1-1/1/4
Page 17
Command
Description
no reference-clock [UU/SS/PP
| bits-in<value>]
priority <value>
UU/SS/PP: 1/1/1-1/1/4
0
no priority [<value>]
Restores to default
lock-out
no lock-out
reference-selection {freerun |
q781}
freerun
no reference-selection
Restores to default
quality-level {enable |
disable}
status-change-notify
no status-change-notify
g781-option {I | II}
Page 18
no g781-option
Restores to default
hold-off <value>
Command
Description
500
no hold-off
Restores to default
wait-to-restore <value>
4
[no] wait-to-restore
show system sync-timing [displaylevel
<value>]
Restores to default
Displays current configuration for the SyncE
feature:
Page 19
Command
Description
Configuration Example
In the following example, multiple clock sources, Ethernet ports using ESMC for dynamic Quality
Level and BITS port with static Quality level, are configured and assigned to both DPLLs.
Output clocks (SyncE and BITS) are generated by the DPLLs.
1.
2.
Enable clock source and ESMC protocol for clock input on port 1/1/2:
device-name(config-sync-timing)#clock-source 1/1/2
device-name(config-clock-source-1/1/2)#esmc
device-name(config-clock-source-1/1/2)#commit
Commit complete.
device-name(config-clock-source-1/1/2)#no shutdown
device-name(config-clock-source-1/1/2)#commit
Commit complete.
3.
Enable clock source and ESMC protocol for clock input on port 1/1/3:
device-name(config-clock-source-1/1/2)#clock-source 1/1/3
device-name(config-clock-source-1/1/3)#esmc
device-name(config-clock-source-1/1/3)#commit
Commit complete.
device-name(config-clock-source-1/1/3)#no shutdown
device-name(config-clock-source-1/1/3)#commit
Commit complete.
4.
Enable clock source and ESMC protocol for clock input on port 1/1/4. Send notifications
whenever clock quality changes:
device-name(config-clock-source-1/1/3)#clock-source 1/1/4
device-name(config-clock-source-1/1/4)#esmc
device-name(config-clock-source-1/1/4)#commit
Commit complete.
device-name(config-clock-source-1/1/4)#no shutdown
device-name(config-clock-source-1/1/4)#commit
device-name(config-clock-source-1/1/4)#quality-change-notify
Commit complete.
5.
Configure bits-in ports and specify a particular quality for the selected clock source:
device-name(config-clock-source-1/1/4)#clock-source bits-in1
device-name(config-clock-source-bits-in1)#quality ql-ssu-
Page 20
device-name(config-clock-source-bits-in1)#commit
Commit complete.
device-name(config-clock-source-bits-in1)#no shutdown
device-name(config-clock-source-bits-in1)#clock-source bits-in2
device-name(config-clock-source-bits-in2)#quality ql-ssu-b
device-name(config-clock-source-bits-in2)#commit
Commit complete.
device-name(config-clock-source-bits-in2)#no shutdown
device-name(config-clock-source-bits-in2)#commit
Commit complete.
6.
7.
module:
device-name(config-dpll-0)#exit
device-name(config-sync-timing)#dpll 1
device-name(config-dpll-1)#reference-clock 1/1/2
device-name(config-reference-clock-1/1/2)#priority 10
device-name(config-reference-clock-1/1/2)#reference-clock 1/1/3
device-name(config-reference-clock-1/1/3)#priority 20
device-name(config-reference-clock-1/1/3)#reference-clock 1/1/4
device-name(config-reference-clock-1/1/4)#priority 30
device-name(config-reference-clock-1/1/4)#reference-clock bits-in2
device-name(config-reference-clock-bits-in2)#priority 25
device-name(config-reference-clock-bits-in2)#exit
device-name(config-dpll-1)#reference-selection g781
device-name(config-dpll-1)#commit
Commit complete.
device-name(config-dpll-1)#no shutdown
device-name(config-dpll-1)#commit
Commit complete.
8.
Page 21
device-name(config-clock-output-1/1/2)#esmc
device-name(config-clock-output-1/1/2)#clock-output 1/1/3
device-name(config-clock-output-1/1/3)#esmc
device-name(config-clock-output-1/1/3)#clock-output bits-out1
device-name(config-clock-output-bits-out1)#dpll 1
device-name(config-clock-output-bits-out1)#exit
device-name(config-sync-timing)#commit
Commit complete.
9.
Page 22
!
reference-clock 1/1/2
!
reference-clock bits-in1
!
!
dpll 1
no shutdown
reference-selection g781
quality-level disable
reference-clock 1/1/3
priority 20
!
reference-clock 1/1/4
priority 30
!
reference-clock 1/1/2
priority 10
!
reference-clock bits-in2
priority 25
!
!
!
Page 23
Standards
MIBs
RFCs
SyncE
No RFCs are
supported by this
feature
Page 24
G.8261
G.8262
G.8264
G.781
Page 1
Network Types 40
IS-IS Packet Types 40
IS-IS Configuration Flow 42
IS-IS Commands 43
Configuration Example 51
Supported Standards, MIBs, and RFCs53
Table of Figures
Figure 1: OSPF Topology ................................................................................................................... 13
Figure 2: Virtual Link Providing Redundancy.................................................................................. 16
Figure 3: OSPF Configuration Flow.................................................................................................. 17
Figure 4: OSPF Configuration Example ........................................................................................... 27
Figure 5: BFD session establishment ................................................................................................ 34
Figure 6: BFD fault detection ............................................................................................................. 35
Figure 7: Level 1, Level 2, and Level 1-2 Routers in an IS-IS Network Topology..................... 39
Figure 8: IS-IS Configuration Flow ................................................................................................... 42
List of Tables
Table 1: IP Unicast Routing Default Configuration.......................................................................... 6
Table 2: Default Administrative Distances of the Dynamic Routing Protocols ........................... 6
Table 3: Static Routes Commands ....................................................................................................... 7
Table 4: LSA Type Names and Numbers ......................................................................................... 14
Table 5: OSPF Commands ................................................................................................................. 19
Table 6: TE Commands ...................................................................................................................... 31
Table 7: BFD Commands ................................................................................................................... 36
Table 8: IS-IS Packet Types ................................................................................................................ 40
Table 9: IS-IS Hello PDU Fields ........................................................................................................ 41
Table 10: IS-IS Commands ................................................................................................................. 45
Page 2
T-Marc3208SH
IP Unicast Routing
The section provides a technical overview of the principles of unicast routing.
Page 3
IP Unicast Routing
Populating the Routing Table (FIB)
The routing table is a database that stores and updates the locations (addresses) of other network
devices and the most efficient routes to them. It is used to directing routing.
The table is populated from the following sources:
Dynamic routes, typically learned from routing protocol packets (see Dynamic Routes)
Static routes, manually entered by the network administrator (see Static Routes). They include:
Default routes, configured by the network administrator
Local routes, of IP interface addresses assigned to the system
Other static routes, configured by the network administrator
Dynamic Routes
Dynamic routes are typically learned by the routing protocols (OSPF, IS-IS). Routers that use the
routing protocols exchange information in their routing tables by advertising. Using dynamic
routes, the routing table only contains accessible networks. Dynamic routes are deleted from the
table when either of the following occurs:
Page 4
An update for the network is not received for a period of time that is determined by the
routing protocol (i.e., the dynamic route is aged out of the table)
A neighbor sends a command to delete the dynamic routes advertised by the routing protocol
OSPF (by setting the route aging time to the maximum and flooding the Link-State
Advertisement (LSA) to the advertiser neighbors)
Static Routes
Static routes are manually entered into the routing table. Static routes are important in the following
cases:
When, for security reasons, you need to make changes to the routing table of the router
When it is necessary to specify a gateway of last resort to which all unroutable packets will be
sent
Special IP Interfaces
A permanent Layer 3 interface (sw0) is attached to the default VLAN. All available ports in the
system are attached to the default VLAN as untagged. For the device to be able to route between
the VLANs, the Layer 3 interfaces must be configured with an IP address.
The lo1-lo9 Layer 3 interfaces are not directly related to a VLAN. These interfaces can never be in
a down state. The packets sent through them are looped back to the IP stack and are then routed
on a destination-IP-address basis.
The outBand0 Layer 3 IP interface (OutBand interface) is destined for debugging purposes and
cannot be used to pass data.
Route-Maps
A route map provides an advanced filtering mechanism used to control and modify routing
information, and to specify the criteria for permitting or denying redistribution of routes between
routing devices. Route maps consist of a list of match and set clauses that specify the required
criteria and the actions to perform if these criteria are met.
Page 5
Prefix-List
Prefix-lists work like access lists for route advertisements (prefixes). Prefix-lists are used to match
routes as opposed to traffic. Two things are matched:
The prefix-length (the length of the subnet mask). Two optional keywords (ge and le) can be
used to designate a range of prefix lengths to be matched.
Prefix lists work very similarly to access lists; a prefix list contains one or more ordered entries
which are processed sequentially. As with access lists, the evaluation of a prefix against a prefix list
ends as soon as a match is found.
An empty prefix list permits all prefixes. A prefix that does not match any entries of a prefix list is
denied.
Default Value
Not defined
See Table 2
IP Forwarding
Enabled
Page 6
Route Source
Default Distance
Connected IP interface
OSPF
110
IS-IS
115
Unknown
255
IP Configuration Commands
Commands Hierarchy
device-name#
+ config terminal
+ router
- [no] ge <value>
- [no] le <value>
Commands Descriptions
Table 3: Static Routes Commands
Command
Description
config terminal
router
no router
Page 7
Disabled
no router static-route [A.B.C.D/M
A1.B1.C1.D1 <distance-value>]
prefix-list NAME
no prefix-list
rule ID
no rule
ge <value>
no ge
ip-prefix A.B.C.D/M
A.B.C.D/M: in dotted-decimal
format
no ip-prefix
le <value>
Page 8
no le
no type
route-map NAME
no route-map
rule ID
Page 9
ip-address-prefixlist NAME:
specifies a prefix list used to
match against the IP address of
the route entries
ip-nexthop-prefixlist NAME:
specifies a prefix list used to
match against nexthop of the route
entries
no match
next-rule <value>
no next-rule
no on-match
no set
Page 10
no type
show routes [RouteEntry {flags {blackhole
| changed | deleted | ibgp | internal
| mpls_egress | mpls_ingress | outband
| selected | self_ip | selfroute |
static | staticarp | vrrp_ip} | ifname
NAME | metrics <metric value> |
NextHopFlags {active | fib |
fibsetoutband | notready | outband |
recursive} | nexthoptype {ifindex |
ifname | ipv4 | ipv4_ifindex |
ipv4_ifname ipv6 | ipv6_ifindex |
ipv6_ifname} | uptime <duration> |
A.B.C.D/M}]
Page 11
Shortest Path First (SPF) algorithmcalculates configurable cost metrics and exchanging
routing information between routers in large networks.
Area types
OSPF requires dividing the network into a logical star of areas.
Backbone area
Stub area
Normal Area
The topology within an area is hidden from the rest of the AS. Hiding this information significantly
reduces LSA traffic and the calculations needed to maintain the LSDB. Routing within the area is
determined only by the topology.
Backbone Area
This area (also called Area 0) connects all other OSPF areas to each other. Any traffic
between areas must go through the backbone area. Due to its role, this area has to be
robust and stable. It should have internal redundancy and efficient bandwidth to handle
the traffic between areas.
Network areas should be contiguous (all in one connected piece). OSPF has a mechanism
for handling disconnections between network areas (other than Area 0) due to link
failures.
Page 12
Stub Area
A stub area is connected to other areas; one of them may be the backbone area. External route
information is not distributed into stub areas. Stub areas are used to reduce memory consumption
and computation requirements on OSPF routers.
Normal Area
An area which is not Area 0 or a Stub area.
Not-So-Stubby-Area (NSSA)
NSSA is an optional area that does not flood all LSAs from the core into the area, but can import
and redistribute AS-external routes within the area.
Page 13
LSA Name
LSA Description
Router-LSAs
Network-LSAs
3, 4
Summary-LSAs
AS-externalLSAs
OSPF Neighbors
Upon initialization, routers running OSPF attempt to locate neighboring routers to exchange LSAs.
Routers form adjacencies with neighboring routers before exchanging routing information. The
routers check details, such as subnet address, OSPF area number, network type, and authentication
passwords before forming an adjacency.
Page 14
Broadcast
The Broadcast OSPF network type typically runs on multi-access broadcast IP interfaces such as
Ethernet, Token Ring, or FDDI.
Each Broadcast OSPF area includes one Designated Router (DR) and one Backup Designated
Router (BDR) elected dynamically on a broadcast segment with which all other routers form
adjacencies. The election criteria include router ID, loopback IP interface presence, and router IP
interface priority values.
The system administrators can manually configure these criteria to influence the selection process.
The DR and BDR are responsible for collecting link state information from all routers on the
broadcast segment, compiling, and distributing the resulting area map back to each router. This
prevents all routers on a common segment from exchanging link state information with every other
router on a segment, thus reducing the amount of traffic on a broadcast segment.
Point-to-Point
The point-to-point OSPF network type is typically implemented across dedicated WAN circuits,
such as T-1 links or on frame relay point-to-point sub-interfaces.
This network type does not have a designated router since each segment includes only two routers.
These routers exchange link state information and routes as peers across a common subnet.
Virtual Links
You can configure virtual links between any two backbone routers that have an IP interface to a
common non-backbone area. The protocol treats two routers joined by a virtual link as if they were
connected by a point-to-point connection in the backbone.
If you cannot physically connect an area to the backbone area, you can use a virtual link to connect
to the backbone through a non-backbone area, known as a transit area. The transit area must have
full routing information; therefore it cannot be a stub area.
In the image below if the connection between ABR1 and the backbone fails, the connection via
ABR2 provides redundancy, ensuring communication between ABR1 and the backbone using the
virtual link.
Page 15
Page 16
Page 17
OSPF Commands
Commands Hierarchy
device-name#
+ config terminal
+ [no] router
+ [no] ospf
- [no] passive
+ [no] nssa
- [no] summaries
+ [no] stub
- [no] summaries
- [no] compatible-rfc-1583
Page 18
- [no] traffic-engineering
Commands Descriptions
Table 5: OSPF Commands
Command
Description
config terminal
router
no router
ospf
no ospf
Disables OSPF
area <id>
Not defined
no area [<id>]
Page 19
Command
Description
area-range <range-id>
[advertise nssa-external-link
| do-not-advertise]
advertise nssa-external-link:
configures NSSA external linkstate advertisement (Type-7)
which can be flooded throughout
the NSSA area
do-not-advertise: prevents
advertisement of configured
networks
Advertise
no area-range [<range-id>]
shortcut-configuration
no shortcut-configuration
Restores to default
interface A.B.C.D
Not activated
no interface [A.B.C.D]
no auth-key-md5 entry
auth-key-simple STRING
no auth-key-simple
Page 20
Command
Description
auth-type {md5 | simple}
Simple
no auth-type
Restores to default
dead-interval <interval>
40 seconds
no dead-interval
Restores to default
hello-interval <interval>
10 seconds
no hello-interval
Restores to default
interface-type {broadcast |
point-to-point}
broadcast
point-to-point
Broadcast
no interface-type
Restores to default
metric <value>
10
no metric
Restores to default
passive
no passive
priority <priority>
1
no priority
Restores to default
Page 21
Command
Description
transit-delay <delay>
1 seconds
no transit-delay
Restores to default
nssa
no nssa
summaries
no summaries
stub
no stub
summaries
no summaries
default-metric <metric>
1
no default-metric
virtual-link A.B.C.D
Restores to default
Specifies a virtual link to connect the area
border routers to the backbone via a virtual
link and enters the OSPF Virtual Link
Configuration mode:
Not configured
no virtual-link
auth-key-md5 entry <value>
word STRING
Page 22
Command
Description
no auth-key-md5 entry
<value>
auth-key-simple STRING
no auth-key-simple
Simple
no auth-type
Restores to default
dead-interval <interval>
40 seconds
no dead-interval
Restores to default
hello-interval <interval>
10 seconds
no hello-interval
Restores to default
transit-delay <delay>
1 second
no transit-delay
redistribute {connect | static}
Restores to default
Redistributes OSPF routes from one routing
domain into another routing domain and
enters the OSPF Redistribute Configuration
mode:
Disabled
no redistribute
Restores to default
Page 23
Command
Description
metric-type1 <metric>
0
no metric-type1
Restores to default
route-map NAME
no route-map
router-id A.B.C.D
A.B.C.D: fixed-router ID in a
dotted-decimal format
timers
no timers
spf-wait <delay>
5 seconds
no spf-wait
Restores to default
lsa-generate <interval>
10 seconds
no lsa-generate
Restores to default
lsa-arrival <interval>
10 seconds
no lsa-arrival
Page 24
Restores to default
compatible-rfc-1583
no compatible-rfc-1583
Command
dscp-mapping <value>
Description
Specifies a DSCP priority of the OSPF
packets:
no dscp-mapping
traffic-engineering
no traffic-engineering
external-link-state-DB-size <size>
Assigns the upper limit to the number of nondefault AS-external-LSAs allowed in the
routers Link-State Database (LSDB). The
router enters Overflow state when the number
of non-default AS-external-LSAs in the
database reaches their maximum.
10000
no external-link-state-DB-size
Restores to default
external-link-state-overflow-timer
<timer>
Restores to default
Displays the OSPF database:
Page 25
Command
Description
Page 26
Configuration Example
Figure 4 shows an example of a network that uses OSPF routing. The diagram is followed by
commands that create this network.
RSW1 Configuration:
1.
2.
Enable OSPF for the network 192.168.1.0/24 and assign the area 1 for the network:
RSW1(config)#router ospf area 0.0.0.1 interface 192.168.1.1
RSW1(config)#commit
RSW2 Configuration:
1.
2.
Enable OSPF for the network 192.168.1.0/24 and assign the area 1 for the network:
RSW2(config)#router ospf area 0.0.0.1 interface 192.168.1.2
RSW2(config)#commit
Page 27
RSW3 Configuration:
1.
2.
Enable OSPF for the network 192.168.1.0/24 and assign the area 1 for the network:
RSW3(config)#router ospf area 0.0.0.1 interface 192.168.1.3
3.
Enable OSPF for the network 20.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW3(config)#router ospf area 2.2.2.2 interface 20.0.0.1
4.
Enable OSPF for the network 10.0.0.0/8 and assign the area 0 for the network:
RSW3(config)#router ospf area 0.0.0.0 interface 10.0.0.1
RSW3(config)#commit
RSW4 Configuration:
1.
2.
Enable OSPF for the network 192.168.0.1/24 and assign the area 3 for the network:
RSW4(config)#router ospf area 0.0.0.3 stub
RSW4 (config-area-0.0.0.3)# interface 192.168.0.1
3.
Enable OSPF for the network 30.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW4(config)#router ospf area 2.2.2.2 interface 30.0.0.1
4.
Enable OSPF for the network 10.0.0.0/8 and assign the area 0 for the network:
RSW4(config)#router ospf area 0.0.0.0 interface 10.0.0.2
RSW4(config)#commit
RSW5 Configuration:
1.
2.
Enable OSPF for the network 30.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW5(config)#router ospf area 2.2.2.2 interface 30.0.0.2
3.
Enable OSPF for the network 20.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW5(config)#router ospf area 2.2.2.2 interface 20.0.0.2
RSW5(config)#commit
RSW6 Configuration:
Page 28
1.
2.
Enable OSPF for the network 192.168.0.0/24 and assign the area 0.0.0.3 for the network:
RSW6(config)#router ospf area 0.0.0.3 stub
RSW6 (config-area-0.0.0.3)#interface 192.168.0.2
RSW6(config)#commit
Page 29
TE Commands
Commands Hierarchy
device-name#
Page 30
Commands Descriptions
Table 6: TE Commands
Command
Description
A.B.C.D
A.B.C.D
maximum-backup-hops
<unsignedInt>: in range of <11000> for the backup route.
Value 0unlimited number of
hops
maximum-hops <unsignedInt>: in
range of <1-1000> for the path.
Value 0unlimited number of
hops
Page 31
Command
Description
A.B.C.D
Page 32
Command
Description
Page 33
Detects failures on any bidirectional forwarding paths, such as direct physical link, virtual link,
tunnel, MPLS LSP, multi-hop path, and unidirectional link, between network devices.
Provides a failure detection time of less than one second for faster network convergence, short
application interruptions, and enhanced network reliability.
BFD Mechanism
BFD establishes a session between two network devices to detect failures on the bidirectional
forwarding paths between the devices and provide services for other protocols.
After a session is established, if no BFD control packet is received from the peer within the
specified interval, BFD notifies the protocol that a failure has occurred, and the protocol takes
appropriate measures.
Page 34
Page 35
BFD Commands
Commands Hierarchy
device-name#
+ config terminal
+ [no] router
+ [no] ospf
- show bfd-session
- [no] shutdown
Commands Descriptions
Table 7: BFD Commands
Command
Description
config terminal
router
no router
ospf
no ospf
Disables OSPF
area <id>
Not defined
no area [<id>]
interface A.B.C.D
Not activated
Page 36
Command
Description
no interface [A.B.C.D]
bfd
Enables BFD
no bfd
receive-interval
<interval>
Disabled BFD
Specifies the minimum time-interval at which
BFD peers receive BFD packets:
100 milliseconds
no receive-interval
Restores to default
multiplier <value>
3
no multiplier
Restores to default
send-interval <interval>
100 milliseconds
no send-interval
Restores to default
shutdown
no shutdown
show bfd-session
Page 37
NOTE
ISIS protocol supports only broadcast type of interfaces.
Page 38
Level 1 routerit is part of the Level 1 routing. This router locates the destination host within
the area, known as the intra-area router. The Level 1 router has a link-state database containing
all the routing information for the area. For routers to communicate, neighbors must be in the
same area.
Level 2 routerit routes traffic between areas (so called inter-area routing). The link-state
database is identical on all Level 2 routers, although the database contains prefixes of addresses
in other areas as opposed to internal area addresses.
Level 1-2 routerit has neighbors in different areas. This router holds both a Level 1 database
for the Level 1 area to which it is connected, and a Level 2 database with all the information
for inter-area routing.
Figure 7: Level 1, Level 2, and Level 1-2 Routers in an IS-IS Network Topology
Page 39
Network Types
Broadcast networksconnect more than two devices. When one router sends a packet, all
connected routers receive it. One IS elects the DIS itself. The DIS is responsible for flooding;
it creates and floods a new pseudo-node LSP for each routing level in which it participates
(Level 1 or Level 2) and for each LAN to which it is connected.
LSPs on broadcast media (LANs) are sent to a multicast address.
No configuration is needed to inform IS-IS as to what the network type is.
Level 1the two routers sharing a common network should have their IP interfaces
configured to be in the same area if they are to have a Level 1 adjacency.
Level 2the two routers sharing a common network should be configured as Level 2 if they
are in different areas and want to become neighbors.
AuthenticationIS-IS allows to configure a password for a specified link, for an area, or for
an entire domain.
Description
Intermediate System-to-Intermediate
System Hello (IIH)
Page 40
Level 1 pseudonode
Level 1 nonpseudonode
Level 2 pseudonode
Level 2 nonpseudonode
Description
PDU type
Source ID
Holding time
Circuit type
PDU length
Local circuit ID
LAN ID
Priority
Page 41
Page 42
IS-IS Commands
Commands Hierarchy
+ config terminal
+ [no] router
+ [no] isis
- [no] authentication-check
+ [no] level-2
- [no] authentication-check
- [no] passive-interface
Page 43
- [no] shutdown
+ [no] level-1
- [no] authentication-check
+ [no] level-2
- [no] authentication-check
- [no] shutdown
Page 44
Commands Descriptions
Table 10: IS-IS Commands
Command
Description
config terminal
router
no router
isis
no isis
Disables IS-IS
authentication-check
no authentication-check
authentication-key-simple STRING
no authentication-key-simple
authentication-key-md5 STRING
no authentication-key-md5
None
no authentication-type
Restores to default
area-address FF:FF:FF:FF:FF:FF
no area-address FF:FF:FF:FF:FF:FF
FF:FF:FF:FF:FF:FF: area ID in
hexadecimal format
Page 45
Command
Description
sw0
no interface {outBand0 | loN |
swN}
Restores to default
level-1
no level-1
level-2
no level-2
authentication-check
no authentication-check
authentication-key-simple
STRING
no authentication-key-simple
Page 46
Command
Description
authentication-key-md5
STRING
no authentication-key-md5
authentication-type {none |
simple | md5}
None
no authentication-type
Restores to default
csnp-interval <interval>
10 seconds
no csnp-interval
Restores to default
hello-interval <interval>
3 seconds
no hello-interval
Restores to default
hello-multiplier <value>
10
no hello-multiplier
Restores to default
lsp-interval <interval>
10 milliseconds
no lsp-interval
Restores to default
metric <metric>
10
no metric
Restores to default
Page 47
Command
Description
priority <priority>
64
no priority
Restores to default
retransmit-interval
<interval>
5 seconds
no retransmit-interval
Restores to default
passive-interface
no passive-interface
shutdown
no shutdown
level-1
no level-1
level-2
no level-2
authentication-check
no authentication-check
authentication-key-simple
STRING
no authentication-key-simple
authentication-key-md5 STRING
no authentication-key-md5
Page 48
Command
Description
authentication-type {none |
simple | md5}
None
no authentication-type
Restores to default
lsp-gen-interval <interval>
30 seconds
no lsp-gen-interval
Restores to default
Narrow
no metric-style
Restores to default
set-overload-bit
no set-overload-bit
lsp-refresh-interval <interval>
900 seconds
no lsp-refresh-interval
Restores to default
max-lsp-lifetime <interval>
1200 seconds
Page 49
Command
Description
no max-lsp-lifetime
Restores to default
router-id [FF:FF:FF:FF:FF:FF]
FF:FF:FF:FF:FF:FF: (optional)
router ID in hexadecimal format
route-leak A.B.C.D/M
no route-leak
spf-interval <interval>
5000 milliseconds
no spf-interval
Restores to default
summary-address A.B.C.D/M
no summary-address
Restores to default:
shutdown
no shutdown
te-router-id <id>
Page 50
no te-router-id
redistribute connect
Command
Description
no redistribute connect
redistribute default
no redistribute default
redistribute static
no redistribute static
metric <metric>
10
no metric
Restores to default
Level 2
no level
Restores to default
Configuration Example
1.
The following example enables IS-IS as a Level1-2 router on interfaces sw10 and sw20:
device-name(config-isis)#router-id 11:11:11:11:11:11
device-name(config-isis)#interface sw10
device-name(config-interface-sw10)#level level1L2
device-name(config-interface-sw10)#exit
device-name(config-interface)#exit
Page 51
device-name(config-isis)#interface sw20
device-name(config-interface-sw20)#level level1L2
device-name(config-interface-sw20)#exit
device-name(config-interface)#exit
device-name(config-isis)#area-address 11:22:33:44
device-name(config-area-address-11:22:33:44)#commit
2.
3.
Page 52
Standards
MIBs
RFCs
IP Unicast
Routing
No standards are
supported by this
feature.
Private MIB,
PRVT-SWITCHIPVLAN-MIB.mib.
Open Shortest
Path First
(OSPF)
Bidirectional
Forwarding
Detection
(BFD)
No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
IS-IS
ISO 10589
Information
Technology
Telecommunicati
on and
information
exchange
between
systems
Intermediate
system to
Intermediate
system intradomain routing
information
exchange
protocol for use
in conjunction
with the protocol
for providing the
connectionlessmode Network
Service (ISO
8473), 1992.
Private MIB,
PRVT-ISISMIB.mib
Page 53
Page 54
Page 1
Table of Figures
Figure 1: MPLS Cloud ........................................................................................................................... 4
Figure 12: VPWS .................................................................................................................................... 4
Figure 2: VPLS Cloud ............................................................................................................................ 5
Figure 3: Packets at Different Points of the VPLS............................................................................ 6
Figure 4: H-VPLS Topology ................................................................................................................. 7
Figure 5: Two-tiered Hierarchical VPLS Model ................................................................................ 7
Figure 6: A Spoke PW Failure in a Hub and Spoke Topology ........................................................ 8
Figure 7: Recovery from a Spoke PW Failure .................................................................................... 9
Figure 8: A Mesh PW Failure in a Hub and Spoke Topology ......................................................... 9
Figure 9: Recovery from A Mesh PW Failure .................................................................................... 9
Figure 10: Establishing a TE-tunnel .................................................................................................. 11
Figure 11: One-to-One Backup Method ........................................................................................... 12
Figure 12: Facility Backup Method .................................................................................................... 13
Figure 13: Penultimate Hop Popping ................................................................................................ 15
Figure 14: MPLS and VPLS Configuration Flow ............................................................................ 16
Figure 15: A Triangle Topology Configuration Example............................................................... 57
List of Tables
Table 1: Term Definitions and Acronyms ........................................................................................ 11
Table 2: MPLS Configuration Commands ....................................................................................... 17
Table 3: LDP Configuration Commands .......................................................................................... 20
Table 4: RSVP and TE Entity Configuration Commands ............................................................. 26
Table 5: VPLS Commands .................................................................................................................. 36
Table 6: Show Commands .................................................................................................................. 45
Table 7: Fields Displayed by show mpls tunnel command................................................ 48
Page 2
T-Marc3208SH
Architecture
An MPLS network is typically a large group of core devices distributed over a wide geographic area.
MPLS can also be used in metropolitan area networks.
The MPLS network is built by unidirectional Label Switched Paths (LSPs) that are created by a
signaling protocol prior to data transmission. LSPs include:
Label Edge Routers (LER): Devices at the LSP ingress and egress points connected to the
non-MPLS networks.
Label Switching Routers (LSR): Devices within the MPLS network core.
Upon data transmission, data packets are routed to the LER (at the MPLS ingress point). Based on
packet details, the LER determines which LSP to tunnel the packet through and prefixes the packet
with an appropriate label. Each LSR along the LSP switches the packet label to another label and
then forwards the packet to the next LSR along the path. The LER at the MPLS network egress
removes the label from the packet and forwards the packet to the external network.
For further details refer to Multiprotocol Label Switching Architecture RFC 3031.
Page 3
VPWS
VPLS
Page 4
Pseudowire (PW) describes the connection between the end-points. A full mesh of PWs must exist
among PEs within the same VPLS instance. In order to prevent loops, a PE must not forward
traffic from one pseudowire to another in the same VPLS instance. Note that this does not apply to
traffic received on a PE user port that is considered an access port for the VPLS service. If a packet
with an unknown destination MAC address arrives at such a port, the PE must flood this packet to
all pseudowires and users ports (if any) pertaining to the VPLS instance.
While traveling along a PW, packets contain a stack of two labels. Both labels are added by PEs at
the time the packets enter the MPLS core. The core routers (LSRs) use the outer, transport label to
switch the packet through to the far-end PE. LSRs do not know that the packet belongs to a given
VPLS instance as they only take into account the outer label. This feature provides an additional
level of security for user traffic.
The other, inner, Virtual Circuit label, is put to use at the far-end PE. The Virtual Circuit label
identifies the VPLS instance to which the packet belongs (for example, it is used as a service
delimiter). Once the PE becomes aware of the VPLS, the packet is switched based on the
destination MAC address.
Page 5
On receipt, the far-end PE strips the Ethernet header and labels used within the MPLS cloud off
the packet. Depending on the VC label, the PE sends the packet to a respective access port.
When the PE receives an Ethernet frame carrying a VLAN tag intended to go into the MPLS
cloud, the PE can operate using two encapsulation modes (VC types):
ETHERNET: The PE regards tags placed in the packet by customer equipment as not
service-delimiting. In this mode, the tag has no meaning to the PE. Service-delimiting tags
are never sent over the pseudowire. If a service-delimiting tag is present when the packet is
received from a user by the PE, the tag must be removed from the packet before the packet is
sent to the pseudowire.
When this mode is used, the remote PE receives an untagged frame from the pseudowire
after the original tag was stripped off by the transmitting PE. Depending on the VPLS
instance SAP (Service Access Point) configuration, the PE may add a different tag, on
frame reception, to achieve VLAN translation across the PW, or the PE may leave the
frame untagged.
In both modes, when a single Ethernet packet contains more than one tag, the PE device inspects
the outermost tag to adapt the Ethernet packet to the pseudowire, and encapsulates the stacked tags
in VC type VLAN mode or removes the outer tag before encapsulation in VC type Ethernet mode.
NOTE
The VC type should match on the PW endpoint device.
Page 6
MTU and PE devices connect to each other via a single spoke pseudowire. There is no need
for a full mesh of pseudowires between an MTU and all the PEs of a particular VPLS instance
as in a classic VPLS application. This is achieved by introducing a slight change in PE
operation, specifically, PE devices treating spoke pseudowires as user access ports. As a result,
PEs flood packets received from spoke pseudowires to other spoke pseudowires and mesh
pseudowires associated with the same customer. The PE will flood packets received from
mesh pseudowires only to spoke pseudowires and not to other mesh pseudowires in order to
prevent loops and achieve Split-Horizon functionality.
Page 7
According to its position in the H-VPLS topology, the device operates in two modes:
MTU-S mode single-active-spoke and backup-spoke pseudowires are allowed per VPLS
instance.
NOTE
In H-VPLS terminology, spoke pseudowires are referred to as spoke-SDPs (service
distribution points), and mesh/hub pseudowire are referred to as mesh-SDPs.
NOTE
The VPT preservation is enabled by default.
NOTE
You cannot use the same service ID for all MPLS L2 services.
You cannot use the same physical port as a MPLS and TLS SAP.
PW RedundancyService Protection
In H-VPLS topology, VPLS core PWs (mesh) are augmented with access PWs (spokes) to form a
two-tier hierarchical VPLS. The use of Dual-Homing, Active and Backup PWs terminating on
different PEs provides protection against the failure of the spoke or the failure of the PE.
In certain applications, there is a need for a different mechanism to protect the target PE node or
the MTU Service Access Point failure. PW redundancy overcomes such failures by signaling the
preferred PW used for forwarding data traffic between the local and remote peers of the PW. This
mechanism becomes operational once multiple PWs (SDPs) are configured for the same service.
The status of a spoke-PW/SDP (Active/Backup) determines the order of precedence for the PW.
In an MTU VPLS service instance with two PWs, the PW with the lower value will be the Active
one. If both PWs are the same, with respect to precedence, the Active PW would be the first one
signaled to the PEs.
Mechanism behavior s defined per service using the redundancy-mode parameter. By default, the
parameter is set to independent mode in which the PW state is defined both by PW precedence and
remote requests.
1
PE
VPLS
Mesh
3
PE
Active PW-sp
oke
MTU
Backup
PW-sp
oke
2
PE
4
PE
MTU
oke
PW-sp
Backup
switchover request
(by clearing preferential forwarding bit)
Page 8
Once the standby spoke PW is active and a new path is used, the MTU for the activated, standby
PW sends a MAC-Address Withdrawal to the PE, which in turn distributes the MAC-Address
Withdrawal to all other PE devices, allowing faster convergence:
1
PE
Backup PW-spoke
3
PE
VPLS
Mesh
Active PW-sp
oke
MTU
Active
2
PE
PW-sp
oke
4
PE
MTU
oke
PW-sp
Backup
MAC Address
Withdrawal
switchover between
Active and Standby
1
Active PW-spoke
switchover between
Active and Standby
PE
Active PW-sp
oke
PE
VPLS
Mesh
MTU
Backup
PW-sp
oke
PE
MTU
poke
p PW-s
Backu
PE
switchover request
switchover request
With the backup spoke PW active, using a new path, the MTU for the standby PW, sends a MACAddress Withdrawal to the PE. To achieve faster convergence, the PE, in turn, distributes the
MAC-Address Withdrawal to all other PE devices.
1
Backup PW-spoke
PE
VPLS
Mesh
PE
Backup PW-sp
oke
MTU
Active
PW-sp
oke
PE
Active
MTU
oke
PW-sp
PE
MAC Address
Withdrawal
Page 9
Maximize throughput
Minimize delay
MPLS directs a flow of IP packets along unidirectional LSPs. The physical path of the LSP is not
constrained to the shortest path, to reach the destination IP address, chosen by the IGP.
A host uses the Resource Reservation Protocol (RSVP) network protocol to request specific
qualities of service from the network for particular application data streams or flows. Routers also
use RSVP to deliver Quality of Service (QoS) to all nodes along the path of the flow and to
establish and maintain the state needed to provide the requested service. MPLS leverages RSVP to
set up traffic-engineered LSPs.
RSVP requests generally result in reservation of resources in each node along the data path. Hosts
and routers that support both MPLS and RSVP can associate labels with RSVP flows. When MPLS
and RSVP are combined, the definition of a flow can be made more flexible. Once an LSP is
established, the traffic through the path is defined by the label applied at the ingress node of the
LSP.
Page 10
Meaning
Local Repair
The LSR where one or more backup tunnels rejoin the path of the
protected LSP downstream of the potential failure. The same LSR may
Page 11
Facility Backup
Guarded-Destination
Hop
The PLR
The protected resource
The Merge Point
Signal the primary tunnel through the ingress IP address of the Merge
Point. To protect a group of primary tunnels traversing the hop, the
guarded-destination hop is defined on PLR as a for manual bypass
tunnel.
NOTE
For further details regarding protection establishment and the roles of devices in a
protected RSVP-TE based environment, refer to RFC 3209.
R2 can provide user traffic protection by creating a partial backup LSP that merges with the
protected LSP at R4. The partial one-to-one backup LSP [R2->R7->R8->R4] is a detour.
To protect an LSP that traverses N nodes, there could be as many as (N - 1) detours.
To minimize the number of LSPs in the network, it is recommended to merge a detour back to its
protected LSP, whenever possible. Merger occurs when a detour LSP intersects its protected LSP at
an LSR with the same outgoing interface.
When a failure occurs along the protected LSP, the PLR redirects traffic onto the local detour. For
instance, if the [R2->R3] link fails, R2 switches traffic received from R1 onto the protected LSP
along link [R2->R7], using the label received when R2 created the detour.
When R4 receives traffic with the label provided for R2's detour, R4 switches this traffic onto link
[R4-R5], using the label received from R5 for the protected LSP.
Page 12
At no point does the depth of the label stack increase as a result of the detour.
While R2 uses its detour, traffic uses the path [R1->R2->R7->R8->R4->R5].
In the above example, R2 has built a bypass tunnel to protect against link failure [R2->R3] and
node [R3]. The doubled lines represent this tunnel. This technique provides scalability improvement
in that the same bypass tunnel can also be used to protect LSPs from any of R1, R2, or R8 to any of
R4, R5, or R9. Example 2 describes three different protected LSPs that are using the same bypass
tunnel for protection.
There could be as many as (N-1) bypass tunnels to fully protect an LSP that traverses N nodes.
However, each of those bypass tunnels could protect a set of LSPs.
When a failure occurs along a protected LSP, the PLR redirects traffic into the appropriate bypass
tunnel. For instance, if link [R2->R3] fails in Example 2, R2 will switch traffic received from R1 on
the protected LSP onto link [R2->R6]. The label will be switched for one which will be understood
by R4 to indicate the protected LSP, and the bypass tunnel label will then be pushed onto the labelstack of the redirected packets.
If penultimate-hop-popping is used, the merge point in Example 2, R4, will receive the redirected
packet with a label indicating the protected LSP that the packet is to follow. If penultimate-hoppopping is not used, R4 will pop the bypass tunnel label and examine the label underneath to
determine the protected LSP that the packet is to follow. When R2 is using the bypass tunnel for
protected LSP 1, the traffic takes the path [R1->R2->R6->R7->R4->R5]; the bypass tunnel is the
connection between R2 and R4.
Page 13
Secondary LSP
In addition to LSP FRR protection, which can be established dynamically (based on CSPF) or
defined explicitly to bypass a local failure, you can use a secondary pre-defined LSP, a redundant
path to the same end point of the protected LSP, to protect RSVP LSP. Same as an FRR bypass
LSP, the secondary LSP can be established dynamically (based on CSPF) or defined explicitly.
RSVP LSP can be protected by FRR, a secondary LSP, or both.
When both protection methods are applied on LSP, FRR will be the first to protect on failure; the
secondary LSP will be second. After an FRR event occurs, the bypass tunnel will be used until
expiration of the configured timeout. After expiration of the MBB timer, the bypass tunnel will be
torn down.
A secondary LSP will be used if it has been configured and established. In order to keep service
functional when the primary LSP fails to recover, the user must have configured a secondary
instance or the MBB timer must be disabled.
Look up the outer label that identifies the packet should have its Transport label stripped on
this router.
Look up the inner label, that identifies which Virtual Routing/Forwarding (VRF in IP MPLS)
or Virtual Circuit (VC in MPLS VPLS) instance to use.
In a large network, two lookups can cause the CPU load on the LER to reach unacceptable levels.
By having PHP for an LER done on the connected LSRs, the load is effectively distributed among
neighboring routers.
PHP functionality is achieved by the LER advertising a label with a value of 3 to its neighbors. This
label is defined as implicit-null and informs the neighboring LSR(s) to perform PHP.
LSR receives implicit-null label from LER 2 to use for prefix 172.16.
Outer label is popped by LSR performing PHP before sending 172.16 to LER 2.
Page 14
Traffic-Engineering Tool
When CSPF is used for automatic RSVP-TE based LSP management, you can determine the path
hops used between two endpoints in the MPLS topology using a CLI, Traffic Engineering tool that
queries the CSPF database and tracks all hops between the endpoints.
Since the CSPF database is used by RSVP-TE to establish an LSP, the path indicated by this tool
will represent the LSP to be established by RSVP-TE protocol. The tool can be used for advanced
troubleshooting; usage requires specifying the head and tail ends of a desired path as shown in the
following example (see Traffic-Engineering Tool Example).
NOTE
In addition, two more mpls connectivity tools are available: mpls-ping and mplstrace.
Page 15
Page 16
+ config terminal
+ [no] mpls
- timeout <timeout>
- ttl <ttl>
- timeout <timeout>
- ttl <ttl>
Description
config terminal
router
no router
mpls
Page 17
Command
no mpls
lsr-id A.B.C.D
Description
Disables MPLS
Specifies the unique LSR ID of the device. This
address is used by all MPLS protocols :
NOTE
To change the LSR ID, remove the
entire MPLS configuration.
no lsr-id A.B.C.D
label-range-egress <lowestvalue>-<highest-value>
28672
1048575
no label-range-egress
Restores to default
label-range-ingress <lowestvalue>-<highest-value>
16
1048575
no label-range-ingress
mpls lsp-ping {lsp LSP_NAME | prefix
A.B.C.D/M}
count <count>
Restores to default
Starts an LSP connectivity-test by sending inband MPLS echo packets to the egress LSR:
1
size <octets>
Page 18
Command
timeout <timeout>
Description
The number of seconds to wait for a
connectivity test reply:
2
ttl <label-ttl>
255
mpls lsp-trace {lsp LSP_NAME | prefix
A.B.C.D/M}
size <octets>
2
ttl <ttl>
255
Page 19
+ config terminal
+ [no] router
+ [no] ldp
+ [no] distribute
- [no] shutdown
Description
config terminal
router
no router
ldp
no ldp
targeted-peer A.B.C.D
no targeted-peer A.B.C.D
Page 20
Command
Description
hello-hold-time <value>
0 seconds
LDP hello messages are sent hello-hold-time/3
seconds.
no hello-hold-time
Restores to default
keepalive-hold-time <value>
40 seconds
no keepalive-hold-time
Restores to default
shutdown
no shutdown
distribute
ingress {isis | ospf | static
| ip A.B.C.D/M}
Distribution is disabled
no ingress {isis | ospf
static | ip A.B.C.D/M}
Page 21
Command
Description
egress {connected | static |
ospf | ip A.B.C.D/M}
ip A.B.C.D: distributes to a
specific IP route
Distribution is disabled
no egress {connected | static
| ospf | ip A.B.C.D/M}
ip A.B.C.D: distributes to a
specific IP route
NOTE
LDP protocol is not supported on
the Eth interface.
NOTE
LDP protocol is not supported on
the Eth interface.
Page 22
Command
Description
hello-hold-timer <value>
15 seconds
LDP hello messages are sent hello-hold-time/3
seconds.
NOTE
Shutdown the peer to change this
value
no hello-hold-timer
Restores to default
keepalive-hold-timer <value>
40 seconds
no keepalive-hold-timer
Restores to default
label-advertising-mode
{explicit-null | globallabel-range | implicitnull}
NOTE
When LDP and RSVP use the
same interface, changing label
advertising mode requires
recreation of the interface with a
new value. As a result, short period
of traffic loss can be expected.
Implicit-null label (label 3)
no label-advertising-mode
shutdown
Restores to default
Disables LDP
Disabled
Page 23
Command
Description
no shutdown
Enables LDP
+ config terminal
+ [no] router
+ [no] rsvp-te
- [no] ignore-ingress-interface-affinities
+ [no] admin-group <admin_group_id>
- name ADMIN_GROUP_NAME
- [no] bypass-fast-reroute
- [no] detour-fast-reroute
- [no] dynamic-bypass
- [no] shutdown
Page 24
- [no] cspf
- [no] exclude-resource-affinity
+ [no] secondary
- [no] exclude-resource-affinity
- [no] shutdown
- [no] shutdown
Page 25
Description
config terminal
router
no router
rsvp-te
no rsvp-te
ignore-ingress-interfaceaffinities
no ignore-ingress-interfaceaffinities
admin-group <admin_group_id>
no admin-group <admin_group_id>
name ADMIN_GROUP_
NAME
NOTE
RSVP protocol is not supported on
the Eth interface.
Page 26
Command
Description
NOTE
RSVP protocol is not supported on
the Eth interface.
admin-group
<admin_group_id>
no admin-group
label-advertising-mode
{explicit-null | globallabel-range | implicitnull}
<admin_group_id>
NOTE
When LDP and RSVP use the
same interface, changing label
advertising mode requires
recreation of the interface with a
new value. As a result, short period
of traffic loss can be expected.
Implicit-null label (label 3)
no label-advertising-mode
Restores to default
Page 27
Command
Description
maximum-interface-bandwidth
[speed <speed> | unit {bps
| gbps | kbps | mbps}]
mbps
no maximum-interfacebandwidth
maximum-reservable-bandwidth
[speed <speed> | unit {bps
| gbps | kbps | mbps}]
mbps
no maximum-reservablebandwidth
mbps
no maximum-diffserv-classbandwidth
te-metric <metric>
10
no te-metric
Restores to default
bypass-fast-reroute
no bypass-fast-reroute
detour-fast-reroute
no detour-fast-reroute
dynamic-bypass
no dynamic-bypass
lsp-hold-timer <value>
0 seconds
no lsp-hold-timer
Page 28
Restores to default
Command
Description
path <path>
no path [<path>]
hop <id>
no hop [<id>]
Loose
no hop-type
ip-address A.B.C.D
{include | exclude}
Restores to default
no ip-address A.B.C.D
shutdown
no shutdown
lsp <lsp_id>
no lsp <lsp_id>
name LSP_NAME
Page 29
Command
Description
no name LSP_NAME
backup-setup-priority
<priority>
0
no backup-setup-priority
Restores to default
backup-holding-priority
<priority>
7
no backup-holding-priority
Restores to default
far-end A.B.C.D
no far-end A.B.C.D
fast-reroute-mode {facility |
one-to-one | no-preference}
Disabled
no fast-reroute-mode
Restores to default
admin-group include-all
<tunnel_affinity_
id>
tunnel_affinity_id:
in the range of <132>
0
no admin-group include-all
Restores to default
admin-group include-any
<tunnel_affinity_
id>
tunnel_affinity_id:
in the range of <132>
Page 30
Command
Description
no admin-group include-any
Restores to default
admin-group exclude-any
<tunnel_affinity_
id>
tunnel_affinity_id:
in the range of <132>
0
no admin-group exclude-any
Restores to default
id>
tunnel_affinity_id:
in the range of <132>
0
no backup-admin-group backupexclude-any
Restores to default
id>
tunnel_affinity_id:
in the range of <132>
0
no backup-admin-group
include-all
Restores to default
tunnel_affinity_id:
in the range of <132>
0
no backup-admin-group
include-any
Restores to default
description DESCRIPTION
DESCRIPTION: a string of
<132> characters
no description
guarded-destination A.B.C.D
Page 31
Command
Description
no guarded_
destination A.B.C.D
holding-priority <priority>
0
no holding-priority
Restores to default
max-backup-hops
<hops>
16
no max-backup-hops
Restores to default
mbb-timeout
<value>
10 minutes
no mbb-timeout
Restores to default
mtu <mtu>
9216
no mtu
Restores to default
rebuild-timer <value>
60 minutes
no rebuild-timer
Restores to default
setup-priority
<priority>
Page 32
no setup-priority
Restores to default
cspf
Command
Description
no cspf
path <path>
exclude-resource-affinity
no exclude-resource-affinity
secondary
no secondary
admin-group include-all
tunnel_
affinity_id
tunnel_affinity_id:
in the range of <132>
No admin groups
no admin-group include-all
Restores to default
admin-group include-any
tunnel_
affinity_id
tunnel_affinity_id:
in the range of <132>
No admin groups
no admin-group include-any
Restores to default
admin-group exclude-any
tunnel_
affinity_id
tunnel_affinity_id:
in the range of <132>
No admin groups
no admin-group exclude-any
Restores to default
description DESCRIPTION
no description
Page 33
Command
Description
holding-priority
<priority>
0
no holding-priority
mbb-timeout <value>
10 minutes
no mbb-timeout
Restores to default
rebuild-timer <value>
60 minutes
no rebuild-timer
Restores to default
mtu <mtu>
9216
no mtu
Restores to default
name LSP_NAME
0
no setup-priority
Restores to default
path <path>
Page 34
no path
exclude-resource-affinity
no exclude-resourceaffinity
shutdown
no shutdown
shutdown
no shutdown
dynamic-bypass
Enables dynamic-bypasses.
Enabled
no dynamic-bypass
Disables dynamic-bypasses
+ config terminal
+ service
- [no] shutdown
- [no] untagged
- [no] pw-status-signaling
- [no] pw-redundancy
- [no] pw-active
- [no] secured
Page 35
- [no] pw-status-signaling
- [no] shutdown
Description
config terminal
service
customer NAME
no customer NAME
contact CONTACT_NAME
no contact
phone phone_number
phone_number: up to 29 numbers
no phone
sdp <sdp-id>
Creates an SDP:
no sdp <sdp-id>
description DESCRIPTION
no description
DESCRIPTION: a string of
<129> characters
far-end A.B.C.D
Page 36
Command
Description
no far-end A.B.C.D
lsp LSP_NAME
path-mtu <mtu>
9190
no path-mtu
vpls <vpls-id>
Restores to default
Creates a VPLS:
no vpls <vpls-id>
mode mtu-s
0 (applicable on VPLS-MTU)
no revert-timer
Restores to default
description DESCRIPTION
DESCRIPTION: a string of
<129> characters
no description
shutdown
no shutdown
Page 37
Command
Description
the VPLS. The redundancy must also
be disabled for the SDPs.
None
no redundancy-mode
Restores to default
NOTE
Page 38
Command
Description
circuit>:{ces | ces-oos}}
NOTE
Restores to default
description DESCRIPTION
no description
DESCRIPTION: a string of
<129> characters
Page 39
Command
Description
shutdown
no shutdown
secured
no secured
untagged
Disabled
no untagged
event-propagation-profile
NAME
no event-propagation-profile
[NAME]
tunnel-profile {PROFILE-NAME
| discard-all | tunnel-all
| tunnel-bpdu}
spoke-sdp <sdp-id>
no spoke-sdp [<sdp_id>]
Page 40
Command
Description
vc-type {ethernet | ethernetvlan}
ethernet-vlan
no vc-type
Restores to default
shutdown
no shutdown
pw-status-signaling
no pw-status-signaling
pw-redundancy
no pw-redundancy
pw-precedence <precedence>
1
no pw-precedence
Restores to default
pw-active
no pw-active
secured
no secured
vpws <vpws-id>
Creates a VPWS:
no vpws <vpws-id>
Page 41
Command
Description
show port command)
NOTE
Page 42
Command
Description
values are: 1/3/9 and 1/4/9 .
DESCRIPTION: a string of
<129> characters
no description
ethertype <value>
NOTE
Restores to default
shutdown
no shutdown
untagged
no untagged
sdp <sdp_id>
Creates a SDP:
no sdp [<sdp_id>]
Page 43
Command
Description
vc-type {ethernet | ethernetvlan}
ethernet-vlan
no vc-type
Restores to default
shutdown
no shutdown
pw-status-signaling
no pw-status-signaling
shutdown
no shutdown
description DESCRIPTION
no description
DESCRIPTION: a string of
<129> characters
- show mpls tunnels [brief down | bypass-tunnels [brief] | bypasstunnels [protected-lsps] | down [brief]| egress [brief] | frractivated [brief] | frr-guarded [brief] | hold-timer | hops | nonfrr-guarded [brief] | transit [brief] | up [brief]]
- show vpls [<vpls-id>] [sap [{{UU/SS/PP | agN}[:[igmp] | :[<vlanid>]:[igmp] | UU1/SS1/PP1:<ces-circuit>:{ces | ces-oos}} ][details]
- show vpls [<vpls-id>] sdp [<sdp-id>] [details]
- show vpws [<vpws-id>] [details]
Page 44
Description
Page 45
Command
[brief] | hops | transit [brief]]
Description
arguments:
string: up to 32 characters
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 46
Command
Description
packets
UU/SS/PP: the
physical port
port) defined
obtained from
command)
corresponding
(unit, slot and
as SAP.(can be
the show port
Page 47
Command
Description
Example
mpls tunnel
command
Page 48
Num Labels
Out Port
Dest MAC
: 1 --> 285
: 3
: 00:00:0b:00:0a:02
VLAN
: 10
Filed
Description
Tunnel Name
From, to
Page 49
Filed
Description
Instance Id
Admin State
Setup Prio
Oper State
Hold
Prio
Sess Attrib :
LocProt, MergPerm,
IsPers, RecRt,
NodProt, RecLbl
Page 50
Up
Down
Suppressed (only for secondary tunnel)
Down(Resig)tries to establish the tunnel
Up(Resign)FRR is in use for the current tunnel due to a
failure in the tunnel path
Holding priority of the tunnel. The valid values are <0-7> with 0
being the highest. Currently not in use.
Tunnel session attributes:
DiffSrvClssType
DiffSrv class type. The valid range of <0-7>. Currently not in use.
FastReroute
Filed
Description
FRR Method
Bck HoldPrio
Bck Bandwdth
Rebld Timer
MTU
Guarded Dest
MBB Timeout
Path Comp
Path In Use
Hop Index
(only for Explicit Path) The index of the hops used along the path
Hop Type
(only for Explicit Path) Type of the hop. Takes one of the following
values:
Ip Addr
Include/Exclude
ProtectFlags
Out If Idx
Num Labels
Out Port
Page 51
Filed
Description
VLAN
Dest MAC
Configuration Examples
RSVP-TE Tunnels Configuration Examples
Create a Path:
This configuration creates an RSVP-TE path that combines loose with strict hops which can be
used in an LSP.
device-name(config)#router rsvp-te
device-name(config-rsvp-te)#path 1 hop 1 hop-type loose ip-address 3.3.3.3 true
device-name(config-hop-1)#commit
device-name(config-hop-1)#path 1 hop 2 hop-type strict ip-address 4.4.4.4 true
device-name(config-hop-2)#commit
This configuration creates a CSPF tunnel. The mandatory parameters are LSP-ID, egress
LSR-ID and LSP name. The system automatically signals the tunnel if the user validated the
prerequisites.
device-name(config)#router rsvp-te lsp 1 far-end 2.2.2.2 name tunnel cspf
device-name(config-lsp-1)#commit
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
Create CSPF Capable LSP with Administrative-Group Restriction:
This configuration creates a CSPF tunnel using admin-group. The mandatory parameters are LSPID, egress LSR-ID, LSP name and the administrative group affinity (include/exclude). The system
automatically signals the tunnel if the user validated the prerequisites
device-name(config)#router rsvp-te lsp 1 far-end 2.2.2.2 name tunnel cspf
admin-group include-any 2
device-name(config-lsp-1)#commit
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
Page 52
This configuration creates a CSPF tunnel using specific path. The mandatory parameters are LSPID, egress LSR-ID, LSP name, and the path used. The system automatically signals the tunnel if the
user validated the prerequisites
.
NOTE
You must shutdown an active tunnel before applying the path.
device-name(config)#router rsvp-te path 1 hop 1 hop-type loose ip-address
3.3.3.3 true
device-name(config-hop-1)#commit
device-name(config-hop-1)#router rsvp-te lsp 1 far-end 2.2.2.2 name tunnel cspf
path 1
device-name(config-lsp-1)#commit
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
Create Explicit LSP Using a Given Path:
This configuration creates an explicit tunnel which does not use CSPF. The specified path must
contain only strict hops. The mandatory parameters are LSP-ID, egress LSR-ID, LSP name, and
the path used. The system automatically signals the tunnel if the user validated the prerequisites
device-name(config)#router rsvp-te path 1 hop 1 hop-type strict ip-address
3.3.3.3 true
device-name(config-hop-1)#commit
device-name(config-hop-1)#router rsvp-te lsp 1 far-end 2.2.2.2 name tunnel path
1
device-name(config-lsp-1)#no cspf
device-name(config-lsp-1)#commit
.
NOTE
You must shutdown an active tunnel before applying the path.
Create CSPF FRR Capable LSP:
This configuration creates a FRR protected CSPF tunnel. The mandatory parameters are LSP-ID,
egress LSR-ID, LSP name, and the method of protection facility (one to many bypass) or detour
(one to one detour).
device-name(config)#router rsvp-te lsp 1 far-end 2.2.2.2 name tunnel cspf fastreroute-mode facility
device-name(config-lsp-1)#commit
Page 53
NOTE
You must define RSVP protocol extensionsto support facility mode, detour
mode, or bothprior to this step.
All routers within the topology must support a detour in order to establish
detour LSP.
Create CSPF Secondary LSP:
This configuration creates a CSPF tunnel with a secondary instance. The secondary instance
provides additional protection in case of a failure on the primary instance. The mandatory
parameters are LSP-ID, egress LSR-ID, LSP name, and the secondary instance name.
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
NOTE
You must create the secondary LSP with an explicit path or administrative-group.
device-name(config)#router rsvp-te lsp 1 far-end 2.2.2.2 name tunnel1 path 1
secondary name tunnel1_sec path 2
device-name(config-lsp-1)#commit
The device automatically creates bypass tunnels for each primary FRR tunnel. However, users can
create also manual bypass tunnels. In this case, the guarded-destination IP address must match the
address of the hop of the primary tunnel it should protect.
NOTE
Once defined, a manual bypass is preferred over dynamic bypass.
NOTE
The manual bypass must use a path or an administrative-group.
device-name(config)#router rsvp-te path 11 hop 1 hop-type strict ip-address
3.3.3.3 true
device-name(config-hop-1)#commit
device-name(config-hop-1)#router rsvp-te lsp 1 far-end 2.2.2.2 name bypass path
11 guarded-dest 4.4.4.4
device-name(config-lsp-1)#no cspf
device-name(config-lsp-1)#commit
This configuration creates a LDP tunnel. The mandatory parameters are ingress and egress
policy. The ingress ospf policy defines that all routes learned from the OSPF will be used for traffic
Page 54
injection into the MPLS domain. Respectively the mpls egress policy means the device will accept
traffic going out of the MPLS domain for the specified local loopback FEC only.
device-name(config)#router ldp distribute ingress ospf
device-name(config-distribute)#router ldp distribute egress ip 1.1.1.1/32
device-name(config-ip-1.1.1.1/32)#commit
NOTE
The above command is optional when RSVP-TE LSP is needed.
device-name(config-sdp-1)#commit
device-name(config-sdp-1)#top
This example uses one unqualified SAP and one SDP, relying on LDP as the transport protocol
and VC label signaling. The configuration will only work if the correct configuration order has been
followed.
device-name(config)#service sdp 1 far-end 2.2.2.2
device-name(config-sdp-1)#commit
device-name(config-sdp-1)#top
device-name(config)#service vpls 100 mode mtu-s
device-name(config-vpls-100)#commit
device-name(config-vpls-100)#no shutdown
device-name(config-vpls-100)#commit
device-name(config-vpls-100)#sap 1/1/1::
device-name(config-sap-1/1/1::)#no shutdown
device-name(config-sap-1/1/1::)#commit
device-name(config-sap-1/1/1::)#exit
device-name(config-vpls-100)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#commit
Page 55
This example uses one qualified SAP and two SDPs relying on RSVP as a transport protocol and
on LDP for VC label signaling. The configuration will only work if the correct configuration order
has been followed.
device-name(config)#service
device-name(config-service)#sdp 1 far-end 2.2.2.2 lsp tunnel1
device-name(config-sdp-1)#commit
device-name(config-sdp-1)#exit
device-name(config-service)#sdp 2 far-end 3.3.3.3 lsp tunnel2
device-name(config-sdp-2)#commit
device-name(config-sdp-2)#exit
device-name(config-service)#vpls 101 mode mtu-s
device-name(config-vpls-101)#commit
device-name(config-vpls-101)#no shutdown
device-name(config-vpls-101)#commit
device-name(config-vpls-101)#sap 1/1/2:10:
device-name(config-sap-1/1/2:10:)#no shutdown
device-name(config-sap-1/1/2:10:)#commit
device-name(config-sap-1/1/2:10:)#exit
device-name(config-vpls-101)#spoke-sdp 1
device-name(config-spoke-sdp-1)#commit
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#commit
device-name(config-vpls-101)#spoke-sdp 2 pw-precedence 7
device-name(config-spoke-sdp-2)#commit
device-name(config-spoke-sdp-2)#no shutdown
device-name(config-spoke-sdp-2)#commit
This configuration of SAP allows all traffic types to pass through the SAP.
device-name(config-vpls-100)#sap 1/1/1::
device-name(config-sap-1/1/1::)#no shutdown
device-name(config-sap-1/1/1::)#commit
This configuration of SAP allows only traffic with the configured VLAN to pass through the SAP.
All other traffic is dropped on the entrance to the SAP.
device-name(config-vpls-100)#sap 1/1/2:123:
device-name(config-sap-1/1/2:123:)#no shutdown
device-name(config-sap-1/1/2:123:)#commit
Page 56
This configuration of SAP allows only untagged traffic to pass through the SAP. All other traffic is
dropped on the SAP entrance
NOTE
Untagged mode is disabled by default.
device-name(config-vpls-100)#sap 1/2/1::
device-name(config-sap-1/2/1::)#untagged
device-name(config-sap-1/2/1::)#no shutdown
device-name(config-sap-1/2/1::)#commit
Page 57
Configuring OSPF:
PE1(config)#router
PE1(config-router)#ospf
PE1(config-ospf)#router-id 1.1.1.1
PE1(config-ospf)#trafic-engineering
PE1(config-ospf)#area 0.0.0.0
Page 58
PE1(config-area-0.0.0.0)#interface 1.1.1.1
PE1(config-interface-1.1.1.1)#interface 150.2.1.1
PE1(config-interface-150.2.1.1)#dead-interval 10
PE1(config-interface-150.2.1.1)#hello-interval 3
PE1(config-interface-150.2.1.1)#interface 150.3.1.1
PE1(config-interface-150.3.1.1)#dead-interval 10
PE1(config-interface-150.3.1.1)#hello-interval 3
PE2(config)#router
PE2(config-router)#ospf
PE2(config-ospf)#router-id 2.2.2.2
PE2(config-ospf)#trafic-engineering
PE2(config-ospf)#area 0.0.0.0
PE2(config-area-0.0.0.0)#interface 2.2.2.2
PE2(config-interface-2.2.2.2)#interface 150.2.1.2
PE2(config-interface-150.2.1.2)#dead-interval 10
PE2(config-interface-150.2.1.2)#hello-interval 3
PE2(config-interface-150.2.1.2)#interface 150.3.2.2
PE2(config-interface-150.3.2.2)#dead-interval 10
PE2(config-interface-150.3.2.2)#hello-interval 3
MTU(config)#router
MTU(config-router)#ospf
MTU(config-ospf)#router-id 3.3.3.3
MTU(config-ospf)#trafic-engineering
MTU(config-ospf)#area 0.0.0.0
MTU(config-area-0.0.0.0)#interface 3.3.3.3
MTU(config-interface-3.3.3.3)#interface 150.3.1.2
MTU(config-interface-150.3.1.2)#dead-interval 10
MTU(config-interface-150.3.1.2)#hello-interval 3
MTU(config-interface-150.3.1.2)#interface 150.3.2.1
MTU(config-interface-150.3.2.1)#dead-interval 10
MTU(config-interface-150.3.2.1)#hello-interval 3
Configuring MPLS
PE1(config)#router mpls
PE1(config-mpls)#lsr-id 1.1.1.1
PE1(config-mpls)#exit
PE1(config-router)#exit
PE1(config)#commit
PE2(config)#router mpls
PE2(config-mpls)#lsr-id 2.2.2.2
PE2(config-mpls)#exit
PE2(config-router)#exit
PE2(config)#commit
MTU(config)#router mpls
MTU(config-mpls)#lsr-id 3.3.3.3
MTU(config-mpls)#exit
MTU(config-router)#exit
Page 59
MTU(config)#commit
Page 60
MTU(config-distribute)#exit
MTU(config-ldp)#distribute egress connected
MTU(config-distribute)#exit
MTU(config-ldp)#exit
MTU(config-router)#commit
Configuring RSVP
PE1(config)#router rsvp-te
PE1(config-rsvp-te)#interface lo1
PE1 (config-interface-lo1)#exit
PE1(config-rsvp-te)#interface sw12
PE1 (config-interface-sw12)#exit
PE1(config-rsvp-te)#interface sw13
PE1 (config-interface-sw13)#exit
PE1(config-rsvp-te)#bypass-fast-reroute
PE1(config-rsvp-te)#ignore-ingress-interface-affinities
PE1(config-rsvp-te)#commit
PE2(config)#router rsvp-te
PE2(config-rsvp-te)#interface lo1
PE2(config-interface-lo1)#exit
PE2(config-rsvp-te)#interface sw12
PE2(config-interface-sw12)#exit
PE2(config-rsvp-te)#interface sw23
PE2(config-interface-sw23)#exit
PE2(config-rsvp-te)#bypass-fast-reroute
PE2(config-rsvp-te)#ignore-ingress-interface-affinities
PE2(config-rsvp-te)#commit
MTU(config)#router rsvp-te
MTU(config-rsvp-te)#interface lo1
MTU(config-interface-lo1)#exit
MTU(config-rsvp-te)#interface sw23
MTU(config-interface-sw23)#exit
MTU(config-rsvp-te)#interface sw13
MTU(config-interface-sw13)#exit
PE1(config-rsvp-te)#bypass-fast-reroute
MTU(config-rsvp-te)#ignore-ingress-interface-affinities
MTU(config-rsvp-te)#commit
# PE1 uses Strict Hop for the path to reach directly PE2
# PE1 uses Loose Hop (via CSPF) for the path to reach MTU
PE1(config)#router rsvp-te
PE1(config-rsvp-te)#path 1
PE1(config-path-1)#hop 1
PE1(config-hop-1)#ip-address 150.2.1.2 include
PE1(config-ip-address-150.2.1.2/true)#hop-type strict
PE1(config-hop-1)#no shutdown
PE1(config-hop-1)#exit
Page 61
PE1(config-path-1)#exit
PE1(config-rsvp-te)#path 2
PE1(config-path-2)#hop 1
PE1(config-hop-1)#ip-address 3.3.3.3 include
PE1(config-ip-address-3.3.3.3/true)hop-type loose
PE1(config-hop-1)#no shutdown
PE1(config-hop-1)#commit
PE1(config-hop-1)#exit
PE1(config-path-2)#exit
PE1(config-rsvp-te)#lsp 1 name PE1_PE2 far-end 2.2.2.2
PE1(config-lsp-1)#fast-reroute-mode facility
PE1(config-lsp-1)#path 1
PE1(config-lsp-1)#no shutdown
PE1(config-lsp-1)#commit
PE1(config-lsp-1)#exit
PE1(config-rsvp-te)#lsp 2 name PE1_MTU far-end 3.3.3.3
PE1(config-lsp-2)#fast-reroute-mode facility
PE1(config-lsp-2)#path 2
PE1(config-lsp-2)#cspf
PE1(config-lsp-2)#commit
# PE2 uses Strict Hop for the path to reach directly PE1
# PE2 uses Loose Hop (via CSPF) for the path to reach MTU
PE2(config)#router rsvp-te
PE2(config-rsvp-te)#path 1
PE2(config-path-1)#hop 1
PE2(config-hop-1)#ip-address 150.2.1.1 include
PE2(config-ip-address-150.2.1.1/true)#hop-type strict
PE2(config-hop-1)#no shutdown
PE2(config-hop-1)#exit
PE2(config-path-1)#exit
PE2(config-rsvp-te)#path 2
PE2(config-path-2)#hop 1
PE2(config-hop-1)#ip-address 3.3.3.3 include
PE2(config-ip-address-3.3.3.3/true)hop-type loose
PE2(config-hop-1)#no shutdown
PE2(config-hop-1)#commit
PE2(config-hop-1)#exit
PE2(config-path-2)#exit
PE2(config-rsvp-te)#lsp 1 name PE2_PE1 far-end 1.1.1.1
PE2(config-lsp-1)#fast-reroute-mode facility
PE2(config-lsp-1)#path 1
PE2(config-lsp-1)#no shutdown
PE2(config-lsp-1)#commit
PE2(config-lsp-1)#exit
PE2(config-rsvp-te)#lsp 2 name PE2_MTU far-end 3.3.3.3
PE2(config-lsp-2)#fast-reroute-mode facility
PE2(config-lsp-2)#path 2
PE2(config-lsp-2)#cspf
PE2(config-lsp-2)#commit
# MTU uses CSPF to reach PE1 and PE2
Page 62
MTU(config)#router rsvp-te
MTU(config-rsvp-te)#lsp 1 name MTU_PE1 far-end 1.1.1.1
MTU(config-lsp-1)#fast-reroute-mode facility
MTU(config-lsp-1)#cspf
MTU(config-lsp-1)#no shutdown
MTU(config-lsp-1)#commit
MTU(config-lsp-1)#exit
MTU(config-rsvp-te)#lsp 2 name MTU_PE2 far-end 2.2.2.2
MTU(config-lsp-2)#fast-reroute-mode facility
MTU(config-lsp-2)#cspf
MTU(config-lsp-2)#no shutdown
MTU(config-lsp-2)#commit
PE1(config)#service
PE1(config-service)#sdp 5002 far-end 2.2.2.2
PE1(config-sdp-5002)#description ldp_sdp_to_PE2
PE1(config-sdp-5002)#exit
PE1(config-service)#sdp 5003 far-end 3.3.3.3
PE1(config-sdp-5003)#description ldp_sdp_to_MTU
PE1(config-sdp-5003)#exit
PE1(config-service)#commit
PE2(config)#service
PE2(config-service)#sdp 5001 far-end 1.1.1.1
PE2(config-sdp-5001)#description ldp_sdp_to_PE1
PE2(config-sdp-5001)#exit
PE2(config-service)#sdp 5003 far-end 3.3.3.3
PE2(config-sdp-5003)#description ldp_sdp_to_MTU
PE2(config-sdp-5003)#exit
PE2(config-service)#commit
MTU(config)#service
MTU(config-service)#sdp 5001 far-end 1.1.1.1
MTU(config-sdp-5001)#description ldp_sdp_to_PE1
MTU(config-sdp-5001)#exit
MTU(config-service)#sdp 5002 far-end 2.2.2.2
MTU(config-sdp-5002)#description ldp_sdp_to_PE2
MTU(config-sdp-5002)#no shutdown
MTU(config-sdp-5002)#exit
MTU(config-service)#commit
Page 63
PE1(config-vpls-50600)#commit
PE1(config-vpls-50600)#sap 1/2/1:600:
PE1(config-sap-1/2/1:600:)#no shutdown
PE1(config-sap-1/2/1:600:)#commit
PE1(config-sap-1/2/1:600:)#exit
PE1(config-vpls-50600)#mesh-sdp 5002
PE1(config-mesh-sdp-5002)#commit
PE1(config-mesh-sdp-5002)#vc-type ethernet-vlan
PE1(config-mesh-sdp-5002)#no shutdown
PE1(config-mesh-sdp-5002)#commit
PE1(config-mesh-sdp-5002)#exit
PE1(config-vpls-50600)#spoke-sdp 5003
PE1(config-spoke-sdp-5003)#commit
PE1(config-spoke-sdp-5003)#vc-type ethernet-vlan
PE1(config-spoke-sdp-5003)#no shutdown
PE1(config-spoke-sdp-5003)#commit
PE2(config-service)#vpls 50600
PE2(config-vpls-50600)#mode pe-rs
PE2(config-vpls-50600)#commit
PE2(config-vpls-50600)#no shutdown
PE2(config-vpls-50600)#commit
PE2(config-vpls-50600)#sap 1/2/1:600:
PE2(config-sap-1/2/1:600:)#commit
PE2(config-sap-1/2/1:600:)#no shutdown
PE2(config-sap-1/2/1:600:)#exit
PE2(config-vpls-50600)#mesh-sdp 5001
PE2(config-mesh-sdp-5001)#commit
PE2(config-mesh-sdp-5001)#vc-type ethernet-vlan
PE2(config-mesh-sdp-5001)#no shutdown
PE2(config-mesh-sdp-5001)#commit
PE2(config-mesh-sdp-5001)#exit
PE2(config-vpls-50600)#spoke-sdp 5003
PE2(config-spoke-sdp-5003)#commit
PE2(config-spoke-sdp-5003)#vc-type ethernet-vlan
PE2(config-spoke-sdp-5003)#no shutdown
PE2(config-spoke-sdp-5003)#commit
MTU(config-service)#vpls 50600
MTU(config-vpls-50600)#mode mtu-s
MTU(config-vpls-50600)#commit
MTU(config-vpls-50600)#no shutdown
MTU(config-vpls-50600)#commit
MTU(config-vpls-50600)#sap 1/2/1:600:
MTU(config-sap-1/2/1:600:)#no shutdown
MTU(config-sap-1/2/1:600:)#commit
MTU(config-sap-1/2/1:600:)#exit
MTU(config-vpls-50600)#spoke-sdp 5001
MTU(config-spoke-sdp-5001)#commit
MTU(config-spoke-sdp-5001)#vc-type ethernet-vlan
MTU(config-spoke-sdp-5001)#no shutdown
MTU(config-spoke-sdp-5001)#commit
Page 64
MTU(config-spoke-sdp-5001)#exit
MTU(config-vpls-50600)#spoke-sdp 5002
MTU(config-spoke-sdp-5002)#commit
MTU(config-spoke-sdp-5002)#vc-type ethernet-vlan
MTU(config-spoke-sdp-5002)#backup
MTU(config-spoke-sdp-5002)#no shutdown
MTU(config-spoke-sdp-5002)#commit
Page 65
output
output
output
output
Hops:
Address 1.1.0.53
Address type IPV4
Interface index 0
Interface address 105.53.52.2
Remote Interface Index 0
Remote Interface Address 105.53.52.1
Address 1.1.0.52
Address type IPV4
Interface index 0
Interface address 105.52.2.2
Remote Interface Index 0
Remote Interface Address 105.52.2.1
Address 1.1.0.2
Address type IPV4
Interface index 0
Interface address 0.0.0.0
Remote Interface Index 0
Remote Interface Address 0.0.0.0
Page 66
te metric cost 30
max bandwidth 125000000
max reserve bandwidth 125000000
max unreserve bandwidth[0] = 125000000 bytes/sec
max unreserve bandwidth[1] = 125000000 bytes/sec
max unreserve bandwidth[2] = 125000000 bytes/sec
max unreserve bandwidth[3] = 125000000 bytes/sec
max unreserve bandwidth[4] = 125000000 bytes/sec
max unreserve bandwidth[5] = 125000000 bytes/sec
max unreserve bandwidth[6] = 125000000 bytes/sec
max unreserve bandwidth[7] = 125000000 bytes/sec
resource class 1,
srlg numbers: NONE
exclusion_overlap: routers = 0
exclusion_overlap: links = 0
exclusion_overlap: srlgs = 0
===============================================================================
Page 67
Standards
MIBs
RFCs
Multiprotocol
Label Switching
(MPLS) Protocols
and Services
No standards are
supported by this
feature.
Private MIBs:
RFC 3031,
Multiprotocol Label
Switching Architecture
RFC4379, Detecting
Multi-Protocol Label
Switched (MPLS)
Data Plane Failures
Resource
ReSerVation
Protocol with
Traffic
Engineering
Extensions
(RSVP-TE)
Page 68
No standards are
supported by this
feature.
PRVT-LMGRMIB.mib
PRVT-MPLS-LDPMIB.mib
PRVT-CR-LDPMIB.mib
PRVT-RSVPMIB.mib
PRVT-MPLS-TEMIB.mib
PRVT-TEMIBENTITY-MIB.mib
Draft-ietf-mpls-lspping-03
PRVT-SERVMIB.mib
Draft-ietf-l2vpn-vplsldp
Draft-ietf-l2vpnsignaling
RFC 4447,
Pseudowire Setup and
Maintenance Using
the Label Distribution
Protocol (LDP)
RFC 3210
Applicability
Statement for
Extensions to RSVP
for LSP Tunnels
RFC 3175
Aggregation of RSVP
for IPv4 & IPv6
Reservations
draft-ietf-mpls-rsvplsp-fastreroute-04.txt
Private MIB:
PRVT-RSVP-MIB.mib
Page 1
CES Commands 17
Command Hierarchy 17
Command Descriptions 19
Configuration Example 1 39
Configuration Example 2 40
Configuration Example 3 46
Configuration Example 4 55
Configuration Example 5 56
Configuration Example 5 56
Supported Standards, MIBs, and RFCs 64
Table of Figures
Figure 1: A Schematic View of the CES Concept ..............................................................................3
Figure 2: Ethernet CLE based on Ring Topology with Virtual TDM Lines .................................3
Figure 3: Ethernet CLE Including CES Transport to a Central Office Using a Distributed
CES TDM Multiplexer over PSN.........................................................................................................4
Figure 4: Client Device Using a Providers Packet Network for PBX Interconnection As Well
As Data Transmission ............................................................................................................................4
Figure 5: Circuit Emulation Service over Packet Network ...............................................................5
Figure 6: Clock Controller .....................................................................................................................7
Figure 7: Clock State Machine ...............................................................................................................9
Figure 8: The CES PDU Format ....................................................................................................... 10
Figure 9: Structured Emulation .......................................................................................................... 11
Figure 10: Unstructured Emulation ................................................................................................... 11
Figure 11: CES Configuration Flow .................................................................................................. 16
Figure 12: CES over Ethernet Configuration .................................................................................. 40
Figure 13: CES over VPLS Configuration ....................................................................................... 46
Figure 14: CES over MPLS Configuration ....................................................................................... 56
List of Tables
Table 1: Clock Controller ID Assignment...........................................................................................8
Table 2: Parameters Affectin Packet Transit Delay ........................................................................ 13
Table 3: CES Log Warning Levels..................................................................................................... 14
Table 4: CES Commands .................................................................................................................... 19
Table 5: TCA Default Counter Threshold Values .......................................................................... 65
Table 6: Local Port Circuit Default Values ...................................................................................... 67
Table 7: Sync Interval Values ............................................................................................................. 67
Page 2
T-Marc3208SH
Use CES over Ethernet to emulate Time-Division Multiplexing (TDM) services by tunneling TDM
circuits (such as T1 or E1) using the CES over a Packet-Switched Network (CESoPSN) method.
Supported Topologies
Use the device in the following topologies:
Ethernet CLE (Customer Located Equipment) based on a ring topology, providing virtual
TDM lines for service-provider clients over a packet network:
Figure 2: Ethernet CLE based on Ring Topology with Virtual TDM Lines
Page 3
Ethernet CLE including CES transport to a central office, using a distributed CES TDM
Multiplexer over PSN, to provide TDM services to telephony clients (mostly PBXs and TDM
multiplexers) using the packet network.
CPE using a provider packet network for PBX interconnection as well as data transmission.
Page 4
Operation
CES over Ethernet, which encapsulates TDM data into a standard CES packet, forms packets on
ingress and reverses the process on egress, providing a transparent direct connection between any
two TDM devices, as shown in the following figure:
To convert TDM data to a standard CES packet form, Customer Located Equipment (CLE) on
both sides of the PSN needs to employ an internet working function (IWF) that is based either on
structured or unstructured emulation.
Structured (Framed) Emulation uses the TDM framing structure, where each packet
comprises a sequence of timeslots.
TDM Timing
TDM timing is a crucial aspect of CES implementation. To avoid an overflow/underflow due to
differences in the clock, the clock rate for TDM has to be consistent across the emulated circuit.
TDM signals (such as E1/T1 and SONET/SDH) are synchronous. Therefore, physical TDM lines
always carry a clock signal for synchronization. When replacing a physical TDM line with a CES
service, the CES service has to synchronize both sides of the service either by providing the same
clock to both sides or by transporting clock information and regenerating the clock.
The module supports the following TDM timing modes:
Internal (Local): The modules internal oscillator is of insufficient quality for most
applications. The Internal (Local) mode relies upon the oscillator and is used when no other
timing source is available. We recommend using Internal (Local) Mode for debug/testing
purposes only.
Page 5
Precision Time Protocol (PTP, based on IEEE 1588v2): Similar to Adaptive, but uses
dedicated Ethernet packets (instead of CES data packets) resulting in more accurate clockrecovery.
Differential: Similar to Adaptive, but uses a common reference clock at both CES peers,
transmitting only the differences between the TDM clock and the reference clock. An external
clock (for example GPS) can be used as common reference clock.
Backplane: Uses a clock signal from an external clock source. This clock signal can be
received via the BNC port or via the ethernet ports.
Multiple Clock Domains: Each TDM port uses an independent clock controlled by two
(redundant) clock controllers.
Single Clock Domain: All four TDM ports use the main clock
Clock Controller
You can define multiple clock domains for a CES module and define each of the eight TDM
interface clocks independently.
In this case, each TDM interface has a clock that is defined by a unique ID (as shown in the
following diagram). Each clock is assigned to two (redundant) clock controllers that retrieve the
clock for the specific TDM port. Each controller uses one of the TDM timing modes.
Page 6
NOTE
Clock backup functionality is non-revertive. After failover from primary to
backup controller, revert back to primary controller occurs only when backup
fails.
Page 7
Clock ID
Clock Controller ID
(Interface)
Clock Controller ID
(CES Module)
1 and 2
3 and 4
13 and 14
15 and 16
Main Clock
99
99 and 100
NOTE
For the interface, the clock-controller terms are primary and back up. The clockcontrollers in the CES module are defined using numbers.
NOTE
For the interface, the clock-controller terms are primary and back up.
Clock States
The current status of a clock can be shown using the Show
with the following possible values:
freeRun: The operating condition of a clock when the output signal is internally controlled
without the influence of a present or previous reference.
acquisition: Clock synchronizes to the input reference. The output frequency and phase may
not be sufficiently stable may not, therefore, conform to standards.
normal: Clock is synchronized to a reference. The output frequency of the clock is traceable
to the input reference frequency over the long term and the phase difference between the
input and output is bound.
holdover: Operating condition of a clock that, having lost its references, uses data previously
acquired (while operating in normal mode) to control the output signal. The stored data, or
holdover value, used by a clock in holdover mode is an average value obtained over a certain
period of time (to reduce the effects of short-term variations in reference frequency that may
occur during normal operation).
fastAcquisition: Fast pull-in of the clock to a reference (for example, when recovering from
holdover or when the input reference experiences an abrupt change in frequency). After
achieving a lock, the clock automatically changes to the slower-tracking, normal mode the
clock input controller mode. Not all clock input controllers support all modes.
Page 8
NOTE
The clock input controller status is 'locked' only when the clock input controller
is in 'normal' mode.
Main Clock
In addition to the clock controllers, the CES module has a main clock used as a single clock domain
andalso used in some of the TDM timing modes (PTP, line, adaptive, and internal).
Internal: On-card oscillator provides the clock source for the module. Use this source only
when an external clock is not available for example, in test mode where the circuit is looped
back internally or externally.
Line: Clock source is derived from a TDM line and sent to all other ports.
Backplane: Clock signal received from a neighboring module that is clocked by an external
device.
Adaptive: CES Module serves as a slave module. Clock is derived from the TDM bit-stream
(circuit) received from the master Module. If the TDM bit-stream circuit is disabled, the circuit
that is enabled for a second is used. If the circuit currently used for clocking goes down, the
clock recovery state changes to holdover state
PTP: specifies PTP as the clock source (see the following section for more information). See
chapter Managing the device of this User Guide for more information
Page 9
Structured Emulation
Structured (Framed) Emulation uses the TDM framing structure where each packet comsists of a
sequence of timeslots.
In structured emulation, the IWF strips the framing structure (for example, the F bit in a DS1) from
the data stream and places each timeslot in the packet payload followed by the same timeslots from
the next frame, and so on. Once the payload is complete, IWF adds a header and sends the packet
through the PSN to the CLE at the other end. On egress from the PSN, the CLE recreates the
TDM data stream.
The following figure presents a schematic example of how an IWF converts TDM frames into
structured CESoPSN packets where:
K represents the number of frames aggregated in each packet (see Bandwidth Efficiency and
Frame Aggregation ).
Page 10
Unstructured (Unframed) Emulation (also called structure-agnostic transport) disregards the TDM
framing structure and treats TDM data as a stream of consecutive octets.
The number of octets that comprise each PSN packet payload (M in the figure below) is
independent of the number of timeslots in each TDM frame. Any alignment of these octets with
the underlying timeslots is coincidental and not guaranteed. The payload length (M) is typically
selected to make packet formation time approximately 1 millisecond in length (193 octets for a T1
circuit and 256 octets for an E1 circuit).
The following figure is a schematic example of how an IWF converts TDM frames into
unstructured CESoPSN packets (where N is the number of TDM octets received so far).
The CES header contains 32 bits, two of which are the L(local) -bit and R(remote)-bit, used by the
protocol to indicate packet error or loss.
L-bit is set: Indicates that the TDM data carried in the payload is invalid due to a Local TDM
defect.
R-bit is set: Indicates that the local egress IWF (packet to TDM) is in the packet loss state.
L-bit and R-bit are definable by the user to provide different bit messages according to the error.
See policy idle pattern and policy idle signaling commands.
Page 11
CES Features
Operation, Administration and Management (OAM)
The following OAM operations are supported for CES services:
Local loopback, the incoming CES packet stream is looped back to the PSN, per E1/T1 port
(used for testing)
Remote loopback, the incoming T1/E1 TDM stream is looped back including the clock, (used
for testing)
Generate and display MIB-II statistics for T1/E1 virtual channel connections to remote CES
devices
Frame Aggregation
To save bandwidth, several frames are aggregated and sent in a single packet using a common
header.
Without Frame Aggregation:
In structured mode, 8-bit samples are captured from each selected 64 Kbits DS0 timeslot and
transmitted in a single packet over the PSN. In this case, a separate CES protocol header is
transmitted for each set of selected 8-bit samples (from each frame).
In unstructured mode, each packet includes 24 timeslots for T1 and 32 timeslots for E1 and as
a result, transmits up to 193 bits plus a header for T1 and 256 bits plus a header for E1. Each
E1/T1 unstructured frame or DS0-structured frame sent over the packet-switched network
contains a payload of 132 bytes (8256 bits) and a header.
Transmission of T1/E1 frames over the packet network requires high bandwidth since in most
PSNs, the minimum packet size is 64 bytes and the minimum header size is 14-20 bytes.
With Frame Aggregation: To reduce the high bandwidth requirement, between 18 frames are
aggregated and sent in each PSN packet (usually between 18 frames). The frames use a common
header and reduce bandwidth overhead to only a few percentage points.
Page 12
This minor disadvantage to this solution is longer delays since several frames need to be received
and aggregated before sending the constructed packet over the PSN.
Configuration: Define the number of TDM frames aggregated in each packet.
NOTE
Minimum payload is 32 bytes with at least two timeslots.
Jitter Buffer
Jitter refers to the deviation in packet transit delay time that is sometimes present in emulated circuit
output. Jitter can also disrupt packet order in the network. The Jitter Buffer handles jitter and is
essential to the maintainance of the constant packet transit delay required to operate the CES endto-end system over time.
Packet transit delay is a direct result of four parameters:
Table 2: Parameters Affectin Packet Transit Delay
Parameter
The T-Marc 3208SHs CES module uses a configurable jitter buffer to temporarily store ingressing
packets.
Configuration: Define the size the jitter buffer according to the maximum packet latency variation
expected in the network. The Jitter Buffer supports values between <1200> milliseconds.
NOTE
We recommend a jitter buffer size in the range of <140> milliseconds. However,
some applications require a larger jitter buffer of 150 milliseconds.
Log Messages
The CES application supports two types of log messages:
Local alert messages generated on the local device that are received from the CES board or
validated against a threshold value.
Remote alert messages generated from theSNMP private table of the remote device.
The following table shows the warning level of log messages defined in the CES application:
Page 13
Alert
Critical
Error
Error
Peer: available/unavailable
Jitter buffer: overflow/underflow/normal
Notification
Notification
Notification
Status: up/down
Alarm: blue/yellow/red
Loopback Tests
Loopback tests are used to test T1 lines. To support testing, an in-band loopback places the T1 in
remote loopback (also known as line loopback). Remote loopback causes the bits received on the
T1 to be looped, un-modified, back to the source. Sending the loopback pattern activates an inband loopback. The pattern must be sent for at least 5 seconds. The pattern overwrites the entire
payload in the T1, thus corrupting any calls or data traffic. The framing bit may or may not still be
present. The loopback is invoked when the pattern is removed. The loopback is torn down when
an in-band loop down pattern is transmitted for a period of five seconds.
VC label It is negotiated by a targeted LDP session between the two endpoints of a PW.
Used as service delimiter at the terminating endpoints of a PW.
Transport Label It is a result of label mapping agreement between the entry point of PW and
the next hop in the MPLS cloud. It is used to provide transport of the packets to the PWs
other end.
Define a CES circuit and specify an MPLS protocol type using command protocol
ldp
mpls-
Page 14
NOTE
The circuit destination MAC address, the MPLS transport label and the MPLS
VC label are not configurable.
The rest of CES circuit parameters needed for the CES circuit to become
operational are user-defined.
2.
shutdown
NOTE
CES circuit remains operationally down until the configuration process is
completed.
3.
Define an MPLS tunnel (refer to the MPLS Protocols and Services chapter of this User Guide)
4.
Specify the defined CES circuit as only SAP point of the MPLS tunnel of point 3, using
command sap UU/SS/PP:<ces-circuit>:{ces | ces-oos} (refer to the MPLS Protocols
and Services chapter of this User Guide)
NOTE
Only when the CES circuit is successfully configured, it becomes operationally
up.
Page 15
Page 16
CES Commands
This section includes the CES Configuration Command Hierarchy, descriptions of available
commands, and a configuration example.
Command Hierarchy
NOTE
In order to use any of the commands successfully, the CES module must be in
Ready state.
+ config terminal
+ [no] ces
Page 17
- [no] shutdown
+ system
Page 18
XX:XX:XX:XX:XX:XX:XX:XX
| interface}
- show ces [module {1/3 | 1/4} [circuit <number> [status] | clockcontroller | policy | interface <CES_INTERFACE> [statistics {current
| interval <value> | total}]]
Command Descriptions
Table 4: CES Commands
Command
Description
config terminal
Page 19
Command
Description
ces
no ces
1/3
1/4
e1
t1
Command takes effect only after rebooting the
CES module.
e1
no mode
Restores to default
ip-address A.B.C.B
Restores to default
mask A.B.C.D
ip-gateway A.B.C.D
Restores to default
Specifies the clock source used by the main
clock on the CES module for transmission over
TDM ports:
Page 20
Command
Description
Internal
no clock
Restores to default
no policy
Restores to default
Page 21
Command
policy unstructured-lops type
{all-one | none}
Description
Specifies the information sent on the TDMbound interface during a LOPS (Loss of Packet
Synchronization) state in an unstructured
circuit:
None
no policy unstructured-lops type
Restores to default
Idle
no policy lbit type
Restores to default
None
no policy unstructured-lbit type
Restores to default
Page 22
Command
Description
All-one
Restores to default
All-one
no policy unstructured-replace
Restores to default
None
no policy rbit type
Restores to default
None
no policy rd type
Restores to default
Page 23
Command
Description
packet loss
no policy idle
Restores to default
policy lbit-on-ais
no policy lbit-on-ais
Restores to default
interface <CES_INTERFACE>
no interface
shutdown
no shutdown
Page 24
Command
Description
relevant circuit
Module
no clock
Restores to default
description DESCRPTION
no description
Unframed
no framing
Restores to default
Restores to default
Page 25
Command
Description
cable-length {long-15dB | long22.5dB | long-7.5dB | short133ft | short-266ft | short399ft | short-533ft | short655ft | 75ohm | 120ohm}
no cable-lengh
Restores to default
None
no loop
Restores to default
thresholds
enable
Enables TCA
no enable
Disables TCA
Page 26
Command
Description
daily {cv-l | es-l | ses-l |
fc-p | es-p | esb-p |
ses-p | sefs-p | css-p |
uas-p | es-lfe | fc-pfe
|cv-pfe |sefs-pfe |es-pfe
|esb-pfe |ses-pfe |csspfe |uas-pfe} <value>
remote-loopback
no remote-loopback
circuit <value>
no circuit
exp-priority <value>
0
no exp-priority
Restores to default
interface <CES_INTERFACE>
no interface
Page 27
Command
Description
timeslots TYPE
NOTE
To configure a circuit follow the below
rules:
in factional mode:
multiple of 8
frames <=(maxjitter*8)/1.5
shutdown
no shutdown
vlan-id <id>
no vlan-id [<id>]
vlan-priority <priority>
0
no vlan-priority [<priority>]
Restores to default
no rtp
Restores to default
policy-payload-suppress {enable
| disable}
Page 28
Command
Description
no policy-payload-suppress
Restores to default
maximum-jitter-expected <value>
NOTE
To configure a circuit follow the below
rules:
in factional mode:
multiple of 8
frames <=(maxjitter*8)/1.5
no maximum-jitter-expected
Restores to default
samples-aggregation <value>
Page 29
Command
Description
NOTE
To configure a circuit follow the below
rules:
in factional mode:
multiple of 8
frames <=(maxjitter*8)/1.5
no samples-aggregation
Restores to default
protocol {satop-cesopsn |
metro-ethernet | mpls-ldp}
metro-ethernet: Metro-ethernet
header (does not include IP
header in the packet)
satop-cesopsn
no protocol
Restores to default
ip-tos <value>
0
no ip-tos
Restores to default
oos-tos <value>
Page 30
Command
Description
no oos-tos
Restores to default
rtp-payload-type <value>
Restores to default
oos-payload-type <value>
no local
destination {ip-address
A.B.C.D | udp-port <value>
| oos-udp-port <value>}
clock-controller {primary |
backup}
Page 31
Command
Description
no clock-controller
circuit <value>
primary
backup
no circuit
interface <CES_INTERFACE>
no interface
system
time ptp
no time ptp
1/3
1/4
ptp
no ptp
no domain
priority1 <value>
128
priority2 <value>
128
mode {slaveonly |
ordinary}
Page 32
Command
Description
master or slave within the domain
ordinary
no mode
Restores to default
shutdown
no shutdown
encapsulation {ipv4 |
ieee8023}
ipv4
no encapsulation
Restores to default
vlan-id <value>
200
no vlan-id
Restores to default
vlan-cos <value>
7
no vlan-cos
Restores to default
tos <value>
0
no tos
Restores to default
acceptable-master {enable
| disable}
no acceptable-master
Restores to default
master-type {unicast |
multicast}
master-unicastnegotiation {enable |
disable}
Disabled
Page 33
Command
Description
no master-unicastnegotiation
Restores to default
no master-type
Restores to default
slave-type {unicast |
multicast}
no slave-type
Restores to default
slave-unicast-negotiation
{enable | disable}
Disabled
no slave-unicastnegotiation
Restores to default
sync-interval <value>
-6
no sync-interval
Restores to default
announce-interval <value>
no announce-interval
Restores to default
announce-timeout <value>
4
no announce-timeout
session <value>
Restores to default
Configures a PTP session between a local port
and a remote port and enters PTP session
Configuration mode:
no session
shutdown
Page 34
Command
Description
no shutdown
Master
no type
Restores to default
peer-type {address |
fullyspec |
addressport}
Address
no peer-type
Restores to default
Page 35
Command
Description
no local-port
peer-port <value>
no peer-port
peer-clock-id
XX:XX:XX:XX:XX:XX:XX
:XX
no peer-clock-id
peer-address {A.B.C.D |
HH:HH:HH:HH:HH:HH}
no peer-address
encapsulation {ipv4 |
ieee8023}
Ipv4
no encapsulation
Restores to default
vlan-id <value>
200
no vlan-id
Restores to default
vlan-cos <value>
7
no vlan-cos
Restores to default
tos <value>
0
no tos
Restores to default
sync-interval <value>
-6
no sync-interval
acceptable-master <value>
{A.B.C.D |
Restores to default
Adds clocks to the list of acceptable master
clocks and enters Acceptable master clocks
Page 36
Command
Description
HH:HH:HH:HH:HH:HH}
no acceptable-master
[<value> {A.B.C.D |
HH:HH:HH:HH:HH:HH}]
priority <value>
Configuration mode:
HH:HH:HH:HH:HH:HH: (optional)
device MAC address, in
hexadecimal format
0
no priority
no domain
show ces module {1/3 | 1/4} ptp
[acceptable-master | domain | port
[status] | session [status]]
file cp ces-image
PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]
/FILE-NAME
Page 37
Command
Description
NOTE
During the CES image activation, CES
modules (1/3 and 1/4) become not
configurable.
show ces module {1/3 | 1/4} [circuit
<number> [status] | clock-controller |
policy | interface <CES_INTERFACE>
[statistics {current | interval <value>
| total}]
Page 38
Example
Configuration Example 1
1.
2.
3.
Page 39
4.
Specify the name of the CES firmware file to be loaded during the next restart.
device-name#file activate-ces-image module-id 1/3 file-name
cmx1624_R02.00.00_D38.bin
Uploading firmware, please wait: \
Copying backup to startup image. Bytes left to write: 0
Uploading firmware successful
Restarting CES module
Oct 2 13:51:13 alert
Ces
Configuration Example 2
The following example displays how to configure CES over Ethernet.
Connection: PSTN <-------->First Device is over SF-CAS TDM signaling. First Device receives
the clock from the TDM line. PSTN is responsible for providing the clock.
Connection: First Device<-------->Second Device is over Ethernet network using CESoPSN
protocol.
Devices are connected in VLAN ID 10 with priority 5 through ports 1/2/1<-------->1/2/1
Second Device receives the clock from the Ethernet.
Connection: Second Device <-------->PBX. is over SF-CAS TDM signaling. PBX is in receive
mode, PBX receives the clock from the second device.
1.
device-name#config terminal
device-name(config)#router interface sw1
device-name(config-interface-sw1)#address 1.0.0.170/16
device-name(config-interface-sw1)#commit
device-name(config-interface-sw1)#exit
device-name(config-router)#exit
b.
device-name(config)#vlan v10 10
device-name(config-vlan-v10/10)#tagged 1/2/1
device-name(config-tagged-1/2/1)#exit
device-name(config-vlan-v10/10)#routing-interface sw1
Page 40
device-name(config-vlan-v10/10)#commit
device-name(config-vlan-v10/10)#exit
c.
device-name#config terminal
device-name(config)#ces module 1/3
device-name(config-module-1/3)#mode t1
device-name(config-module-1/3)#commit
device-name(config-module-1/3)#ip-address 1.0.0.16
device-name(config-module-1/3)#commit
device-name(config-module-1/3)#mask 255.255.0.0
device-name(config-module-1/3)#commit
device-name(config-module-1/3)#clock line
device-name(config-module-1/3)#commit
d.
device-name(config-module-1/3)#interface t1-1.0.0.0
device-name(config-interface-t1-1.0.0.0)#clock module
device-name(config-interface-t1-1.0.0.0)#framing sf-cas
device-name(config-interface-t1-1.0.0.0)#commit
device-name(config-interface-t1-1.0.0.0)#exit
e.
device-name(config-module-1/3)#circuit 1
device-name(config-circuit-1)#interface t1-1.0.0.0
device-name(config-circuit-1)#timeslots 1-24
device-name(config-circuit-1)#vlan-id 10
device-name(config-circuit-1)#vlan-priority 5
device-name(config-circuit-1)#rtp enable
device-name(config-circuit-1)#maximum-jitter-expected 10
device-name(config-circuit-1)#samples-aggregation 8
device-name(config-circuit-1)#ip-tos 100
device-name(config-circuit-1)#oos-tos 100
device-name(config-circuit-1)#rtp-payload-type 110
device-name(config-circuit-1)#oos-payload-type 115
device-name(config-circuit-1)#local udp-port 2200
device-name(config-circuit-1)#local oos-udp-port 2300
device-name(config-circuit-1)#destination ip-address 1.0.0.56
device-name(config-circuit-1)#destination udp-port 3000
device-name(config-circuit-1)#destination oos-udp-port 3300
device-name(config-circuit-1)#commit
f.
g.
device-name(config-module-1/3)#circuit 1
device-name(config-circuit-1)#no shutdown
device-name(config-circuit-1)#commit
2.
Page 41
h.
device-name#config terminal
device-name(config)#router interface sw1
device-name(config-interface-sw1)#address 1.0.0.177/16
device-name(config-interface-sw1)#commit
device-name(config-interface-sw1)#exit
device-name(config-router)#exit
i.
j.
k.
l.
Page 42
n.
device-name(config-module-1/3)#circuit 1
device-name(config-circuit-1)#no shutdown
device-name(config-circuit-1)#commit
3.
: CES 8 E1/T1
Type
: CES-1628-OCXO
Status
: Ready
Working mode
: E1
Up Time
Ready Time
: Thu Jan
1 00:00:00 1970
Insert Time
: Thu Oct
1 13:01:40 2009
Extract Time
: Thu Oct
1 13:01:40 2009
FW Version
MAC Address
: 00:12:72:00:95:78
IP Address
: 192.168.0.3/255.255.255.0
Gateway
: 192.168.0.1
Clock Mode
: Internal
===============================================================================
4.
: t1-1.0.0.0
Admin Status
: Enabled
Mode
: Unstructured
Vlan ID
: 10
Priority
: 5
RTP
: Enabled
: 96
: 96
: Enabled
: 10
Samples Aggregation
: 10
Protocol
: SATOP/CESOPSN
IP TOS
: 0
IP OOS TOS
: 0
Page 43
Destination IP Address
: 192.168.0.128
Resolve status
: 0
: 49152
: 49152
: 49152
: 49152
======================================================
5.
: Enabled
Oper status
: Up
Enable Time
: Sun Oct
Up Time
: 00:00:11
Peer MAC
: 00:12:72:00:96:fe
: No
TDM Tx
: Alarm
TDM Rx
: Yes
PSN Tx
: Up
PSN Rx
: Up L
Tx Up Counter
: 0
Jitter Information
: Yes
4 12:58:52 2009
9.227
1.336
8.601
9.937
Ping to Peer
------------------------------------------------------------------------------Counter Name
Value
800
7953
Restarts TDM Tx
Restarts TDM Rx
800
Malformed Frames
7953
104
=====================================================================
6.
Page 44
-----------------------------------------------------------------------------Destination Interface
: t1-1.0.0.0
Status
: Not Locked
State
: Aquisition
Mode
: Active
Recovery Method
: Adaptive
Source Circuit Number
: 1
Source TDM Interface
: Source PTP Session Number
: 0
------------------------------------------------------------------------------
freeRun: The operating condition of a clock when the output signal is internally controlled,
without influence from a present or previous reference.
acquisition: Synchronization of the clock to the input reference. The output frequency and
phase may not be stable enough and therefore may not conform to standards.
normal: Synchronization of the clock to a reference. The output frequency of the clock is
traceable to the input reference frequency over the long term, and the phase difference
between the input and output is bound.
holdover: Operating condition of a clock when the clock has lost its references and is using
data acquired, during operation in normal mode, to control the output signal. In general, the
stored data or holdover value used by a clock in holdover mode is an average value obtained
over a certain period of time (to reduce the effects of short-term variations that may occur in
the reference frequency during normal operation).
fastAcquisition: Fast pull-in of the clock to a reference (for example, when recovering from
holdover or when the input reference has an abrupt change in frequency). After the clock
achieves a lock, the clock automatically changes to the slower-tracking, normal mode. The
mode of the clock input controller. Not all clock input controllers support all modes.
NOTE
The clock input controller status is 'locked' only if the clock input controller is
in 'normal' mode.
1.
Page 45
Line Code
: HDB3
Cable Length
: 125 ohm
Loopback
: None
------------------------------------------------------------------------------
------------------------------------------------------------------------------Module 1/3
Interface e1-8.0.0.0
------------------------------------------------------------------------------Admin Status
: Enabled
Link state
: Down
Up Time
: Thu Jan 1 19:48:03 1970
Service clock
:
Framing
: CAS-NON CRC
Line Code
: HDB3
Cable Length
: 125 ohm
Loopback
: None
Alarms
: XmtAIS LossOfSignal
Configuration Example 3
The following example displays how to configure CES over VPLS.
Connection: PSTN <-------->First Device is over SF-CAS TDM signaling. First Device receives
the clock from the TDM line. PSTN is responsible for providing the clock.
Connection: First Device<-------->Second Device is over VPLS network using CESoPSN over
Ethernet protocol to convert the TDM before encapsulating inside VPLS.
Devices are connected through ports 1/2/8<-------->1/2/8 running MPLS LDP LSPs over OSPF
infrastructure.
On both devices, TDM traffic is received on two circuits and converted into two Ethernet flows
carrying customer VLANs (C-VLANs) 120 and 130 entering into the MPLS cloud as two Service
Access Points (SAP) under the same VPLS service.
Second Device receives the clock from the Ethernet/MPLS.
1.
2.
device-name#config terminal
Entering configuration mode terminal
Page 46
device-name(config)#router
device-name(config-router)#interface lo1
device-name(config-interface-lo1)#address 3.3.1.1/32
device-name(config-interface-lo1)#no shutdown
device-name(config-interface-lo1)#interface sw2
device-name(config-interface-sw2)#address 100.0.0.1/24
device-name(config-interface-sw2)#no shutdown
device-name(config-interface-sw2)#interface outBand0
device-name(config-interface- outBand0)#address 10.3.179.179/16
device-name(config-interface- outBand0)#no shutdown
device-name(config-interface- outBand0)#ldp
device-name(config-ldp)#no shutdown
device-name(config-ldp)#targeted-peer 1.1.172.102
device-name(config-targeted-peer-1.1.172.102)#distribute
device-name(config-distribute)#ingress ospf
device-name(config-distribute)#egress ip 3.3.1.1/32
device-name(config-ip-3.3.1.1/32)#interface lo1
device-name(config-interface-lo1)#interface sw2
device-name(config-interface-sw2)#mpls
device-name(config-mpls)#lsr-id 3.3.1.1
device-name(config-mpls)#interface lo1
device-name(config-interface-lo1)#no shutdown
device-name(config-interface-lo1)#interface sw2
device-name(config-interface-sw2)#ospf
device-name(config-ospf)#router-id 3.3.1.1
device-name(config-ospf)#area 0.0.0.0
device-name(config-area-0.0.0.0)#interface 3.3.1.1
device-name(config-interface-3.3.1.1)#interface 100.0.0.1
device-name(config-interface-100.0.0.1)#port 1/2/8
device-name(config-port-1/2/8)# default-vlan 2
device-name(config-port-1/2/8)#vlan 2 2
device-name(config-vlan-2/2)#no management
device-name(config-vlan-2/2)#routing-interface sw2
device-name(config-vlan-2/2)#untagged 1/2/8
device-name(config-vlan-2/2)#service
device-name(config-service)#sdp 1
device-name(config-sdp-1)#far-end 1.1.172.102
device-name(config-sdp-1)#vpls 100
device-name(config-vpls-100)#no shutdown
device-name(config-vpls-100)#mode mtu-s
device-name(config-vpls-100)#revert-timer 0
device-name(config-vpls-100)#sap 1/3/9:120:
device-name(config-sap-1/3/9:120:)#no shutdown
device-name(config-sap-1/3/9:120:)#description ""
device-name(config-sap-1/3/9:120:)#no learn-new-mac-address
device-name(config-sap-1/3/9:120:)#no untagged
device-name(config-sap-1/3/9:120:)#no secured
device-name(config-sap-1/3/9:120:)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#vc-type ethernet
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config-spoke-sdp-1)#no pw-active
Page 47
device-name(config-spoke-sdp-1)#no pw-redundancy
device-name(config-spoke-sdp-1)#pw-precedence 1
device-name(config-spoke-sdp-1)#no backup
device-name(config-spoke-sdp-1)#learn-new-mac-address
device-name(config-spoke-sdp-1)#no secured
device-name(config-spoke-sdp-1)#vpls 101
device-name(config-vpls-101)#no shutdown
device-name(config-vpls-101)#mode mtu-s
device-name(config-vpls-101)#revert-timer 0
device-name(config-vpls-101)#sap 1/3/9:130:
device-name(config-sap-1/3/9:130:)#no shutdown
device-name(config-sap-1/3/9:130:)#description ""
device-name(config-sap-1/3/9:130:)#no learn-new-mac-address
device-name(config-sap-1/3/9:130:)#no untagged
device-name(config-sap-1/3/9:130:)#no secured
device-name(config-sap-1/3/9:130:)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#vc-type ethernet
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config-spoke-sdp-1)#no pw-active
device-name(config-spoke-sdp-1)#no pw-redundancy
device-name(config-spoke-sdp-1)#pw-precedence 1
device-name(config-spoke-sdp-1)#no backup
device-name(config-spoke-sdp-1)#no secured
device-name(config-spoke-sdp-1)#commit
Commit complete.
p.
Page 48
device-name(config-module-1/3)#circuit 1
device-name(config-module-1/3)#interface e1-1.0.0.0
device-name(config-circuit-1)#no shutdown
device-name(config-circuit-1)#vlan-id 120
device-name(config-circuit-1)#rtp enable
device-name(config-circuit-1)#destination ip-address 1.0.0.1
device-name(config-circuit-1)#circuit 5
device-name(config-circuit-5)#interface e1-5.0.0.0
device-name(config-circuit-5)#timeslots 1-15,17-31
device-name(config-circuit-5)#no shutdown
device-name(config-circuit-5)#vlan-id 130
device-name(config-circuit-5)#rtp enable
device-name(config-circuit-5)#maximum-jitter-expected 20
device-name(config-circuit-5)#samples-aggregation 16
device-name(config-circuit-5)#destination ip-address 1.0.0.1
device-name(config-circuit-5)#commit
Commit complete.
3.
device-name#config terminal
Entering configuration mode terminal
device-name(config)#router
device-name(config-router)#interface lo1
device-name(config-interface-lo1)#address 1.1.172.102/32
device-name(config-interface-lo1)#no shutdown
device-name(config-interface-lo1)#interface sw2
device-name(config-interface-sw2)#address 100.0.0.2/24
device-name(config-interface-sw2)#ldp
device-name(config-ldp)#no shutdown
device-name(config-ldp)#targeted-peer 3.3.1.1
device-name(config-targeted-peer-3.3.1.1)#distribute
device-name(config-distribute)#ingress ospf
device-name(config-distribute)#egress ip 1.1.172.102/32
device-name(config-ip-1.1.172.102/32)#interface lo1
device-name(config-interface-lo1)#interface sw2
device-name(config-interface-sw2)# mpls
device-name(config-mpls)#lsr-id 1.1.172.102
device-name(config-mpls)#interface lo1
device-name(config-interface-lo1)#interface sw2
device-name(config-interface-sw2)#ospf
device-name(config-ospf)#router-id 1.1.172.102
device-name(config-ospf)#area 0.0.0.0
device-name(config-area-0.0.0.0)#interface 1.1.172.102
device-name(config-interface-1.1.172.102)#passive
device-name(config-interface-1.1.172.102)#interface 100.0.0.2
device-name(config-interface-100.0.0.2)#port 1/2/8
device-name(config-port-1/2/8)#default-vlan 2
device-name(config-port-1/2/8)#vlan 2 2
device-name(config-vlan-2/2)#no management
device-name(config-vlan-2/2)#routing-interface sw2
device-name(config-vlan-2/2)#untagged 1/2/8
Page 49
device-name(config-vlan-2/2)#service
device-name(config-service)#sdp 1
device-name(config-sdp-1)#far-end 3.3.1.1
device-name(config-sdp-1)#vpls 100
device-name(config-vpls-100)#no shutdown
device-name(config-vpls-100)#mode mtu-s
device-name(config-vpls-100)#revert-timer 0
device-name(config-vpls-100)#sap 1/3/9:120:
device-name(config-sap-1/3/9:120:)#no shutdown
device-name(config-sap-1/3/9:120:)#description ""
device-name(config-sap-1/3/9:120:)#no learn-new-mac-address
device-name(config-sap-1/3/9:120:)#no untagged
device-name(config-sap-1/3/9:120:)#no secured
device-name(config-sap-1/3/9:120:)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#vc-type ethernet
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config-spoke-sdp-1)#no pw-active
device-name(config-spoke-sdp-1)#no pw-redundancy
device-name(config-spoke-sdp-1)#pw-precedence 1
device-name(config-spoke-sdp-1)#no backup
device-name(config-spoke-sdp-1)#learn-new-mac-address
device-name(config-spoke-sdp-1)#no secured
device-name(config-spoke-sdp-1)#vpls 101
device-name(config-vpls-101)#no shutdown
device-name(config-vpls-101)#mode mtu-s
device-name(config-vpls-101)#revert-timer 0
device-name(config-vpls-101)#sap 1/3/9:130:
device-name(config-sap-1/3/9:130:)#no shutdown
device-name(config-sap-1/3/9:130:)#description ""
device-name(config-sap-1/3/9:130:)#no learn-new-mac-address
device-name(config-sap-1/3/9:130:)#no untagged
device-name(config-sap-1/3/9:130:)#no secured
device-name(config-sap-1/3/9:130:)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#vc-type ethernet
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config-spoke-sdp-1)#no pw-active
device-name(config-spoke-sdp-1)#no pw-redundancy
device-name(config-spoke-sdp-1)#pw-precedence
1
device-name(config-spoke-sdp-1)#no backup
device-name(config-spoke-sdp-1)#learn-new-mac-address
device-name(config-spoke-sdp-1)#no secured
device-name(config-spoke-sdp-1)#commit
Commit complete.
r.
Page 50
Page 51
device-name(config-circuit-1)#no shutdown
device-name(config-circuit-1)#exit
device-name(config-module-1/3)#circuit 5
device-name(config-circuit-5)#no shutdown
device-name(config-circuit-5)#commit
Commit complete.
4.
: e1-1.0.0.0
Status
: Not Locked
State
: FreeRun
Mode
: Active
Recovery Method
: Adaptive
: 1
: -
: 0
------------------------------------------------------------------------------===============================================================================
: Up
Create Time
: Thu Jan
1 00:00:00 1970
Enable Time
: Thu Jan
1 00:00:00 1970
Up Time
: Thu Jan
1 00:00:00 1970
Peer MAC
: 00:12:72:00:94:86
: No
Jitter Information
: Yes
TDM Tx
: Yes
TDM Rx
: Alarm
PSN Tx
: Fault
PSN Rx
: LOPS
------------------------------------------------------------------------------Counter Name
Value
------------------------------------------------------------------------------Tx Up Packets
4.359
1.133
3.855
4.988
100
9713
Ping to Peer
Restarts TDM Tx
Restarts TDM Rx
Page 52
1000
Malformed Frames
13
16844397
===============================================================================
: e1-5.0.0.0
Status
: Locked
State
: Normal
Mode
: Active
Recovery Method
: Adaptive
: 5
: -
: 0
------------------------------------------------------------------------------===============================================================================
: Up
Create Time
: Thu Jan
1 00:00:00 1970
Enable Time
: Thu Jan
1 00:00:00 1970
Up Time
: Thu Jan
1 00:00:00 1970
Peer MAC
: 00:12:72:00:94:86
: No
Jitter Information
: Yes
TDM Tx
: Yes
TDM Rx
: Yes
PSN Tx
: Fault
PSN Rx
: LOPS
------------------------------------------------------------------------------Counter Name
Value
------------------------------------------------------------------------------Tx Up Packets
Jitter Current (ms)
Jitter Buffer Delay (ms)
0
18.366
2.667
17.362
20.029
100
489899
0
Ping to Peer
Restarts TDM Tx
Page 53
Restarts TDM Rx
500
Malformed Frames
412
50
16842753
===============================================================================
: 100
Admin Status
: Up
Service Type
: MTU
Oper Status
: Up
VC ID
: 100
Up Time
: 00:06:48
1 00:00:51 2009
1 00:00:01 2009
: Jan
: 0
: Independent
: Primary
Admin Status
VC Type
: Ethernet
Oper Status
: Up
: Up
Signaling
: LDP
Up Time
: 00:06:48
Group ID
: 0
1 00:00:51 2009
MTU
: 9190
: Jan
1 00:00:01 2009
Tunnel
: Prefix LSP(LDP)
Outgoing Label
: 28673
Out Intf
: 34
Incoming Label
: 28673
: Disabled
Local PW precedence: 1
Local VCCV : ttl/lsp-ping
VCCV in use
: ttl/lsp-ping
Up Time
: 00:00:00
1 00:00:00 1970
1 00:00:01 2009
: Jan
: 101
Admin Status
Service Type
: MTU
Oper Status
: Up
: Up
VC ID
: 101
Up Time
: 00:06:48
1 00:00:51 2009
1 00:00:01 2009
: Jan
: 0
Page 54
: Independent
: Primary
Admin Status
VC Type
: Ethernet
Oper Status
: Up
: Up
Signaling
: LDP
Up Time
: 00:06:48
Group ID
: 0
1 00:00:51 2009
MTU
: 9190
: Jan
1 00:00:01 2009
Tunnel
: Prefix LSP(LDP)
Outgoing Label
: 28674
Out Intf
: 34
Incoming Label
: 28674
: Disabled
Local PW precedence: 1
Local VCCV : ttl/lsp-ping
VCCV in use
: ttl/lsp-ping
Up Time
: 00:00:00
1 00:00:00 1970
1 00:00:01 2009
: Jan
Configuration Example 4
The following example displays how to configure CSU loopback.
Configuring the Master Device:
device-name(config-module-1/3)#mode t1
device-name(config-module-1/3)#ip-address 7.7.7.20
device-name(config-module-1/3)#mask 255.255.0.0
device-name(config-module-1/3)#interface t1-1.0.0.0
device-name(config-interface-t1-1.0.0.0)#remote-loopback receive line
device-name(config-interface-t1-1.0.0.0)#remote-loopback pseudo-wire allow
device-name(config-interface-t1-1.0.0.0)#ex
device-name(config-module-1/3)#circuit 1
device-name(config-circuit-1)#maximum-jitter-expected 20
device-name(config-circuit-1)#samples-aggregation 60
device-name(config-circuit-1)#destination ip-address 7.7.7.30 udp-port 42530
oos-udp-port 42530
device-name(config-circuit-1)#local udp-port 42520 oos-udp-port 42520
device-name(config-circuit-1)#no shutdown
device-name(config-circuit-1)#commit
device-name(config-module-1/3)#mode t1
device-name(config-module-1/3)#ip-address 7.7.7.30
device-name(config-module-1/3)#mask 255.255.0.0
device-name(config-module-1/3)#interface t1-1.0.0.0
device-name(config-interface-t1-1.0.0.0)#clock adaptive
Page 55
Configuration Example 5
The following example configures PTP:
Device-name(config-module-1/3)#clock ptp
Device-name(config-module-1/3)#commit
Device-name(config)#system time ptp ces module 1/3 ptp
Device-name(config-ptp)#port d1 1
Device-name(config-port-d1/1)#slave-unicast-negotiation enable
Device-name(config-port-d1/1)#no shutdown
Device-name(config-port-d1/1)#exit
Device-name(config-ptp)#session 1
Device-name(config-session-1)#local-port number 1
Device-name(config-session-1)#local-port domain d1
Device-name(config-session-1)#type slave
Device-name(config-session-1)#peer-type address
Device-name(config-session-1)#peer-address 11.0.0.3
Device-name(config-session-1)#no shutdown
Device-name(config-session-1)#commit
Device-name(config-session-1)#end
Device-name#config terminal
Entering configuration mode terminal
Device-name(config)#ces module 1/3
Device-name(config-module-1/3)#clock-controller primary ptp-session 1
Device-name(config-clock-controller-primary)#commit
Configuration Example 5
The following example displays how to configure CES over MPLS.
Page 56
Connection: PSTN <-------->First Device is over SF-CAS TDM signaling. First Device receives
the clock from the TDM line. PSTN is responsible for providing the clock.
Connection: First Device<-------->Second Device is over MPLS network using CESoPSN
protocol to convert the TDM before encapsulating inside MPLS.
Devices are connected through ports 1/1/1<-------->1/2/1 running MPLS LDP LSPs over OSPF
infrastructure.
On both devices, TDM traffic is encapsulated with the MPLS header.
Second Device receives the clock from the CES over MPLS.
Connection: Second Device<-------->PBX. is over SF-CAS TDM signaling. PBX is in receive
mode, PBX receives the clock from the second device.
1.
Page 57
Device-name(config-ospf)#mpls
Device-name(config-mpls)#lsr-id 106.106.106.106
Device-name(config-mpls)#exit
Device-name(config-router)#ldp
Device-name(config-ldp)#no shutdown
Device-name(config-ldp)#distribute
Device-name(config-distribute)#ingress static
Device-name(config-distribute)#interface sw1
Device-name(config-interface-sw1)#exit
Device-name(config-ldp)#top
Device-name(config)#port 1/1/1
Device-name(config-port-1/1/1)#default-vlan 11
Device-name(config-port-1/1/1)#top
Device-name(config)#service
Device-name(config-service)#sdp 1
Device-name(config-sdp-1)#far-end 104.104.104.104
Device-name(config-sdp-1)#vpls 1
Device-name(config-vpls-1)#no shutdown
Device-name(config-vpls-1)#mode mtu-s
Device-name(config-vpls-1)#sap 1/3/9:1:ces-oos
Device-name(config-sap-1/3/9:1:ces-oos)#no shutdown
Device-name(config-sap-1/3/9:1:ces-oos)#
Device-name(config-sap-1/3/9:1:ces-oos)#spoke-sdp 1
Device-name(config-spoke-sdp-1)#no shutdown
Device-name(config-spoke-sdp-1)#vc-type ces_o_psn_tdm_cas
Device-name(config-spoke-sdp-1)#no pw-status-signaling
Device-name(config-spoke-sdp-1)#
Device-name(config-spoke-sdp-1)#vpls 2
Device-name(config-vpls-2)#no shutdown
Device-name(config-vpls-2)#mode mtu-s
Device-name(config-vpls-2)#sap 1/3/9:1:ces
Device-name(config-sap-1/3/9:1:ces)#no shutdown
Device-name(config-sap-1/3/9:1:ces)#
Device-name(config-sap-1/3/9:1:ces)#spoke-sdp 1
Device-name(config-spoke-sdp-1)#no shutdown
Device-name(config-spoke-sdp-1)#vc-type ces_o_psn_tdm_cas
Device-name(config-spoke-sdp-1)#no pw-status-signaling
Device-name(config-spoke-sdp-1)#top
Device-name(config)#vlan 11
Device-name(config-vlan-11)#name 11
Device-name(config-vlan-11)#no management
Device-name(config-vlan-11)#routing-interface sw1
Device-name(config-vlan-11)#untagged 1/1/1
Device-name(config-untagged-1/1/1)#exit
Device-name(config-vlan-11)#commit
The following warnings were generated:
'ces module 1/3': [Warning]For the change to take effect the CES module
needs
to be restarted.
Proceed? [yes,no] yes|
Commit complete.
2.
Page 58
Page 59
Device-name(config)#port 1/2/1
Device-name(config-port-1/2/1)#default-vlan 11
Device-name(config-port-1/2/1)#top
Device-name(config)#
Device-name(config)#service
Device-name(config-service)#sdp 1
Device-name(config-sdp-1)#far-end 106.106.106.106
Device-name(config-sdp-1)#vpls 1
Device-name(config-vpls-1)#no shutdown
Device-name(config-vpls-1)#mode mtu-s
Device-name(config-vpls-1)#sap 1/3/9:1:ces-oos
Device-name(config-sap-1/3/9:1:ces-oos)#no shutdown
Device-name(config-sap-1/3/9:1:ces-oos)#spoke-sdp 1
Device-name(config-spoke-sdp-1)#no shutdown
Device-name(config-spoke-sdp-1)#vc-type ces_o_psn_tdm_cas
Device-name(config-spoke-sdp-1)#no pw-status-signaling
Device-name(config-spoke-sdp-1)#vpls 2
Device-name(config-vpls-2)#no shutdown
Device-name(config-vpls-2)#mode mtu-s
Device-name(config-vpls-2)#sap 1/3/9:1:ces
Device-name(config-sap-1/3/9:1:ces)#no shutdown
Device-name(config-sap-1/3/9:1:ces)#
Device-name(config-sap-1/3/9:1:ces)#spoke-sdp 1
Device-name(config-spoke-sdp-1)#no shutdown
Device-name(config-spoke-sdp-1)#vc-type ces_o_psn_tdm_cas
Device-name(config-spoke-sdp-1)#no pw-status-signaling
Device-name(config-spoke-sdp-1)#top
Device-name(config)#vlan 11
Device-name(config-vlan-11)#name 11
Device-name(config-vlan-11)#no management
Device-name(config-vlan-11)#routing-interface sw1
Device-name(config-vlan-11)#untagged 1/2/1
Device-name(config-untagged-1/2/1)#exit
Device-name(config-vlan-11)#commit
The following warnings were generated:
'ces module 1/3': [Warning]For the change to take effect the CES module
needs
to be restarted.
Proceed? [yes,no] yes
Commit complete.
Page 60
1 (1 )
1 (1 )
Disabled
0
Disabled
Disabled
Page 61
===============================================================================
SDP Role
: Primary
Admin Status
: Up
VC Type
: CESoPSN-TDM-with-sCAS
Oper Status
: Up
Signaling : LDP
Up Time
: 02:34:53
Group ID
: 0
Last Status Change : Oct 01 15:09:10 2009
MTU
: 9190
Last Mnmt Change
: Oct 01 15:06:46 2009
Transport : 106.106.106.106/32
Outgoing VC Label : 28674
Out Intf
: 44
Incoming VC Label : 28674
Nexthop
: 22.0.0.106
Transport Label
: 3
Learning
: Enabled
PW status signaling: Disabled
Secured
: Disabled
PW redundancy
: Disabled
Local PW precedence: 1
Local VCCV : ttl/lsp-ping
VCCV in use
: ttl/lsp-ping
MAC Count : 0
SAP Table - 1 SAPs
------------------------------------------------------------------------------SAP: 1/3/9:1:CES
===============================================================================
Admin Status: Up
Up Time
: 02:36:50
Oper Status : Up
Last Status Change : Oct 01 15:07:13 2009
Learning
: Enabled
Last Mnmt Change
: Oct 01 15:06:46 2009
Ethertype
: 0x8100
Untagged
: false
Secured
: Disabled
MAC Count
: 0
device-name#show ces module 1/3 circuit 1 status
===============================================================================
CES
===============================================================================
Module 1/3
Circuit 1
------------------------------------------------------------------------------Admin status
: Enabled
Oper status
: Up
Enable Time
: Thu Oct
Up Time
: 02:37:41
: Yes
TDM Tx
: Yes
TDM Rx
: Yes
PSN Tx
: Up
PSN Rx
: Up
Tx Up Counter
: 0
Jitter Information
: Yes
1 15:07:13 2009
4.037
1.000
3.537
4.537
Ping to Peer
------------------------------------------------------------------------------Counter Name
Value
1000
4000
Restarts TDM Tx
Restarts TDM Rx
1000
Page 62
Malformed Frames
===============================================================================
Page 63
Standards
MIB
RFC
CES
Not supported
Not supported
draft-ietf-pwe3-satopStructure
agnostic TDM over packet
draft-ietf-pwe3-cesopsnTDM
circuit emulation service over
packet switched network.
MEF-8Implementation
agreement for the emulation of
PDH circuits over Metro-Ethernet
networks.
Page 64
Description
es
ses
uas
cv
bbe
bbe-fe
es-fe
ses-fe
uas-fe
esb-p
fc-p
es-l
es-p
CRC-6 errors
CS events
SEF defects
AIS defects
uas-p
ses-l
FE errors;
CS events
SEF defects
AIS defect
The number 1-second intervals for which the SONET STS-path is unavailable
The number of 1-second intervals with 1544 or more BPVs plus EXZs, or one or
more LOS defects. For B8ZS-coded signal, BPVs that are part of zero
substitution code are excluded
Page 65
Parameter
Description
ses-p
cvl=bbe-l
sas-p
css-p
es-pfe
ses-pfe
sefs-pfe
uas-pfe
In the case of ESF, it is the number of 1-second intervals with 320 or more
CRC-6 errors, or one or more SEF or AIS defects
In the case of SF, it is the number of 1-second intervals with eight or more
FE events (if Ft and Fs bits are measured) or four or more FE events (if
only Ft bits are measured), or SEF or AIS defect
The number of both BPVs and EXZs occurring over the accumulation period.
An EXZ shall increment the CV-L by one regardless of the length of the zero
string. For a B8ZS-coded signal, BPVs that are part of the zero substitution
code are excluded from the count.
The number of 1-second intervals containing one or more SEF defects or one
or more AIS defects
The number of 1-second intervals containing one or more controlled slips in the
path terminating network element
The errored second Far End
The severely errored seconds Far End
The severely errored frame second Far End
The unavailable seconds per path Far End
css-pfe
cv-pfe
ssb-pfe
fc-pfe
es-lfe
For e1 interfaces:
Parameter
Quarter-hour
Daily
cv
4294967295
4294967295
12
121
10
100
4294967295
4294967295
10
10
12
121
10
100
4294967295
4294967295
10
10
es
ses
bbe
uas
es-fe
ses-fe
bbe-fe
uas-fe
For T1 interfaces:
Page 66
Parameter
Quarter-hour
Daily
cv-l
4294967295
4294967295
12
121
10
100
4294967295
4294967295
12
121
4294967295
4294967295
10
100
17
4294967295
4294967295
10
10
4294967295
4294967295
4294967295
4294967295
4294967295
4294967295
17
12
121
4294967295
4294967295
10
100
4294967295
4294967295
10
10
es-l
ses-l
fc-p
es-p
esb-p
ses-p
sefs-p
css-p
uas-p
es-lfe
FC-PFE
cv-pfe
sefs-pfe
es-pfe
esb-pfe
ses-pfe
css-pfe
uas-pfe
Default Value
Default Value
-7
-6
-5
Page 67
Parameter
Default Value
-4
-3
-2
-1
Page 68
Troubleshooting
Table of Contents
Table of Figures 2
List of Tables 2
Features Included in this Chapter 3
Safe Mode 4
Safe Mode Features 4
Accessing Safe Mode 4
Examples 6
Built-In Self Tests (BISTs) 13
BIST Commands13
Periodic Monitoring 15
Alert Types 16
Periodic Monitoring Commands 17
Configuration Examples 24
Diagnosing Connectivity Problems27
Packet Internet Groper (PING) 27
Traceroute 28
Connectivity Diagnostic Commands 29
Port Mirroring (Port Monitoring) 31
Network Traffic Monitoring Commands 32
Ethernet Loopback Test 34
Ethernet Loopback Test Commands 34
Technical Support Information40
Technical Support Commands 40
Configuration Example 42
Supported Standards, MIBs, and RFCs 44
Page 1
Table of Figures
Figure 1: Periodic Monitoring Configuration Flow ......................................................................... 15
Figure 2: Port Mirroring ...................................................................................................................... 31
List of Tables
Table 1: BIST Result Groups ............................................................................................................. 13
Table 2: BIST Commands ................................................................................................................... 13
Table 3: Periodic Monitor Types and Results .................................................................................. 16
Table 4: Periodic Monitoring Commands ........................................................................................ 20
Table 5: Monitor Indicators ................................................................................................................ 24
Table 6: Connectivity Diagnostic Commands.................................................................................. 29
Table 7: Characteristics of Port Types............................................................................................... 31
Table 8: Network Traffic Monitoring Commands .......................................................................... 32
Table 9: Ethernet Loopback Test Commands ................................................................................. 35
Table 10: Technical Support Commands .......................................................................................... 40
Page 2
T-Marc3208SH
Safe Mode
Safe mode provides access to a minimum set of device management commands.
Periodic Monitoring
Monitors hardware conditions to identify problematic hardware and deteriorated
environmental conditions.
Page 3
Safe Mode
Safe mode provides access to a minimum set of device management commands which you can use
in case of:
error during the startup process, which prevents the devices initialization
failure of a hardware component (unit), which prevents the operating system from starting up
Provide software installation, recovery and upgrade services (for the file system, software
image file, and etc)
The recovery and upgrade service operation provides access to a Device Software Installation menu,
which you can use to:
Download a software image from TFTP/FTP server, via a serial console port (using the
Xmodem protocol) or from a HTTP web site
Activate a new software image
List the available software images or displaying the active software image
Remove a software image
Display the free space available in the area of the local file system that stores software
images (image file system)
Page 4
1.
2.
During the devices initialization, press the S key within 6 seconds until the Safe Modes startup
screen appears:
/
\
|
Device Maintenance and Recovery Console - Main Menu
|
\_________________________________________________________________________/
0
1
2
3
4
5
6
7
8
9
R
H
Q
|
|
|
|
|
|
|
|
|
|
|
|
|
reset
outband
defgw
ping
traceroute
defcfg
passwd
install
speed
dns
remote
help
exit
:
:
:
:
:
:
:
:
:
:
:
:
:
Page 5
3.
From the textual menu, select the appropriate option. This will display the command prompt
for the selected options.
Examples
Example 1:
In the following example, the outband (option 1) command changes the OutBand IP address and
netmask of the device:
Type the desired menu option or command: outband
Changing outband IP address:
_______________________________________________________________________
NOTICE: The outband interface's IP address you will set will only affect
the current session (no system configuration file is modified).
Type the outband new IP address (A.B.C.D): 192.168.1.20
Type the outband new netmask (A.B.C.D):
255.255.255.0
Outband IP address changed successfully.
Press Enter to continue:
(version 2.1.TP-dev54)
_______
___
_______
__
|
__|.---.-.' _|.-----. |
|
|.-----.--| |.-----.
|__
|| _ |
_|| -__| |
|| _ | _ || -__|
|_______||___._|__| |_____| |__|_|__||_____|_____||_____|
_________________________________________________________________________
/
\
|
Device Maintenance and Recovery Console - Main Menu
|
\_________________________________________________________________________/
0
1
2
3
4
5
6
7
8
9
R
H
Q
|
|
|
|
|
|
|
|
|
|
|
|
|
reset
outband
defgw
ping
traceroute
defcfg
passwd
install
speed
dns
remote
help
exit
:
:
:
:
:
:
:
:
:
:
:
:
:
Example 2:
In the following example, the passwd (option 6) command restores the users password to its
default value (admin):
Page 6
(version 2.1.TP-dev54)
_______
___
___ ___
__
|
__|.---.-.' _|.-----. |
|
|.-----.--| |.-----.
|__
|| _ |
_|| -__| |
|| _ | _ || -__|
|_______||___._|__| |_____| |__|_|__||_____|_____||_____|
_________________________________________________________________________
/
\
|
Device Maintenance and Recovery Console - Main Menu
|
\_________________________________________________________________________/
0
1
2
3
4
5
6
7
8
9
R
H
Q
|
|
|
|
|
|
|
|
|
|
|
|
|
reset
outband
defgw
ping
traceroute
defcfg
passwd
install
speed
dns
remote
help
exit
:
:
:
:
:
:
:
:
:
:
:
:
:
Example 3:
In the following example, the tftp (option 1) command downloads a software image file from a
TFTP server to the local file system:
(version 2.1.TP-dev54)
_______
___
___ ___
__
|
__|.---.-.' _|.-----. |
|
|.-----.--| |.-----.
|__
|| _ |
_|| -__| |
|| _ | _ || -__|
|_______||___._|__| |_____| |__|_|__||_____|_____||_____|
_________________________________________________________________________
/
\
|
Device Maintenance and Recovery Console - Main Menu
|
\_________________________________________________________________________/
0
1
2
3
4
5
6
7
|
|
|
|
|
|
|
|
reset
outband
defgw
ping
traceroute
defcfg
passwd
install
:
:
:
:
:
:
:
:
Page 7
8
9
R
O
H
Q
|
|
|
|
|
|
speed
dns
remote
outif
help
exit
:
:
:
:
:
:
|
|
|
|
|
|
|
|
|
|
|
|
|
tftp
ftp
xmodem
http
flash
ls
activate
deactive
show
remove
free
main
help
:
:
:
:
:
:
:
:
:
:
:
:
:
Page 8
Package's Content:
---------------------------------------------------------------------_________________________________________________________________________________________
/
|
|
Component Type:
|
Version:
| File Name:
|-----------------------------|--------------------|-----------------------------------------|
| > Application
| 2.4.R1
| 2.6.27.39
| uImage
| 2.1.TP-dev23
T-Marc 3208SH-uboot_safemode.img
| Undefined
| ubi_root_volume.img
| ubi_batm_volume.img
| ubi_data_volume.img
| Undefined
\_____________________________|____________________|_________________________________________/
WARNING: Installing this package will overwrite the images on this device!
The original images will be replaced by the images contained in this package.
Type 'y' if you would like to install this package: y
Unmounting flash-based file systems:
---------------------------------------------------------------------(-) Unmounting flash filesystem (/real-root/applic/var)... Done.
(-) Unmounting flash filesystem (/real-root/applic)... Done.
(-) Unmounting flash filesystem (/real-root)... Done.
(-) Detaching UBI device 'rootfs' from MTD device 'mtd5'... Done.
(-) Detaching UBI device 'binos' from MTD device 'mtd6'... Done.
(-) Detaching UBI device 'data' from MTD device 'mtd7'... Done.
Installing Images:
---------------------------------------------------------------------Extracting the package file's components... Done.
Verifying the integrity of the
3208SH.tar.bz2'... OK
Verifying the integrity of the
Verifying the integrity of the
uboot_safemode.img'... OK
Verifying the integrity of the
Verifying the integrity of the
Verifying the integrity of the
Page 9
Example 5:
In the following example, the active (option 6) command specifies the name of the software
image file to be loaded:
Type the desired menu option or command: active
Page 10
_______________________________________________________________________
Current image files for the device:
-rw-r--r-- 1 root root
15414655 Nov 1 2010 2.3.R1. T-Marc 3208SH.tar.bz2
-rw-r--r-- 1 root
root 15437955 Nov 1 2010 2.3.R2. T-Marc 3208SH.tar.bz2
lrwxrwxrwx 1 root
root
37 Dec 31 2008 current_active_version ->
2.3.R2. T-Marc 3208SH.tar.bz
2
Type the name of the image file you want to activate:2.4.R1. T-Marc
3208SH.tar.bz2 <<<<<<<<<< will activate image called 2.4.R1.T-Marc
3208SH.tar.bz2
******************************************************************************
############################################################################
###
Device Software Installation and Recovery ###########################
############################################################################
1
2
3
4
L
5
6
D
7
8
9
X
H
|
|
|
|
|
|
|
|
|
|
|
|
|
tftp
ftp
xmodem
http
flash
ls
activate
deactive
show
remove
free
main
help
:
:
:
:
:
:
:
:
:
:
:
:
:
Example 6:
In the following example, the free (option 9) command displays the free space available on the
image file system:
Type the desired menu option or command: free
_______________________________________________________________________
Filesystem
ubi1:binos
Size
56.5M
Page 11
1
2
3
4
L
5
6
D
7
8
9
X
H
Page 12
|
|
|
|
|
|
|
|
|
|
|
|
|
tftp
ftp
xmodem
http
flash
ls
activate
deactive
show
remove
free
main
help
:
:
:
:
:
:
:
:
:
:
:
:
:
Description
Fans test
BIST Commands
This section defines the command hierarchy for BISTs and provides a list of available commands.
Included also, is a configuration example.
Command Hierarchy
device-name#
Command Descriptions
Table 2: BIST Commands
Command
Description
device-name#
Operational mode
Page 13
Command
system monitor self-test [execute-now |
full]
Page 14
Description
Initiates the execution of built-in test sequence
that automatically tests the system. Execute the
command without argument to display only failed
tests:
Periodic Monitoring
Through periodic monitoring, you can:
periodically monitor crucial device functions in the background and receive alerts when the
monitored indicators vary from operating norms
as a troubleshooting tool, monitor transient conditions and track irregular behaviors. You can
use this method for triggering diagnostic data-polling based on the device operational status
The following flow chart shows the steps need to define a monitor:
When a monitor is defined for a device function (such as CPU temperature or RAM usage), results
are returned and actions taken according to a predefined configuration. The monitor can report two
types of results:
Pass/Fail: Operational status is reported as a simple Pass or Fail o (for example, whether the
fans are working or not or if the power supply is working or not)
Page 15
Measurement: The monitor returns a specific, measured value (for example, the device
temperature or the number of packet errors)
The following table describes available monitors and the results returned by that monitor type.
Table 3: Periodic Monitor Types and Results
Indicator
Monitored As
On-Board Power
Pass/Fail
Fans
Pass/Fail
Laser
Pass/Fail
CPU Resources
Measured value
RAM Resources
Measured value
Power Supply
Pass/Fail
CPU Temperature
Measured value
Port Statistics
Measured value
Alert Types
For each monitor you establish, you also define the action or actions that will occur as a result.
These actions are defined individually for each monitor:
log: writes to the Command Line Interface (CLI) history and error message log files
When monitoring a device function that returns a measurement, you can also define limit values so
that alerts are generated only when the device functions outside of the defined range. Log, LED,
and/or Trap alerts would be generated when:
Page 16
Command Hierarchy
NOTE
All periodic monitoring commands are applied immediately, no commit is required.
device-name#
+ config terminal
+ system
+ monitor
+ cpu-temperature
- [no] led
- [no] log
- [no] shutdown
- [no] trap
+ cpu-usage
- [no] led
- [no] log
- [no] shutdown
- [no] trap
+ fans
- [no] led
- [no] log
- [no] shutdown
- [no] trap
+ onboard-power
- [no] led
- [no] log
Page 17
- [no] shutdown
- [no] trap
+ port-statistics
- [no] led
- [no] log
- [no] shutdown
- [no] trap
+ power-supply
- [no] led
- [no] log
- [no] shutdown
- [no] trap
+ ram-usage
- [no] led
- [no] log
- [no] shutdown
- [no] trap
+ laser
- [no] led
- [no] log
- [no] shutdown
- [no] trap
Page 18
- show system monitor [cpu-temperature | cpu-usage | | fans | onboardpower | port-statistics | power-supply [fans] | ram-usage | laser
[port UU/SS/PP] [detailed]]
- show system cpu-usage
Page 19
Command Descriptions
Table 4: Periodic Monitoring Commands
Command
Description
config terminal
system
monitor
Page 20
cpu-temperature
cpu-usage
fans
onboard-power
port-statistics
ram-usage
laser
no laser
Restores to default
power-supply
Command
Description
high-threshold <value>
led
no led
Restores to default
log
no log
Restores to default
low-threshold <value>
period <value>
60 seconds
no period
Restores to default
Page 21
Command
Description
trap
no trap
Restores to default
port UU/SS/PP
no port [UU/SS/PP]
rx-power {high-threshold
<value> | low-threshold
<value>}
- 7 dBm
- 32 dBm
no rx-power {high-threshold
| low-threshold}
Restores to default
tx-power {high-threshold
<value> | low-threshold
<value>}
- 5 dBm
- 16 dBm
no tx-power {high-threshold
| low-threshold}
Restores to default
temperature {high-threshold
<value> | low-threshold
<value>}
85 C0
- 40 C0
Page 22
Command
Description
no temperature {highthreshold | lowthreshold}
Restores to default
shutdown
no shutdown
rx-power {high-threshold
<value> | low-threshold
<value>}
- 7 dBm
- 32 dBm
no rx-power {high-threshold |
low-threshold}
Restores to default
tx-power {high-threshold
<value> | low-threshold
<value>}
- 5 dBm
- 16 dBm
no tx-power {high-threshold |
low-threshold}
Restores to default
85 C0
- 40 C0
no temperature {high-threshold
| low-threshold}
Restores to default
shutdown
no shutdown
Page 23
Description
cpu-temperature
cpu-usage
fans
onboard-power
laser
port-statistics
power
ram-usage
Configuration Examples
CPU Usage Monitoring
1.
2.
Define the CPU usage high limit value to 10 and the low limit to 1:
device-name(config-cpu-usage)#high-threshold 10
device-name(config-cpu-usage)#low-threshold 1
3.
4.
Page 24
2.
Define the RAM usage high limit value to 10 and the low limit to 3:
device-name(config-ram-usage)#high-threshold 10
device-name(config-ram-usage)#low-threshold 3
3.
4.
2.
Define the Laser monitor temperature thresholds to be in the range of -10 to 60 degrees and
to indicate by the led on a problem:
device-name(config-laser)# temperature high-threshold 60
device-name(config-laser)# temperature low-threshold -10
device-name(config-laser)#led
3.
4.
: 600
: Enabled
: Disabled
Page 25
Logging
Temperature Limit
Common :
1/2/7 :
1/2/8 :
Tx-Power
Common :
1/2/7 :
1/2/8 :
Rx-Power
Common :
1/2/7 :
1/2/8 :
Page 26
: Disabled
:
-10C..60C
-5C..85C
-5C..85C
:
-16dBm..-5dBm
-11dBm..-3dBm
-11dBm..-3dBm
:
-32dBm..-7dBm
-20dBm..0dBm
-20dBm..0dBm
Traceroute
Normal response: device replies within 110 seconds depending on network traffic.
Destination does not respond: the device does not respond. One of two messages is returned. If no
response, a no-answer message is returned. If the device does not exist, an unknown message
is returned.
Destination unreachable: the default gateway cannot reach the specified network.
Network or device unreachable: the route table does not include the device or network.
device-name#ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100): 56 data bytes
64 bytes from 192.168.1.100: icmp_seq=0 ttl=128 time=1.4
64 bytes from 192.168.1.100: icmp_seq=1 ttl=128 time=1.3
64 bytes from 192.168.1.100: icmp_seq=2 ttl=128 time=1.3
64 bytes from 192.168.1.100: icmp_seq=3 ttl=128 time=1.4
64 bytes from 192.168.1.100: icmp_seq=4 ttl=128 time=1.3
ms
ms
ms
ms
ms
--- 192.168.1.100 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.3/1.3/1.4 ms
device-name#ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101): 56 data bytes
--- 192.168.1.101 ping statistics --5 packets transmitted, 0 packets received, 100% packet loss
Page 27
Traceroute
Traceroute sends ICMP echo packets with varying IP Time-to-Live (TTL) values to the destination.
Upon receipt of an ICMP echo packet with a TTL value of 1 or 0, the device drops the packet and
sends a time-to-live-exceeded message back to the sender. Traceroute uses this mechanism to determine
the route to the destination:
Traceroute sends a User Datagram Protocol (UDP) to the destination device that sets the TTL
value to 1 and receives a time-to-live-exceeded message.
To identify the next hop, Traceroute sends another UDP packet, this time setting the TTL value to
2. The first device reached by the UDP decreases the TTL field by 1 and sends the datagram to the
next device. That device discards the datagram, with its TTL value of 1, and returns a time-to-liveexceeded message to the source.
This process continues until the TTL has been incremented to a value large enough for the
datagram to reach the destination device (or until reaching the maximum value for the TTL is
reached).
To determine when a datagram reaches its destination, Traceroute sets the UDP destination port
number in the datagram to a value unlikely to be used by the destination device. When a device
receives a self-destined datagram containing a destination port number that is unused locally, it
sends an ICMP port unreachable error to the source. Because all errors except port unreachable errors
come from intermediate hops, the receipt of a port unreachable error means that the message was sent
by the destination.
Page 28
Command Hierarchy
device-name#
Command Descriptions
Table 6: Connectivity Diagnostic Commands
Command
Description
device-name#
Operational mode
30
5 seconds
Page 29
Command
Description
56
config terminal
system
icmp access source-ip A.B.C.D/M
A.B.C.D/M
Page 30
Receive (Rx, ingress monitoring): Destination port receives a copy of the packets transmitted to the
source port before the source device modifies or processes them.
Transmit (Tx, egress monitoring): Destination port receives a copy of the packets transmitted by
the source port after the source device modifies and processes them.
NOTE
In egress monitoring, packets are forwarded to the destination port before the source
port changes the 802.1q packet header. Therefore, the packets transmitted to the
destination port may differ from the packets sent out by the source port.
Description
Source Port
Page 31
Ports Type
Description
Destination Port
Commands Hierarchy
device-name#
+ config terminal
+ system
Commands Descriptions
Table 8: Network Traffic Monitoring Commands
Command
Description
config terminal
system
Page 32
Command
mirror {tx | rx} {destination
UU/SS/PP | source {UU/SS/PP |
cpu-port}}
Description
Initiates network traffic monitoring:
Disabled
no mirror {tx | rx}
Page 33
2.
+ config terminal
+ [no] oam
- [no] untagged
Page 34
Commands Descriptions
Table 9: Ethernet Loopback Test Commands
Command
Description
config terminal
oam
no oam
loopback-test NAME
no loopback-test
amount <value>
NAME: a string of up to 32
characters
1
no amount
Restores to default
destination-mac
HH:HH:HH:HH:HH:HH
no destination-mac
ethertype <value>
0x8100
no ethertype
Restores to default
inner-vlan-id <vlan-id>
no inner-vlan-id
inner-vlan-priority <value>
4092>
Page 35
Command
no inner-vlan-priority
Description
Removes the configured value
outer-vlan-id <vlan-id>
4092>
no outer-vlan-id
outer-vlan-priority <value>
no outer-vlan-priority
source-mac HH:HH:HH:HH:HH:HH
no source-mac
untagged
no untagged
NOTE
The selected port must be member
of the Outer VLAN, if the traffic is
tagged.
5 minutes
not sla-aware
oam oopback-test NAME lag agN [duration
<value> | sla-aware]
Page 36
Command
Description
5 minutes
not sla-aware
oam oopback-test NAME service dot1q
<service-id> {sap {UU/SS/PP | agN}
|sdp {UU/SS/PP | agN}} [duration
<value> | sla-aware]
NOTE
5 minutes
not sla-aware
oam oopback-test NAME service tls
<service-id> {sap {UU/SS/PP | agN}
|sdp {UU/SS/PP | agN}} [duration
<value> | sla-aware]
Page 37
Command
Description
NOTE
5 minutes
Page 38
Command
Description
not sla-aware
Example
1.
Device-name#config terminal
Entering configuration mode terminal
Device-name(config)#oam
Device-name(config-oam)#loopback-test A1
Device-name(config-loopback-test-A1)#destination-mac 00:00:00:01:01:01
Device-name(config-loopback-test-A1)#outer-vlan-id 7
Device-name(config-loopback-test-A1)#outer-vlan-priority 5
2.
Configure VLAN and add ports 1/1/1 and 1/1/2 as tagged members of it:
Device-name(config)#vlan v7 7
Device-name(config-vlan-7)#tagged 1/1/1
Device-name(config-vlan-7)#tagged 1/1/2
3.
Page 39
Command Hierarchy
device-name#
- show technical-support
Command Descriptions
Table 10: Technical Support Commands
Command
Description
device-name#
Operational mode
file cp technical-support
PROTOCOL[USER[:PASSWORD]@]IPv4[:P
ORT]/FILE-NAME
Page 40
Command
Description
Saves the output of the show technicalsupport command to the local file system:
FILE-NAME
FILE-NAME
Saves a filtered output of the show technicalsupport command to the local file system:
USE-EXTERNAL-FILE-NAME: name of
the file that contains a modified
copy of the commands to be
executed
USE-EXTERNAL-FILE-NAME: name of
the file that contains a modified
copy of the command output
show technical-support
USE-EXTERNAL-FILE-NAME: name of
the file
Page 41
Configuration Example
Execute commands from default TSDB and display the output:
device-name#show technical-support
===============================================================================
TECHNICAL SUPPORT
===============================================================================
It could take several minutes to complete the command. Please wait ...
Page 42
Page 43
Page 44
Features
Standards
MIB
RFC
Periodic Monitoring
No standards are
supported by this
feature.
Private MIB,
PRVT-SYS-MONMIB.mib
No RFCs are
supported by this
feature.
Diagnosing Connectivity
Problems
No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
RFC 792-Internet
Control Message
Protocol
Port Monitoring
No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
No RFCs are
supported by this
feature.
Technical Support
Information
No standards are
supported by this
feature.
Private MIB,
PRVTINTERWORKINGOS-MIB
No RFCs are
supported by this
feature.
Page 1
Table of Figures
Figure 1: The MIB Tree ......................................................................................................................... 4
Figure 2: Branch of the MIB Object Identifier Tree ......................................................................... 5
Figure 3: Communication between an SNMP Agent and Manager............................................... 6
List of Tables
Table 1: Predefined SNMP Object Parameters ................................................................................. 6
Page 2
T-Marc3208SH
Getting Started
This guide describes the objects supported in the Management Information Base (MIB) on the
device and illustrates all parameters in the MIB structure. Many configuration examples are
provided to help you make the required changes to your system.
For more detailed information regarding any of the features described in this guide, please refer to
the BiNOX User Guide.
Audience
This guide is intended for network administrators who want to manage the system using SNMP
MIB applications.
Introduction
The Management Information Base (MIB) is a database of objects that can be used by a network
management system (NMS) to manage and monitor devices on the network. The managed objects
are structured in the form of a hierarchical tree.
The MIB can be retrieved by an NMS using Simple Network Management Protocol (SNMP). The
MIB structure determines the scope of management access allowed by a device.
SNMP defines the type of messages that are exchanged between the manager and agent (refer to
the Simple Network Management Protocol (SNMP) chapter). By using SNMP, a management application
can issue read or write operations within the scope of the MIB. Three versions of SNMP are
supported: SNMPv1, SNMPv2, and SNMPv3.
Customers that have a valid Support Contract can freely download MIBs from the Telco
Systems Web site
Page 3
MIB Tree
The MIB database is presented in a tree form with conceptual tables, where each managed resource
is represented by an object. Individual data items, the MIB objects, make up the leaves of the tree.
At the top of the tree is the most general information available about the network. Each branch of
the tree gets more detailed into a specific network area.
Page 4
Example:
To retrieve an object from the OSPF MIB, the software uses this OID:
1.3.6.1.2.1.14
Managing Objects
An SNMP application can read values for the objects (for device monitoring) and some
applications can also change the variables (to provide remote management of devices). Basic SNMP
operations include:
Page 5
B: Sends a message about an event (that occurs on the device) to the management application
When you perform an SNMP Get operation, the SNMP manager sends the OID to the Agent,
which in turn determines whether the OID is supported. If the OID is supported, the Agent
returns information about the object (refer to the Simple Network Management Protocol (SNMP)
chapter).
Description
TYPE
SYNTAX
Defined in RFC 1212, Syntax holds the value type managed by the
object. Value types are:
INTEGER
IP ADDRESS
BITS
GAUGE
COUNTER
TIMESTAMP
OCTET STRING
OBJECT IDENTIFIER
NULL
DisplayString
Unsigned
It is possible to create a new syntax from those defined in this last. A new
syntax uses the keyword TEXTUAL CONVENTION.
ACCESS
Page 6
Read-only
Read-write
Field Name
Description
STATUS
Not-accessible
DESCRIPTION
Read-create
Page 7
PRVT-INTERWORKING-OS-MIB
PRVT-CONFIGCHANGE-MIB
PRVT-SYNC-ETHERNET-MIB
PRVT-STATHIST-MIB
PRVT-INTERWORKING-OS-MIB
This MIB displays and manages the OS features of the device including OS upgrades. The MIB is
used to:
Page 8
delete images
NOTE
For the purposes of system information management via SNMP, only the
prvtInterworkingOSMibObjects node of the PRVT-INTERWORKING-OS-MIB
is used.
Examples:
Software Update via SNMP
Page 9
Upload a configuration file from the local file system to a TFTP server
via CLI:
1.
2.
3.
Upload a configuration file from the local file system to a TFTP server
via SNMP:
1.
2.
3.
4.
5.
6.
7.
Page 10
8.
Configure the type of the file action. First to be prepare, and second to be copy:
SET prvtConfigAction.0 (integer) prepare(2)
SET prvtConfigAction.0 (integer) copy(3)
NOTE
Refer to the Managing the device chapter to see Software Upgrade example via CLI.
PRVT-CONFIGCHANGE-MIB
A private MIB providing notification for configuration changes as SNMP traps. Each trap contains:
Examples:
1.
2.
Page 11
device-name(config-snmp)#
The manufacturing details are retrieved from the sysManufacturing table of the MIB.
Examples:
Page 12
RVT-SYNC-ETHERNET-MIB
This private MIB provides complete SNMP management of Synchronous Ethernet (SyncE).
Page 13
PRVT-STATHIST-MIB
This section describes MIBs used to provide historical view of the interface statistics.
Example
Page 14
Device-name(config-system)#statistics-history
Device-name(config-statistics-history)#profile FFF xpath-template
/bridge:interfaces/interface{%s}/Counters/ifInOctets
Device-name(config-statistics-history)#com
Commit complete.
Device-name(config-statistics-history)#control 1 profile-name FFF xpath-key
1/1/1
Device-name(config-statistics-history)#type delta get-interval 10
Device-name(config-statistics-history)#no shutdown
Device-name(config-statistics-history)#commit
Commit complete.
Device Authentication
This section describes MIBs used to define interfaces on a device and contains the following MIBs:
PRVT-MAC-SECURITY-MIB
PRVT-PORTS-AGGREGATION-MIB
PRVT-RESILIENT-LINK-MIB
PRVT-SWITCH-IPVLAN-MIB
PRVT-MAC-SECURITY-MIB
This private MIB provides complete SNMP management of port security.
Page 15
Examples:
1.
2.
3.
Using SNMP create a MAC learning profile (test1) with the following parameters:
prvtMacSecLrnProfRowStatus.5.116.101.115.116.49 (integer) create and
wait(5)
prvtMacSecLrnProfPolicy.5.116.101.115.116.49 (integer) portLimit(2)
prvtMacSecLrnProfMaxMacCount.5.116.101.115.116.49 (gauge) 30
prvtMacSecLrnProfRowStatus.5.116.101.115.116.49 (integer) active(1)
4.
Examples:
1.
2.
3.
1.
2.
3.
Page 17
PRVT-PORTS-AGGREGATION-MIB
The private Ports Aggregation MIB is used to manage static and dynamic port aggregation for the
device.
Examples:
1.
Page 18
device-name(config-lag-id-ag2)#port 1/1/1
device-name(config-port-1/1/1)#port 1/1/3
device-name(config-port-1/1/3)#port 1/1/4
device-name(config-port-1/1/4)#commit
device-name(config-port-1/1/4)#exit
2.
1.
2.
PRVT-RESILIENT-LINK-MIB
The Resilient link MIB is used to manage the resilient link of the device.
Page 19
Examples:
PRVT-SWITCH-IPVLAN-MIB
The IPVLAN MIB controls the assignment of IP subnets to VLANs.
Page 20
Example:
1.
2.
3.
4.
5.
Define an IP interface with name sw2 and address 2.0.0.1 with mask 8:
ipInterfaceRowStatus.3.115.119.50 (integer) createAndWait(5)
ipInterfaceIpAddress.3.115.119.50 (ipaddress) 2.0.0.1
ipInterfaceSubnetMask.3.115.119.50 (ipaddress) 255.0.0.0
ipInterfaceRowStatus.3.115.119.50 (integer) active(1)
6.
7.
Filtering Traffic
PRVT-SWITCH-ACCESS-LIST-MIB
The private Switch Access List MIB is used to manage ACL rules.
Page 21
Examples:
Creating a Standard IP ACL
Page 22
device-name(config-rule-1)#commit
Commit complete.
device-name(config-rule-1)#
Page 23
The following example creates and configures an extended MAC ACL 400:
Page 24
The following example applies the extended IP ACL 100 to the ingress traffic on port 1/1/1 with
single-type rate limit, Committed Information Rate (CIR) of 1000 Kbps, and Committed Burst Size
(CBS) of 16 KB:
Applying via CLI
device-name#config terminal
device-name(config)#port 1/1/1
device-name(config-port-1/1/1)#access-groups-rule-sequence 1 ip-access-groupextended 100 in
device-name(config-ip-access-group-extended-100/in)#rate-limit single cir 1000
cbs 16
device-name(config-rate-limit-single)#commit
Commit complete.
device-name(config-rate-limit-single)#
The following example applies the extended MAC ACL 400 to egress traffic on port 1/1/2 with
remarking by dscp:
Applying via CLI
device-name#config terminal
device-name(config)#port 1/1/2
device-name(config-port-1/1/2)#access-groups-rule-sequence 1 mac-access-group
400 out
device-name(config-mac-access-group-400/out)# dscp 44
device-name(config-mac-access-group-400/out)# commit
Commit complete.
The following example applies the EtherType ACL 500 as VLAN translation to port 1/1/3:
Page 25
Traffic Control
This section includes the PRVT-QOS-MIB MIB. For more information on the Traffic Control
feature, refer to the BiNOX User Guide.
PRVT-QOS-MIB
Page 26
Examples:
Configuring QoS Policies per Port
1.
Page 27
2.
3.
4.
1.
2.
3.
4.
(integer)
(integer)
(integer)
(integer)
(integer)
(integer)
11
22
33
44
55
66
[11]
[22]
[33]
[44]
[55]
[66]
1.
2.
3.
Page 28
4.
1.
2.
3.
4.
1.
2.
3.
4.
1.
2.
Page 29
device-name(config-scheduling-profile-5)#queue4 44
device-name(config-scheduling-profile-5)#queue5 55
device-name(config-scheduling-profile-5)#queue6-weight 66
device-name(config-scheduling-profile-5)#commit
Commit complete.
device-name(config-scheduling-profile-5)#
3.
1.
2.
3.
Add a description:
prvtQosServShaperProfDescr.22 (octet string) descr [64.65.73.63.72 (hex)]
4.
1.
2.
3.
4.
Page 30
(integer)
(integer)
(integer)
(integer)
(integer)
(integer)
11
22
33
44
55
66
[11]
[22]
[33]
[44]
[55]
[66]
1.
2.
3.
Apply the service ingress policy on already created TLS service 100 and its sap 1/2/5 with cvlan 33:
prvtQosServiceRowStatus.100 (integer) createAndWait(5)
prvtQosServiceIngressPolicy.100 (octet string) 22 [32.32 (hex)]
prvtQosServiceRowStatus.100 (integer) active(1)
prvtQosServSapRowStatus.100.1205.33 (integer) createAndWait(5)
prvtQosServSapPolicyEnable.100.1205.33 (integer) true(1)
prvtQosServSapRowStatus.100.1205.33 (integer) active(1)
VLANs
This section includes the following MIBs:
Q-BRIDGE-MIB
PRVT-SUPER-VLAN-MIB
Q-BRIDGE-MIB
The VLAN Bridge MIB used to manage VLAN networks. The Q-BRIDGE-MIB manages the
MAC address table and is also referred to as 8021Q_d6.mib.
Page 31
NOTE
Configuration via SNMP uses only the dot1qVlanStaticTable.
Examples:
1.
2.
3.
1.
2.
3.
Page 32
Examples:
1.
2.
3.
1.
2.
3.
PRVT-SUPER-VLAN-MIB
PRVT-SUPER-VLAN-MIB is a private MIB that provides complete SNMP management of Super
Virtual Local Area Network (VLAN).
Page 33
Examples:
Page 34
Page 35
Examples:
Pending Configuration
1.
Enable MSTP:
device-name(config)#config
device-name(config)#ethernet spanning-tree protocol-mstp
device-name(config-protocol-mstp)#no shutdown
device-name(config-protocol-mstp)#commit
2.
3.
1.
2.
Configure parameters:
bridge priority: 4096
hello-time: 5 seconds
MaxAge time: 14 seconds
max-hop count: 23
device-name(config-spanning-tree)#priority 4096
device-name(config-spanning-tree)#hello-time 5
device-name(config-spanning-tree)#max-age 14
device-name(config-protocol-mstp)#max-hops 23
1.
2.
Set port priority 80 and path-cost 1000 on port 1/1/1 for MSTI0:
device-name(config-spanning-tree)#port 1/1/1 path-cost 1000
device-name(config-spanning-tree)#port 1/1/1 priority 80
3.
Set port priority 0 and path-cost 300 on port 1/1/1 for MSTI1:
device-name(config-spanning-tree)#port 1/1/1 mstp instance-id 1 priority 0
Page 36
1.
2.
3.
Pending Configuration
1.
Enable MSTP:
2.
3.
createAndWait(5)
active(1)
createAndWait(5)
active(1)
4.
1.
2.
Configure parameters:
bridge priority:
hello-time:
MaxAge time:
max-hop count:
4096
5 seconds
14 seconds
23
Page 37
prvtStMstpMaxHops.0 (gauge) 23
1.
2.
Set port priority 80 and path-cost 1000 on port 1/1/1 for MSTI 0:
prvtStPortPriority.1101 (gauge) 80
prvtStPortPathCost.1101 (gauge) 1000
3.
Set port priority 0 and path-cost 300 on port 1/1/1 for MSTI 1:
prvtStMInstPortPriority.1.1101 (gauge) 0
prvtStMInstPortPathCost.1.1101 (gauge) 300
1.
2.
8.
Enable RSTP:
prvtStRstpProtocolEnable.0 (integer) true(1)
9.
Enable STP:
prvtStStpProtocolEnable.0 (integer) true(1)
Service Configuration
This section includes the PRVT-SERV- MIB.
PRVT-SERV-MIB
The private Service MIB manages and provides various services on the device.
Page 38
1.
2.
3.
4.
Page 39
1.
2.
3.
4.
5.
6.
7.
8.
Create and Configure a VPLS Service with Spoke SDPs and Unqualified SAPs
Configuration via CLI
1.
2.
Page 40
device-name(config-sdp-1)#commit
device-name(config)#service sdp 2 far-end 113.113.113.113
device-name(config-sdp-2)#commit
3.
4.
1.
2.
3.
4.
5.
6.
7.
Page 41
8.
1.
2.
1.
2.
Get the next free id value (Needed to configure the SDP port.):
sdpNextFreeId.0 (gauge)16
3.
4.
Page 42
5.
6.
PRVT-ROUTE-MIB
PRVT-OSPF-MIB
PRVT-ISIS-MIB
PRVT-ROUTE-MIB
The private MIB, PRVT-ROUTE-MIB, isused to manage static and dynamic IP routes.
Example
1.
Create Static Route to network 11.0.0.0/8 via next hop 5.0.0.1 and administrative distance 1:
device-name#config terminal
device-name(config)#router static-route 11.0.0.0/8 5.0.0.1 1
2.
Delete Static Route to network 11.0.0.0/8 via next hop 5.0.0.1 and administrative distance 1:
device-name#config terminal
Page 43
3.
Create Static Route to network 11.0.0.0/8 via next hop 5.0.0.1 and administrative distance 1:
set prvtCfgRouteRowStatus (integer) 11.0.0.0.8.5.0.0.1.1 createAndGo(4)
4.
Delete Static Route to network 11.0.0.0/8 via next hop 5.0.0.1 and administrative distance 1:
set prvtCfgRouteRowStatus (integer) 11.0.0.0.8.5.0.0.1.1 destroy(6)
PRVT-OSPF-MIB
The private OSPF MIB, which enables the OSPF protocol, redistributes other routing protocols in
the OSPF and contains additional configuration not provided in the standard RFC 1850.
Page 44
Examples:
1.
2.
3.
4.
5.
1.
2.
3.
4.
5.
Page 45
PRVT-ISIS-MIB
This private MIB provides complete SNMP management of Intermediate System-toIntermediate System (IS-IS).
Example
1.
2.
3.
Page 46
4.
5.
6.
1.
2.
3.
4.
5.
6.
PRVT-L2TUNNELING-MIB
PRVT-MPLS-TE-MIB
PRVT-TEMIB-ENTITY-MIB
PRVT-RSVP-MIB
PRVT-MPLS-IF-MIB
PRVT-LMGR-MIB
PRVT-MPLS-LDP-MIB
PRVT-CR-LDP-MIB
Page 47
PRVT-L2TUNNELING-MIB
The private Layer 2 Tunneling MIB manages the Layer 2 Protocol Tunneling feature designed for
service providers. L2 tunneling profile on SAP and SDP port is not supported.
Example
Page 48
device-name(config-interface-1/1/2)#
1.
2.
3.
4.
5.
6.
PRVT-MPLS-TE-MIB
The private MPLS-TE MIB supports tables for configuring:
tunnels
tunnel hop
tunnel resources
differential Service
tunnel trap
Calculated Hop
Page 49
Creating a single tunnel is equivalent to creating a row in the Tunnel table. Path nodes are in the
Nodes table. The same table also provides a field to set the path name used to unite the nodes. The
same rules apply for two-phase setting: first create and configure the tunnel and then activate the
tunnel. Activating a tunnel works with all active nodes. You cannot create nodes that are intended
to belong to the same path but have different path names.
PRVT-TEMIB-ENTITY-MIB
The private TE Entity MIB is designed to list tunnel entities. Such entities are needed to use RSVP
tunnel router functionality and cannot be created manually. Using only one RSVP router means
only one tunnel entity is created when creating the router.
Page 50
Examples:
1.
2.
Create the tunnel, assign a name to the tunnel, configure the tunnel attributes, and specify the
explicit route hops for this tunnel:
device-name(config)#router rsvp-te lsp 1 far-end 1.1.1.1 name 3_to_1 fastreroute-mode facility max-backup-hops 20 cspf path 1
device-name(config-lsp-1)#commit
1.
2.
3.
4.
5.
6.
Page 51
7.
8.
9.
PRVT-RSVP-MIB
The private MIB, PRVT-RSVP-MIB, provides configuration capabilities for RSVP functionality.
Examples:
PRVT-MPLS-IF-MIB
The private MIB, PRVT-MPLS-IF-MIB, manages specific MPLS and RSVP interface parameters.
Page 52
Examples:
PRVT-LMGR-MIB
The private LMGR MIB is designed to support Label Manager settings.
Page 53
PRVT-MPLS-LDP-MIB
The private LDP MIB contains information about negotiated parameters when starting an LDP
router. The MIB configures remote peers to hear LDP multicast advertisements. This MIB
includes:
Page 54
LDP entities
LDP peers
LDP sessions
FECs
PRVT-CR-LDP-MIB
This private CR LDP MIB contains two tables for viewing and configuring the path manager and
the session manager. Tables are read-only and cannot have multiple instances for either the path or
session manager. A single instance is created (with index 1) when activating the LDP entity in the
LDP entity table.
Examples:
1.
2.
3.
1.
2.
Page 55
1.
2.
3.
PRVT-CFM-MIB
PRVT-SYS-MON-MIB
PRVT-ALARM-MIB
PRVT-STORM-CTL-MIB
PRVT-LMM-MIB
PRVT-EFM-OAM-MIB
PRVT-EPS-MIB
PRVT-RAPS-MIB
PRVT-SAA-MIB
PRVT-CFM-MIB
The private CFM MIB is an extension of the Connectivity Fault Management module for managing
IEEE 802.1ag connectivity. The MIB provides proactive and diagnostic connectivity fault
localization capabilities over SNMP for Ethernet Virtual Connections (EVC) that span one or more
links.
Page 56
Example
In the following example, a domain MA is created for a VLAN and port 1/1/1 is added as a MEP
to the specified MA.
1.
Enable CFM:
device-name#config terminal
device-name(config)#oam cfm
device-name(config-cfm)#no shutdown
2.
Page 57
3.
4.
Create a MEP:
device-name(config-ma-ma_1)#mep 105 bind-to 1/1/1
device-name(config-mep-105/1/1/1)#direction down
device-name(config-mep-105/1/1/1)#ccm-enabled
device-name(config-mep-105/1/1/1)#no shutdown
device-name(config-mep-105/1/1/1)#commit
Commit complete.
device-name(config-mep-105/1/1/1)#
1.
Enable CFM:
1: prvtCfmShutdown.0
It`s value should be set to 2 in order to activate oam cfm.:
1: prvtCfmShutdown.0 (integer) false(2)
2.
3.
4.
Page 58
1: prvtCfmMepRowStatus.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105 =
5
2:prvtCfmMepInterfaceIndex.8.100.111.109.97.105.110.95.49.4.109.97.95.49.10
5 (integer) 1101 [1101]
3: prvtCfmMepDirection.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) down(1)
4: prvtCfmMepShutdown.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) false(2)
5: prvtCfmMepCciEnabled.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) true(1)
6: prvtCfmMepRowStatus.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) active(1)
PRVT-SYS-MON-MIB
The MIB contains settings for system monitoring and periodic system self-tests.
Examples:
Appendix A: SNMP Reference Guide (Rev. 01)
Page 59
: PASSED
: 33C
: PASSED
: 6%
: PASSED
: 40%
Fan Test
Status
: PASSED
: PASSED PASSED
: FAIL PASSED
: ABSENT PASSED
: PASSED
: 0%
Page 60
PRVT-ALARM-MIB
This private MIB provides information for the following alarms:
Page 61
Page 62
Link Down
Lag Down
SyncE alarms
Event
Alarm
lagLinkDown
lagLinkUp
Clear
lagMemberLinkDown
lagMemberLinkUp
Clear
linkDown
linkUp
Clear
Clear
Clear
Clear
Event
Alarm
Clear
Clear
Clear
Clear
Clear
Clear
Clear
The MIB contains list of predefined device alarms with index, time of occurrence and description.
Every time an alarm is triggered, a new row is added to the prvtAlarmCurrentTable.
Once the alarm goes off, the relevant row is removed from the prvtAlarmCurrentTable.
Page 63
PRVT-LMM-MIB
This private MIB provides complete SNMP management of the Laser Management feature.
Example:
Page 64
prvtLmmPeriod.0 (integer) 60
prvtLmmLog.0 (integer) true(1)
prvtLmmLed.0 (integer) true(1)
prvtLmmTemperatureLowThreshold.0 (integer) -10
prvtLmmTemperatureHighThreshold.0 (integer) 60
prvtLmmTxPowerLowThreshold.0 (integer) -5
prvtLmmTxPowerHighThreshold.0 (integer) 5
PRVT-STORM-CTL-MIB
This private MIB provides complete SNMP management of the Traffic Storm Control feature.
Example:
PRVT-EFM-OAM-MIB
This private MIB provides complete SNMP management of 802.3ah Ethernet in the First Mile
(EFM-OAM).
Page 65
Examples:
Page 66
set prvtEfmOamInterfaceRole(1.3.6.1.4.1.738.10.5.133.1.23.1.3).1101
(integer) active(2)
or
set prvtEfmOamInterfaceRole.1101 (integer) active(2)
set prvtEfmOamInterfaceEventReturnShutdown(1.3.6.1.4.1.738.10.5.133.1.23.1.
12).1101 (gauge) 5
or
set prvtEfmOamInterfaceEventReturnShutdown.1101 (gauge) 5
set prvtEfmOamEventForwardStatusRowStatus(1.3.6.1.4.1.738.10.5.133.1.24.1.2
).1101.1102 createAndWait(5)
or
set prvtEfmOamEventForwardStatusRowStatus.1101.1102 (integer)
createAndWait(5)
set prvtEfmOamEventForwardStatusRowStatus(1.3.6.1.4.1.738.10.5.133.1.24.1.2
).1101.1102 active(1)
or
set prvtEfmOamEventForwardStatusRowStatus.1101.1102 (integer) active(1)
PRVT-SAA-MIB
This private MIB provides complete SNMP management of SAA tests.
Examples:
SAA RFC 2544 SNMP configuration:
Page 67
Page 68
00. prvtSaaTestRowStatus.1.49.1.49 = 5
1. prvtSaaTestType.1.49.1.49 = rfc2544
2. prvtSaaTestProfile.1.49.1.49 = 1
3. prvtSaaTestEnable.1.49.1.49 = true
4. prvtSaaTestRfc2544Mode.1.49.1.49 = biTestHead=2
5. prvtSaaTestRfc2544Domain.1.49.1.49 = "d2"
6. prvtSaaTestRfc2544MA.1.49.1.49 = "ma2"
7. prvtSaaTestRfc2544Mep.1.49.1.49 = 1001
8. prvtSaaTestRfc2544TargetType.1.49.1.49 = mep
9. prvtSaaTestRfc2544TargetMep.1.49.1.49 = 2001
10. prvtSaaTestRfc2544Cir.1.49.1.49 = 750000
Configure uni-test-Tail:
Configuration via CLI
Device-name(config)#saa test 1 1 type rfc2544 profile 1 rfc2544 mode unitest-tail
Device-name(config-rfc2544)#domain d2 ma ma2 mep 1001
Device-name(config-rfc2544)#commit
1.
2.
3.
4.
5.
6.
7.
8.
prvtSaaTestRowStatus.1.49.1.49 = 5
prvtSaaTestType.1.49.1.49 = rfc2544
prvtSaaTestEnable.1.49.1.49 = true
prvtSaaTestRfc2544Mode.1.49.1.49 = uniTestTail=3
prvtSaaTestRfc2544Domain.1.49.1.49 = "d2"
prvtSaaTestRfc2544MA.1.49.1.49 = "ma2"
prvtSaaTestRfc2544Mep.1.49.1.49 = 1001
prvtSaaTestRowStatus.1.49.1.49 = 1
Page 69
1.
2.
3.
4.
5.
6.
7.
8.
9.
prvtSaaProfileRowStatus.1.49 = 5
prvtSaaProfileType.1.49 = 1
prvtSaaProfileY1731DelayNearEnd.1.49 = 1000
prvtSaaProfileY1731DelayFarEnd.1.49 = 1000
prvtSaaProfileY1731JitterNearEnd.1.49 = 10
prvtSaaProfileY1731JitterFarEnd.1.49 = 10
prvtSaaProfileY1731FrameLossNearEnd.1.49 = 1000
prvtSaaProfileY1731FrameLossFarEnd.1.49 = 1000
prvtSaaProfileRowStatus.1.49 = 1
Page 70
01.
02.
03.
04.
05.
06.
07.
08.
09.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
prvtSaaTestRowStatus.1.50.1.50 = 5
prvtSaaTestType.1.50.1.50 = y1731
prvtSaaTestProfile.1.50.1.50 = 1
prvtSaaTestEnable.1.50.1.50 = true
prvtSaaTestY1731Mode.1.50.1.50 = test
prvtSaaTestY1731Domain.1.50.1.50 = "d2"
prvtSaaTestY1731MA.1.50.1.50 = "ma2"
prvtSaaTestY1731Mep.1.50.1.50 = 3002
prvtSaaTestY1731TargetType.1.50.1.50 = mep
prvtSaaTestY1731TargetMep.1.50.1.50 = 2106
prvtSaaTestY1731Priority.1.50.1.50 = 0
prvtSaaTestY1731Frequency.1.50.1.50 = 1
prvtSaaTestY1731Interval.1.50.1.50 = 60
prvtSaaTestY1731Period.1.50.1.50 = 100
prvtSaaTestY1731Timeout.1.50.1.50 = 3
prvtSaaTestY1731Function.1.50.1.50 = both
prvtSaaTestY1731DelayMode.1.50.1.50 = twoWay
prvtSaaTestY1731DelayMethod.1.50.1.50 = average
prvtSaaTestY1731DelayPValue.1.50.1.50 = 50
prvtSaaTestY1731JitterMethod.1.50.1.50 = variance
prvtSaaTestY1731JitterPValue.1.50.1.50 = 50
prvtSaaTestY1731History.1.50.1.50 = 20
prvtSaaTestRowStatus.1.50.1.50 = 1
01.
02.
03.
04.
05.
06.
07.
08.
09.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
prvtSaaTestRowStatus.1.50.1.50 = 5
prvtSaaTestType.1.50.1.50 = y1731
prvtSaaTestProfile.1.50.1.50 = #0x31=1
prvtSaaTestEnable.1.50.1.50 = true
prvtSaaTestY1731Mode.1.50.1.50 = loopback = 2
prvtSaaTestY1731Domain.1.50.1.50 = "d2"
prvtSaaTestY1731MA.1.50.1.50 = "ma2"
prvtSaaTestY1731Mep.1.50.1.50 = 2106
prvtSaaTestY1731Priority.1.50.1.50 = 6
prvtSaaTestY1731Frequency.1.50.1.50 = 1
prvtSaaTestY1731Interval.1.50.1.50 = 900
prvtSaaTestY1731Period.1.50.1.50 = 1000
prvtSaaTestY1731Timeout.1.50.1.50 = 3
prvtSaaTestY1731Function.1.50.1.50 = both
prvtSaaTestY1731DelayMode.1.50.1.50 = twoWay
prvtSaaTestY1731DelayMethod.1.50.1.50 = average
prvtSaaTestY1731DelayPValue.1.50.1.50 = 50
prvtSaaTestY1731JitterMethod.1.50.1.50 = variance
prvtSaaTestY1731JitterPValue.1.50.1.50 = 50
Page 71
Traffic Engineering
This section presents the SNMP MIB, PRVT-TE-PARAM-MIB, used for the Multiprotocol Label
Switching (MPLS) feature:
PRVT-TE-PARAM-MIB
PRVT-TE-PARAM-MIB
The TE MIB includes objects describing features that support traffic engineering.
Examples:
Page 72
Configuration Example
The following example creates VPWS between two devices: Device1 and Device2.
Device1 Configuration:
1.
Configure a VLAN with ID 10 and add port 1/1/5 as a tagged member of it:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
dot1qVlanStaticRowStatus.10 i 5 Q-BRIDGE-MIB::dot1qVlanStaticRowStatus.10 =
INTEGER: createAndWait(5) snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
dot1qVlanStaticEgressPorts.10 x 08000000 Q-BRIDGEMIB::dot1qVlanStaticEgressPorts.10 = Hex-STRING: 08 00 00 00 snmpset -t 10
-L n -v2c -c user-v2c 10.3.155.51 dot1qVlanStaticName.10 s vlan10 QBRIDGE-MIB::dot1qVlanStaticName.10 = STRING: vlan10 snmpset -t 10 -L n v2c -c user-v2c 10.3.155.51 dot1qVlanStaticRowStatus.10 i 1 Q-BRIDGEMIB::dot1qVlanStaticRowStatus.10 = INTEGER: active(1)
2.
3.
4.
10.3.155.51
Page 73
5.
Enable OSPF. Interfaces lo1 and sw1 are configured in Area 0.0.0.0:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 prvtOspfRouterId.0 a
1.1.155.51
PRVT-OSPF-MIB::prvtOspfRouterId.0 = IpAddress: 1.1.155.51 snmpset -t 10 -L
n -v2c -c user-v2c 10.3.155.51 prvtOspfAreaRowStatus.0.0.0.0 i 4 PRVTOSPF-MIB::prvtOspfAreaRowStatus.0.0.0.0 = INTEGER: createAndGo(4) snmpset
-t 10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfRowStatus.100.1.1.51 i 5
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.51 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfAreaId.100.1.1.51 a 0.0.0.0
PRVT-OSPF-MIB::prvtOspfIfAreaId.100.1.1.51 = IpAddress: 0.0.0.0 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfRowStatus.100.1.1.51 i 1
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.51 = INTEGER: active(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfRowStatus.1.1.155.51 i 5
PRVT-OSPF-MIB::prvtOspfIfRowStatus.1.1.155.51 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfAreaId.1.1.155.51 a 0.0.0.0
PRVT-OSPF-MIB::prvtOspfIfAreaId.1.1.155.51 = IpAddress: 0.0.0.0 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfWorkingMode.1.1.155.51 i 1
PRVT-OSPF-MIB::prvtOspfIfWorkingMode.1.1.155.51 = INTEGER: passive(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfRowStatus.1.1.155.51 i 1
PRVT-OSPF-MIB::prvtOspfIfRowStatus.1.1.155.51 = INTEGER: active(1)
6.
7.
Page 74
8.
Enable LDP:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 prvtcrldpPmRowStatus.1 i 4
Error in packet.
Reason: inconsistentValue (The set value is illegal or unsupported in some
way) Failed object: PRVT-CR-LDP-MIB::prvtcrldpPmRowStatus.1
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 prvtcrldpSigRowStatus.1 i 4
PRVT-CR-LDP-MIB::prvtcrldpSigRowStatus.1 = INTEGER: createAndGo(4)
9.
Page 75
createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsTunnelManHopType.1.10.1.1 i 1
PRVT-MPLS-TE-MIB::mplsTunnelManHopType.1.10.1.1 = INTEGER: strict(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsTunnelManHopIpAddr.1.10.1.1 x 64010138
PRVT-MPLS-TE-MIB::mplsTunnelManHopIpAddr.1.10.1.1 = Hex-STRING: 64 01 01 38
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsTunnelManHopRowStatus.1.10.1.1 i 1
PRVT-MPLS-TE-MIB::mplsTunnelManHopRowStatus.1.10.1.1 = INTEGER: active(1)
12. Create RSVP LSP 10 with ingress LSR ID 1.1.155.51 , egress LSR ID 1.1.155.56 :
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelRowStatus.1.10.1 i 5
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.10.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelIngressLSRId.1.10.1 x 01019b33
PRVT-MPLS-TE-MIB::mplsManTunnelIngressLSRId.1.10.1 = STRING: 1.1.155.51
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelEgressLSRId.1.10.1 x 01019b38
PRVT-MPLS-TE-MIB::mplsManTunnelEgressLSRId.1.10.1 = STRING: 1.1.155.56
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 mplsManTunnelName.1.10.1 s
lsp10
PRVT-MPLS-TE-MIB::mplsManTunnelName.1.10.1 = STRING: "lsp10"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelAdminStatus.1.10.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelAdminStatus.1.10.1 = INTEGER: up(1) snmpset
-t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelRowStatus.1.10.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.10.1 = INTEGER: active(1)
Page 76
16. Configure SDP (SDP uses the configured LSP 10) for VPWS 10:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 sdpRowStatus.10.1 i 5
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: createAndWait(5) snmpset -t 10
-L n -v2c -c user-v2c 10.3.155.51 sdpFarEndIpAddress.10.1 a 1.1.155.56
PRVT-SERV-MIB::sdpFarEndIpAddress.10.1 = IpAddress: 1.1.155.56 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.51 sdpAdminStatus.10.1 i 1
PRVT-SERV-MIB::sdpAdminStatus.10.1 = INTEGER: up(1) snmpset -t 10 -L n -v2c
-c user-v2c 10.3.155.51
sdpTransportTunnelName.10.1 s lsp10
PRVT-SERV-MIB::sdpTransportTunnelName.10.1 = STRING: "lsp10"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 sdpVCType.10.1 i 5
PRVT-SERV-MIB::sdpVCType.10.1 = INTEGER: ethernet(5) snmpset -t 10 -L n v2c -c user-v2c 10.3.155.51 sdpType.10.1 i 3
PRVT-SERV-MIB::sdpType.10.1 = INTEGER: mesh(3) snmpset -t 10 -L n -v2c -c
user-v2c 10.3.155.51 sdpMtu.10.1 i 9190
PRVT-SERV-MIB::sdpMtu.10.1 = INTEGER: 9190 snmpset -t 10 -L n -v2c -c userv2c 10.3.155.51 sdpRowStatus.10.1 i 1
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: active(1)
Device2 Configuration:
18. Configure a VLAN with ID 10 and add port 1/1/5 as a tagged member of it:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
dot1qVlanStaticRowStatus.10 i 5 Q-BRIDGE-MIB::dot1qVlanStaticRowStatus.10 =
INTEGER: createAndWait(5) snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
dot1qVlanStaticEgressPorts.10 x 08000000 Q-BRIDGEMIB::dot1qVlanStaticEgressPorts.10 = Hex-STRING: 08 00 00 00 snmpset -t 10
-L n -v2c -c user-v2c 10.3.155.56 dot1qVlanStaticName.10 s vlan10 QBRIDGE-MIB::dot1qVlanStaticName.10 = STRING: vlan10 snmpset -t 10 -L n v2c -c user-v2c 10.3.155.56 dot1qVlanStaticRowStatus.10 i 1 Q-BRIDGEMIB::dot1qVlanStaticRowStatus.10 = INTEGER: active(1)
Page 77
22. Enable OSPF. Interfaces lo1 and sw10 are configured in Area 0.0.0.0:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 prvtOspfRouterId.0 a
1.1.155.56
PRVT-OSPF-MIB::prvtOspfRouterId.0 = IpAddress: 1.1.155.56 snmpset -t 10 -L
n -v2c -c user-v2c 10.3.155.56 prvtOspfAreaRowStatus.0.0.0.0 i 4 PRVTOSPF-MIB::prvtOspfAreaRowStatus.0.0.0.0 = INTEGER: createAndGo(4) snmpset t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfRowStatus.100.1.1.56 i 5
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.56 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfAreaId.100.1.1.56 a 0.0.0.0
PRVT-OSPF-MIB::prvtOspfIfAreaId.100.1.1.56 = IpAddress: 0.0.0.0 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfRowStatus.100.1.1.56 i 1
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.56 = INTEGER: active(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfRowStatus.1.1.155.56 i 5
PRVT-OSPF-MIB::prvtOspfIfRowStatus.1.1.155.56 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfAreaId.1.1.155.56 a 0.0.0.0
PRVT-OSPF-MIB::prvtOspfIfAreaId.1.1.155.56 = IpAddress: 0.0.0.0 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfWorkingMode.1.1.155.56 i 1
PRVT-OSPF-MIB::prvtOspfIfWorkingMode.1.1.155.56 = INTEGER: passive(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfRowStatus.1.1.155.56 i 1
PRVT-OSPF-MIB::prvtOspfIfRowStatus.1.1.155.56 = INTEGER: active(1)
Page 78
prvtLmgrLsrEntityRowStatus.1 i 5
PRVT-LMGR-MIB::prvtLmgrLsrEntityRowStatus.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 prvtLmgrLsrEntityLsrId.1 u
16882488
PRVT-LMGR-MIB::prvtLmgrLsrEntityLsrId.1 = Gauge32: 16882488 snmpset -t 10 L n -v2c -c user-v2c 10.3.155.56
prvtLmgrLsrEntityTranAddr.1 x 01019B38
PRVT-LMGR-MIB::prvtLmgrLsrEntityTranAddr.1 = Hex-STRING: 01 01 9B 38
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtLmgrLsrEntityRowStatus.1 i 1
PRVT-LMGR-MIB::prvtLmgrLsrEntityRowStatus.1 = INTEGER: active(1)
27. Configure LDP distribuition policy with ingress OSPF and egress IP address 1.1.155.56:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtMplsRouteProtocolRowStatus.ingress.ospf i 4 PRVT-MPLS-IFMIB::prvtMplsRouteProtocolRowStatus.ingress.ospf = INTEGER:
createAndGo(4)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtMplsRouteAddressRowStatus.egress.1.1.155.56.32 i 4
Page 79
PRVT-MPLS-IF-MIB::prvtMplsRouteAddressRowStatus.egress.'...8 ' =
INTEGER: createAndGo(4)
30. Configure RSVP LSP 20 with ingress IP address 1.1.155.56 and egress IP address 1.1.155.51:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelRowStatus.1.20.1 i 5
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.20.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelIngressLSRId.1.20.1 x 01019b38
PRVT-MPLS-TE-MIB::mplsManTunnelIngressLSRId.1.20.1 = STRING: 1.1.155.56
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelEgressLSRId.1.20.1 x 01019b33
PRVT-MPLS-TE-MIB::mplsManTunnelEgressLSRId.1.20.1 = STRING: 1.1.155.51
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 mplsManTunnelName.1.20.1 s
lsp20
PRVT-MPLS-TE-MIB::mplsManTunnelName.1.20.1 = STRING: "lsp20"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelAdminStatus.1.20.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelAdminStatus.1.20.1 = INTEGER: up(1) snmpset
-t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelRowStatus.1.20.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.20.1 = INTEGER: active(1)
Page 80
34. Configure SDP (SDP uses the configured LSP 20) for VPWS 10:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpRowStatus.10.1 i 5
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpFarEndIpAddress.10.1
a 1.1.155.51
PRVT-SERV-MIB::sdpFarEndIpAddress.10.1 = IpAddress: 1.1.155.51
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpAdminStatus.10.1 i 1
PRVT-SERV-MIB::sdpAdminStatus.10.1 = INTEGER: up(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
sdpTransportTunnelName.10.1 s lsp20
PRVT-SERV-MIB::sdpTransportTunnelName.10.1 = STRING: "lsp20"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpVCType.10.1 i 5
PRVT-SERV-MIB::sdpVCType.10.1 = INTEGER: ethernet(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpType.10.1 i 3
PRVT-SERV-MIB::sdpType.10.1 = INTEGER: mesh(3)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpMtu.10.1 i 9190
PRVT-SERV-MIB::sdpMtu.10.1 = INTEGER: 9190
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpRowStatus.10.1 i 1
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: active(1)
Page 81
Appendix B: Specifications
Physical Specifications
Width
440 mm (18)
Height
66.7 mm (1.5RU)
Depth
253 mm (10)
Power Source
AC Power Source
DC Power Source
Voltage/Current
100-240 VAC, 2A
Frequency
50-60Hz
150 W
Weight
Voltage
130 W
Weight
NOTE
Two PSUs are required for operation above 45C (normal ambient temperature). A
single PSU is used for normal operation temperatures.
Operating Conditions
Operating temperature
Environment
Relative Humidity
5% to 90% non-condensing
Operating Altitude
Storage Temperature
Storage Humidity
Storage Altitude
Page 1
Meaning
AAA
ACG
ACL
Access List
AIS
AMI
ARP
AS
Autonomous System
ASIC
ATM
BES
BFD
BID
Bridge ID
BiST
BPDU
CCM
CCS
CES
CFM
CIC
CIR
CIST
CLE
CLI
CO
Central Office
CoLo
Co-Location
CPE
CPU
CRC
CSS
CST
C-VLAN
Customer VLAN
DAI
Page 1
Appendix C: Acronyms Glossary (Rev 01)
Term
Meaning
DHCP
DLC
Data-Link Control
DNS
DoS
Denial of Service
DoSAP
DRR
DSCP
DSx
DSA
DSS
DST
DTE
EAP
EAPOL
ECN
EFM-OAM
EPS
ES
Error Seconds
ESF
EVC
FC
Forwarding Class
FDB
FEC
FIB
FRR
Fast Re-Route
FS
File System
H-VPLS
Hierarchical VPLS
IETF
IGMP
IP
Internet Protocol
ISAP
IST
ITU-T
IWF
InterWorking Function
LACP
LAG
LAN
Page 2
Appendix C: Acronyms Glossary (Rev 01)
Term
Meaning
LBM
Loopback Message
LBR
Loopback Reply
LCK
LCV
LDP
LER
LES
LIU
LLDP
LMM
LOPS
LSL
LSP
LSR
LTM
LTR
MA
Maintenance Association
MAID
MAC
MCID
MBB
Make-Before-Break
MEP
MEPID
MIB
MIP
MOTD
MPLS
MSTI
MSTP
MTU
MVR
NAS
NMS
NTP
OAM
OAMPDU
OSPF
Page 3
Appendix C: Acronyms Glossary (Rev 01)
Term
Meaning
PCV
PDU
PE
Provider Edge
PHP
PING
PIR
PLR
POP
Point of Presence
PSN
PVID
PVST
PW
Pseudo Wire
PWE
QoS
Quality of Service
RADIUS
R-APS
RED
RFC
RIP
RMON
Remote Monitoring
RSTP
RSVP
RTP
RTR
SA
Service Agreement
SAA
SAP
SCP
SDP
SES
SF
Super Frame
SFD
SFP
SLA
SLO
SNMP
SSH
Secure Shell
Page 4
Appendix C: Acronyms Glossary (Rev 01)
Term
Meaning
SST Bridge
STP
SW
Software
TACACS+
TC
Topology Change
TCA
TCN
TC Notification
TCP
TDM
TFTP
TIME
TLS
TLV
TTL
Time-to Live
ToS
Type of Service
UAS
Unavailable Seconds
UDP
USM
VACM
VCCV
VID
VLAN Identifier
VLAN
Virtual LAN
VPLS
VPT
VPWS
VRED
VRRP
VTY
WAN
WRR
Page 5
Appendix C: Acronyms Glossary (Rev 01)