Scribd
Upload
204 views383 pages

Iscom2828f Configuration Guide Rel - 01 PDF

Uploaded by

Trương Thị Lan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
204 views383 pages

Iscom2828f Configuration Guide Rel - 01 PDF

Uploaded by

Trương Thị Lan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 383

www.raisecom.

com

ISCOM2828F (D)
Configuration Guide
(Rel_01)
Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any
assistance, please contact our local office or company headquarters.
Website: http://www.raisecom.com
Tel: 8610-82883305
Fax: 8610-82883056
Email: [email protected]
Address: Building 2, No. 28, Shangdi 6th Street, Haidian District, Beijing, P.R.China
Postal code: 100085

-----------------------------------------------------------------------------------------------------------------------------------------

Notice
Copyright © 2013
Raisecom
All rights reserved.
No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom
Technology Co., Ltd.

is the trademark of Raisecom Technology Co., Ltd.


All other trademarks and trade names mentioned in this document are the property of their respective holders.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Raisecom
ISCOM2828F (D) Configuration Guide Preface

Preface

Objectives
This guide describes features supported by the ISCOM2828F, and related configurations,
including basic principles and configuration procedures of Ethernet, route, reliability, OAM,
security, and QoS, and related configuration examples. The appendix lists terms, acronyms,
and abbreviations involved in this guide.
By reading this guide, you can master principles and configurations of the ISCOM2828F, and
how to network with the ISCOM2828F.

Versions
The following table lists the product versions related to this document.

Product name Hardware version Software version


ISCOM2828F D ROS_4.14

Conventions
Symbol conventions
The symbols that may be found in this document are defined as follows.

Symbol Description
Indicates a hazard with a medium or low level of risk which, if
not avoided, could result in minor or moderate injury.

Indicates a potentially hazardous situation that, if not avoided,


could cause equipment damage, data loss, and performance
degradation, or unexpected results.
Provides additional information to emphasize or supplement
important points of the main text.

Raisecom Technology Co., Ltd. i


Raisecom
ISCOM2828F (D) Configuration Guide Preface

Symbol Description
Indicates a tip that may help you solve a problem or save time.

General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Arial Paragraphs in Warning, Caution, Notes, and Tip are in Arial.
Boldface Names of files, directories, folders, and users are in boldface.
For example, log in as user root.
Italic Book titles are in italics.
Lucida Console Terminal display is in Lucida Console.

Command conventions
Convention Description

Boldface The keywords of a command line are in boldface.


Italic Command arguments are in italics.
[] Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... } Alternative items are grouped in braces and separated by
vertical bars. Only one is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] * Optional alternative items are grouped in square brackets and
separated by vertical bars. A minimum of none or a maximum
of all can be selected.

Change history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.

Raisecom Technology Co., Ltd. ii


Raisecom
ISCOM2828F (D) Configuration Guide Preface

Issue 01 (2013-08-02)
Initial commercial release

Raisecom Technology Co., Ltd. iii


Raisecom
ISCOM2828F (D) Configuration Guide Contents

Contents

1 Basic configurations ..................................................................................................................... 1


1.1 Accessing device .............................................................................................................................................. 1
1.1.1 Introduction ............................................................................................................................................. 1
1.1.2 Accessing through Console interface ...................................................................................................... 2
1.1.3 Accessing through Telnet ........................................................................................................................ 3
1.1.4 Accessing through SSHv2 ....................................................................................................................... 4
1.1.5 Checking configurations ......................................................................................................................... 6
1.2 CLI ................................................................................................................................................................... 6
1.2.1 Introduction ............................................................................................................................................. 6
1.2.2 Command line level ................................................................................................................................ 7
1.2.3 Command line mode ............................................................................................................................... 7
1.2.4 Command line shortcuts .......................................................................................................................... 9
1.2.5 Command line help message ................................................................................................................. 10
1.2.6 CLI message.......................................................................................................................................... 12
1.2.7 Command line history message ............................................................................................................ 13
1.2.8 Restoring default value of command line ............................................................................................. 14
1.3 Managing users .............................................................................................................................................. 15
1.3.1 Checking configurations ....................................................................................................................... 15
1.4 Managing files ................................................................................................................................................ 16
1.4.1 Managing BootROM files ..................................................................................................................... 16
1.4.2 Managing system files .......................................................................................................................... 17
1.4.3 Managing configuration files ................................................................................................................ 18
1.4.4 Checking configurations ....................................................................................................................... 19
1.5 Configuring clock management ..................................................................................................................... 19
1.5.1 Configuring time and time zone ............................................................................................................ 19
1.5.2 Configuring DST .................................................................................................................................. 20
1.5.3 Configuring NTP .................................................................................................................................. 20
1.5.4 Configuring SNTP ................................................................................................................................ 22
1.5.5 Checking configurations ....................................................................................................................... 22
1.6 Configuring interface management ................................................................................................................ 23
1.6.1 Default configurations of interfaces ...................................................................................................... 23
1.6.2 Configuring basic attributes for interfaces ............................................................................................ 23

Raisecom Technology Co., Ltd. iv


Raisecom
ISCOM2828F (D) Configuration Guide Contents

1.6.3 Configuring flow control on interfaces ................................................................................................. 24


1.6.4 Configuring Combo interface ............................................................................................................... 24
1.6.5 Configuring interface detection mode ................................................................................................... 25
1.6.6 Configuring interface statistics ............................................................................................................. 25
1.6.7 Enabling/Disabling interfaces ............................................................................................................... 26
1.6.8 Checking configurations ....................................................................................................................... 26
1.7 Configuring basic information ....................................................................................................................... 26
1.8 Task scheduling .............................................................................................................................................. 28
1.9 Watchdog ........................................................................................................................................................ 28
1.10 Loading and upgrading................................................................................................................................. 29
1.10.1 Introduction ......................................................................................................................................... 29
1.10.2 Configuring TFTP auto-upload mode ................................................................................................. 29
1.10.3 Upgrading system software by BootROM .......................................................................................... 30
1.10.4 Upgrading system software by CLI .................................................................................................... 31
1.10.5 Checking configurations ..................................................................................................................... 32
1.10.6 Exampe for configuring TFTP auto-loading ....................................................................................... 32

2 Ethernet ......................................................................................................................................... 35
2.1 MAC address table ......................................................................................................................................... 35
2.1.1 Introduction ........................................................................................................................................... 35
2.1.2 Preparing for configurations ................................................................................................................. 37
2.1.3 Default configurations of MAC address table ....................................................................................... 37
2.1.4 Configuring static MAC address ........................................................................................................... 37
2.1.5 Configuring multicast filtering mode for MAC address table ............................................................... 38
2.1.6 Configuring MAC address learning ...................................................................................................... 38
2.1.7 Configuring MAC address limit............................................................................................................ 38
2.1.8 Configuring aging time of MAC addresses ........................................................................................... 39
2.1.9 Checking configurations ....................................................................................................................... 39
2.1.10 Maintenance ........................................................................................................................................ 39
2.1.11 Example for configuring MAC address table ...................................................................................... 40
2.2 VLAN ............................................................................................................................................................. 41
2.2.1 Introduction ........................................................................................................................................... 41
2.2.2 Preparing for configurations ................................................................................................................. 43
2.2.3 Default configurations of VLAN .......................................................................................................... 43
2.2.4 Configuring VLAN attributes ............................................................................................................... 44
2.2.5 Configuring interface mode .................................................................................................................. 44
2.2.6 Configuring VLAN on Access interface ............................................................................................... 45
2.2.7 Configuring VLAN on Trunk interface ................................................................................................. 45
2.2.8 Checking configurations ....................................................................................................................... 46
2.3 QinQ ............................................................................................................................................................... 47
2.3.1 Introduction ........................................................................................................................................... 47
2.3.2 Preparing for configurations ................................................................................................................. 48

Raisecom Technology Co., Ltd. v


Raisecom
ISCOM2828F (D) Configuration Guide Contents

2.3.3 Default configurations of QinQ ............................................................................................................ 48


2.3.4 Configuring basic QinQ ........................................................................................................................ 48
2.3.5 Configuring selective QinQ .................................................................................................................. 48
2.3.6 Configuring egress interface toTrunk mode .......................................................................................... 49
2.3.7 Checking configurations ....................................................................................................................... 49
2.3.8 Maintenance .......................................................................................................................................... 49
2.3.9 Example for configuring basic QinQ .................................................................................................... 50
2.3.10 Example for configuring selective QinQ ............................................................................................ 52
2.4 VLAN mapping .............................................................................................................................................. 55
2.4.1 Introduction ........................................................................................................................................... 55
2.4.2 Preparing for configurations ................................................................................................................. 56
2.4.3 Configuring 1:1 VLAN mapping .......................................................................................................... 56
2.4.4 Configuring N:1 VLAN mapping ......................................................................................................... 56
2.4.5 Checking configurations ....................................................................................................................... 57
2.4.6 Example for configuring VLAN mapping ............................................................................................ 57
2.5 Interface protection ........................................................................................................................................ 59
2.5.1 Introduction ........................................................................................................................................... 59
2.5.2 Preparing for configurations ................................................................................................................. 60
2.5.3 Default configurations of interface protection ...................................................................................... 60
2.5.4 Configuring interface protection ........................................................................................................... 60
2.5.5 Checking configurations ....................................................................................................................... 60
2.5.6 Example for configuring interface protection ....................................................................................... 61
2.6 Port mirroring ................................................................................................................................................. 64
2.6.1 Introduction ........................................................................................................................................... 64
2.6.2 Preparing for configurations ................................................................................................................. 64
2.6.3 Default configurations of port mirroring ............................................................................................... 65
2.6.4 Configuring port mirroring on local port .............................................................................................. 65
2.6.5 Checking configurations ....................................................................................................................... 66
2.6.6 Example for configuring port mirroring ................................................................................................ 66
2.7 Layer 2 protocol transparent transmission ..................................................................................................... 67
2.7.1 Introduction ........................................................................................................................................... 67
2.7.2 Preparing for configurations ................................................................................................................. 68
2.7.3 Default configurations of Layer 2 protocol transparent transmission ................................................... 68
2.7.4 Configuring transparent transmission parameters ................................................................................. 68
2.7.5 Checking configurations ....................................................................................................................... 69
2.7.6 Maintenance .......................................................................................................................................... 69
2.7.7 Example for configuring Layer 2 protocol transparent transmission .................................................... 69

3 IP services ..................................................................................................................................... 73
3.1 ARP ................................................................................................................................................................ 73
3.1.1 Introduction ........................................................................................................................................... 73
3.1.2 Preparing for configurations ................................................................................................................. 74

Raisecom Technology Co., Ltd. vi


Raisecom
ISCOM2828F (D) Configuration Guide Contents

3.1.3 Default configurations of ARP .............................................................................................................. 74


3.1.4 Configuring static ARP entries .............................................................................................................. 74
3.1.5 Configuring aging time of dynamic ARP entries .................................................................................. 75
3.1.6 Configuring dynamic ARP entry learning mode ................................................................................... 75
3.1.7 Checking configurations ....................................................................................................................... 75
3.1.8 Maintenance .......................................................................................................................................... 75
3.1.9 Example for configuring ARP ............................................................................................................... 76
3.2 Layer 3 interface ............................................................................................................................................ 77
3.2.1 Introduction ........................................................................................................................................... 77
3.2.2 Preparing for configurations ................................................................................................................. 77
3.2.3 Configuring Layer 3 interface ............................................................................................................... 77
3.2.4 Checking configurations ....................................................................................................................... 78
3.2.5 Example for configuring Layer 3 interface to interconnect with host ................................................... 78
3.3 Default gateway ............................................................................................................................................. 80
3.3.1 Introduction ........................................................................................................................................... 80
3.3.2 Preparing for configurations ................................................................................................................. 80
3.3.3 Configuring default gateway ................................................................................................................. 80
3.3.4 Configuring static route ........................................................................................................................ 80
3.3.5 Checking configurations ....................................................................................................................... 81
3.4 DHCP Client .................................................................................................................................................. 81
3.4.1 Introduction ........................................................................................................................................... 81
3.4.2 Preparing for configurations ................................................................................................................. 84
3.4.3 Default configurations of DHCP Client ................................................................................................ 84
3.4.4 Applying IP address through DHCP ..................................................................................................... 84
3.4.5 (Optional) configuring DHCP Client .................................................................................................... 85
3.4.6 (Optional) renewing or releasing IP address ......................................................................................... 85
3.4.7 Checking configurations ....................................................................................................................... 86
3.4.8 Example for configuring DHCP Client ................................................................................................. 86
3.5 DHCP Relay ................................................................................................................................................... 87
3.5.1 Introduction ........................................................................................................................................... 87
3.5.2 Preparing for configurations ................................................................................................................. 88
3.5.3 Default configurations of DHCP Relay................................................................................................. 88
3.5.4 Configuring global DHCP Relay .......................................................................................................... 88
3.5.5 Configuring interface DHCP Relay ...................................................................................................... 88
3.5.6 Configuring destination IP address for forwarding packets .................................................................. 89
3.5.7 (Optional) configuring DHCP Relay to support Option 82 ................................................................... 89
3.5.8 Checking configurations ....................................................................................................................... 89
3.6 DHCP Snooping ............................................................................................................................................. 90
3.6.1 Introduction ........................................................................................................................................... 90
3.6.2 Preparing for configurations ................................................................................................................. 91
3.6.3 Default configurations of DHCP Snooping ........................................................................................... 91
3.6.4 Configuring DHCP Snooping ............................................................................................................... 91

Raisecom Technology Co., Ltd. vii


Raisecom
ISCOM2828F (D) Configuration Guide Contents

3.6.5 Checking configurations ....................................................................................................................... 92


3.6.6 Example for configuring DHCP Snooping............................................................................................ 92
3.7 DHCP Option ................................................................................................................................................. 94
3.7.1 Introduction ........................................................................................................................................... 94
3.7.2 Preparing for configurations ................................................................................................................. 95
3.7.3 Default configurations of DHCP Option ............................................................................................... 95
3.7.4 Configuring DHCP Option field ........................................................................................................... 96
3.7.5 Checking configurations ....................................................................................................................... 96

4 QoS ................................................................................................................................................. 97
4.1 Introduction .................................................................................................................................................... 97
4.1.1 Service model........................................................................................................................................ 97
4.1.2 Priority trust .......................................................................................................................................... 98
4.1.3 Traffic classification .............................................................................................................................. 99
4.1.4 Traffic policy ....................................................................................................................................... 100
4.1.5 Priority mapping ................................................................................................................................. 101
4.1.6 Congestion management ..................................................................................................................... 102
4.1.7 Rate limiting based on interface and VLAN ....................................................................................... 103
4.2 Configuring basic QoS ................................................................................................................................. 103
4.2.1 Preparing for configurations ............................................................................................................... 103
4.2.2 Default configurations of basic QoS ................................................................................................... 103
4.2.3 Enabling global QoS ........................................................................................................................... 104
4.2.4 Checking configurations ..................................................................................................................... 104
4.3 Configuring traffic classification and traffic policy ..................................................................................... 104
4.3.1 Preparing for configurations ............................................................................................................... 104
4.3.2 Default configurations of traffic classification and traffic policy ....................................................... 104
4.3.3 Creating traffic classification .............................................................................................................. 105
4.3.4 Configuring traffic classification rules ................................................................................................ 105
4.3.5 Creating token bucket and rate limiting rules ..................................................................................... 106
4.3.6 Creating traffic policy ......................................................................................................................... 106
4.3.7 Defining traffic policy mapping .......................................................................................................... 106
4.3.8 Defining traffic policy operations ....................................................................................................... 107
4.3.9 Applying traffic policy to interfaces .................................................................................................... 108
4.3.10 Checking configurations ................................................................................................................... 108
4.3.11 Maintenance ...................................................................................................................................... 109
4.4 Configuring priority mapping ...................................................................................................................... 109
4.4.1 Preparing for configurations ............................................................................................................... 109
4.4.2 Default configurations of basic QoS ................................................................................................... 109
4.4.3 Configuring interface-trusted priority type ......................................................................................... 110
4.4.4 Configuring CoS to local priority ....................................................................................................... 110
4.4.5 Configuring mapping from DSCP to local priority ............................................................................. 111
4.4.6 Configuring mapping from local priority to DSCP ............................................................................. 111

Raisecom Technology Co., Ltd. viii


Raisecom
ISCOM2828F (D) Configuration Guide Contents

4.4.7 Configuring all-traffic modification on interface ................................................................................ 111


4.4.8 Configuring specific-traffic modification ........................................................................................... 111
4.4.9 Configuring CoS copying ................................................................................................................... 112
4.4.10 Checking configurations ................................................................................................................... 112
4.5 Configuring congestion management ........................................................................................................... 113
4.5.1 Preparing for configurations ............................................................................................................... 113
4.5.2 Default configurations of congestion management ............................................................................. 113
4.5.3 Configuring SP scheduling.................................................................................................................. 113
4.5.4 Configuring WRR or SP+WRR scheduling ........................................................................................ 114
4.5.5 Configuring queue transmission rate .................................................................................................. 114
4.5.6 Checking configurations ..................................................................................................................... 114
4.6 Configuring rate limiting based on interface and VLAN ............................................................................. 115
4.6.1 Preparing for configurations ............................................................................................................... 115
4.6.2 Configuring rate limiting based on interface ....................................................................................... 115
4.6.3 Configuring rate limiting based on VLAN.......................................................................................... 115
4.6.4 Configuring rate limiting based on QinQ ............................................................................................ 115
4.6.5 Checking configurations ..................................................................................................................... 116
4.6.6 Maintenance ........................................................................................................................................ 116
4.7 Configuring examples .................................................................................................................................. 116
4.7.1 Example for configuring congestion management .............................................................................. 116
4.7.2 Example for configuring rate limiting based on interface ................................................................... 118

5 Multicast ..................................................................................................................................... 120


5.1 Overview ...................................................................................................................................................... 120
5.1.2 IGMP Snooping .................................................................................................................................. 122
5.1.3 MVR ................................................................................................................................................... 123
5.1.4 MVR Proxy ......................................................................................................................................... 123
5.1.5 IGMP filtering ..................................................................................................................................... 124
5.2 Configuring IGMP Snooping ....................................................................................................................... 125
5.2.1 Preparing for configurations ............................................................................................................... 125
5.2.2 Default configurations of IGMP Snooping ......................................................................................... 125
5.2.3 Enabling global IGMP Snooping ........................................................................................................ 126
5.2.4 (Optional) enabling IGMP Snooping on VLANs ................................................................................ 126
5.2.5 Configuring multicast router interface ................................................................................................ 126
5.2.6 (Optional) configuring aging time of IGMP Snooping ....................................................................... 127
5.2.7 (Optional) configuring immediate leave ............................................................................................. 127
5.2.8 (Optional) configuring static multicast forwarding table .................................................................... 128
5.2.9 Checking configurations ..................................................................................................................... 128
5.3 Configuring MVR ........................................................................................................................................ 129
5.3.1 Preparing for configurations ............................................................................................................... 129
5.3.2 Default configurations of MVR .......................................................................................................... 129
5.3.3 Configuring MVR basic information .................................................................................................. 129

Raisecom Technology Co., Ltd. ix


Raisecom
ISCOM2828F (D) Configuration Guide Contents

5.3.4 Configuring MVR interface information ............................................................................................ 130


5.3.5 Checking configurations ..................................................................................................................... 131
5.4 Configuring MVR Proxy .............................................................................................................................. 131
5.4.1 Preparing for configurations ............................................................................................................... 131
5.4.2 Default configurations of IGMP Proxy ............................................................................................... 132
5.4.3 Configuring IGMP Proxy .................................................................................................................... 132
5.4.4 Checking configurations ..................................................................................................................... 133
5.5 Configuring IGMP filtering .......................................................................................................................... 133
5.5.1 Preparing for configurations ............................................................................................................... 133
5.5.2 Default configurations of IGMP filtering ............................................................................................ 134
5.5.3 Enabling global IGMP filtering ........................................................................................................... 134
5.5.4 Configuring IGMP filtering rules ........................................................................................................ 134
5.5.5 Applying IGMP filtering rules ............................................................................................................ 135
5.5.6 Configuring maximum number of multicast groups ........................................................................... 135
5.5.7 Checking configurations ..................................................................................................................... 136
5.6 Maintenance ................................................................................................................................................. 136
5.7 Configuration examples ............................................................................................................................... 137
5.7.1 Example for configuring IGMP Snooping .......................................................................................... 137
5.7.2 Example for configuring MVR and MVR Proxy ................................................................................ 138
5.7.3 Example for applying IGMP filtering and maximum multicast group number to interface ................ 141
5.7.4 Example for applying IGMP filtering and maximum multicast group number to VLAN .................. 143

6 Security........................................................................................................................................ 146
6.1 ACL .............................................................................................................................................................. 146
6.1.1 Introduction ......................................................................................................................................... 146
6.1.2 Preparing for configurations ............................................................................................................... 146
6.1.3 Default configurations of ACL............................................................................................................ 147
6.1.4 Configuring IP ACL ............................................................................................................................ 148
6.1.5 Configuring MAC ACL ...................................................................................................................... 148
6.1.6 Configuring MAP ACL ....................................................................................................................... 148
6.1.7 Applying ACL ..................................................................................................................................... 151
6.1.8 Checking configurations ..................................................................................................................... 153
6.1.9 Maintenance ........................................................................................................................................ 153
6.2 Secure MAC address .................................................................................................................................... 153
6.2.1 Introduction ......................................................................................................................................... 153
6.2.2 Preparing for configurations ............................................................................................................... 155
6.2.3 Default configurations of port security MAC ..................................................................................... 155
6.2.4 Configuring basic functions of port security MAC ............................................................................. 155
6.2.5 Configuring static secure MAC address.............................................................................................. 156
6.2.6 Configuring dynamic secure MAC address ........................................................................................ 156
6.2.7 Configuring sticky secure MAC address ............................................................................................ 157
6.2.8 Checking configurations ..................................................................................................................... 158

Raisecom Technology Co., Ltd. x


Raisecom
ISCOM2828F (D) Configuration Guide Contents

6.2.9 Maintenance ........................................................................................................................................ 158


6.2.10 Example for configuring port security MAC .................................................................................... 158
6.3 Dynamic ARP inspection ............................................................................................................................. 160
6.3.1 Introduction ......................................................................................................................................... 160
6.3.2 Preparing for configurations ............................................................................................................... 161
6.3.3 Default configurations of dynamic ARP inspection ............................................................................ 162
6.3.4 Configuring trusted interfaces of dynamic ARP inspection ................................................................ 162
6.3.5 Configuring static binding of dynamic ARP inspection ...................................................................... 162
6.3.6 Configuring dynamic binding of dynamic ARP inspection ................................................................. 163
6.3.7 Configuring protection VLAN of dynamic ARP inspection ............................................................... 163
6.3.8 Configuring rate limiting on ARP packets on interface ...................................................................... 163
6.3.9 Configuring global ARP packet rate limiting auto-recovery time ....................................................... 164
6.3.10 Checking configurations ................................................................................................................... 164
6.3.11 Example for configuring dynamic ARP inspection ........................................................................... 164
6.4 RADIUS ....................................................................................................................................................... 167
6.4.1 Introduction ......................................................................................................................................... 167
6.4.2 Preparing for configurations ............................................................................................................... 167
6.4.3 Default configurations of RADIUS .................................................................................................... 168
6.4.4 Configuring RADIUS authentication .................................................................................................. 168
6.4.5 Configuring RADIUS accounting ....................................................................................................... 169
6.4.6 Checking configurations ..................................................................................................................... 170
6.4.7 Example for configuring RADIUS ..................................................................................................... 170
6.5 TACACS+ .................................................................................................................................................... 171
6.5.1 Introduction ......................................................................................................................................... 171
6.5.2 Preparing for configurations ............................................................................................................... 172
6.5.3 Default configurations of TACACS+ .................................................................................................. 172
6.5.4 Configuring TACACS+ authentication ............................................................................................... 172
6.5.5 Configuring TACACS+ accounting .................................................................................................... 173
6.5.6 Configuring TACACS+ authorization................................................................................................. 173
6.5.7 Checking configurations ..................................................................................................................... 174
6.5.8 Maintenance ........................................................................................................................................ 174
6.5.9 Example for configuring TACACS+ ................................................................................................... 174
6.6 Storm control ................................................................................................................................................ 175
6.6.1 Preparing for configurations ............................................................................................................... 176
6.6.2 Default configurations of storm control .............................................................................................. 176
6.6.3 Configuring storm control ................................................................................................................... 177
6.6.4 Configuring DLF packet forwarding .................................................................................................. 177
6.6.5 Checking configurations ..................................................................................................................... 177
6.6.6 Example for configuring storm control ............................................................................................... 177
6.7 802.1x........................................................................................................................................................... 178
6.7.1 Introduction ......................................................................................................................................... 178
6.7.2 Preparing for configruations ............................................................................................................... 180

Raisecom Technology Co., Ltd. xi


Raisecom
ISCOM2828F (D) Configuration Guide Contents

6.7.3 Default configurations of 802.1x ........................................................................................................ 181


6.7.4 Configuring basic functions of 802.1x ................................................................................................ 181
6.7.5 Configuring 802.1x re-authentication ................................................................................................. 182
6.7.6 Configuring 802.1x timers .................................................................................................................. 182
6.7.7 Checking configurations ..................................................................................................................... 183
6.7.8 Maintenance ........................................................................................................................................ 183
6.7.9 Example for configuring 802.1x ......................................................................................................... 184
6.8 IP Source Guard ........................................................................................................................................... 185
6.8.1 Introduction ......................................................................................................................................... 185
6.8.2 Preparing for configurations ............................................................................................................... 187
6.8.3 Default configurations of IP Source Guard ......................................................................................... 187
6.8.4 Configuring interface trust status of IP Source Guard ........................................................................ 187
6.8.5 Configuring IP Source Guide binding ................................................................................................. 187
6.8.6 Checking configurations ..................................................................................................................... 189
6.8.7 Example for configuring IP Source Guard .......................................................................................... 189
6.9 PPPoE+ ........................................................................................................................................................ 191
6.9.1 Introduction ......................................................................................................................................... 191
6.9.2 Preparing for configurations ............................................................................................................... 192
6.9.3 Default configurations of PPPoE+ ...................................................................................................... 193
6.9.4 Configuring basic functions of PPPoE+.............................................................................................. 193
6.9.5 Configuring PPPoE+ packet information ............................................................................................ 194
6.9.6 Checking configurations ..................................................................................................................... 196
6.9.7 Maintenance ........................................................................................................................................ 196
6.9.8 Example for configuring PPPoE+ ....................................................................................................... 196
6.10 Loopback detection .................................................................................................................................... 198
6.10.1 Introduction ....................................................................................................................................... 198
6.10.2 Preparing for configurations ............................................................................................................. 199
6.10.3 Default configurations of loopback detection ................................................................................... 199
6.10.4 Configuring loopback detection ........................................................................................................ 200
6.10.5 Checking configurations ................................................................................................................... 201
6.10.6 Maintenance ...................................................................................................................................... 201
6.10.7 Example for configuring loopback detection .................................................................................... 201
6.11 Line detection ............................................................................................................................................. 203
6.11.1 Introduction ....................................................................................................................................... 203
6.11.2 Preparing for configurations .............................................................................................................. 203
6.11.3 Configuring line detection ................................................................................................................. 203
6.11.4 Checking configurations ................................................................................................................... 203
6.11.5 Example for configuring line detection ............................................................................................. 204

7 Reliability ................................................................................................................................... 206


7.1 Link aggregation .......................................................................................................................................... 206
7.1.1 Introduction ......................................................................................................................................... 206

Raisecom Technology Co., Ltd. xii


Raisecom
ISCOM2828F (D) Configuration Guide Contents

7.1.2 Preparing for configurations ............................................................................................................... 207


7.1.3 Default configurations of link aggregation ......................................................................................... 207
7.1.4 Configuring manual link aggregation ................................................................................................. 208
7.1.5 Configuring static LACP link aggregation .......................................................................................... 208
7.1.6 Checking configurations ..................................................................................................................... 210
7.1.7 Example for configuring manual link aggregation .............................................................................. 210
7.1.8 Example for configuring static LACP link aggregation ...................................................................... 212
7.2 Interface backup ........................................................................................................................................... 213
7.2.1 Introduction ......................................................................................................................................... 213
7.2.2 Preparing for configurations ............................................................................................................... 215
7.2.3 Default configurations of interface backup ......................................................................................... 216
7.2.4 Configuring basic functions of interface backup ................................................................................ 216
7.2.5 (Optional) configuring FS on interfaces.............................................................................................. 217
7.2.6 Checking configurations ..................................................................................................................... 217
7.2.7 Example for configuring interface backup .......................................................................................... 217
7.3 Failover ........................................................................................................................................................ 219
7.3.1 Introduction ......................................................................................................................................... 219
7.3.2 Preparing for configurations ............................................................................................................... 220
7.3.3 Default configurations of failover ....................................................................................................... 220
7.3.4 Configuring failover ............................................................................................................................ 220
7.3.5 Checking configurations ..................................................................................................................... 221
7.3.6 Example for configuring failover ........................................................................................................ 221
7.4 STP ............................................................................................................................................................... 223
7.4.1 Introduction ......................................................................................................................................... 223
7.4.2 Preparation for configuration .............................................................................................................. 226
7.4.3 Default configurations of STP ............................................................................................................ 226
7.4.4 Enabling STP ...................................................................................................................................... 227
7.4.5 Configuring STP parameters ............................................................................................................... 227
7.4.6 Checking configurations ..................................................................................................................... 228
7.4.7 Example for configuring STP ............................................................................................................. 228
7.5 MSTP ........................................................................................................................................................... 231
7.5.1 Introduction ......................................................................................................................................... 231
7.5.2 Preparation for configuration .............................................................................................................. 234
7.5.3 Default configurations of MSTP ......................................................................................................... 234
7.5.4 Enabling MSTP ................................................................................................................................... 235
7.5.5 Configuring MST domain and its maximum hop count ...................................................................... 235
7.5.6 Configuring root bridge/backup bridge ............................................................................................... 236
7.5.7 Configuring device interface and system priority ............................................................................... 237
7.5.8 Configuring network diameter for switch network ............................................................................. 237
7.5.9 Configuring inner path overhead for interfaces .................................................................................. 238
7.5.10 Configuring external path cost for interface...................................................................................... 238
7.5.11 Configuring maximum transmission rate for interface ...................................................................... 239

Raisecom Technology Co., Ltd. xiii


Raisecom
ISCOM2828F (D) Configuration Guide Contents

7.5.12 Configuring MSTP timer .................................................................................................................. 239


7.5.13 Configuring edge interface ................................................................................................................ 240
7.5.14 Configuring STP/MSTP mode switching.......................................................................................... 240
7.5.15 Configuring link type ........................................................................................................................ 241
7.5.16 Configuring root interface protection................................................................................................ 241
7.5.17 Configuring interface loopguard ....................................................................................................... 242
7.5.18 Executing mcheck operation ............................................................................................................. 242
7.5.19 Checking configurations ................................................................................................................... 243
7.5.20 Maintenance ...................................................................................................................................... 243
7.5.21 Example for configuring MSTP ........................................................................................................ 243
7.6 ERPS ............................................................................................................................................................ 249
7.6.1 Introduction ......................................................................................................................................... 249
7.6.2 Preparing for configurations ............................................................................................................... 249
7.6.3 Default configurations of ERPS .......................................................................................................... 250
7.6.4 Creating ERPS ring ............................................................................................................................. 250
7.6.5 (Optional) creating ERPS sub-ring ..................................................................................................... 252
7.6.6 Configuring ERPS fault detection ....................................................................................................... 254
7.6.7 (Optional) configuring ERPS switching control ................................................................................. 254
7.6.8 Checking configurations ..................................................................................................................... 255
7.6.9 Maintenance ........................................................................................................................................ 255
7.7 RRPS ............................................................................................................................................................ 256
7.7.1 Introduction ......................................................................................................................................... 256
7.7.2 Preparing for configurations ............................................................................................................... 258
7.7.3 Default configurations of RRPS.......................................................................................................... 258
7.7.4 Creating RRPS .................................................................................................................................... 258
7.7.5 Configuring basic functions of RRPS ................................................................................................. 259
7.7.6 Checking configurations ..................................................................................................................... 260
7.7.7 Maintenance ........................................................................................................................................ 260
7.7.8 Example for configuring Ethernet ring ............................................................................................... 261

8 OAM ............................................................................................................................................ 263


8.1 EFM ............................................................................................................................................................. 263
8.1.1 Introduction ......................................................................................................................................... 263
8.1.2 Preparing for configurations ............................................................................................................... 264
8.1.3 Default configurations of EFM ........................................................................................................... 265
8.1.4 Configuring basic functions of EFM ................................................................................................... 265
8.1.5 Configuring active functions of EFM ................................................................................................. 266
8.1.6 Configuring passive functions of EFM ............................................................................................... 267
8.1.7 Checking configurations ..................................................................................................................... 269
8.1.8 Maintenance ........................................................................................................................................ 270
8.1.9 Example for configuring EFM ............................................................................................................ 270
8.2 CFM ............................................................................................................................................................. 271

Raisecom Technology Co., Ltd. xiv


Raisecom
ISCOM2828F (D) Configuration Guide Contents

8.2.1 Introduction ......................................................................................................................................... 272


8.2.2 Preparing for configurations ............................................................................................................... 273
8.2.3 Default configurations of CFM ........................................................................................................... 274
8.2.4 Enabling CFM ..................................................................................................................................... 275
8.2.5 Configuring basic CFM functions ....................................................................................................... 275
8.2.6 Configuring fault detection ................................................................................................................. 276
8.2.7 Configuring fault acknowledgement ................................................................................................... 278
8.2.8 Configuring fault location ................................................................................................................... 279
8.2.9 Checking configurations ..................................................................................................................... 280
8.2.10 Maintenance ...................................................................................................................................... 280
8.2.11 Example for configuring CFM .......................................................................................................... 281
8.3 SLA .............................................................................................................................................................. 284
8.3.1 Introduction ......................................................................................................................................... 284
8.3.2 Preparing for configurations ............................................................................................................... 284
8.3.3 Default configurations of SLA ............................................................................................................ 284
8.3.4 Creating SLA operations ..................................................................................................................... 285
8.3.5 Configuring SLA scheduling .............................................................................................................. 286
8.3.6 Checking configurations ..................................................................................................................... 286
8.3.7 Example for configuring SLA ............................................................................................................. 286

9 System management ................................................................................................................. 289


9.1 SNMP ........................................................................................................................................................... 289
9.1.1 Introduction ......................................................................................................................................... 289
9.1.2 Preparing for configurations ............................................................................................................... 291
9.1.3 Default configurations of SNMP ........................................................................................................ 291
9.1.4 Configuring basic functions of SNMP v1/v2c .................................................................................... 292
9.1.5 Configuring basic functions of SNMP v3 ........................................................................................... 293
9.1.6 Configuring other information of SNMP ............................................................................................ 295
9.1.7 Configuring Trap ................................................................................................................................. 295
9.1.8 Checking configurations ..................................................................................................................... 296
9.1.9 Example for configuring SNMP v1/v2c and Trap ............................................................................... 297
9.1.10 Example for configuring SNMP v3 and Trap .................................................................................... 299
9.2 KeepAlive .................................................................................................................................................... 301
9.2.1 Introduction ......................................................................................................................................... 301
9.2.2 Preparing for configurations ............................................................................................................... 301
9.2.3 Default configurations of KeepAlive .................................................................................................. 302
9.2.4 Configuring KeepAlive ....................................................................................................................... 302
9.2.5 Checking configurations ..................................................................................................................... 302
9.2.6 Example for configuring KeepAlive ................................................................................................... 303
9.3 RMON .......................................................................................................................................................... 304
9.3.1 Introduction ......................................................................................................................................... 304
9.3.2 Preparing for configurations ............................................................................................................... 305

Raisecom Technology Co., Ltd. xv


Raisecom
ISCOM2828F (D) Configuration Guide Contents

9.3.3 Default configurations of RMON ....................................................................................................... 305


9.3.4 Configuring RMON statistics ............................................................................................................. 305
9.3.5 Configuring RMON historical statistics .............................................................................................. 306
9.3.6 Configuring RMON alarm group ........................................................................................................ 306
9.3.7 Configuring RMON event group ........................................................................................................ 307
9.3.8 Checking configurations ..................................................................................................................... 307
9.3.9 Maintenance ........................................................................................................................................ 308
9.3.10 Example for configuring RMON alarm group .................................................................................. 308
9.4 Cluster management ..................................................................................................................................... 309
9.4.1 Introduction ......................................................................................................................................... 309
9.4.2 Preparation for configuration .............................................................................................................. 311
9.4.3 Default configurations of cluster management ................................................................................... 311
9.4.4 (Optional) configuring RNDP ............................................................................................................. 312
9.4.5 Configuring RTDP .............................................................................................................................. 312
9.4.6 Configuring cluster management on command devices ...................................................................... 313
9.4.7 (Optional) configuring auto-activation for candidate devices ............................................................. 315
9.4.8 Checking configurations ..................................................................................................................... 315
9.4.9 Example for providing remote access through cluster management ................................................... 315
9.5 LLDP ............................................................................................................................................................ 318
9.5.1 Introduction ......................................................................................................................................... 318
9.5.2 Preparing for configurations ............................................................................................................... 320
9.5.3 Default configurations of LLDP ......................................................................................................... 320
9.5.4 Enabling global LLDP ........................................................................................................................ 321
9.5.5 Enabling interface LLDP .................................................................................................................... 321
9.5.6 Configuring basic functions of LLDP ................................................................................................. 321
9.5.7 Configuring LLDP alarm .................................................................................................................... 322
9.5.8 Checking configurations ..................................................................................................................... 322
9.5.9 Maintenance ........................................................................................................................................ 323
9.5.10 Example for configuring basic functions of LLDP ........................................................................... 323
9.6 Extended OAM ............................................................................................................................................ 326
9.6.1 Introduction ......................................................................................................................................... 326
9.6.2 Preparation for configuration .............................................................................................................. 327
9.6.3 Default configurations of extended OAM ........................................................................................... 327
9.6.4 Establishing OAM link ....................................................................................................................... 328
9.6.5 Configure extended OAM protocols ................................................................................................... 328
9.6.6 Entering remote configuration mode................................................................................................... 328
9.6.7 (Optional) showing remote extended OAM capacity .......................................................................... 329
9.6.8 Configuring remote host name ............................................................................................................ 329
9.6.9 Configuring MTU for remote device .................................................................................................. 330
9.6.10 Configuring IP address of remote device .......................................................................................... 330
9.6.11 Configuring interface parameters on remote device.......................................................................... 331
9.6.12 Uploading and downloading files on remote device ......................................................................... 333

Raisecom Technology Co., Ltd. xvi


Raisecom
ISCOM2828F (D) Configuration Guide Contents

9.6.13 Configuring remote network management ........................................................................................ 336


9.6.14 Configuring remote VLAN ............................................................................................................... 337
9.6.15 Configuring remote QinQ ................................................................................................................. 338
9.6.16 Managing remote configuration files ................................................................................................ 339
9.6.17 Rebooting remote device .................................................................................................................. 339
9.6.18 Checking configurations ................................................................................................................... 340
9.6.19 Maintenance ...................................................................................................................................... 340
9.6.20 Example for configuring extended OAM to manage the remote device ........................................... 341
9.7 Optical module DDM ................................................................................................................................... 342
9.7.1 Introduction ......................................................................................................................................... 342
9.7.2 Preparing for configurations ............................................................................................................... 343
9.7.3 Default configurations of optical module DDM ................................................................................. 343
9.7.4 Enabling optical module DDM ........................................................................................................... 343
9.7.5 Enabling optical module DDM to send Trap messages ...................................................................... 343
9.7.6 Checking configurations ..................................................................................................................... 344
9.8 System log .................................................................................................................................................... 344
9.8.1 Introduction ......................................................................................................................................... 344
9.8.2 Preparing for configurations ............................................................................................................... 345
9.8.3 Default configurations of system log .................................................................................................. 346
9.8.4 Configuring basic information of system log ...................................................................................... 346
9.8.5 Configuring system log output ............................................................................................................ 346
9.8.6 Checking configurations ..................................................................................................................... 347
9.8.7 Example for outputting system logs to log server ............................................................................... 347
9.9 Power monitoring ......................................................................................................................................... 348
9.9.1 Introduction ......................................................................................................................................... 348
9.9.2 Preparing for configurations ............................................................................................................... 348
9.9.3 Default configurations of power monitoring ....................................................................................... 349
9.9.4 Configuring power monitoring alarm ................................................................................................. 349
9.9.5 Checking configurations ..................................................................................................................... 349
9.10 CPU monitoring ......................................................................................................................................... 349
9.10.1 Introduction ....................................................................................................................................... 349
9.10.2 Preparing for configurations ............................................................................................................. 350
9.10.3 Default configurations of CPU monitoring ....................................................................................... 350
9.10.4 Showing CPU monitoring information ............................................................................................. 350
9.10.5 Configuring CPU monitoring alarm .................................................................................................. 351
9.10.6 Checking configurations ................................................................................................................... 351
9.11 Ping ............................................................................................................................................................ 351
9.12 Traceroute................................................................................................................................................... 352

10 Appendix .................................................................................................................................. 353


10.1 Terms .......................................................................................................................................................... 353
10.2 Abbreviations ............................................................................................................................................. 354

Raisecom Technology Co., Ltd. xvii


Raisecom
ISCOM2828F (D) Configuration Guide Figures

Figures

Figure 1-1 Accessing the ISCOM2828F through PC connected with Console interface ....................................... 2
Figure 1-2 Communication parameters in Hyper Terminal .................................................................................... 3

Figure 1-3 Networking with the ISCOM2828F as Telnet server ............................................................................ 3


Figure 1-4 ISCOM2828F as Telnet client networking ........................................................................................... 4

Figure 1-5 Configuring auto-loading ................................................................................................................... 33

Figure 2-1 MAC application networking ............................................................................................................. 40

Figure 2-2 Dividing VLANs ................................................................................................................................ 42

Figure 2-3 Typical networking with basic QinQ .................................................................................................. 47

Figure 2-4 Basic QinQ networking application .................................................................................................... 50

Figure 2-5 Selective QinQ networking application .............................................................................................. 53

Figure 2-6 Networking with VLAN mapping based on single Tag ...................................................................... 55

Figure 2-7 VLAN mapping application networking ............................................................................................ 58

Figure 2-8 Interface protection application networking ....................................................................................... 61

Figure 2-9 Port mirroring principle ...................................................................................................................... 64

Figure 2-10 Port mirroring application networking ............................................................................................. 66

Figure 2-11 Layer 2 protocol transparent transmission application networking .................................................. 70

Figure 3-1 Configuring ARP networking ............................................................................................................. 76

Figure 3-2 Layer 3 interface configuration networking ....................................................................................... 78

Figure 3-3 DHCP typical application networking ................................................................................................ 82

Figure 3-4 Structure of DHCP packets ................................................................................................................. 82

Figure 3-5 DHCP client networking..................................................................................................................... 84


Figure 3-6 DHCP client networking..................................................................................................................... 86

Figure 3-7 DHCP Relay application networking.................................................................................................. 87

Figure 3-8 DHCP Snooping networking .............................................................................................................. 90

Figure 3-9 DHCP Snooping networking application ............................................................................................ 93

Figure 4-1 Traffic classification ........................................................................................................................... 99

Raisecom Technology Co., Ltd. xviii


Raisecom
ISCOM2828F (D) Configuration Guide Figures

Figure 4-2 Structure of IP packet head ................................................................................................................. 99

Figure 4-3 Structure of IP priority and DSCP priority ......................................................................................... 99


Figure 4-4 Structure of VLAN packet ................................................................................................................ 100

Figure 4-5 Structure of CoS priority packet ....................................................................................................... 100

Figure 4-6 SP scheduling ................................................................................................................................... 102


Figure 4-7 WRR scheduling ............................................................................................................................... 103

Figure 4-8 Queue scheduling networking .......................................................................................................... 117

Figure 4-9 Configuring rate limiting based on interface .................................................................................... 119

Figure 5-1 Mapping relation between IPv4 multicast address and multicast MAC address .............................. 122

Figure 5-2 IGMP Snooping application networking .......................................................................................... 137

Figure 5-3 MVR application networking ........................................................................................................... 139


Figure 5-4 Applying IGMP filtering on the interface ......................................................................................... 142

Figure 5-5 Applying IGMP filtering in the VLAN ............................................................................................. 144

Figure 6-1 Port security MAC networking ......................................................................................................... 159


Figure 6-2 Principle of dynamic ARP inspection ............................................................................................... 161

Figure 6-3 Configuring dynamic ARP inspection .............................................................................................. 165

Figure 6-4 Configuring RADIUS ....................................................................................................................... 170

Figure 6-5 Configuring TACACS+ .................................................................................................................... 175

Figure 6-6 Configuring storm control ................................................................................................................ 178

Figure 6-7 802.1x structure ................................................................................................................................ 179

Figure 6-8 Configuring 802.1x ........................................................................................................................... 184

Figure 6-9 IP Source Guard principle ................................................................................................................ 186

Figure 6-10 Configuring IP Source Guard ......................................................................................................... 190

Figure 6-11 Accessing the network through PPPoE authentication ................................................................... 192

Figure 6-12 Configuring PPPoE+ ...................................................................................................................... 197

Figure 6-13 Loopback detection networking ..................................................................................................... 199

Figure 6-14 Loopback detection application ...................................................................................................... 202

Figure 6-15 Line detection application networking ........................................................................................... 204

Figure 7-1 Configuring manual link aggregation ............................................................................................... 210

Figure 7-2 Configuring static LACP link aggregation ....................................................................................... 212

Figure 7-3 Principles of interface backup .......................................................................................................... 214

Figure 7-4 Application of interface backup in different VLANs ........................................................................ 215

Figure 7-5 Configuring interface backup ........................................................................................................... 218

Raisecom Technology Co., Ltd. xix


Raisecom
ISCOM2828F (D) Configuration Guide Figures

Figure 7-6 Configuring failover ......................................................................................................................... 222

Figure 7-7 Network storm due to loopback ........................................................................................................ 224


Figure 7-8 Loop networking with STP............................................................................................................... 225

Figure 7-9 VLAN packet forward failure due to RSTP ..................................................................................... 226

Figure 7-10 STP application networking............................................................................................................ 228


Figure 7-11 Basic concepts of the MSTI network .............................................................................................. 232

Figure 7-12 MSTI concepts................................................................................................................................ 233

Figure 7-13 Networking of multiple spanning trees instances in MST domain ................................................. 234

Figure 7-14 MSTP application networking ........................................................................................................ 244

Figure 7-15 RRPS in normal status .................................................................................................................... 256

Figure 7-16 RRPS in switching status ................................................................................................................ 257


Figure 7-17 RRPS application networking......................................................................................................... 261

Figure 8-1 OAM classification ........................................................................................................................... 264

Figure 8-2 Configuring EFM ............................................................................................................................. 270


Figure 8-3 Different MD Levels ........................................................................................................................ 272

Figure 8-4 Network Sketch Map of MEP and MIP ............................................................................................ 273

Figure 8-5 CFM application ............................................................................................................................... 281

Figure 8-6 SLA application networking ............................................................................................................. 287

Figure 9-1 Working mechanism of SNMP ......................................................................................................... 290

Figure 9-2 SNMP v3 authentication mechanism ................................................................................................ 294

Figure 9-3 Configuring SNMP v1/v2c and Trap ................................................................................................ 297

Figure 9-4 Configuring SNMP v3 and Trap ....................................................................................................... 299

Figure 9-5 Configuring KeepAlive .................................................................................................................... 303

Figure 9-6 RMON .............................................................................................................................................. 304

Figure 9-7 Configuring RMON alarm group ..................................................................................................... 308

Figure 9-8 Cluster management ......................................................................................................................... 310

Figure 9-9 Providing remote access through cluster management ..................................................................... 316

Figure 9-10 LLDPDU structure ......................................................................................................................... 319

Figure 9-11 Basic TLV structure ........................................................................................................................ 319

Figure 9-12 Configuring basic functions of LLDP ............................................................................................ 323

Figure 9-13 Extended OAM application networking ......................................................................................... 326

Figure 9-14 Configuring extended OAM to manage the remote device ............................................................ 341

Figure 9-15 Outputting system logs to log servers ............................................................................................. 347

Raisecom Technology Co., Ltd. xx


Raisecom
ISCOM2828F (D) Configuration Guide Tables

Tables

Table 1-1 Function keys description for command line message display characteristics ..................................... 13
Table 2-1 Interface mode and packet processing.................................................................................................. 42

Table 3-1 Field definitions of DHCP packets ....................................................................................................... 82


Table 3-2 DHCP options ...................................................................................................................................... 94

Table 4-1 Mapping relationship of local priority, DSCP priority, and CoS priority ........................................... 101

Table 4-2 Mapping between local priority and queue ........................................................................................ 102

Table 4-3 Default CoS to local priority and color mapping relationship ............................................................ 110

Table 4-4 Default DSCP to local priority and color mapping relationship ......................................................... 110

Table 9-1 TLV type ............................................................................................................................................ 319

Table 9-2 Log level ............................................................................................................................................ 345

Raisecom Technology Co., Ltd. xxi


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

1 Basic configurations

This chapter introduces the basic configuration and configuration process about the
ISCOM2828F and provides related configuration examples, including the following sections:
 Accessing device
 CLI
 Managing users
 Managing files
 Configuring clock management
 Configuring interface management
 Configuring basic information
 Task scheduling
 Watchdog
 Loading and upgrading

1.1 Accessing device


1.1.1 Introduction
You can configure and manage the ISCOM2828F by accessing it through the Command-Line
Interface (CLI) or NView NNM system.
The ISCOM2828F supports multiple configuration modes in CLI mode:
 Console mode: it must be used for the first configuration. The ISCOM2828F supports
the Console interface of RJ-45 type.
 Telnet mode: log in through the Console mode, open Telnet service on the Switch,
configure Layer 3 interface IP address, set the user name and password, and then take
remote Telnet configuration.
 SSHv2 mode: before accessing the ISCOM2828F through SSHv2, you need to log in to
the ISCOM2828F and start the SSHv2 service through the Console interface.
To configure the ISCOM2828F in network management mode, you must configure the IP
address of the Layer 3 interface through CLI in advance, and then configure the
ISCOM2828F through NView NNM system.

Raisecom Technology Co., Ltd. 1


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Configuration steps in this guide are available in CLI mode.

1.1.2 Accessing through Console interface


The Console interface is a command interface, which is used to connect the network device
with a PC running terminal emulation programs. You can take this interface to configure and
manage the local device. In this management method, the ISCOM2828F can communicate
directly without a network, so it is called out-of-band management. You can also perform
configuration and management on the ISCOM2828F through the Console interface when the
network runs out of order.
Under the following conditions, you can only log in to the ISCOM2828F and configure it
through the Console interface:
 The ISCOM2828F is powered on to start for the first time.
 You cannot access the ISCOM2828F through Telnet.

When logging in to the ISCOM2828F through the Console interface, use the CBL-
RS232-DB9F/RJ45-2m cable delivered with the ISCOM2828F. If you need to make
the Console serial cable, see ISCOM2828F (D) Hardware Description.
If you want to access the ISCOM2828F through PC via Console interface, connect Console
interface and PC RS-232 serial interface, as shown in Figure 1-1; then run the terminal
emulation program such as Windows XP Hyper Terminal program in PC to configure
communication parameters as shown in Figure 1-2, and then log in to the ISCOM2828F.

Figure 1-1 Accessing the ISCOM2828F through PC connected with Console interface

Raisecom Technology Co., Ltd. 2


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Figure 1-2 Communication parameters in Hyper Terminal

Hyper Terminal is not available on Windows Vista or later Windows Operating


Systems (OSs). For these OSs, download Hyper Terminal package and install it. This
program is free for personal application.

1.1.3 Accessing through Telnet


You can use a PC to log in to the ISCOM2828F remotely through Telnet. You can log in to an
ISCOM2828F through a PC at first, then Telnet other ISCOM2828F devices on the network.
You do not need to connect a PC to each ISCOM2828F.
Telnet service provided by the ISCOM2828F includes:
 Telnet Server: run the Telnet client program on a PC to log in to, configure, and manage
the ISCOM2828F. As shown in Figure 1-3, the ISCOM2828F provides Telnet Server
service at this time.

Figure 1-3 Networking with the ISCOM2828F as Telnet server


Before accessing the ISCOM2828F through Telnet, you need to log in to the ISCOM2828F
through the Console interface and start the Telnet service. Take the following configurations
on the ISCOM2828F that needs to start Telnet service.

Raisecom Technology Co., Ltd. 3


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter Layer 3 interface configuration
ip if-number mode.
3 Raisecom(config-ip)#ip Configure the IP address for the
address ip-address [ ip- ISCOM2828F and bind the IP address
mask ] [ vlan-id ] with the VLAN of specified ID. This
Raisecom(config-ip)#quit VLAN is used to enable the Telnet
service interface.
4 Raisecom(config)#telnet- (Optional) configure the interface in
server accept port-list support of Telnet function.
{ all | port-list }
5 Raisecom(config)#telnet- (Optional) disconnect the specified
server close terminal-telnet Telnet connection.
session-number
6 Raisecom(config)#telnet- (Optional) configure the maximum
server max-session session- number of Telnet sessions supported by
number the ISCOM2828F.

 Telnet Client: connect the ISCOM2828F with a PC through the terminal emulation
program or Telnet client program on the PC, then telnet other ISCOM2828F devices for
configuration and management. As shown in Figure 1-4, Switch A not only acts as Telnet
server but also provides Telnet client service.

Figure 1-4 ISCOM2828F as Telnet client networking


Configure Telnet Client device as below.

Step Command Description


1 Raisecom#telnet ip-address [ port Log in to a device through Telnet.
port-id ]

1.1.4 Accessing through SSHv2


Telnet is lack of security authentication and it transports packet by Transmission Control
Protocol (TCP) which exists with big potential security hazard. Telnet service may cause
hostile attacks, such as Deny of Service (DoS), host IP deceive, and routing deceiving.
The traditional Telnet and File Transfer Protocol (FTP) transmits password and data in
plaintext, which cannot satisfy users' security demands. SSHv2 is a network security protocol,

Raisecom Technology Co., Ltd. 4


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

which can effectively prevent the disclosure of information in remote management through
data encryption, and provides greater security for remote login and other network services in
network environment.
SSHv2 allows data to be exchanged via TCP and it builds up a secure channel over TCP.
Besides, SSHv2 supports other service ports besides standard port 22, thus avoiding illegal
attack from network.
Before accessing the ISCOM2828F via SSHv2, you must log in to the ISCOM2828F through
Console interface and startup SSHv2 service.
Default configurations to access the ISCOM2828F through SSHv2 are as below.

Function Default value


SSHv2 server function status Disable
Local SSHv2 key pair length 512 bits
SSHv2 authentication method password
SSHv2 authentication timeout 600s
Allowable failure times for SSHv2 authentication 20
SSHv2 snooping port number 22
SSHv2 session function status Enable

Configure SSHv2 service for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#gene Generate local SSHv2 key pair and designate its
rate ssh-key length.
[length ]
3 Raisecom(config)#ssh2 (Optional) start the SSHv2 server.
server
Use the no ssh2 server command to shut down the
SSHv2 server.
4 Raisecom(config)#ssh2 (Optional) configure SSHv2 authentication mode.
server authentication
{ password | rsa-
key }
5 Raisecom(config)#ssh2 (Optional) type the public key of clients to the
server authentication ISCOM2828F in rsa-key authentication mode.
public-key
6 Raisecom(config)#ssh2 (Optional) configure SSHv2 authentication
server timeout. Authentication fails and the
authentication- ISCOM2828F is disconnected when the time
timeout period expires.

Raisecom Technology Co., Ltd. 5


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Command Description


7 Raisecom(config)#ssh2 (Optional) configure retry times for SSHv2
server authentication. Authentication fails and the
authentication- ISCOM2828F is disconnected when the times
retries times exceed the threshold.
8 Raisecom(config)#ssh2 (Optional) configure SSHv2 snooping port ID.
server port port-id

When you configure the SSHv2 snooping


port ID, the input parameter cannot take
effect until SSHv2 is restarted.
9 Raisecom(config)#ssh2 (Optional) enable SSHv2 session on the
server session ISCOM2828F.
session-list enable

1.1.5 Checking configurations


Use the following commands to check the configuration results.

No. Command Description


1 Raisecom#show telnet-server Show configurations of the Telnet
server.
2 Raisecom#show ssh2 public-key Show the public key used for SSHv2
[ authentication | rsa ] authentication on the ISCOM2828F
and client.
3 Raisecom#show ssh2 { server | Show SSHv2 server or session
session } information.

1.2 CLI
1.2.1 Introduction
CLI is the path for communication between user and the ISCOM2828F. You can configure,
monitor, and manage the ISCOM2828F by executing related commands.
You can log in to the ISCOM2828F through a PC that runs the terminal emulation program or
the CPE device. You can enter into CLI once the command prompt appears.
The features of CLI:
 Local configuration through the Console interface is available.
 Local or remote configuration through Telnet, Secure Shell v2 (SSHv2) is available.
 Protection for different command levels, users in different levels can only execute
commands in corresponding levels.

Raisecom Technology Co., Ltd. 6


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

 Different command types belong to different command modes. You can only execute a
type of configuration in its related command mode.
 You can operate commands by shortcut keys.
 You can view or execute a historical command by transferring history record. The
ISCOM2828F supports saving the latest 20 historical commands.
 Online help is available by inputting "?" at any time.
 Support smart analysis methods, such as incomplete matching and context association, to
facilitate user input.

1.2.2 Command line level


The ISCOM2828F uses hierarchy protection methods to divide command line into 16 levels
from low to high.
 0–4: refer to the visitor level. Users can execute the ping, clear, and history commands
in this level.
 5–10: refer to the monitor level. Users can execute the show command and so on.
 11–14: refer to the operator level. Users can execute commands for different services like
VLAN, IP, etc.
 15: refer to the administrator level. It is used for system basic operation.

1.2.3 Command line mode


Command line mode is the CLI environment. All system commands are registered in one (or
some) command line mode, the command can only run under the corresponding mode.
Establish a connection with the ISCOM2828F. If the ISCOM2828F is in default configuration,
it will enter user EXEC mode, and the screen will display:

Raisecom>

Input the enable command and correct password, and then enter privileged EXEC mode. The
default password is raisecom.

Raisecom>enable
Password:
Raisecom#

In privileged EXEC mode, input the config terminal command to enter global configuration
mode.

Raisecom#config terminal
Raisecom(config)#

Raisecom Technology Co., Ltd. 7


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

 Command line prompt "Raisecom" is the default host name. You can use the
hostname string command to modify the host name in privileged EXEC mode.
 Some commands can be used both in global configuration mode and other modes,
but the accomplished functions are closely related to command line modes.
 Generally, in a command line mode, you can go back to the previous level
command line mode by using the quit or exit command, but in the privileged
EXEC mode, you need to use the disable command to go back to user EXEC
mode.
 Users can go back to privileged EXEC mode through the end command from any
command line mode except the user EXEC mode or privileged EXEC mode.
The ISCOM2828F supports the following command line modes:

Mode Enter method Description


User EXEC Log in to the ISCOM2828F, Raisecom>
input correct username and
password
Privileged EXEC In user EXEC mode, input the Raisecom#
enable command and correct
password.
Global configuration In privileged EXEC mode, input Raisecom(config)#
the config terminal command.
Physical layer interface In global configuration mode, Raisecom(config-
configuration input the interface port port-id port)#
command.
Layer 3 interface In global configuration mode, Raisecom(config-ip)#
configuration input the interface ip if-number
command.
VLAN configuration In global configuration mode, Raisecom(config-
input the vlan vlan-id command. vlan)#

Traffic classification In global configuration mode, Raisecom(config-


configuration input the class-map class-map- cmap)#
name command.
Traffic policy In global configuration mode, Raisecom(config-
configuration input the policy-map policy- pmap)#
map-name command.
Traffic policy In traffic policy configuration Raisecom(config-
configuration binding mode, input the class-map class- pmap-c)#
with traffic classification map-name command.
Access control list In global configuration mode, Raisecom(config-
configuration input the access-list-map acl- aclmap)#
number { deny | permit }
command.

Raisecom Technology Co., Ltd. 8


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Mode Enter method Description


Service instance In global configuration mode, Raisecom(config-
configuration input the service cisid level level service)#
command.
MST region In global configuration mode, Raisecom(config-
configuration input the spanning-tree region- region)#
Command command.
Profile configuration In global configuration mode, Raisecom(config-
input the igmp filter profile igmp-profile)#
profile-number command.
Cluster configuration In global configuration mode, Raisecom(config-
input the cluster command. cluster)#

1.2.4 Command line shortcuts


The ISCOM2828F supports the following command line shortcuts:

Shortcut Description
Up cursor key (↑) Show previous command if there is any command input
earlier; the display has no change if the current command is
the earliest one in history records.
Down cursor key (↓) Show next command if there is any newer command; the
display has no change if the current command is the newest
one in history records.
Left cursor key (←) Move the cursor one character to left; the display has no
change if the cursor is at the beginning of command.
Right cursor key (→) Move the cursor one character to right; the display has no
change if the cursor is at the end of command.
Backspace Delete the character before the cursor; the display has no
change if the cursor is at the beginning of command.
Tab Click Tab after inputting a complete keyword, cursor will
automatically appear a space to the end; click Tab again, the
system will show the follow-up inputting keywords.
Click Tab after inputting an incomplete keyword, system
automatically executes partial helps:
 System take the complete keyword to replace input if the
matched keyword is the one and only, and leave one word
space between the cursor and end of keyword;
 In case of mismatch or matched keyword is not the one and

only, display prefix at first, then click Tab to check words


circularly, no space from cursor to the end of keyword, click
Space key to input the next word;
 If input incorrect keyword, click Tab will change to the

next line and prompt error, the input keyword will not
change.

Raisecom Technology Co., Ltd. 9


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Shortcut Description
Ctrl+A Move the cursor to the head of line.
Ctrl+C Break off some running operation, such as ping, traceroute
and so on.
Ctrl+D or Delete Delete the cursor location characters
Ctrl+E Move the cursor to the end of line.
Ctrl+K Delete all characters behind the cursor (including cursor
location).
Ctrl+X Delete all characters before the cursor (except cursor
location).
Ctrl+Z Return to privileged EXEC mode from other modes (except
user EXEC mode).
Space or Y When the terminal printing command line information
exceeds the screen, continue to show the information in next
screen.
Enter When the terminal printing command line information
exceeds the screen, continue to show the information in next
line.

1.2.5 Command line help message

Complete help
You can get complete help in the below three conditions:
 You can enter a question mark (?) at the system prompt to display a list of commands
and brief descriptions available for each command mode.

Raisecom>?

The command output is as below.

clear Clear screen


enable Turn on privileged mode command
exit Exit current mode and down to previous mode
help Message about help
history Most recent historical command
language Language of help message
list List command
quit Exit current mode and down to previous mode
terminal Configure terminal
test Test command .

Raisecom Technology Co., Ltd. 10


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

 After you enter a keyword, press Space and enter a question mark (?), all correlated
commands and their brief descriptions are displayed if the question mark (?) matches
another keyword.

Raisecom(config)#ntp ?

The command output is as below.

peer Configure NTP peer


refclock-master Set local clock as reference clock
server Configure NTP server

 After you enter a parameter, press Space and enter a question mark (?), associated
parameters and descriptions of these parameters are displayed if the question mark (?)
matches a parameter.

Raisecom(config)#interface ip ?

The command output is as below.

<0-14> IP interface number

Partial help
You can get partial help in the below three conditions:
 After you enter part of a particular character string and a question mark (?), a list of
commands that begin with a particular character string is displayed.

Raisecom(config)#c?

The command output is as below.

class-map Set class map


clear Clear screen
cluster Cluster configuration mode
cluster-autoactive Cluster autoactive function
console-cli Console CLI
cpu Configure cpu parameters
create Create static VLAN

Raisecom Technology Co., Ltd. 11


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

 After you enter a command, press Space, and enter a particular character string and a
question mark (?), a list of commands that begin with a particular character string is
displayed.

Raisecom(config)#show li?

The command output is as below.

link-admin-status link administrator status


link-state-tracking Link state tracking

 After you enter a partial command name and press Tab, the full form of the keyword is
displayed if there is a unique match command. Otherwise, press Tab continuously to
display different keywords and then you can select the required one.

Error prompt message


The ISCOM2828F prints out the following error prompt according to error type when you
input incorrect commands.

Shortcut Description
% " * " Incomplete command. User inputs incomplete command.
% Invalid input at '^' marked. Keyword marked "^" are invalid or do not exist.
% Ambiguous input at '^' marked, Keyword marked with "^" is not clear.
follow keywords match it.
% Unconfirmed command. The command line input by the user is not
unique.
% Unknown command. The command line input by the user does not
exist.
% You Need higher priority! The user does not have enough right to execute
the command line.

If there is error prompt message mentioned above, please use the command line
help message to solve the problem.

1.2.6 CLI message

Displaying characteristics
CLI provides the following display characteristics:

Raisecom Technology Co., Ltd. 12


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

 The help message and prompt message in CLI are displayed in both Chinese and English
languages.
 Provide pause function when one time display message exceeds one screen, you have the
following options at this time, as shown below.

Table 1-1 Function keys description for command line message display characteristics
Function key Description
Press Space or Y Continue to display next screen message
Press Enter Continue to display next line message
Press any letter key (except Y) Stop the display and command execution

Filtering displayed information


The ISCOM2828F supports a series of commands starting with show, to check device
configuration, operation and diagnostic information. In general, these commands can output
more information, and then user needs to add filter rules to filter out unnecessary information.
The show command of the ISCOM2828F supports three kinds of filter modes:
 | begin string: show all lines starting from the assigned string;
 | exclude string: show all lines mismatch with the assigned string;
 | include string: show all lines only match with the assigned string.

Terminal page-break
Terminal page-break refers to the pause function when displayed message exceeds one screen.
You can use the function keys in Table 1-1 to control message display. If message page-break
is disabled, it will not provide pause function when displayed message exceeds one screen; all
the messages will be displayed circularly at one time.
By default, terminal page-break is enabled.
Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#terminal page- Enable display message page-break
break enable function

1.2.7 Command line history message


Command line interface can save the user historical command automatically; you can use the
up cursor key (↑) or down cursor key (↓) to call the historical command saved by command
line repeatedly at any time.
By default, the system saves the recent 20 historical commands in the cache. You can set the
number of system stored historical command.

Raisecom Technology Co., Ltd. 13


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom>terminal history number (Optional) configure the number of
system stored historical command.
2 Raisecom>terminal time-out (Optional) configure the Console
period terminal timeout period.
3 Raisecom>enable Enter privileged EXEC mode.
4 Raisecom#history Show historical commands input by
the user.
5 Raisecom#show terminal Show terminal configurations by the
user.

1.2.8 Restoring default value of command line


The default value of command line can be restored by no or enable | disable option.
 no option: be provided in front of a command and used to restore the default value,
disable some feature, or delete a configuration. It is used to perform an operation that is
opposite to the command. Therefore, the command with a no option is also called a
reverse command.
 enable | disable option: be provided behind a command or in the middle of a command.
The enable parameter is used to enable some feature or function while the disable
parameter is used to disable some feature or function.
For example:
 In physical layer configuration mode, the description text command is used to modify
descriptions about an interface while the no description command is used to delete
descriptions about the interface and restore to the default values.
 In physical layer interface mode, the shutdown command is used to disable an interface
while the no shutdown command is used to enable an interface.
 In global configuration mode, the shutdown command is used to disable an interface
while the no shutdown command is used to enable an interface.
 In global configuration mode, the terminal page-break enable command is used to
enable page-break while the terminal page-break disable command is used to disable
page-break.

Most configuration commands have default values, which often are restored by no
option.

Raisecom Technology Co., Ltd. 14


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

1.3 Managing users


When you start the ISCOM2828F for the first time, connect the PC through Console interface
to the ISCOM2828F, and then input the initial user name and password in HyperTerminal to
log in and configure the ISCOM2828F.

By default, both the user name and password are raisecom.


If there is not any privilege restriction, any remote user can log in to the ISCOM2828F via
Telnet or access network by building Point to Point Protocol (PPP) connection when other
service interfaces of the ISCOM2828F are configured with IP addresses. This is unsafe to the
ISCOM2828F and network. Creating user for the ISCOM2828F and setting password and
privilege help manage the login users.
Configure login user management for the ISCOM2828F of as below.

Step Command Description


1 Raisecom#user name Create or modify the user name and password.
user-name password
password
2 Raisecom#user name Configure login user privilege. The initial user
user-name privilege privilege is 15, which is the highest privilege.
privilege-level
3 Raisecom#user user- Configure the priority rule for login user to perform
name { allow-exec | the command line.
disallow-exec }
first-keyword Specified allow-exec parameters will allow the user
[ second-keyword ] to perform commands higher than the current
priority.
Specified disallow-exec parameter will allow the
user to perform commands lower than the current
priority only.

1.3.1 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show user [ detail ] Show information about the login
users

Raisecom Technology Co., Ltd. 15


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

1.4 Managing files


1.4.1 Managing BootROM files
The BootROM file is used to boot and install the ISCOM2828F. You can upgrade the
BootROM file through File Transfer Protocol (FTP) FTP or Trivial File Transfer Protocol
(TFTP). By default, the name of the BootROM file is bootrom or bootromfull.
After powering on the ISCOM2828F, run the BootROM files at first, click Space to enter
BootROM menu when the prompt "Press space into Bootrom menu…" appears:
begin...
ram size: 64M DDR testing...done
File System Version:1.0

Init flash ...Done

Bootstrap_3.1.5.ISCOM2828F.1.20111012, Raisecom Compiled Oct 12 2011,


12:46:56
Base Ethernet MAC address: 00:0e:5e:13:d2:66

Press space into Bootstrap menu...


4

In Boot mode, you can do the following operations.

Operation Description
? List all executable operations.
b Quick execution for system bootrom software.
E Format the memory of the ISCOM2828F.
h List all executable operations.
u Download the system startup file through the XMODEM.
N Set Medium Access Control (MAC) address.
R Reboot the ISCOM2828F.
T Download the system startup software through TFTP and replace it.
V Show device BootROM version.

System files are the files needed for system operation (such as, system startup software and
configuration file). These files are usually saved in the memory. The ISCOM2828F manages
them by a file system which facilitates users to manage the memory. The file system supports
creating, deleting, and modifying the file and directory.
Besides, the ISCOM2828F supports a dual system; that is, it can store two versions of system
software in memory. You can shift to the other version when one version cannot work due to
system upgrade failure.

Raisecom Technology Co., Ltd. 16


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Configure system files management for the ISCOM2828F as below.


All the following steps are optional and in no sequence.

Step Command Description


1 Raisecom#download bootstrap { ftp (Optional) download the
ip-address user-name password file- BootROM file through FTP or
name | tftp ip-address file-name } TFTP.
2 Raisecom#download system-boot { ftp (Optional) download the
ip-address user-name password file- system startup file through
name | tftp ip-address file-name } FTP or TFTP.
3 Raisecom#upload system-boot { ftp (Optional) upload the system
[ ip-address user-name password startup file through FTP or
file-name ] | tftp [ ip-address TFTP.
file-name ] }
4 Raisecom#erase [ file-name ] (Optional) delete files saved in
the memory.

1.4.2 Managing system files


Configuration files are loaded after starting the system; different files are used in different
scenarios in order to achieve different service functions. After starting the system, you can
configure the ISCOM2828F and save the configuration files. New configuration will take
effect in next boot.
Configuration file has an affix ".cfg", and these files can be open by text book program in
Windows system. The contents in the following format:
 Saved as Mode+Command format;
 Just reserve the non-defaulted parameters to save space (refer to command reference for
default values of configuration parameters);
 Take the command mode for basic frame to organize commands, put commands of one
mode together to form a section, the sections are separated by "!".
The ISCOM2828F starts initialization by reading configuration files from memory after
powering on. Thus, the configuration in configuration files are called initialization
configuration. If there is no configuration file in memory, the ISCOM2828F takes the default
parameters for initialization.
The configuration that is currently used by the ISCOM2828F is called running configuration.
You can modify the ISCOM2828F current configuration through command line. The current
configuration can be used as initial configuration when next time power on, user must use the
write command to save current configuration into memory and form configuration file.
Configure the configuration files management for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 17


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Command Description


1 Raisecom#download system (Optional) download the system boot
[ master | slave ] { ftp ip- file through FTP or TFTP.
address user-name password file-
name | sftp ip-address user-name
password file-name | tftp ip-
address file-name }
2 Raisecom#erase [ file-name ] (Optional) delete files saved in the
flash.
3 Raisecom#upload system [ master (Optional) upload the system boot file
| slave ] { ftp ip-address user- through FTP or TFTP.
name password file-name | sftp
ip-address user-name password
file-name | tftp ip-address
file-name }

1.4.3 Managing configuration files


Configuration files are loaded after starting the system; different files are used in different
scenarios to achieve different service functions. After starting the system, you can configure
the ISCOM2828F and save the configuration files. New configuration will take effect in next
boot.
Configuration file has an affix ".cfg", and these files can be opened by text program in
Windows system. The contents in the following format:
 Saved as Mode+Command format.
 Just reserve the non-defaulted parameters to save space (refer to command reference for
default values of configuration parameters).
 Take the command mode for basic frame to organize commands, put commands of one
mode together to form a section, the sections are separated by "!".
The ISCOM2828F starts initialization by reading configuration files from memory after being
powered on. Thus, the configuration in configuration files are called initial configuration. If
there is no configuration files in memory, the ISCOM2828F take the default parameters for
initialization.
The configuration that is currently used by the ISCOM2828F is called running configuration.
You can modify the ISCOM2828F current configuration through CLI. The running
configuration can be used as initial configuration when next time power on, you must use
command write to save current configuration into memory and form configuration file.
Configure the configuration files management for the ISCOM2828F as below.

Step Command Description


1 Raisecom#download startup-config (Optional) download the startup
{ ftp [ ip-address user-name configuration file through FTP or
password file-name ] TFTP.
[ reservedevcfg ] | tftp [ ip-
address file-name ]
[ reservedevcfg ] }

Raisecom Technology Co., Ltd. 18


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Command Description


2 Raisecom#erase [ file-name ] (Optional) delete files saved in the
memory.
3 Raisecom#upload startup-config (Optional) upload the startup
{ ftp [ ip-address user-name configuration file through FTP or
password file-name ] | tftp [ ip- TFTP.
address file-name ] }
4 Raisecom#write (Optional) save the running
configuration file into the memory.

1.4.4 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show startup-config Show configuration information loaded
[ file-name ] upon device startup.
2 Raisecom#show running-config Show the running configuration
[ interface port [ port-id ] ] information.

1.5 Configuring clock management


1.5.1 Configuring time and time zone
To ensure the ISCOM2828F to work well with other devices, you must configure system time
and time zone accurately.
The ISCOM2828F supports three types of system time mode, which are time stamp mode,
auxiliary time mode, and default mode from high to low according to timing unit accuracy.
You need to select the most suitable system time mode manually in accordance with actual
application environment.
Default configurations of time and time zone are as below.

Function Default value


System time 2000-01-01 08:00:00.000
System clock mode default
System belonged time zone UTC+8
Time zone offset +08:00
Functional status of Daylight Saving Time Disable

Raisecom Technology Co., Ltd. 19


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Configure time and time zone for the ISCOM2828F as below.

Step Command Description


1 Raisecom#clock set hour minute Configure system time.
second year month day
2 Raisecom#clock timezone { + | - Configure system time zone.
} hour minute timezone-name
3 Raisecom#clock mode { auxiliary Configure system clock mode.
| default | timestamp }

1.5.2 Configuring DST


Daylight Saving Time (DST) is a kind of artificial regulation local time system for saving
energy. At present, there are nearly 110 countries operating DST every summer around the
world, but different countries have different stipulations for DST. Thus, you should consider
the local conditions when configuring DST.
Configure DST for the ISCOM2828F as below.

Step Command Description


1 Raisecom#clock summer-time enable Enable DST.
Use the clock summer-time
disable command to disable this
function.
2 Raisecom#clock summer-time Configure calculation period for
recurring { week | last } { fri | system DST.
mon | sat | sun | thu | tue | wed }
month hour minute { week | last }
{ fri | mon | sat |sun | thu | tue
| wed } month hour minute offset-mm

 When you set system time manually, if the system uses DST, such as DST from 2
a.m. on the second Sunday, April to 2 a.m. on the second Sunday, September
every year, you have to advance the clock one hour faster during this period, set
time offset as 60 minutes and from 2 a.m. to 3 a.m. on the second Sunday, April
each year is an inexistent time. The time setting manually during this period shows
failure.
 The summer time in southern hemisphere is opposite to northern hemisphere,
which is from September to April of next year. If user configures start time later
than ending time, system will suppose it is in the Southern Hemisphere. That is to
say, the summer time is the start time this year to the ending time of next year.

1.5.3 Configuring NTP


Network Time Protocol (NTP) is a time synchronization protocol defined by RFC1305, used
to synchronize time between distributed time servers and clients. NTP transportation is based
on UDP, using port 123.

Raisecom Technology Co., Ltd. 20


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

The purpose of NTP is to synchronize all clocks in a network quickly and then the
ISCOM2828F can provide different application over a unified time. Meanwhile, NTP can
ensure very high accuracy, with accuracy of 10ms around.
The ISCOM2828F in support of NTP cannot only accept synchronization from other clock
source, but also to synchronize other devices as a clock source.
The ISCOM2828F adopts multiple NTP working modes for time synchronization:
 Server/Client mode
In this mode, client sends clock synchronization message to different servers. The server
works in server mode by automation after receiving synchronization message and send
answering message. The client received answering message and perform clock filer and
selection, then synchronize it to privileged server.
In this mode, client can synchronize to server but the server cannot synchronize to client.
 Symmetric peer mode
In this mode, active equity send clock synchronization message to passive equity. The passive
equity works in passive mode by automation after receiving message and send answering
message back. By exchanging messages, the two sides build up symmetric peer mode. The
active and passive equities in this mode can synchronize each other.
The NTP default configuration is as below.

Function Default value


Whether the ISCOM2828F is NTP master clock no
Global NTP server inexistent
Global NTP equity inexistent
Reference clock source 0.0.0.0

Configure NTP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ntp server (Optional) configure NTP server address
ip-address [ version [ v1 | for client device working in server/client
v2 | v3 ] ] mode.
3 Raisecom(config)#ntp peer (Optional) configure NTP equity address
ip-address [ version [ v1 | for the ISCOM2828F working in
v2 | v3 ] ] symmetric peer mode.
4 Raisecom(config)#ntp Configure clock of the ISCOM2828F as
refclock-master [ ip- NTP reference clock source for the
address ] [ stratum ] ISCOM2828F.

Raisecom Technology Co., Ltd. 21


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

If the ISCOM2828F is configured as NTP reference clock source, the NTP server or
NTP equity are not configurable; and vice versa, the ISCOM2828F cannot be
configured as NTP reference clock if the NTP server or equity are configured.

1.5.4 Configuring SNTP


Simple Network Time Protocol (SNTP) is mainly used to synchronize Switch system time
with the SNTP device time on the network. The time synchronized by SNTP protocol is
Greenwich Mean Time (GMT), which can be changed to local time according to system
setting of time zone.
The SNTP default configuration is as below.

Function Default value


SNTP server address inexistent

Configure SNTP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)# (Optional) configure the IP address of the SNTP server
sntp server ip- which works in server/client mode.
address

After being configured with SNTP server address, the ISCOM2828F will try to get
clock information from SNTP server every 3s, and the maximum timeout for clock
information is 10s.

1.5.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show clock Show the ISCOM2828F system time, time
[ summer-time-recurring ] zone and DST configuration.
2 Raisecom#show sntp Show SNTP configurations.
3 Raisecom#show ntp status Show NTP configurations.
4 Raisecom#show ntp Show NTP connection information.
associations

Raisecom Technology Co., Ltd. 22


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

1.6 Configuring interface management


1.6.1 Default configurations of interfaces
Default configurations of physical layer interface are as below.

Function Default value


Maximum forwarding frame length of interface 9712 Bytes
Duplex mode of interface Auto-negotiation
Interface rate Auto-negotiation
Interface flow control status Disable
Optical/Electrical mode of the Combo interface Automatical
Flow control of the Combo interface Disable
Time interval of interface dynamic statistics 2s
Interface status Enable

1.6.2 Configuring basic attributes for interfaces


The interconnected devices cannot communicate normally if their interface attributes, such as
Maximum Transmission Unit (MTU), duplex mode, and rate, are inconsistent. You have to
adjust the interface attribute to make the devices at both ends match each other.
Configure the basic attributes for interface of the ISCOM2828F.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)# Configure the MTU of all interfaces, that is, the
system mtu size maximum bytes of the packet allowed to pass through
the interface at one time (without fragment).
When length of the packet exceeds the MTU, the
packet will be discarded automatically.
3 Raisecom(config)# Enter physical layer interface configuration mode.
interface port
port-id
4 Raisecom(config- Configure the duplex mode of the interface.
port)#duplex full
5 Raisecom(config- Configure the rate of the interface.
port)#speed
{ auto | 10 | 100
| 1000 }
The maximum rate of the downlink SFP interface
is 100 Mbit/s.

Raisecom Technology Co., Ltd. 23


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

1.6.3 Configuring flow control on interfaces


IEEE802.3x is flow control of full-duplex Ethernet data layer. Then the client sends request to
the server; the client sends PAUSE frame to server if there is system or network jam, so it
delays data transmission from server to client.
Configure flow control for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- Enable/Disable flow control over
port)#flowcontrol { off | on } 802.3x packet on the interface.

1.6.4 Configuring Combo interface


The ISCOM2828F Combo interface supports both optical and electrical modules, so
transmission media can be optical fiber or cable according to interface media type supported
by the peer device. If both two kinds of transmission media are used for connection, service
transmission can only use one of them at the same time.
The Combo interface has two modes to select transmission media: mandatory and automatic.
If the configuration mode is automatic selection and two kinds of transmission media of
optical fiber and cable connections are normal, the interface will automatically choose one of
them as an effective transmission line as well as automatically select another transmission
medium for service transmission when current transmission medium breaks down.
In auto-selection mode, after the Combo optical interface and Combo electrical interface are
configured respectively, the device automatically use the optical/electrical interface if needed,
without configuring them every time upon use.
Configure the Combo interface for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#media- Configure Combo interface
priority { fiber | copper } optical/electrical priority.
Optical/electrical priority selection
function can select to use optical port
or electrical port in prior when
inserting optical port or electrical port
at the same time.
4 Raisecom(config- Configure Combo interface
port)#description medium-type optical/electrical description
{ fiber | copper } word information.

Raisecom Technology Co., Ltd. 24


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Command Description


5 Raisecom(config-port)#speed Configure Combo interface
medium-type { fiber | copper } optical/electrical transmission rate.
{ auto | 10 | 100 | 1000 } The interface rate also depends on the
specifications of the module being
used.
6 Raisecom(config-port)#duplex Configure Combo interface electrical
medium-type copper { full | duplex mode.
half }
7 Raisecom(config-port)#mdi Configure Combo interface as
medium-type copper { auto | electrical port MDI mode.
normal | across }
8 Raisecom(config- Configure Combo interface
port)#flowcontrol medium-type optical/electrical flow control.
{ fiber | copper } { on | off }

1.6.5 Configuring interface detection mode


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
3 Raisecom(config-port)#sfp Configure SFP interface detection mode.
detect-mode { auto-detect |
force-100base-x | force-
Non-SFP interfaces cannot be configured
1000base-x } with detection mode.

1.6.6 Configuring interface statistics


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#dynamic Configure period for interface dynamic
statistics time period statistics.
By default, it is 2s.
3 Raisecom(config)#clear Clear interface statistics saved on the
interface port port-id ISCOM2828F.
statistics

Raisecom Technology Co., Ltd. 25


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

1.6.7 Enabling/Disabling interfaces


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- Disable the current interface.
port)#shutdown
By default, the interface is enabled.
Use the no shutdown command to enable
the disabled interface.

1.6.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show interface port [ port- Show interface status.
id ]
2 Raisecom#show interface port port-id Show interface statistics.
statistics dynamic [ detail ]
3 Raisecom#show interface port [ port- Show flow control on the
id ] flowcontrol interface.
4 Raisecom#show system mtu Show system MTU.
5 Raisecom#show combo description port Show information about the
[ port-id ] Combo interface.
6 Raisecom#show combo Command port Show configurations of the
[ port-id ] Combo interface.
7 Raisecom#show sfp detect-mode port Show detection mode of the
[ port-id ] SFP interface.

1.7 Configuring basic information


Configure the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 26


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Command Description


1 Raisecom#host (Optional) configure device name.
name name
By default, the device name is Raisecom.
The system supports changing device name to make users
distinguish different devices on the network. Device name
become effective immediately, which can be seen in terminal
prompt.
2 Raisecom#lang (Optional) configure switchover language mode.
uage
{ chinese | By default, the language is English.
english } The system supports displaying help and prompt information
is both English and Chinese.
3 Raisecom#writ Save configurations.
e
Save configuration information to the ISCOM2828F after
configurations, and the new saved configuration information
will cover the original configuration information.
Without being saved, new configuration information will be
lost after rebooting, and the ISCOM2828F will continue
working with the original configuration.

Use the erase file-name command to delete the


configuration file. This operation cannot be restored,
so use this command with care.
4 Raisecom#rebo (Optional) configure reboot options.
ot [ now ]
When the ISCOM2828F is in failure, please reboot it to solve
the problem according to actual condition.

 Rebooting the ISCOM2828F will cause interruption of


services, so use this command with care.
 Save configurations as needed before rebooting the

ISCOM2828F to avoid loss of configurations.


5 Raisecom#eras (Optional) delete files saved in the memory.
e [ file-
name ]

 If the command is executed without the file-name


parameter, all configuration information in the current
configuration file will be cleared by default.
 Clearing system files may cause the ISCOM2828F to

work abnormally, so use this command with care.

Raisecom Technology Co., Ltd. 27


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

1.8 Task scheduling


When you need to use some commands periodically or at a specified time, configure task
scheduling.
The ISCOM2828F supports realizing task scheduling by combining the program list to
command line. You just need to designate the task start time, period and end time in the
program list, and then bind the program list to command line so as to realize the periodic
operation of command line.
Configure task scheduling for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#schedule-list list- Create and configure
number start { date-time month-day-year schedule list.
hour:minute:second [ every { day | week |
period hour:minute:second } ] stop month-
day-year hour:minute:second | up-time
period hour:minute:second [ every period
hour:minute:second ] [ stop period
hour:minute:second ] }
3 Raisecom(config)#command-string schedule- Bind the command line
list list-number which needs periodic
execution and supports
schedule list to the
schedule list.
4 Raisecom#show schedule-list [ list- Show configurations of
number ] the schedule list.

1.9 Watchdog
The interference of outside electromagnetic field will influence the working of single chip
microcomputer, and cause program fleet and dead circulation so that the system cannot work
normally. Considering the real-time monitoring to the running state of single chip
microcomputer, it generates a program specially used to monitor the running status of switch
hardware, which is commonly known as the Watchdog.
The system will reboot automatically when the ISCOM2828F cannot continue to work for
task suspension, dead circulation, or not feeding the dog within a feeding cycle.
The watchdog function configuration can prevent the system program from dead circulation
caused by uncertainty fault so as to improve the stability of system.
Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#watchdog enable Enable watchdog.

Raisecom Technology Co., Ltd. 28


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Command Description


2 Raisecom#show watchdog Show watchdog status.

1.10 Loading and upgrading


1.10.1 Introduction

Loading
Traditionally, configuration files are loaded through the serial port, which takes a long time to
load at a low rate, and is unavailable for remote loading. FTP and TFTP loading modes can
solve those problems and make operations more convenient.
The ISCOM2828F supports TFTP auto-loading mode.
TFTP auto-loading means that users get configuration files from server to the device, and then
configure the device. Auto-loading function allows configuration files to contain related
commands for multiple configurations loading so as to meet file auto-loading requirements in
complex network environment.
The ISCOM2828F provides several methods to confirm configuration file name in TFTP
server, such as inputting manually, obtaining by DHCP Client, and using default configuration
file name. Besides, users can assign certain naming conventions for configuration files. So the
device can confirm the name according to the rules considering its attributions (device type,
MAC address, and software version, and so on).

Upgrading
The ISCOM2828F needs to upgrade if you want to add new features, optimize functions or
solve current software version bugs.
The ISCOM2828F supports the following two upgrade modes:
 Upgrade by BootROM
 Upgrade by command line

1.10.2 Configuring TFTP auto-upload mode


You need to build TFTP environment before configuring TFTP auto-upload method to have
the ISCOM2828F interconnect with TFTP server.

 When you configure auto-loading function, the IP address priority configured by


commands is higher than the one obtained by DHCP Client.
 When you configure auto-loading function, configuration file name obtained from
server in priority turn from higher to lower as file name confirmed by naming
convention > file name configured by command > file name obtained by DHCP
Client.

Raisecom Technology Co., Ltd. 29


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Configure TFTP auto-loading for the ISCOM2828F as below.

No. Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#service Configure the IP address of the TFTP server. By
config tftp-server ip- default, this address is not configured.
address
3 Raisecom(config)#service Set naming convention rule for file name. By
config filename rule default, there is no naming convention, and the
[ rule-number ] system uses default file name as
startup_config.conf.
4 Raisecom(config)#service Specify the name of the configuration file to be
config filename file- uploaded.
name
5 Raisecom(config)#service Configure file version No.
config version { system-
boot | bootstrap |
startup-config } version
6 Raisecom(config)#service Enable local configuration file overwriting.
config overwrite enable
7 Raisecom(config)#service Enable configuration auto-loading.
config
8 Raisecom(config)#service Enable Trap function.
config trap enable

1.10.3 Upgrading system software by BootROM


In the below conditions, user needs to upgrade system software by BootROM:
 The device is started for the first time.
 A system file is damaged.
 The card cannot start up in order.
Before upgrading system software by BootROM, you should build FTP environment, take the
PC as FTP server and the ISCOM2828F as client. Basic requirements are as below.
 Connect the ISCOM2828F with a FTP server through a service interface.
 Configure the FTP server and make sure the server is available.
 Configure the IP address for the FTP server and keep it in the same network segment
with ISCOM2828F IP address.
Steps for upgrading system software by BootROM:

Step Operation
1 Log in device through serial port as administrator and enter Privileged EXEC
mode, reboot the ISCOM2828F by using the reboot command.

Raisecom#reboot
Please input 'yes' to confirm:yes
Rebooting ...

Raisecom Technology Co., Ltd. 30


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Step Operation
2 Click Space key to enter interface of raisecom when the display shows "Press
space into Bootstrap menu...", then input "?" to display command list:

[Raisecom]:?
? - List all available commands
h - List all available commands
V - Show bootstrap version
b - Boot an executable image
E - Format both DOS file systems
T - Download system program
u - XMODEM download system boot image
N - set ethernet address
R - Reboot

The input letters are case sensitive.


3 Input "T" to download system boot file through TFTP. The system displays the
following information.

[Raisecom]:T
dev name:et
unit num:1
file name: system_boot.Z ROS_4.14.1781.ISCOM2828F.167.20120813
local ip: 192.168.1.1 192.168.18.250
server ip: 192.168.1.2 192.168.18.16
user:wrs 1
password:wrs 123456
Loading... Done
Saving file to flash...

Ensure the input file name here is correct, the file name should not be
longer than 80 characters.
4 Input "b" to quick execute bootstrap file. The ISCOM2828F will reboot and load
the downloaded system boot file.

1.10.4 Upgrading system software by CLI


Before upgrading system software by command line, you should build FTP/TFTP
environment, take the PC as FTP/TFTP server and the ISCOM2828F as client. Basic
requirements are as below.
 The ISCOM2828F connects to the TFTP server.
 Configure the FTP/TFTP server. Ensure the server is available.

Raisecom Technology Co., Ltd. 31


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

 Configure IP address for FTP/TFTP server to make sure that ISCOM2828F can access
the server.
Upgrade system software through CLI as below.

No. Command Description


1 Raisecom#download system-boot Download system boot file through
{ ftp [ ip-address user-name FTP/TFTP.
password file-name ] | tftp
[ ip-address file-name] }
2 Raisecom#write Write the configured file into the
memory.
3 Raisecom#reboot [ now ] Reboot the ISCOM2828F, and it will
automatically load the downloaded
system boot file.

1.10.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show service config Show auto-configured loading information.
2 Raisecom#show service config Show naming convention for configuration
filename rule rule-number files.
3 Raisecom#show version Show system version.

1.10.6 Exampe for configuring TFTP auto-loading

Networking requirements
As shown in Figure 1-5, connect the TFTP server with the switch, and configure auto-loading
function on the switch to make the switch automatically load configuration file from TFTP
server. Hereinto, the IP address of the TFTP server is 192.168.1.1, subnet mask is
255.255.255.0, and the naming convention for configuration file name meets the following
conditions:
 Device model is included in configuration file name.
 Complete MAC address is included in configuration file name.
 First 2 digits of software version are included in configuration file name.
 No extension rules are supported.

Raisecom Technology Co., Ltd. 32


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Figure 1-5 Configuring auto-loading

Configuration steps
Step 1 Configure IP address for TFTP server.

Raisecom#config
Raisecom(config)#service config tftp-server 192.168.1.1

Step 2 Configure naming convention rules.

Raisecom(config)#service config filename rule 81650

Step 3 Configure file name.

Raisecom(config)#service config filename ABC

Step 4 Enable local configuration file overwriting.

Raisecom(config)#service config overwrite enable

Step 5 Enable auto-loading configuration.

Raisecom(config)#service config

Checking results
Show auto-loading configuration by using the show service config command.

Raisecom#show service config


Auto upgrade : enable
Config server IP address: 192.168.1.1
Config filename rule: 81650

Raisecom Technology Co., Ltd. 33


Raisecom
ISCOM2828F (D) Configuration Guide 1 Basic configurations

Config file name: ABC


System boot file version: 1107290
Bootstrap flie version : :48:050
Startup-config file version: 0000000
Overwrite local configuration file: enable
Send Completion trap: disable
Current File Type: none
Operation states: done
Result: none

Raisecom Technology Co., Ltd. 34


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2 Ethernet

This chapter describes the configuration and principle of Ethernet features, also provides
some related configuration examples, including the following sections:
 MAC address table
 VLAN
 QinQ
 VLAN mapping
 Interface protection
 Port mirroring
 Layer 2 protocol transparent transmission

2.1 MAC address table


2.1.1 Introduction
The MAC address table records mappings between MAC addresses and interfaces. It is the
basis for an Ethernet device to forward packets. When the Ethernet device forwards packets
on Layer 2, it searches for the forwarding interface according to the MAC address table,
implements fast forwarding of packets, and reduces broadcast traffic.
Item of MAC address table contains the below information:
 Destination MAC address
 Destination MAC address related interface ID
 Interface belonged VLAN ID
 Flag bits
The ISCOM2828F supports showing MAC address information by device, interface, or
VLAN.

MAC address forwarding modes


When forwarding packets, based on the information about MAC addresses, the ISCOM2828F
adopts following modes:

Raisecom Technology Co., Ltd. 35


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

 Unicast: when a MAC address entry, related to the destination MAC address of a packet,
is listed in the MAC address table, the ISCOM2828F will directly forward the packet to
the receiving port through the egress port of the MAC address entry. If the entry is not
listed, the ISCOM2828F broadcasts the packet to other devices.
 Multicast: when the ISCOM2828F receives a packet of which the destination MAC
address is a multicast address, and multicast is enabled, the ISCOM2828F sends the
packet to the specified Report interface. If an entry corresponding to the destination
address of the packet is listed in the MAC address table, the ISCOM2828F transmits the
packet from the egress port of the entry. If the corresponding entry is not listed, the
ISCOM2828F broadcasts the packet to other interfaces except the receiving interface.
 Broadcast: when the ISCOM2828F receives a packet with an all-F destination address,
or its MAC address is not listed in the MAC address table, the ISCOM2828F forwards
the packet to all ports except the port that receives this packet.

Classification of MAC addresses


MAC address table is divided into static address entry and dynamic address entry.
 Static MAC address entry: also called permanent address, added and removed by the
user manually, does not age with time. For a network with small device change, adding
static address entry manually can reduce the network broadcast flow, improve the
security of the interface, and prevent entries from being lost when system reseting,
interface card hot swaping, or interface card reseting.
 Dynamic MAC address entry: the Switch can add dynamic MAC address entry through
MAC address learning mechanism. The address entries age according to the configured
aging time, and will be cleared after the system is reset.
The ISCOM2828F supports 32 K dynamic MAC addresses and 1024 static MAC addresses at
maximum.

Aging time of MAC addresses


There is capacity restriction to the MAC address table of the ISCOM2828F. In order to
maximize the use of address forwarding table resources, the ISCOM2828F uses the aging
mechanism to update MAC address table, i.e.in the meantime of creating a certain dynamic
entry, open the aging timer, if there is no MAC address packet from the entry during the aging
time, the ISCOM2828F will delete the MAC address entry.
The ISCOM2828F supports aging for MAC addresses. The aging time ranges from 10s to
1000000s, and can be 0 which indicates no aging.

The aging mechanism takes effect on dynamic MAC addresses only.

MAC address forwarding policies


The MAC address table has two forwarding policies:
When receiving packets on an interface, the ISCOM2828F searches the MAC address table
for the interface related to the destination MAC address of packets.
 If successful, it forwards packets on the related interface, records the source MAC
address of packets, interface number of ingress packets, and VLAN ID in the MAC

Raisecom Technology Co., Ltd. 36


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

address table. If packets from other interface are sent to the MAC address, the
ISCOM2828F can send them to the related interface.
 If failed, it broadcasts packets to all interfaces except the source interface, and records
the source MAC address in the MAC address table.

MAC address limit


MAC address learning amount limit function is mainly to restrict the number of MAC
addresses, avoid extending the checking time of forwarding address entries caused by too
large MAC address table and degrading the forwarding performance of Ethernet switch, and it
is an effective way to manage MAC address table.
MAC address learning amount limit is mainly used to restrict the size of MAC address table
and improve the rate of forwarding packets.

2.1.2 Preparing for configurations

Scenario
Configure static MAC address table in the following situations:
 Static MAC address can be set for fixed server, special persons (manager, financial staff,
etc.) fixed and important hosts to make sure all data flow forwarding to these MAC
addresses are forwarded from static MAC address related interface in priority.
 For the interface with fixed static MAC address, you can disable MAC address learning
to avoid other hosts visiting LAN data from the interface.
Configure aging time for dynamic MAC address table to avoid saving too many MAC address
entries in MAC address table and running out of MAC address table resources so as to
achieve dynamic MAC address aging function.

Prerequisite
N/A

2.1.3 Default configurations of MAC address table


Default configurations of MAC address table are as below.

Function Default value


MAC address learning function status Enable
MAC address aging time 300s
MAC address limit Unlimited

2.1.4 Configuring static MAC address


Configure static MAC address as below.

Raisecom Technology Co., Ltd. 37


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mac-address- Configure static unicast MAC
table static unicast mac-address addresses.
vlan vlan-id port port-id
Raisecom(config)#mac-address- Configure static multicast MAC
table static multicast mac- addresses.
address vlan vlan-id port-list
port-list

 The MAC address of the source device, multicast MAC address, FFFF.FFFF.FFFF,
and 0000.0000.0000 cannot be configured as static unicast MAC address.
 The maximum number of static unicast MAC addresses supported by the
ISCOM2828F is 1024.

2.1.5 Configuring multicast filtering mode for MAC address table


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mac-address- Configure multicast filtering mode
table multicast filter-mode of MAC address table.
{ filter-all | forward-all |
filter-vlan vlan-list }

2.1.6 Configuring MAC address learning


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mac-address- Enable/Disable MAC address
table learning { enable | learning.
disable } port-list { all |
port-list }

2.1.7 Configuring MAC address limit

Configuring interface-based MAC address limit


Configure the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 38


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface-number configuration mode.
3 Raisecom(config-port)#mac- Configure interface-based MAC
address-table threshold address limit.
threshold-value

2.1.8 Configuring aging time of MAC addresses


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mac-address- Configure the aging time of MAC
table aging-time { 0 | addresses. The aging time ranges from
period } 10s to 1000000s, and can be 0 which
indicates no aging.

2.1.9 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show mac-address-table Show static unicast MAC addresses.
static [ port port-id | vlan vlan-
id ]
2 Raisecom#show mac-address-table Show all Layer 2 multicast
multicast [ vlan vlan-id ] addresses and the current multicast
[ count ] MAC address number.
3 Raisecom#show mac-address-table Show all Layer 2 unicast MAC
l2-address [ count ] [ vlan vlan- addresses and the current unicast
id | port port-id ] MAC address number.
4 Raisecom#show mac-address-table Show dynamic MAC address limit.
threshold [ port-list port-list ]
5 Raisecom#show mac aging-time Show the aging time of dynamic
MAC addresses.

2.1.10 Maintenance
Maintain the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 39


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Command Description

Raisecom(config)#clear mac-address-table { all | Clear MAC address.


dynamic | static } [ vlan vlan-id ]

Raisecom#search mac-address mac-address Search MAC address.

2.1.11 Example for configuring MAC address table

Networking requirements
Configure static unicast MAC address for Port 2 on Switch A, and configure the aging time
for dynamic MAC addresses (it takes effect only after dynamic MAC address learning is
enabled).
As shown in Figure 2-1, configure Switch A as below:
 Create VLAN 10 and activate it.
 Configure a static unicast MAC address 0001.0203.0105 on Port 2 and set its VLAN to
VLAN 10.
 Set the aging time to 500s.

Figure 2-1 MAC application networking

Configuration steps
Step 1 Create VLAN 10 and active it, and add Port 2 into VLAN 10.

Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface port 2

Raisecom Technology Co., Ltd. 40


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Raisecom(config-port)#switchport mode access


Raisecom(config-port)#exit

Step 2 Configure a static unicast MAC address on Port 2, and set its VLAN to VLAN 10.

Raisecom(config)#mac-address-table static unicast 0001.0203.0405 vlan 10


port 2

Step 3 Set the aging time to 500s.

Raisecom(config)#mac-address-table aging-time 500

Checking results
Show MAC address configuration by using the show mac-address-table l2-address port
port-id command.

Raisecom#show mac-address-table l2-address port 2


Aging time: 500 seconds
Mac Address Port Vlan Flags
-------------------------------------------------------
0001.0203.0405 2 10 Static

2.2 VLAN
2.2.1 Introduction

Overview
Virtual Local Area Network (VLAN) is a protocol to solve Ethernet broadcast and security
problems. It is a Layer 2 isolation technique that divides a LAN into different broadcast
domains logically rather than physically, and then the different broadcast domains can work as
virtual groups without any influence from one another. As for the function, VLAN has the
same features as LAN, but members in one VLAN can access one another without restriction
by physical location.

Raisecom Technology Co., Ltd. 41


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Figure 2-2 Dividing VLANs


VLAN technique can divide a physical LAN into different broadcast domains logically. Hosts
without intercommunication requirements can be isolated by VLAN and then, improve
network security, reduce broadcast flow and broadcast storm.
The ISCOM2828F supports interface-based VLAN division.
The ISCOM2828F complies with IEEE 802.1Q standard VLAN and supports 4094
concurrent VLANs.

Interface mode and packet forwarding


The interface modes of the ISCOM2828F include Access mode and Trunk mode. The method
of dealing with packet for the two modes shows as below.

Table 2-1 Interface mode and packet processing


Interface Dealing with ingress packets Dealing with Egress
type packet
Untag packet Tag packet
 VLAN ID = Access VLAN ID,  VLAN ID = Access VLAN
Access Add Access VLAN
Tag for packet. receive the packet ID, remove Tag and transmit
 VLAN ID ≠ Access VLAN ID, the packet.
discard the packet.  The VLAN ID list does not

include the VLAN ID of the


packet, discard the packet.
Add Native VLAN  Receive the packet if the packet  VLAN ID = Native VLAN
Trunk
Tag. VLAN ID is included in the permit ID, permit passing from
passing VLAN ID list. interface, remove Tag and
 Discard the packet if the packet transmit the packet.
VLAN ID is not included in the  VLAN ID ≠ Native VLAN

permit passing VLAN ID list. ID, permit passing from


interface, transmit the packet
with Tag.

Raisecom Technology Co., Ltd. 42


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

 By default, the default VLAN on the ISCOM2828F is VLAN 1.


 By default, the Access VLAN of the Access interface is VLAN 1, and the Native
VLAN of the Trunk interface is VLAN 1.
 By default, VLAN 1 is in the list permitted by all interfaces. Use the switchport
access egress-allowed vlan { { all | vlan-list } [ confirm ] | { add | remove } vlan-
list } command to modify the VLAN list allowed to pass by the Access interface.
Use the switchport trunk allowed vlan { { all | vlan-list } [ confirm ] | { add |
remove } vlan-list } command to modify the VLAN list allowed to pass by the
Trunk interface.

2.2.2 Preparing for configurations

Scenario
Main function of VLAN is to divide logic network segments. There are 2 typical application
modes:
 One kind is in small size LAN, one device is carved up to several VLAN, the hosts that
connect to the device are carved up by VLAN. So hosts in the same VLAN can
communicate, but hosts between different VLAN cannot communicate. For example, the
financial department needs to divide from other departments and they cannot access each
other. Generally, the interface to connect host is in Access mode.
 The other kind is in bigger LAN or enterprise network, multiple devices connected to
multiple hosts and the devices are concatenated, data packet takes VLAN Tag for
forwarding. Identical VLAN interface of multiple devices can communicate, but hosts
between different VLAN cannot communicate. This mode is used in enterprise that has
many employees and needs a large number of hosts, in the same department but different
position, the hosts in one department can access one another, so customer has to divide
VLANs on multiple devices. Layer 3 devices like router is required if users want to
communicate among different VLAN. The concatenated interfaces among devices are set
in Trunk mode.
When configuring IP address for VLAN, you can associate a Layer 3 interface for it. Each
Layer 3 interface is corresponding to one IP address and one VLAN.

Prerequisite
N/A

2.2.3 Default configurations of VLAN


Default configurations of VLAN are as below.

Function Default value


Create VLAN VLAN 1
Active status of static VLAN Active
Interface mode Access
Access VLAN of the Access interface VLAN 1

Raisecom Technology Co., Ltd. 43


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Function Default value


Native VLAN of the Trunk interface VLAN 1
Allowed VLAN in Trunk mode All VLANs
Allowed Untag VLAN in Trunk mode VLAN 1

2.2.4 Configuring VLAN attributes


Configure VLAN attributes as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#create vlan vlan- Create the VLAN.
list { active | suspend } The command can also be used
to create VLAN in batches.
3 Raisecom(config)#vlan vlan-id Enter VLAN configuration
mode.
4 Raisecom(config-vlan)#name vlan-name (Optional) configure VLAN
name.
5 Raisecom(config-vlan)#state { active Configure VLAN in active or
| suspend } suspend status.

 The VLAN created by the vlan vlan-id command is in suspend status. Use the
state active command to activate the VLAN if you want to make it effective in
system.
 VLAN 1 is the default VLAN. All interfaces in Access mode belong to the default
VLAN. VLAN 1 cannot be created and deleted.
 By default, name of the default VLAN (VLAN 1) is Default. Other VLANs are
named by "VLAN + 4-digit VLAN ID". For example, VLAN 10 is named VLAN 0010
by default, and VLAN4094 is named as VLAN 4094 by default.
 All configurations of VLAN are not effective until the VLAN is activated. When the
VLAN is in suspend status, you can configure the VLAN, such as delete/add
interfaces and set VLAN name, etc. The configurations will be saved by the
system. Once the VLAN is activated, the configurations will take effect in the
system.

2.2.5 Configuring interface mode


Configure interface mode as below.

Raisecom Technology Co., Ltd. 44


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#switchport Set the interface to Access or Trunk
mode { access | trunk } mode.

2.2.6 Configuring VLAN on Access interface


Configure VLAN on the Access interface for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#switchport Configure interface in Access mode
mode access and add Access interface into
Raisecom(config-port)#switchport VLAN.
access vlan vlan-id
4 Raisecom(config-port)#switchport (Optional) configure Access
access egress-allowed vlan interface permitted VLAN.
{ { all | vlan-list } [ confirm ]
| { add | remove } vlan-list }

 The interface allows Access VLAN packets to pass regardless of configuration for
VLAN permitted by Access interface. The forwarded packets do not carry VLAN
TAG.
 When setting Access VLAN, the system creates and activates VLAN automatically
if you have not created and activated VLAN in advance.
 If you delete or suspend Access VLAN manually, system will set the interface
Access VLAN as default VLAN by automation.
 If the configured Access VLAN is not default VLAN and there is no default VLAN
in allowed VLAN list of Access interface, the interface does not permit default
VLAN packets to pass.
 Allowed VLAN list of Access interface is only effective to static VLAN, and
ineffective to cluster VLAN, GVRP dynamic VLAN, etc.

2.2.7 Configuring VLAN on Trunk interface


Configure VLAN on Trunk interface for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 45


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step Command Description


2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#switchport Configure interface in Trunk
mode trunk mode.
4 Raisecom(config-port)#switchport Configure interface Native
trunk native vlan vlan-id VLAN.
5 Raisecom(config-port)#switchport (Optional) configure VLANs
trunk allowed vlan { { all | vlan- allowed to pass by the Trunk
list } [ confirm ] | { add | interface.
remove } vlan-list }
6 Raisecom(config-port)#switchport (Optional) configure Untag
trunk untagged vlan { { all | vlan- VLANs allowed to pass by the
list } [ confirm ] | { add | Trunk interface.
remove } vlan-list }

 The interface permits Native VLAN packets passing regardless of configuration on


Trunk interface permitted VLAN list and Untagged VLAN list, the forwarded
packets do not take with VLAN TAG.
 System will create and activate the VLAN if there is no VLAN was created and
activated in advance when setting Native VLAN.
 System set the interface Trunk Native VLAN as default VLAN if user has deleted
or blocked Native VLAN manually.
 Interface permits in and out of Trunk Allowed VLAN packet. If the VLAN is Trunk
Untagged VLAN, the packets remove VLAN TAG at egress interface, otherwise,
do not modify the packets.
 If the configured Native VLAN is not default VLAN, and there is no default VLAN in
Trunk interface permitted VLAN list, the interface will not permit default VLAN
packets to pass.
 When setting Trunk Untagged VLAN list, system automatically adds all Untagged
VLAN into Trunk permitted VLAN.
 Trunk permitted VLAN list and Trunk Untagged VLAN list are only effective to
static VLAN, and ineffective for cluster VLAN, GVRP dynamic VLAN, etc.

2.2.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show vlan [ vlan-list Show VLAN configuration.
| static | dynamic ]
2 Raisecom#show interface port Show interface VLAN configuration.
[ port-id ] switchport

Raisecom Technology Co., Ltd. 46


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.3 QinQ
2.3.1 Introduction
QinQ (also known as Stacked VLAN or Double VLAN) technique is an extension for 802.1Q
defined in IEEE 802.1ad standard.
Basic QinQ is a simple Layer 2 VPN tunnel technique, which encapsulate outer VLAN Tag
for user private network packet at the carrier access end, then the packet takes double VLAN
Tag to transmit through backbone network (public network) of carrier. In public network,
packet just be transmitted in accordance with outer VLAN Tag (namely the public network
VLAN Tag), the user private network VLAN Tag is transmitted as data in packet.
This technique can save public network VLAN ID resource. You can mark out private
network VLAN ID to avoid conflict with public network VLAN ID.

Basic QinQ
Figure 2-3 shows typical networking with basic QinQ, with the ISCOM2828F as the Provider
Edge (PE).

Figure 2-3 Typical networking with basic QinQ


The packet transmitted to the switch from user device, and the VLAN ID of packet tag is 100.
The packet will be printed outer tag with VLAN 200 when passing through PE device user
side interface and then enter PE network.
The VLAN 200 packet is transmitted to PE device on the other end by the carrier, and then the
other Switch will strip the outer tag VLAN 200 and send it to the user device. So the packet
returns to VLAN 100 tag.

Selective QinQ
Selective QinQ is an enhancement of basic QinQ. This technique is realized by combination
of interface and VLAN. Selective QinQ can implement all functions of basic QinQ, and can
even perform different actions on different VLAN Tags received by one interface and add
different outer VLAN IDs for different inner VLAN IDs. By configuring mapping rules for
inner and outer Tag, you can encapsulate different outer Tag for different inner Tag packet.
Selective QinQ makes carrier network structure more flexible. You can classify different
terminal users at access device interface by VLAN Tag and then, encapsulate different outer
Tag for different class users. On the Internet, you can configure QoS policy according to outer

Raisecom Technology Co., Ltd. 47


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Tag and configure data transmission priority flexibly so as to make users in different class
receive the corresponding services.

2.3.2 Preparing for configurations

Scenario
With application of basic QinQ, you can add outer VLAN Tag to plan Private VLAN ID
freely so as to make the user device data at both ends of carrier network take transparent
transmission without conflicting with VLAN ID in service provider network.

Prerequisite
 Connect the interface and configure interface physical parameters to make the physical
status Up.
 Create VLANs.

2.3.3 Default configurations of QinQ


Default configurations of QinQ are as below.

Function Default value


Outer Tag TPID 0x8100
Basic QinQ status Disable

2.3.4 Configuring basic QinQ


Configure basic QinQ on the ingress interface as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#mls double-tagging (Optional) configure TPID.
tpid tpid
3 Raisecom(config)#interface port port- Enter physical layer interface
id configuration mode.
4 Raisecom(config-port)#switchport qinq Enable basic QinQ on the
dot1q-tunnel interface.

2.3.5 Configuring selective QinQ


Configure selective QinQ on the ingress interface as below.

Raisecom Technology Co., Ltd. 48


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#mls double-tagging (Optional) configure TPID.
tpid tpid
3 Raisecom(config)#interface port port- Enter physical layer interface
id configuration mode.
4 Raisecom(config-port)#switchport Configure selective QinQ rules
vlan-mapping vlan-list add-outer on the interface.
vlan-id [ cos cos-value ]

2.3.6 Configuring egress interface toTrunk mode


Configure basic QinQ or selective QinQ on the network side interface as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config- Configure interface trunk mode,
port)#switchport mode trunk allowing double Tag packet to pass.

2.3.7 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show switchport qinq Show configurations of
basic QinQ.
2 Raisecom#show interface interface-type Show configurations of
interface-number vlan-mapping add-outer selective QinQ.

2.3.8 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear double-tagging-vlan Clear statistics of double
statistics outer { vlan-id | any } inner VLAN Tag packets.
{ vlan-id | any }

Raisecom Technology Co., Ltd. 49


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.3.9 Example for configuring basic QinQ

Networking requirements
As shown in Figure 2-4, Switch A and Switch B are connected to VLAN 100 and VLAN 200
respectively. Department C and department E need to communicate through the carrier
network. Department D and Department F need to communicate, too. Thus, you need to set
the outer Tag to VLAN 1000. Set Port 2 and Port 3 to dot1q-tunnel mode on Switch A and
Switch B, and connect these two interfaces two different VLANs. Port 1 is the uplink
interface connected to the ISP, and it is set to the Trunk mode to allow double Tag packets to
pass. The carrier TPID is 9100.

Figure 2-4 Basic QinQ networking application

Configuration steps
Step 1 Create VLAN 100, VLAN 200, and VLAN 1000 and activate them. TPID is 9100.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#mls double-tagging tpid 9100
SwitchA(config)#create vlan 100,200,1000 active

Raisecom Technology Co., Ltd. 50


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#mls double-tagging tpid 9100
SwitchB(config)#create vlan 100,200,1000 active

Step 2 Set Port 2 and Port 3 to dot1q mode.


Configure Switch A.

SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 1000
SwitchA(config-port)#switchport qinq dot1q-tunnel
SwitchA(config-port)#exit
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 1000
SwitchA(config-port)#switchport qinq dot1q-tunnel
SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk native vlan 1000
SwitchB(config-port)#switchport qinq dot1q-tunnel
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk native vlan 1000
SwitchB(config-port)#switchport qinq dot1q-tunnel
SwitchB(config-port)#exit

Step 3 Set Port 1 to allow double Tag packets to pass.


Configure Switch A.

SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 1000 confirm

Configure Switch B.

Raisecom Technology Co., Ltd. 51


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 1000 confirm

Checking results
Use the show switchport qinq command to view QinQ configurations.
Take Switch A for example.

SwitchA#show switchport qinq


Outer TPID: 0x9100
Interface QinQ Status
----------------------------
1 --
2 Dot1q-tunnel
3 Dot1q-tunnel

2.3.10 Example for configuring selective QinQ

Networking requirements
As shown in Figure 2-5, the carrier network contains common PC Internet service and IP
phone service. PC Internet service is assigned to VLAN 1000, and IP phone service is
assigned to VLAN 2000.
Configure Switch A and Switch B as below to make client and server communicate through
carrier network:
 Add outer Tag VLAN 1000 to the VLANs 100–150 assigned to PC Internet service.
 Add outer Tag 2000 for VLANs 300–400 for IP phone service.
 The carrier TPID is 9100.

Raisecom Technology Co., Ltd. 52


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Figure 2-5 Selective QinQ networking application

Configuration steps
Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000. The TPID is 9100.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#mls double-tagging tpid 9100
SwitchA(config)#create vlan 100-150,300-400,1000,2000 active

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#mls double-tagging tpid 9100
SwitchB(config)#create vlan 100-150,300-400,1000,2000 active

Step 2 Set Port 2 and Port 3 to dot1q mode.


Configure Switch A.

Raisecom Technology Co., Ltd. 53


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport vlan-mapping 100-150 add-outer 1000
SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchA(config-port)#exit
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport vlan-mapping 300-400 add-outer 2000
SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000
SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000
SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchB(config-port)#exit

Step 3 Set Port 1 to allow double Tag packets to pass.


Configure Switch A.

SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 1000,2000 confi rm

Configure Switch B.

SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 1000,2000 confirm

Checking results
Use the show interface port port-id vlan-mapping add-outer command to view QinQ
configuration.
Take Switch A for example.

Raisecom Technology Co., Ltd. 54


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

SwitchA#show interface port 2 vlan-mapping add-outer


Based inner VLAN QinQ mapping rule:
Port Original Inner VLAN List Add-outer VLAN Hw Status Hw-ID
---------------------------------------------------------------------
2 100-150 1000 Enable 1
SwitchA#show interface port 3 vlan-mapping add-outer
Based inner VLAN QinQ mapping rule:
Port Original Inner VLAN List Add-outer VLAN Hw Status Hw-ID
---------------------------------------------------------------------
3 300-400 2000 Enable 2

2.4 VLAN mapping


2.4.1 Introduction
VLAN mapping is mainly used to replace the private VLAN Tag of Ethernet packets with
ISP's VLAN Tag, making packets transmitted according to ISP's VLAN forwarding rules.
When packets are sent to the peer private network from the ISP network, the VLAN Tag is
restored to the original private VLAN Tag according to the same VLAN forwarding rules.
Therefore packets are correctly sent to the destination.
Figure 2-6 shows the principle of VLAN mapping.

Figure 2-6 Networking with VLAN mapping based on single Tag


After receiving a VLAN Tag contained in a user private network packet, the ISCOM2828F
matches the packet according to configured VLAN mapping rules. If it matches successfully,
it maps the packet according to configured VLAN mapping rules. The ISCOM2828F supports
the following mapping modes:
 1:1 VLAN mapping: the ISCOM2828F replaces the VLAN Tag carried by a packet from
a specified VLAN to the new VLAN Tag.
 N:1 VLAN mapping: the ISCOM2828F replaces the different VLAN Tags carried by
packets from two or more VLANs with the same VLAN Tag.
Different from QinQ, VLAN mapping does not encapsulate packets with multiple layers of
VLAN Tags, but needs to modify VLAN Tag so that packets are transmitted according to the
carrier's VLAN forwarding rules.

Raisecom Technology Co., Ltd. 55


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.4.2 Preparing for configurations

Scenario
Different from QinQ, VLAN mapping is to change the VLAN Tag without encapsulating
multilayer VLAN Tag so that packets are transmitted according to the carrier's VLAN
mapping rules. VLAN mapping does not increase the frame length of the original packet. It
can be used in the following scenarios:
 A user service needs to be mapped to a carrier's VLAN ID.
 Multiple user services need to be mapped to a carrier's VLAN ID.

Prerequisite
Before configuring VLAN mapping,
 Connect the interface and configure its physical parameters to make it Up.
 Create a VLAN.

2.4.3 Configuring 1:1 VLAN mapping


Configure 1:1 VLAN mapping as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
3 Raisecom(config- Configure interface-based 1:1 VLAN
port)#switchport vlan- mapping rules in the ingress or egress
mapping [ egress | direction.
ingress ] cvlan-list
translate vlan-id

2.4.4 Configuring N:1 VLAN mapping


Configure N:1 VLAN mapping as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#switchport Configure rules of Tag-based N:1
vlan-mapping both n-to-1 cvlan- VLAN mapping rules.
list translate svlan-id
4 Raisecom(config-port)#switchport Configure rules of double-Tag-
vlan-mapping both n-to-1 cvlan- based N:1 VLAN mapping rules.
list translate dtag svlan-id
cvlan-id

Raisecom Technology Co., Ltd. 56


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step Command Description


5 Raisecom(config-port)#switchport Configure selective QinQ and
vlan-mapping both untag translate double Tag rules on the interface.
dtag svlan-id cvlan-id

2.4.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show interface port [ port- Show configurations of 1:1
id ] vlan-mapping { egress | VLAN mapping.
ingress } translate
2 Raisecom#show interface port [ port- Show configurations of N:1
id ] vlan-mapping both translate VLAN mapping on the interface.
3 Raisecom#show interface port [ port- Show configurations of selective
id ] vlan-mapping both untag QinQ and double Tag rules on
the interface.

2.4.6 Example for configuring VLAN mapping

Networking requirements
As shown in Figure 2-7, Port 2 and Port 3 of Switch A are connected to Department E of
VLAN 100 and Department F of VLAN 200, Port 2 and Port 3 of Switch B are connected to
Department C of VLAN 100 and Department D of VLAN 200. The ISP assigns VLAN 1000
to transmit packets of Department E and Department C, and VLAN 2008 to transmit packets
of Department F and Department D.
Configure 1:1 VLAN mapping on the Switch A and Switch B to implement normal
communication between PC or terminal users and servers.

Raisecom Technology Co., Ltd. 57


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Figure 2-7 VLAN mapping application networking

Configuration steps
Configurations of Switch A and Switch B are the same. Take Switch A for example.
Step 1 Create VLANs and activate them.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 100,200,1000,2008 active
SwitchA(config)#vlan-mapping enable

Step 2 Set Port 1 to Trunk mode, allowing packets of VLAN 1000 and VLAN 2008 to pass.

SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 1000,2008 confirm
SwitchA(config-port)#exit

Step 3 Set Port 2 to Trunk mode, allowing packets of VLAN 100 to pass. Enable VLAN mapping.

Raisecom Technology Co., Ltd. 58


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 100 confirm
SwitchA(config-port)#switchport vlan-mapping ingress 100 translate 1000
SwitchA(config-port)#switchport vlan-mapping egress 1000 translate 100
SwitchA(config-port)#exit

Step 4 Set Port 3 to Trunk mode, allowing packets of VLAN 200 to pass. Enable VLAN mapping.

SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 200 confirm
SwitchA(config-port)#switchport vlan-mapping ingress 200 translate 2008
SwitchA(config-port)#switchport vlan-mapping egress 2008 translate 200

Checking results
Use the show interface port port-id vlan-mapping { ingress | egress } translate command
to show configurations of 1:1 VLAN mapping.

SwitchA#show interface port 2 vlan-mapping ingress translate


Direction: Ingress
Original Original Outer-tag New Inner-tag New
Interface Inner VLANs Outer VLANs Mode Outer-VID Mode Inner-VID
Hw-ID
-------------------------------------------------------------------------
2 n/a 100 Translate 1000 -- --

2.5 Interface protection


2.5.1 Introduction
Layer 2 data needs to be isolated from different interfaces, so you can add these interfaces to
different VLANs. Sometimes, Layer 2 data needs to be isolated from the interfaces in the
same VLAN, so interface protection can be used to isolate these interfaces.
Through interface protection, you can enable the protection feature to interfaces needed to be
controlled to achieve the Layer 2 data isolation and reach equal effects with physical isolation
among interfaces, which improves network security and provides flexible networking
solutions for customers.
Interfaces in a protection group cannot communicate with each other after you configure
interface protection, but communication between the interface with interface protection being
enabled and that with interface protection being disabled will not be influenced.

Raisecom Technology Co., Ltd. 59


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.5.2 Preparing for configurations

Scenario
To isolate Layer 2 data from the interfaces in the same VLAN, like physical isolation, you
need to configure interface protection.
The interface protection function can realize mutual isolation of the interfaces in the same
VLAN, enhance network security, and provide flexible networking solutions for you.

Prerequisite
N/A

2.5.3 Default configurations of interface protection


The default configuration for interface protection is as below.

Function Default value


Interface protection status of each interface Disable

2.5.4 Configuring interface protection


Configure interface protection for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- Enable interface protection.
port)#switchport protect

2.5.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show switchport Show interface protection
protect configurations.

Raisecom Technology Co., Ltd. 60


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.5.6 Example for configuring interface protection

Networking requirements
As shown in Figure 2-8, PC 1, PC 2, and PC 5 belong to VLAN 10, and PC 3 and PC 4
belong to VLAN 20. The interfaces connecting two devices are in Trunk mode, but do not
allow VLAN 20 packets to pass. As a result, PC 3 and PC 4 fail to communicate with each
other. Enable interface protection on the interfaces of PC 1 and PC 2 which are connected to
Switch B. As a result, PC 1 and PC 2 fail to communicate with each other, but they can
communicate with PC 5 respectively.

Figure 2-8 Interface protection application networking

Configuration steps
Step 1 Create VLAN 10 and VLAN 20 on both Switch A and Switch B, and activate them.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 10,20 active

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 10,20 active

Raisecom Technology Co., Ltd. 61


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step 2 Add Port 2 and Port 3 of Switch B to VLAN 10 in Access mode, add Port 4 to VLAN 20 in
Access mode, and set Port 1 in Trunk mode to allow VLAN 10 packets to pass.

SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 10
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 10
SwitchB(config-port)#exit
SwitchB(config)#interface port 4
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 20
SwitchB(config-port)#exit
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 10 confirm
SwitchB(config-port)#exit

Step 3 Add Port 2 of Switch A to VLAN 10 in Access mode, add Port 3 to VLAN 20 in Trunk mode,
and set Port 1 in Trunk mode to allow VLAN 10 packets to pass.

SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 10
SwitchA(config-port)#exit
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 20
SwitchA(config-port)#exit
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 10 confirm

Step 4 Enable interface protection on Port 2 and Port 3 on Switch B.

SwitchB(config)#interface port 2
SwitchB(config-port)#switchport protect
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport protect

Checking results
Use the show vlan command to check whether VLAN configurations are correct.

Raisecom Technology Co., Ltd. 62


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Take Switch B for example.

SwitchB#show vlan
VLAN Name State Status Port Untag-Port Priority Create-Time
-------------------------------------------------------------------------
1 Default active static 1-10 1-10 -- 0:0:7
10 VLAN0010 active static 1-3 2,3 -- 0:1:1
20 VLAN0020 active static 4 4 -- 0:1:1

Use the show interface port port-id switchport command to check whether interface VLAN
is correctly configured.
Take Switch B for example.

SwitchB#show interface port 2 switchport


Port:2
Administrative Mode: access
Operational Mode: access
Access Mode VLAN: 10
Administrative Access Egress VLANs: 1
Operational Access Egress VLANs: 1,10
Trunk Native Mode VLAN: 1
Administrative Trunk Allowed VLANs: 1-4094
Operational Trunk Allowed VLANs: 1,10,20
Administrative Trunk Untagged VLANs: 1
Operational Trunk Untagged VLANs: 1

Use the show switchport protect command to check whether interface protection is correctly
configured.

SwitchB#show switchport protect


Port Protected State
--------------------------
1 disable
2 enable
3 enable

Check whether PC 1 and PC 5, PC 2 and PC 5, and PC 3 and PC 4 can ping through each
other or not. Check whether the VLAN allowed to pass on the Trunk interface is correct.
 If PC 1 can ping through PC 5 successfully, VLAN 10 communicates properly.
 If PC 2 can ping through PC 5 successfully, VLAN 10 communicates properly.
 If PC 3 fails to ping through PC 4, VLAN 20 fails to communicate.
By pinging through PC 1 and PC 2, check whether interface protection is correctly configured.
If PC 1 fails to ping through PC 2, interface protection has taken effect.

Raisecom Technology Co., Ltd. 63


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.6 Port mirroring


2.6.1 Introduction
Port mirroring refers to mirroring some packets from the source interface to the destination
interface, such as from the monitor port without affecting the normal packet forwarding. You
can monitor sending and receiving status for packets on an interface through this function and
analyze the relevant network conditions.

Figure 2-9 Port mirroring principle


The basic principle of port mirroring is shown in Figure 2-9. PC 1 connects outside network
via the Port 1; PC 3 is the monitoring PC, connecting the external network through Port 4.
When monitoring packets from the PC 1, you needs to assign Port 1 to connect to PC 1 as the
mirroring source port, enable port mirroring on the ingress port and assign Port 4 as monitor
port to mirror packets to destination port.
When service packets from PC 1 enter the switch, the switch will forward and copy them to
monitor port (Port 4). The monitoring device connected to mirror the monitoring interface can
receive and analyze these mirrored packets.
The ISCOM2828F supports data stream mirroring on the ingress port and egress port. The
packets on ingress/egress mirroring port will be copied to the monitor port after the switch is
enabled with port mirroring. The monitor port and mirroring port cannot be the same one.

2.6.2 Preparing for configurations

Scenario
Port mirroring is mainly used to monitor network data type and flow regularly for the network
administrator.

Raisecom Technology Co., Ltd. 64


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Interface mirroring function is to copy the interface flow monitored to a monitor interface or
CPU so as to obtain the ingress/egress interface failure or abnormal flow of data to analyze,
discover the root cause and solve them timely.

Prerequisite
N/A

2.6.3 Default configurations of port mirroring


Default configurations of port mirroring are as below.

Function Default value


Port mirroring status Disable
Mirroring source interface Null
Mirroring monitor port Port 1

When you configure to mirror packets to the CPU, the monitor port receives no
packets.

2.6.4 Configuring port mirroring on local port

 There can be multiple source mirroring ports but only one monitor port.
 The ingress/egress mirroring port packet will be copied to the monitor port after
port mirroring takes effect. The monitor port cannot be set to the mirroring port
again.
Configure local port mirroring for the ISCOM2828F as below.

Step Configure Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mirror monitor-port Configure the packet mirror of
port-id port mirroring to CPU or
specified monitor interface.
3 Raisecom(config)#mirror source-port- Configure the mirror source
list { both port-list | egress port- interface of port mirroring and
list | ingress port-list [ egress designate the mirror rule for port
port-list ] } mirroring.
4 Raisecom(config)#mirror enable Enable port mirroring.

Raisecom Technology Co., Ltd. 65


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.6.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show mirror Show port mirroring configurations.

2.6.6 Example for configuring port mirroring

Networking requirements
As shown in Figure 2-10, the network administrator hopes to monitor on user network 1
through data monitor device, then to catch the fault or abnormal data flow for analyzing and
discovering problem and then solve it.
The ISCOM2828F is disabled with storm control and automatic packets sending. User
network 1 accesses the ISCOM2828F through Port 1, user network 2 accesses the
ISCOM2828F through Port 2, and data monitor device is connected to Port 3.

Figure 2-10 Port mirroring application networking

Configuration steps
Enable port mirroring on the switch.

Raisecom#config
Raisecom(config)#mirror monitor-port 3
Raisecom(config)#mirror source-port-list both 1
Raisecom(config)#mirror enable

Raisecom Technology Co., Ltd. 66


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Checking results
Show interface mirror information by using the show mirror command.

Raisecom#show mirror
Mirror: Enable
Monitor port: 3
Non-mirror port: Not block
-----------the both mirror rule-----------
Mirrored ports: 1
Divider: 0
MAC address: 0000.0000.0000
-----------the both mirror rule-----------
Mirrored ports: --
Divider: 0
MAC address: 0000.0000.0000

2.7 Layer 2 protocol transparent transmission


2.7.1 Introduction
Transparent transmission is one of the main Ethernet device functions. Generally, edge
network devices of carrier take charge of Layer 2 protocol packet transparent transmission.
Transparent transmission is enabled on the interface that connects edge network devices of
carrier and user network. The interface is in Access mode and corresponding interface on the
user device is in Trunk mode. The layer 2 protocol packet of user network enters from
transparent transmission interface, encapsulated by edge network device (ingress end of
packet) and then enter carrier network. The packet is transmitted through carrier network to
reach edge device (egress end of packet) at the other end or carrier network. The edged device
decapsulates outer layer 2 protocol packet and transparently transmits it to user network.
The transparent transmission function includes packet encapsulation and decapsulation
function, the basic implementing principle as below.
 Packet encapsulation: at the packet ingress end, the ISCOM2828F modifies destination
MAC address from user network layer 2 protocol packets to special multicast MAC
address (it is 010E.5E00.0003 by default). In carrier network, the modified packet is
forwarded as data in user VLAN.
 Packet decapsulation: at the packet egress end, the ISCOM2828F senses packet with
special multicast MAC address (it is 010E.5E00.0003 by default) and revert the
destination MAC address to DMAC of Layer 2 protocol packets, then send the packet to
assigned user network.
Layer 2 protocol transparent transmission function can be operated at the same time with
QinQ or operated independently. In practice application, after modifying protocol packet
MAC address, need to add outer Tag for transmit through carrier network.
The ISCOM2828F supports transparent transmission of BPDU packet, DOT1X packet, LACP
packet, CDP packet, PVST packet, PAGP packet, STP packet, UDLD packet, and VTP packet.

Raisecom Technology Co., Ltd. 67


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

2.7.2 Preparing for configurations

Scenario
This function enables layer 2 protocol packets of one user network cross through carrier
network to make one user network unified operating one Layer 2 protocol at different region.
You can configure rate limiting on transparent transmission packets to prevent packet loss.

Prerequisite
Configure physical parameters for the interface to set it in Up status before configuring Layer
2 protocol transparent transmission function.

2.7.3 Default configurations of Layer 2 protocol transparent


transmission
Default configurations of Layer 2 protocol transparent transmission are as below.

Function Default value


Layer 2 protocol transparent transmission status Disable
Egress interface and belonged VLAN of Layer 2 protocol Null
packet
TAG CoS value of transparent transmission packet Null
Destination MAC address of transparent transmission packet 010E.5E00.0003
Discarding threshold and disabling threshold of transparent Null
transmission packet

2.7.4 Configuring transparent transmission parameters


Configure transparent transmission parameter for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#relay (Optional) configure destination MAC
destination-address mac-address for transparent transmission packet.
The default value is 010E.5E00.0003.
3 Raisecom(config)#relay cos cos- (Optional) configure CoS value for
value transparent transmission packet.
4 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode or aggregation
group configuration mode.
5 Raisecom(config-port)#relay Configure specified egress interface
port port-id for transparent transmission packet.

Raisecom Technology Co., Ltd. 68


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Step Command Description


6 Raisecom(config-port)#relay Configure specified VLAN for
vlan vlan-id transparent transmission packet.
The specified VLAN configuration
can transmit the packet according to
specified VLAN, but not VLAN
configuration of ingress interface.
7 Raisecom(config-port)#relay Configure transparent transmission
{ all | cdp | dot1x | lacp | message type on the interface.
pagp | pvst | stp | udld |
vtp }

2.7.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show relay [ port-list port- Show configurations and status
list ] of transparent transmission.
2 Raisecom#show relay statistics Show statistics of transparent
[ port-list port-list ] transmission packets.

2.7.6 Maintenance
Maintain Ethernet features as below.

Command Description
Raisecom(config)#clear relay statistics Clear statistics of transparent
[ port-list port-list ] transmission packets.
Raisecom(config-port)#no relay shutdown Enable the interface again.

2.7.7 Example for configuring Layer 2 protocol transparent


transmission

Networking requirements
As shown below, Switch A and Switch B connect to two user networks VLAN 100 and
VLAN 200 respectively. You need to configure Layer 2 protocol transparent transmission
function on Switch A and Switch B in order to make the same user network in different
regions run STP entirely.

Raisecom Technology Co., Ltd. 69


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Figure 2-11 Layer 2 protocol transparent transmission application networking

Configuration steps
Step 1 Create VLAN 100, 200 and activate them.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 100,200 active

Configure Switch B.

Raisecom#hostname SwitchB
SwitchA#config
SwitchA(config)#create vlan 100,200 active

Step 2 Set the switching mode of Port 2 to Access mode, set the Access VLAN to 100, and enable
STP transparent transmission.
Configure Switch A.

SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 100
SwitchA(config-port)#relay stp
SwitchA(config-port)#relay port 1
SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode access

Raisecom Technology Co., Ltd. 70


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

SwitchB(config-port)#switchport access vlan 100


SwitchB(config-port)#relay stp
SwitchB(config-port)#relay port 1
SwitchB(config-port)#exit

Step 3 Set the switching mode of Port 3 to Access mode, set the Access VLAN to 200, and enable
STP transparent transmission.
Configure Switch A.

SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 200
SwitchA(config-port)#relay stp
SwitchA(config-port)#relay port 1
SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 200
SwitchB(config-port)#relay stp
SwitchB(config-port)#relay port 1
SwitchB(config-port)#exit

Step 4 Set Port 1 to Trunk mode.


Configure Switch A.

SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk

Configure Switch B.

SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk

Checking results
Use the show relay command to check whether Layer 2 protocol transparent transmission is
correctly configured.

Raisecom Technology Co., Ltd. 71


Raisecom
ISCOM2828F (D) Configuration Guide 2 Ethernet

Take Switch A for example.

SwitchA#show relay port-list 1-3


COS for Encapsulated Packets: -
Destination MAC Address for Encapsulated Packets: 010E.5E00.0003
Port vlan Egress-Port Protocol Drop-Threshold Shutdown-Threshold
-------------------------------------------------------------------------
1(up) -- -- stp -- --
dot1x -- --
lacp -- --
cdp -- --
vtp -- --
pvst --
udld --- ---
pagp ---
2(up) -- 1 stp(enable) -- --
dot1x -- --
lacp -- --
cdp -- --
vtp -- --
pvst --
udld --- ---
pagp ---
3(up) -- 1 stp(enable) -- --
dot1x -- --
lacp -- --
cdp -- --
vtp -- --
pvst --
udld --- ---
pagp ---

Raisecom Technology Co., Ltd. 72


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

3 IP services

This chapter introduces basic principles and configurations of routing features, and provides
the related configuration examples, including the following sections:
 ARP
 Layer 3 interface
 Default gateway
 DHCP Client
 DHCP Relay
 DHCP Snooping
 DHCP Option

3.1 ARP
3.1.1 Introduction
In TCP/IP network environment, each host is assigned with a 32-bit IP address that is a logical
address used to identify host between networks. To transmit packet in physical link, you must
know the physical address of the destination host, which requires mapping IP address to
physical address. In Ethernet environment, physical address is 48-bit MAC address. Users
have to transfer the 32-bit destination host IP address to 48-bit Ethernet address for
transmitting packets to destination host correctly. The Address Resolution Protocol (ARP) is
applied to analyze IP address to MAC address and set mapping relationship between them.
ARP address mapping table includes the following two types:
 Static entry: bind IP address and MAC address to avoid ARP dynamic learning cheating.
− Static ARP address entry needs to be added/deleted manually.
− No aging to static ARP address.
 Dynamic entry: MAC address automatically learned through ARP.
− This dynamic address entry is automatically generated by the switch. You can adjust
partial parameters of it manually.
− The dynamic ARP address entry will age at the aging time if no use.
The ISCOM2828F supports the following two ARP address mapping entry dynamic learning
modes:

Raisecom Technology Co., Ltd. 73


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

 Learn-all: in this mode, the ISCOM2828F learns both ARP request packets and response
packets. When device A sends its ARP request, it writes mapping between its IP address
and physical address in ARP request packets. When device B receives ARP request
packets from device A, it learns the mapping in its address table. In this way, device B
will no longer send ARP request when sending packets to device A.
 Learn-reply-only mode: in this mode, the ISCOM2828F learns ARP response packets
only. For ARP request packets from other devices, it responds with ARP response
packets only rather than learning ARP address mapping entry. In this way, network load
is heavier but some network attacks based on ARP request packets can be prevented.

3.1.2 Preparing for configurations

Scenario
The mapping relationship between the IP address and MAC address is stored in ARP address
mapping table.
Generally, ARP address mapping table is dynamic maintained by the ISCOM2828F. The
ISCOM2828F searches the mapping relationship between the IP address and MAC address
automatically according to the ARP protocol. You only need to configure the ISCOM2828F
manually for preventing ARP dynamic learning cheating or adding static ARP address entries.

Prerequisite
N/A

3.1.3 Default configurations of ARP


Default configurations of ARP are as below.

Function Default value


Static ARP entry Null
Dynamic ARP entry learning mode Learn-reply-only

3.1.4 Configuring static ARP entries

 The IP address of static ARP entry must belong to the IP network segment of
switch Layer 3 interface.
 The static ARP entry needs to be added and deleted manually.
Configure static ARP entries for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#arp ip- Configure static ARP entry.
address mac-address

Raisecom Technology Co., Ltd. 74


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

3.1.5 Configuring aging time of dynamic ARP entries


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#arp (Optional) configure dynamic ARP entry
aging-time period learning mode. The value 0 indicates no
aging.

3.1.6 Configuring dynamic ARP entry learning mode


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#arp mode (Optional) configure dynamic ARP entry
{ learn-all | learn-reply- learning mode.
only }

3.1.7 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show arp Show information about the ARP address table.
2 Raisecom#show arp ip- Show ARP table information related to a
address specified IP address.
3 Raisecom#show arp ip if- Show ARP table information related to the
number Layer 3 interface.
4 Raisecom#show arp static Show ARP statistics.

3.1.8 Maintenance
Maintain the ISCOM2828F as below.

Command Description

Raisecom(config)#clear arp Clear all entries in ARP address mapping table.

Raisecom Technology Co., Ltd. 75


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

3.1.9 Example for configuring ARP

Networking requirements
As shown in Figure 3-1, the ISCOM2828F connects to host, connects to the upstream router
by Port 1. IP address of Router is 192.168.1.10/24, subnet mask is 255.255.255.0. MAC
address is 0050-8d4b-fd1e.
To improve communication security between Device and Router, you need to configure
related static ARP entries on the ISCOM2828F.

Figure 3-1 Configuring ARP networking

Configuration steps
Step 1 Create an ARP static entry.

Raisecom#config
Raisecom(config)#arp 192.168.1.10 0050.8d4b.fd1e

Checking results
Use the show arp command to check whether all entry information in ARP address mapping
table is correct.

Raisecom#show arp
ARP table aging-time: 1200 seconds(default: 1200s)
ARP mode: Learn reply only
Ip Address Mac Address Type Interface ip
---------------------------------------------------------
192.168.1.10 0050.8d4b.fd1e static --

Raisecom Technology Co., Ltd. 76


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

192.168.100.1 000F.E212.5CA0 dynamic 1

Total: 2
Static: 1
Dynamic: 1

3.2 Layer 3 interface


3.2.1 Introduction
The Layer 3 interface refers to the IP interface, and it is a VLAN-based virtual interface.
Configuring Layer 3 interface is generally used for device network management or routing
link connection of multiple devices. Associating a Layer 3 interface to a VLAN requires
configuring the IP address. Each Layer 3 interface corresponds to an IP address and is
associated with at least one VLAN.
If only one IP address is configured on the Layer 3 interface of the ISCOM2828F, only part of
hosts can communicate with external networks through the switch. To enable all hosts to
communicate with external networks, configure the secondary IP address of the interface. To
enable hosts in two network segments to interact with each other, set the switch as the
gateway for all hosts.

3.2.2 Preparing for configurations

Scenario
You can associate a Layer 3 interface with a VLAN when configuring the IP address for the
VLAN. Each Layer 3 interface corresponds to an IP address and is associated with a VLAN.

Prerequisite
Configure the associated VLAN and activate it before you configure the Layer 3 interface.

3.2.3 Configuring Layer 3 interface


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface ip Enter Layer 3 interface configuration
if-number mode.
3 Raisecom(config-ip)#description Configure description of the Layer 3
string interface.
4 Raisecom(config-ip)#ip address Configure the IP address of the Layer
ip-address [ ip-mask ] [ vlan- 3 interface, and associate with
list ] VLAN.

Raisecom Technology Co., Ltd. 77


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Step Command Description


5 Raisecom(config-ip)#ip vlan (Optional) configure the mapping
vlan-list between the Layer 3 interface and
VLAN.

 Configure the VLAN associated with the Layer 3 interface, and the VLAN must be
activated. Suspended VLAN can be activated for configurations through the state
{ active | suspend } command. When you configure the mapping between a
Layer 3 interface and a VLAN which does not exist or is deactivated, the
configuration can be successful but does not take effect.
 The ISCOM2828F can be configured with 15 Layer 3 interfaces in the range of 0
to 14.

3.2.4 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show interface ip Show IP address configuration of the
Layer 3 interface.
2 Raisecom#show interface ip Show mapping between Layer 3 interface
description and VLAN.
3 Raisecom#show interface ip Show management VLAN
statistics configurations.

3.2.5 Example for configuring Layer 3 interface to interconnect with


host

Networking requirements
As shown in Figure 3-2, configure the Layer 3 interface to the switch so that the host and the
ISCOM2828F can Ping through each other.

Figure 3-2 Layer 3 interface configuration networking

Raisecom Technology Co., Ltd. 78


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Configuration steps
Step 1 Create a VLAN and add the interface to the VLAN.

Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport access vlan 10

Step 2 Configure Layer 3 interface on the ISCOM2828F, and configure the IP address, and associate
the IP address with the VLAN.

Raisecom(config)#interface ip 10
Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 10

Checking results
Check whether the binding relation of VLAN and physical interface is correct by using the
show vlan command:

Raisecom#show vlan 10
VLAN Name State Status Port Untag-Port Priority Create-Time
-------------------------------------------------------------------------
10 VLAN0010 active static 2 2 -- 1:16:49

Check whether the Layer 3 interface configuration is correct and whether the mapping
between the Layer 3 interface and VLAN is correct by using the show interface ip command.

Raisecom#show interface ip
Index Ip Address NetMask Vid Status Mtu
-------------------------------------------------------------------------
0 192.168.27.63 255.255.255.0 1 active 1500
10 192.168.1.2 255.255.255.0 10 active 1500

Check whether the ISCOM2828F and PC can ping each other by using the ping command.

Raisecom#ping 192.168.1.3
Type CTRL+C to abort
Sending 5, 8-byte ICMP Echos to 192.168.1.3, timeout is 3 seconds:
Reply from 192.168.1.3: time<1ms
Reply from 192.168.1.3: time<1ms
Reply from 192.168.1.3: time<1ms
Reply from 192.168.1.3: time<1ms

Raisecom Technology Co., Ltd. 79


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Reply from 192.168.1.3: time<1ms

---- PING Statistics----


5 packets transmitted, 5 packets received,
Success rate is 100 percent(5/5),
round-trip (ms) min/avg/max = 0/0/0.

3.3 Default gateway


3.3.1 Introduction
When the packet to be forwarded is not configured with a route, you can configure the default
gateway to enable a device to send the packet to the default gateway. The IP address of the
default gateway should be in the same network segment with the local IP address of the
device.

3.3.2 Preparing for configurations

Scenario
When the packet to be forwarded is not configured with a route, you can configure the default
gateway to enable a device to send the packet to the default gateway.

Prerequisite
Configure the IP address of the switch in advance; otherwise, configuring the default gateway
will fail.

3.3.3 Configuring default gateway

The IP address of the default gateway should be in the same network segment of any
local IP interface.
Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip default- Configure the IP address of the
gateway ip-address default gateway.

3.3.4 Configuring static route


Configure the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 80


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip forwarding Enable software IP forwarding on
the ISCOM2828F.
3 Raisecom(config)#ip route ip- Create a static route.
address ip-mask next-hop-ip-
address

3.3.5 Checking configurations


Use the following command to check configuration result.

No. Command Description


1 Raisecom#show ip route Show routing table information.

3.4 DHCP Client


3.4.1 Introduction
Dynamic Host Configuration Protocol (DHCP) refers to assigning IP address configuration
information dynamically for users on the TCP/IP network. DHCP is based on BOOTP
(Bootstrap Protocol) protocol, and is added with functions, such as, automatical assignment of
available network addresses, re-using network addresses, and other extended configuration
options.
With enlargement of network scale and development of network complexity, quantity of PC in
network usually exceeds available distributed IP address amount. Meanwhile, widely using of
notebooks and wireless networks lead to frequent change of PC positions, and related IP
addresses must updated accordingly frequently. As a result, network configuration becomes
more and more complex. DHCP is developed to solve these problems.
DHCP adopts client/server communication mode. The client applies configuration to the
server (including IP address, Subnet mask, and default gateway); and the server replies the IP
address and other related configuration information to the client to realize dynamic
configuration of IP address.
Typical application of DHCP usually includes a DHCP server and several clients (for example,
PC or Notebook), as shown below.

Raisecom Technology Co., Ltd. 81


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Figure 3-3 DHCP typical application networking


The DHCP technology ensures the rational allocation, avoids waste of IP addresses, and
improves the utilization rate of IP addresses on the entire network.
DHCP packets are encapsulated in UDP data packets. The structure of DHCP packets is
shown as below.

Figure 3-4 Structure of DHCP packets


Meanings of different fields of DHCP packets are shown as below.

Table 3-1 Field definitions of DHCP packets


Field Length Description
OP 1 Packet type
 Value at 1: request packets
 Value at 2: reply packets
Hardware type 1 Hardware address type of the DHCP client
Hardware length 1 Hardware address size of the DHCP client

Raisecom Technology Co., Ltd. 82


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Field Length Description


Hops 1 Number of DHCP hops passing by the DHCP packet
This field increases 1 every time the DHCP request
packet passes a DHCP relay.
Transaction ID 4 A random number selected by the client to initiate a
request, used to identify an address request process
Seconds 2 Duration after the DHCP request for the DHCP client,
fixed to 0, being idle currently
Flags 2 Bit 1 is broadcast reply flag. It is used to mark that the
DHCP server reply packet is transmitted in unicast or
broadcast mode.
 0: unicast
 1: broadcast
Other bits are reserved.
Client IP address 4 DHCP client IP address, only be filled when client is
bound, updated, or rebound, and can be used to reply
ARP request
Your (client) IP 4 IP address of the DHCP client assigned by the DHCP
address server
Server IP 4 IP address of the DHCP server
address
Relay agent IP 4 IP address of the first DHCP relay passing by the
address request packet sent by the DHCP client
Client hardware 16 Hardware address of DHCP client
address
Server host name 64 DHCP server name
File 128 Startup configuration file name and path assigned by the
DHCP server to the DHCP client
Options Modifiable A modifiable option field, including packet type,
available leased period, Domain Name System (DNS)
server IP address, and Windows Internet Name Server
(WINS) IP address, etc.

The ISCOM2828F can be used as a DHCP client to obtain the IP address from a DHCP server
for future management, as shown in Figure 3-5.

Raisecom Technology Co., Ltd. 83


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Figure 3-5 DHCP client networking

3.4.2 Preparing for configurations

Scenario
As a DHCP client, the ISCOM2828F obtains the IP address assigned from the DHCP server.
The IP address assigned by a DHCP server is limited with a certain lease period in dynamic
address distribution mode. The DHCP server will take back the IP address when it is expired.
Then, the DHCP client has to relet IP addresses for continuous use. The DHCP client can
release the IP address if it does not want to use it any more before its expiration.
It is recommended that the number of DHCP relays be smaller than 4 if the DHCP client
needs to obtain IP addresses from the DHCP server through multiple DHCP relays.

Prerequisite
 Create a VLAN and add a Layer 3 interface to the VLAN.
 Both DHCP snooping and DHCP Relay features are disabled.

3.4.3 Default configurations of DHCP Client


Default configurations of DHCP client are as below.

Function Default value


hostname raisecom
class-id raisecom-ROS
client-id raisecom-SYSMAC-IF0

3.4.4 Applying IP address through DHCP


Configure the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 84


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface ip if- Enter Layer 3 interface
number configuration mode.
3 Raisecom(config-ip)#ip address Configure applying for the IP
dhcp vlan-list [ server-ip ip- address through DHCP.
address ]

If the ISCOM2828F obtains IP addresses from the DHCP server through DHCP
previously, it will restart the application process for IP addresses if users modified the
DHCP server address by using the ip address dhcp command.

3.4.5 (Optional) configuring DHCP Client


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface ip if- Enter Layer 3 interface
number configuration mode.
3 Raisecom(config)#ip dhcp client Configure DHCP client
{ class-id class-id | client-id information, including type ID,
client-id | hostname hostname } client ID, and host name.

3.4.6 (Optional) renewing or releasing IP address


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interf Enter Layer 3 interface configuration mode.
ace ip if-number
3 Raisecom(config)#ip Renew the IP address.
dhcp client renew
If the ISCOM2828F has obtained the IP
address through DHCP, it will automatically
renew the IP address upon the IP address
expires.
4 Raisecom(config)#no ip Release the IP address.
address dhcp

Raisecom Technology Co., Ltd. 85


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

3.4.7 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ip dhcp client Show DHCP client configuration.

3.4.8 Example for configuring DHCP Client

Networking requirements
As shown in Figure 3-6, the switch is used as a DHCP client and the host name is raisecom.
The DHCP server should assign the IP address to the switch through the SNMP interface to
enable the NView NNS platform dicover and manage the switch.

Figure 3-6 DHCP client networking

Configuration steps
Step 1 Configure DHCP client information.

Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip dhcp client hostname raisecom

Step 2 Configure to apply for IP address by DHCP.

Raisecom(config-ip)#ip address dhcp 1 server-ip 192.168.1.1

Raisecom Technology Co., Ltd. 86


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Checking results
Check whether DHCP client configuration is correct by using the show ip dhcp client
command.

Raisecom#show ip dhcp client


Hostname: raisecom
Class-ID: raisecomFTTH-ROS_4.14.1727
Client-ID: raisecomFTTH-000e5e123456-IF0
DHCP Client is requesting for a lease.

3.5 DHCP Relay


3.5.1 Introduction
At the beginning, DHCP requires that the DHCP server and clients must be in the same
network segment. As a result, a DHCP server is configured for all network segments for
dynamic host configuration, which is not economic.
DHCP Relay is introduced to solve this problem. It can provide relay service between DHCP
clients and DHCP server that are in different network segments. It relays packets across
network segments to the DHCP server or clients.
The working principle of DHCP Relay is shown below.

Figure 3-7 DHCP Relay application networking


Step 1 The DHCP client sends a request packet to the DHCP server.
Step 2 After receiving the packet, the DHCP relay device processes the packet in a certain way, and
then sends it to the DHCP server on the specified network segment.

Raisecom Technology Co., Ltd. 87


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Step 3 The DHCP server sends acknowledgement packet to the DHCP client through the DHCP
relay device according to the information contained in the request packet. In this way, the
configuration of the DHCP client is dynamically configured.

3.5.2 Preparing for configurations

Scenario
When DHCP clients and the DHCP server are not in the same network segment, you can use
the DHCP Relay feature to make the DHCP server and clients in different network segments
carry relay service and relay DHCP protocol packets across network segments to the
destination DHCP server, so that DHCP clients in different network segments can share the
same DHCP server.

Prerequisite
DHCP Relay is exclusive to DHCP Client, or DHCP Snooping. Namely, you cannot configure
DHCP Relay on the device configured with DHCP Client, or DHCP Snooping.

3.5.3 Default configurations of DHCP Relay


Function Default value
Global DHCP Relay Disable
Interface DHCP Relay Enable
DHCP Relay supporting Option 82 Disable
Policy for DHCP Relay to process Option 82 request Replace
packets
Interface DHCP Relay trust No trust

3.5.4 Configuring global DHCP Relay


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip dhcp Enable global DHCP Relay.
relay

3.5.5 Configuring interface DHCP Relay


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface ip Enter Layer 3 interface configuration
if-number mode.

Raisecom Technology Co., Ltd. 88


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Step Command Description


3 Raisecom(config-ip)#ip dhcp Enable DHCP Relay on the IP
relay interface.

3.5.6 Configuring destination IP address for forwarding packets


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip dhcp relay Configuring the destination IP address
ip-list { all | ip-interface- for DHCP Relay on the IP interface.
list } target-ip ip-address
3 Raisecom(config)#interface ip Enter Layer 3 interface configuration
if-number mode.
4 Raisecom(config-ip)#ip dhcp Configure the destination IP address for
realy target-ip ip-address Layer 3 interface to forward packets.

3.5.7 (Optional) configuring DHCP Relay to support Option 82


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip dhcp relay Configure DHCP Relay to support
information option Option 82.
3 Raisecom(config)#ip dhcp relay Configure the policy for DHCP Relay to
information policy { drop | process Option 82 request packets
keep | replace }
4 Raisecom(config)#ip dhcp relay Configure global Option 82 trusted
information trusted port-list interface list.
port-list
Raisecom(config)#interface Set the specified interface to the Option
port port-id 82 trusted interface.
Raisecom(config-port)ip dhcp
relay information trusted

3.5.8 Checking configurations


No. Command Description
1 Raisecom#show ip dhcp relay Show configurations or statistics of DHCP
[ information | statistics ] Relay.

Raisecom Technology Co., Ltd. 89


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

3.6 DHCP Snooping


3.6.1 Introduction
DHCP Snooping is a security feature of DHCP with the following functions:
 Guarantee the DHCP client to obtain the IP address from a legal DHCP server.
If a forged DHCP server exists on the network, the DHCP client may obtain incorrect IP
address and network configuration parameters, and thus cannot communicate normally. As
shown below, to make DHCP client obtain the IP address from the legal DHCP server, DHCP
Snooping security system allows to set an interface as a trusted interface or untrusted interface:
the trusted interface forwards DHCP packets normally; while the untrusted interface discard
the reply packets from the DHCP server.

Figure 3-8 DHCP Snooping networking


 Record corresponding relationship between IP address and MAC address of the DHCP
client.
Through DHCP Snooping, the DHCP server records DHCP Snooping entries by monitoring
requests and reply packets received on the trusted interface, including the MAC address of
clients, obtained IP address, and interface ID connected to the DHCP client and belonged
VLAN, etc. Based on the information, the following functions can be realized:
– ARP inspection: judge legality of a user that sends ARP packets and avoid ARP
attack from illegal users.
– IP Source Guard: filter packets forwarded by the interface by dynamically obtain
DHCP Snooping entries to prevent illegal packets from passing the interface.
– VLAN mapping: modify the mapped VLAN of packets sent to users into the original
VLAN through searching the IP address, MAC address, and original VLAN of the
DHCP client in the DHCP Snooping entry which corresponds to the mapped VLAN.
The Option field in DHCP packet records position information about DHCP clients. The
administrator can use this option to locate the DHCP client and implement security control
and accounting.
If the ISCOM2828F is configured with DHCP Snooping to support DHCP Option feature:

Raisecom Technology Co., Ltd. 90


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

 When the ISCOM2828F receives a DHCP request packet, it processes the packet
according to the processing policy configured by the user, padding mode, and whether
the Option field is included or not, and then forwards the processed packet to the DHCP
server.
 When the ISCOM2828F receives a DHCP reply packet, if the packet contains the Option
field, delete the field and forward the packet to the DHCP client; if the packet does not
contain the Option field, forward the packet directly.

3.6.2 Preparing for configurations

Scenario
DHCP Snooping is a security feature of DHCP, used to guarantee DHCP clients to obtain IP
addresses from the legal DHCP server and record mappings between IP addresses and MAC
addresses of DHCP clients.
The Option field in DHCP packet records position information about DHCP clients. The
administrator can use this option to locate the DHCP client and implement security control
and accounting. The device configured with DHCP Snooping and DHCP Option can process
packets accordingly based on whether packets contain the Option field or not.

Prerequisite
DHCP Snooping is exclusive to DHCP Client or DHCP Replay, that is, you should make sure
that the global DHCP Client and DHCP Relay featues are disabled before configuring DHCP
Snooping.

3.6.3 Default configurations of DHCP Snooping


Default configurations of DHCP Snooping are as below.

Function Default value


Global DHCP Snooping status Disable
Interface DHCP Snooping status Enable
Interface trust/untrust status Untrust
DHCP Snooping in support of Option 82 Disable

3.6.4 Configuring DHCP Snooping


Generally, make sure that the ISCOM2828F interface connected to the DHCP server is in trust
status; while the interface connected to the user side is in untrust status.
Enabled with DHCP Snooping, if the ISCOM2828F is not configured with DHCP Snooping
supporting DHCP Option feature, it will do nothing to Option fields in packets. For packets
without Option fields, the ISCOM2828F still does not perform insertion operation.
By default, DHCP Snooping on all interfaces is enabled. However, only after global DHCP
Snooping is enabled, DHCP Snooping on an interface can take effect.
Configure DHCP Snooping on the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 91


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip dhcp Enable global DHCP Snooping.
snooping
By default, global IPv4-based DHCP
Snooping is not configured.
3 Raisecom(config)#ip dhcp (Optional) enable DHCP Snooping on the
snooping port-list { all | interface.
port-list }
By default, it is enabled.
4 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
5 Raisecom(config-port)#ip Configure the trusted interface of DHCP
dhcp snooping trust Snooping.
By default, the ISCOM2828F does not trust
DHCP packets received on the interface.
6 Raisecom(config-port)#exit (Optional) configure DHCP Snooping to
Raisecom(config)#ip dhcp support Option 82 feature.
snooping information option

3.6.5 Checking configurations


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#show ip dhcp Show configurations of DHCP Snooping.
snooping
2 Raisecom#show ip dhcp Show information about the DHCP Snooping
snooping binding binding table.

3.6.6 Example for configuring DHCP Snooping

Networking requirements
As shown in Figure 3-9, the switch is used as the DHCP Snooping device. The network
requires the DHCP client to obtain the IP address from a legal DHCP server and supports
Option82 to facilitate client management; you can configure circuit ID sub-Option
information on Port 3 as raisecom, and remote ID sub-option as user01.

Raisecom Technology Co., Ltd. 92


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Figure 3-9 DHCP Snooping networking application

Configuration steps
Step 1 Configure global DHCP Snooping.

Raisecom#config
Raisecom(config)#ip dhcp snooping

Step 2 Configure the trusted interface.

Raisecom(config)#interface port 1
Raisecom(config-port)#ip dhcp snooping trust
Raisecom(config-port)#quit

Step 3 Configure DHCP Snooping to Option 82 function and configure the field Option 82.

Raisecom(config)#ip dhcp snooping information option


Raisecom(config)#ip dhcp information option remote-id string user01
Raisecom(config)#interface port 3
Raisecom(config-port)#ip dhcp information option circuit-id raisecom

Checking results
Use the show ip dhcp information option command to check whether DHCP snooping is
correctly configured.

Raisecom#show ip dhcp information option

Raisecom Technology Co., Ltd. 93


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

DHCP Option Config Information


Attach-string: raisecom
Remote-ID Mode: string
Remote-ID String: user01
Port: 3 Circuit ID: raisecom

3.7 DHCP Option


3.7.1 Introduction
DHCP transmits control information and network configuration parameters through option
fields in the packet to realize dynamical assignment of IP addresses and provide abundant
network configuration information for clients. DHCP protocol has 255 kinds of options, and
the final option is 255. Frequently used DHCP options are listed as below.

Table 3-2 DHCP options


Options Description
3 Router option, to assign gateway for DHCP client
6 DNS server option, to assign DNS server address distributed by DHCP client
18 DHCP client flag option, to assign interface information for DHCP client
51 IP address lease option
53 DHCP packet type, to mark type for DHCP packets
55 Request parameter list option. Client uses this optical to indicate network
configuration parameters need to obtain from server. The content of this
option is values corresponding to client requested parameters.
60 Vendor ID option. The client and DHCP server can distinguish the vendor of
the client by this option. The DHCP server can assign IP addresses in a
specified range to client.
61 DHCP client flag option, to assign device information for DHCP client.
66 TFTP server name, to assign domain name for TFTP server distributed by
DHCP client.
67 Startup file name, to assign start up file name distributed by DHCP client.
82 DHCP client flag option, user-defined, mainly used to mark position of DHCP
client.
150 TFTP server address, to assign TFTP server address distributed by DHCP
client.
184 DHCP reserved option, at present Option184 is mainly used to carry
information required by voice calling. Through Option184 it can distribute IP
address for DHCP client with voice function and meanwhile provide voice
calling related information.

Raisecom Technology Co., Ltd. 94


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

Options Description
255 Ending option

Options 18, 61, and 82 in DHCP Option are relay agent information options in DHCP packets.
When a request packet sent by the DHCP client arrives at the DHCP server with traversing a
DHCP relay or DHCP Snooping, the DHCP relay or DHCP Snooping device adds Option
fields into the request packet.
Options 18, 61, and 82 implement the recording of DHCP client information on the DHCP
server. By using them with other software, the device can implement functions such as
limiting on the assignment of IP addresses and accounting. For example, when you use them
with IP Source Guard, the device can defend IP address+MAC address spoofing.
Option 82 can contain up to 255 sub-options. If Option82 is defined, at least one sub-option
must be defined. The ISCOM2828F supports 2 sub-option types currently: Sub-Option 1
(Circuit ID) and Sub-Option 2 (Remote ID).
 Sub-Option 1: contain the interface number of the request packet sent by the DHCP
client, the VLAN that the interface belongs to, and attaching information.
 Sub-Option 2: contain the interface MAC address (DHCP relay), bridge MAC address
(DHCP Snooping device), or customized character string contained in the request packet
sent from the DHCP client.

3.7.2 Preparing for configurations

Scenario
Options 18, 61, and 82 in DHCP Option are relay agent information options in DHCP packets.
When a request packet sent by the DHCP client arrives at the DHCP server with traversing a
DHCP relay or DHCP Snooping, the DHCP relay or DHCP Snooping device adds Option
fields into the request packet.
DHCP Options18 is used to record DHCP client information over IPv6. DHCP Options 61
and 82 fields are used to record DHCP client information over IPv4. By using them with other
software, the device can implement functions such as limiting on the assignment of IP
addresses and accounting.

Prerequisite
N/A

3.7.3 Default configurations of DHCP Option


Default configurations of DHCP Option are as below.

Function Default value


attach-string in global configuration mode Null
remote-id in global configuration mode switch-mac
circuit-id in interface configuration mode Null

Raisecom Technology Co., Ltd. 95


Raisecom
ISCOM2828F (D) Configuration Guide 3 IP services

3.7.4 Configuring DHCP Option field


Configure DHCP snooping over IPv4 on the ISCOM2828F as below.
All the following steps are optional and in no sequence.

Step Command Description


1 Raisecom#config Enter global
configuration mode.
2 Raisecom(config)#ip dhcp information option (Optional) configure
attach-string attach-string attanching information
for Option 82 field.
3 Raisecom(config)#interface port port-id (Optional) configure
Raisecom(config-port)#ip dhcp information circuit ID sub-option
option circuit-id circuit-id information for Option
82 field on the interface.
4 Raisecom(config-port)#exit (Optional) configure
Raisecom(config)#ip dhcp information option remote ID sub-option
remote-id { client-mac | client-mac-string information for Option
| hostname | switch-mac | switch-mac-string 82 field.
| string string }

3.7.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ip dhcp Show configurations of DHCP Option
information option field.

Raisecom Technology Co., Ltd. 96


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

4 QoS

This chapter introduces basic principle and configuration of QoS and provides related
configuration examples, including the following sections:
 Introduction
 Configuring basic QoS
 Configuring traffic classification and traffic policy
 Configuring priority mapping
 Configuring congestion management
 Configuring rate limiting based on interface and VLAN
 Configuring examples

4.1 Introduction
With the increasing rich types of network applications, users make different demands on
service qualities for network applications. So network resources should be distributed and
scheduled properly according to customers' demands. Quality of Service (QoS) can ensure the
realtime and integrity of services and guarantee the whole network to run high efficiently
when the network is overloaded or congested.
QoS is composed of the following flow management technologies:
 Service model
 Priority trust
 Traffic classification
 Traffic policy
 Priority mapping
 Congestion management

4.1.1 Service model


QoS technical service models:
 Best-effort Service
 Integrated Service (Int-Serv)

Raisecom Technology Co., Ltd. 97


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

 Differentiated Services (DiffServ)

Best-effort service
Best-effort service is the most basic and simplest service model over store and forward
mechanism Internet (IPv4 standard). In Best-effort service model, the application program can
send any number of packets at any time without permitting in advance and notifying the
network. For Best-effort service, the network will send packets as possible as it can, but
cannot guarantee the delay and reliability.
Best-effort is the default Internet service model now, applying to most network applications,
such as FTP, E-mail, etc. which is achieved by First In First Out (FIFO) queue.

Integrated Service
Int-Serv model can meet various QoS requirements through the Resource Reservation
Protocol (RSVP). RSVP operates on every device from the source end to the destination end.
You can monitor each data flow to avoid the device to consume too much resource. This
model can clearly differentiate and ensure the service quality of each service flow, thus
providing the finest-granularity service quality differentiation.
Inter-Serv mode imposes high requirements on the device. When the amount of data flow on
the network is too large, storage and processing performance of the device will undergo a lot
of pressure. Moreover, Inter-Serv model is poor in expandability, so it is difficult to be
implemented on the core network of the Internet.

Differentiated Service
DiffServ model is a multi-service model, which can satisfy different QoS requirements.
DiffServ model does not need to maintain state for each flow. It provides differentiated
services according to the QoS classification of each packet. Many different methods can be
used for QoS packet classification, such as IP packet priority (IP precedence), the packet
source address or destination address and so on.
Generally, DiffServ is used to provide end to end QoS services for a number of important
applications, which is achieved mainly through the following techniques:
 Committed Access Rate (CAR): CAR refers to classify the packets according to the pre-
set packets matching rules, such as IP packets priority, the packet source address or
destination address, etc. Continue to send the packets if the flow is in line with the rules
of token bucket. If it is beyond the specified flow, discard the packets or remark IP
precedence, DSCP, EXP, etc. CAR not only can control the flows, but also mark and
remark the packets.
 Queue technology: the queuing technologies of SP, WRR, SP+WRR cache and schedule
the congestion packets to achieve congestion management.

4.1.2 Priority trust


Priority trust refers to the ISCOM2828F uses priority of packets for classification and
performs QoS management.
The device supports packet priority trust based on interface, including:
 Differentiated Services Code Point (DSCP) priority
 Class of Service (CoS) priority

Raisecom Technology Co., Ltd. 98


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

 Interface priority

4.1.3 Traffic classification


Traffic classification refers to identifying certain packets according to specified rules and
performing different QoS policies on packets matched with different rules. Traffic
classification is the premise and basis for differentiated services.
The ISCOM2828F supports traffic classification based on the IP priority, DSCP priority, and
CoS priority over IP packets, as well as the classification based on the Access Control List
(ACL) rule and VLAN ID. The traffic classification procedure is shown below.

Figure 4-1 Traffic classification

IP priority and DSCP priority


Figure 4-2 shows the structure of IP packet header. An 8-bit ToS field is contained in this
packet. In RFC1349, the first 3 bits of the ToS field represent the ToS priority, ranging from 0
to 7. In RFC2474, the ToS field is re-defined. The first 6 bits (0–5 bits) represent the priority
of IP packets, which is called DSCP priority, ranging from 0 to 63. The last 2 bits (6 and 7 bits)
are reserved bits. Figure 4-3 shows the structures of ToS and DSCP priorities.

Figure 4-2 Structure of IP packet head

Figure 4-3 Structure of IP priority and DSCP priority

Raisecom Technology Co., Ltd. 99


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

CoS priority
IEEE802.1Q-based VLAN packets are modifications of Ethernet packets. A 4-byte 802.1Q
header is added between the source MAC address and protocol type, as shown in Figure 4-4.
The 802.1Q header consists of a 2-byte Tag Protocol Identifier (TPID) filed with the value of
0x8100 and a 2-byte Tag Control Information (TCI) field.

Figure 4-4 Structure of VLAN packet


The first 3 bits of the TCI field represent the CoS priority, which ranges from 0 to 7, as shown
in Figure 4-5. The CoS priority is used to ensure service quality on the Layer 2 network.

Figure 4-5 Structure of CoS priority packet

4.1.4 Traffic policy


After performing traffic classification on packets, you need to perform different operations on
packets of different categories. A traffic policy is formed when traffic classifiers are bound to
traffic behaviours.

Rate limiting
Rate limiting refers to limiting network traffics. Rate limiting is used to control the rate of
traffic on the network. By discarding the traffic that exceeds the rate, you can control the
traffic within a reasonable range. Therefore, network resources and Carrier's benefits are
protected.
The ISCOM2828F supports rate limiting based on traffic policy on the ingress interface.
Moreover, the ISCOM2828F supports using token bucket for rate limiting, including single-
token bucket and dual-token bucket.

Re-direction
Redirection refers that a packet is not forwarded according to the mapping relationship
between the original destination address and the interface. Instead, the packet is redirected to
a specified interface for forwarding, realizing routing based on traffic policy.
The ISCOM2828F supports redirecting packets on the ingress interface to a specified
interface for forwarding.

Raisecom Technology Co., Ltd. 100


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Re-marking
Re-marking refers to re-configuring some priority fields for some packets, so that devices can
re-classify packets based on their own standards. In addition, downstream nodes can provide
differentiated QoS services depending on re-marking information.
The ISCOM2828F supports re-marking the following priority fields for packets:
 IP priority of IP packets
 DSCP priority
 CoS priority

Traffic statistics
Traffic statistics is used to take statistics of data packets of specified service flow, which is the
number of passed and discarded packets and bytes in packets matched with the traffic
classification.
Traffic statistics is not a QoS control measuret, but it can be used in combination with other
QoS actions to improve network supervision.

4.1.5 Priority mapping


Priority mapping refers to sending packets to different queues with different local priorities
according to pre-configured mapping relationship between external priority and local priority.
Therefore, packets in different queues can be scheduled on the egress interface.
The ISCOM2828F supports priority mapping over DSCP priority or CoS priority.
By default, the mapping relationship between the local priority and DSCP priority, local
priority and CoS priority is shown as below.

Table 4-1 Mapping relationship of local priority, DSCP priority, and CoS priority
Local priority 0 1 2 3 4 5 6 7

DSCP 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63

CoS 0 1 2 3 4 5 6 7

Local priority refers to a kind of packet priority with internal meaning assigned by the
ISCOM2828F, i.e. the priority corresponding to queue in QoS queue scheduling.
Local priority ranges from 0 to 7. Each interface of the ISCOM2828F supports eight queues.
The local priority and interface queue is in one-to-one corresponding relationship. Packets can
be sent to assigned queue according to the mapping relationship between the local priority and
queue, as shown below.

Raisecom Technology Co., Ltd. 101


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Table 4-2 Mapping between local priority and queue


Local priority 0 1 2 3 4 5 6 7

Queue 1 2 3 4 5 6 7 8

4.1.6 Congestion management


Devices need to perform queue scheduling when delay-sensitive services need better QoS
services than non-delay-sensitive services and when the network is congested once in a while.
Queue scheduling adopts different scheduling algorithms to transmit packet flows in queue.
Algorithms supported by the ISCOM2828F includess Strict Priority (SP), Weight Round
Robin (WRR), and SP+WRR. All scheduling algorithms are designed for addressing specified
traffic problems. And they have different effects on bandwidth distribution, delay, and jitter.
 SP: the device strictly schedules packets in a descending order of priority. Packets with
lower priority cannot be scheduled until packets with higher priority are scheduled, as
shown below.

Figure 4-6 SP scheduling


 WRR: on the basis of scheduling packets in a polling manner according to the priority,
the device schedules packets according to the weight of the queue, as shown below.

Raisecom Technology Co., Ltd. 102


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Figure 4-7 WRR scheduling


 SP+WRR: a scheduling mode combining the SP scheduling and WRR scheduling. In this
mode, queues on an interface are divided into 2 groups. You can specify the queues
where SP scheduling/WRR scheduling is performed.

4.1.7 Rate limiting based on interface and VLAN


Besides rate limiting based on the traffic policy, the ISCOM2828F also supports rate limiting
based on the interface or VLAN ID. Similar to rate limiting based on the traffic policy, the
ISCOM2828F discards traffic whose rate exceeds the threshold in this 2 modes.

4.2 Configuring basic QoS


4.2.1 Preparing for configurations

Scenario
QoS enables the carrier to provide different service qualities for different applications, and
assign and schedule different network resources.

Prerequisite
N/A

4.2.2 Default configurations of basic QoS


Default configurations of basic QoS are as below.

Function Default value


Global QoS status Enable

Raisecom Technology Co., Ltd. 103


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

4.2.3 Enabling global QoS


Enable global QoS function for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mls qos enable Enable global QoS.

4.2.4 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show mls qos Show global QoS status.

4.3 Configuring traffic classification and traffic policy


4.3.1 Preparing for configurations

Scenario
Traffic classification is the basis of QoS. You can classify packets from the upstream device
according to the priorities and ACL rules. After classification, the ISCOM2828F can perform
corresponding operations on packets in different categories and provide corresponding
services.
Traffic classification configuration will not take effect until you bind it to the traffic policy.
Applying the traffic policy is related to the current network loading condition and phase.
Generally, traffic rate is limited according to the committed rate when it enters the network;
and priority is remarked according to service features of packets.

Prerequisite
Enable global QoS.

4.3.2 Default configurations of traffic classification and traffic policy


The default configuration of traffic classification and traffic policy is as below.

Function Default value


Traffic policy statistics function status Disable

Raisecom Technology Co., Ltd. 104


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

4.3.3 Creating traffic classification


Configure to create traffic classification on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#class-map Create traffic classification and enter
class-map-name [ match-all | traffic classification cmap configuration
match-any ] mode.
3 Raisecom(config- (Optional) describe traffic classification.
cmap)#description string

4.3.4 Configuring traffic classification rules


Configure traffic classification rules on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#class-map Create traffic classification and enter
class-map-name [ match-all | traffic classification cmap configuration
match-any ] mode.
3 Raisecom(config-cmap)#match (Optional) configure traffic classification
{ access-list-map | ip- over ACL rule. The ACL rule must be
access-list | mac-access- defined firstly and the type must be
list } acl-number permit.
4 Raisecom(config-cmap)#match (Optional) configure traffic classification
class-map class-map-name over traffic classification rule. The
pursuant traffic classification must be
created and the matched type must be
identical with the traffic classification
type.
5 Raisecom(config-cmap)#match (Optional) configure traffic classification
ip dscp dscp-value over DSCP rules.
6 Raisecom(config-cmap)#match (Optional) configure traffic classification
ip precedence precedence- over IP priority.
value
7 Raisecom(config-cmap)#match (Optional) configure traffic classification
vlan vlan-list [ double- over VLAN ID rule of VLAN packets.
tagging inner ]

 When the matched type of a traffic classification is match-all, the configuration


may fail since the matched information may conflict.

Raisecom Technology Co., Ltd. 105


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

 You should configure corresponding rules for traffic classification, that is, perform
match configuration.
 For traffic classification quoted by the traffic policy, you cannot modify the traffic
classification rule, that is, you cannot modify the match parameter of traffic
classification.

4.3.5 Creating token bucket and rate limiting rules


Create rate limiting rules on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#mls qos { aggregate- Create the token bucket and
policer | class-policer | single- configure rate limiting rules.
policer } policer-name rate-value
burst-value [ exceed-action { drop |
policed-dscp-transmit dscp-value ]

4.3.6 Creating traffic policy


Create the traffic policy on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#policy-map Create the traffic policy and enter
policy-map-name traffic policy pmap configuration
mode.
3 Raisecom(config- (Optional) configure traffic policy
pmap)#description string information.

4.3.7 Defining traffic policy mapping

You can define one or more traffic classifications into one traffic policy.
Define traffic policy mapping on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#policy- Create traffic policy and enter traffic policy
map policy-map-name pmap configuration mode.

Raisecom Technology Co., Ltd. 106


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Step Command Description


3 Raisecom(config- Bind traffic classification into traffic policy;
pmap)#class-map class- only apply traffic policy to packets matching
map-name with traffic classification.

At least one rule is necessary for traffic


classification to bind traffic policy;
otherwise the binding will fail.

4.3.8 Defining traffic policy operations

Define different operations to different flows in the policy.


Define traffic policy operations on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#poli
Create the traffic policy and enter traffic policy
cy-map policy-map-
pmap configuration mode.
name
3 Raisecom(config- Bind traffic classification into traffic policy; only
pmap)#class-map apply traffic policy to packets matching with traffic
class-map-name classification.

At least one rule is necessary for traffic


classification to bind traffic policy; otherwise
the binding will fail.
4 Raisecom(config-pmap- (Optional) apply token bucket on traffic policy and
c)#police policer- take rate limiting and shaping.
name

Create the token bucket in advance, and


configure rate limiting and shaping rules;
otherwise, the operation will fail.
5 Raisecom(config-pmap- (Optional) configure re-direction rules under traffic
c)#redirect-to port classification and forward classified packets from
port-id the assigned interface.

Raisecom Technology Co., Ltd. 107


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Step Command Description


6 Raisecom(config-pmap-
c)#set { cos cos-
(Optional) configure re-mark rules under traffic
value | ip precedence
classification; modify packet CoS priority, DSCP
precedence-value | ip
priority, IP priority, and VLAN ID.
dscp ip-dscp-value |
vlan vlan-id }
7 Raisecom(config-pmap- (Optional) configure flow mirroring to the monitor
c)#copy-to-mirror port.
8 Raisecom(config-pmap- (Optional) configure the flow statistical rule under
c)#statistics enable traffic classification and enable statistics of packet
flows which are matched with the traffic
classification.

4.3.9 Applying traffic policy to interfaces


Configure to apply traffic policy to interface on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#service-policy policy- Bind the configured traffic
name ingress port-id policy with the interface.

4.3.10 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show service-policy Show traffic policy function status
statistics [ port port-id ] and the applied policy statistics.
2 Raisecom#show class-map [ class- Show traffic classification
map-name ] information.
3 Raisecom#show policy-map [ policy- Show traffic policy information.
map-name ]
4 Raisecom#show policy-map [ policy- Show traffic classification
map-name ] [ class class-map-name ] information in traffic policy.
5 Raisecom#show mls qos policer Show assigned token bucket (rate
[ policer-name ] limiting and shaping) information.
6 Raisecom#show mls qos policer Show assigned type token bucket
[ aggregate-policer | class-policer (rate limiting and shaping)
| single-policer ] information.

Raisecom Technology Co., Ltd. 108


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

No. Command Description


7 Raisecom#show policy-map port Show traffic policy application
[ port-id ] information on the interface.
8 Raisecom#show mls qos queue-rate Show rate limiting on the
[ port-list port-list ] interface.

4.3.11 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear service-policy statistics Clear statistics
[ egress port-id [ class-map class-map-name ] | ingress of QoS packets.
port-id [ class-map class-map-name ] | port port-id ]

4.4 Configuring priority mapping


4.4.1 Preparing for configurations

Scenario
You can choose to trust priorities of the packets sent form the upstream device. For packets
whose priorities are distrusted, they are processed according to the traffic classification and
policy. After being configured with the priority trust mode, the ISCOM2828F processes
packets according to their priorities and provides related service.
To specify local priorities for packets is the prerequisite for queue scheduling. For packets
from the upstream device, you can not only map the external priority carried by packets to
different local priorities, but also directly configure local priorities for packets based on the
interface, and then the ISCOM2828F will perform queue scheduling according to local
priorities of packets. Generally, IP packets need to be configured with the mapping
relationship between the IP priority/DSCP priority and local priority; while VLAN packets
need to be configured with the mapping relationship between the CoS priority and local
priority.

Prerequisite
N/A

4.4.2 Default configurations of basic QoS


Default configurations of basic QoS are as below.

Function Default value


Interface-trusted priority type Trust CoS priority

Raisecom Technology Co., Ltd. 109


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Function Default value


Mapping from CoS to local priority See Table 4-3.
Mapping from DSCP to local priority See Table 4-4.
Interface priority 0

Table 4-3 Default CoS to local priority and color mapping relationship
CoS 0 1 2 3 4 5 6 7

Local 0 1 2 3 4 5 6 7

Table 4-4 Default DSCP to local priority and color mapping relationship
DSCP 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63

Local 0 1 2 3 4 5 6 7

4.4.3 Configuring interface-trusted priority type


Configure interface-trusted priority type for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#mls qos Configure default priority on the
port-priority priority interface.
4 Raisecom(config-port)#mls qos Configure the interface-trusted
trust { cos | dscp | port- priority type.
priority }

4.4.4 Configuring CoS to local priority


Configure mapping CoS to local priority for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mls qos mapping Create mapping from CoS to local
cos cos-value to localpriority priority.
priority

Raisecom Technology Co., Ltd. 110


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

4.4.5 Configuring mapping from DSCP to local priority


Configure mapping from DSCP to local priority for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mls qos Create mapping from DSCP to local
mapping dscp dscp-value to priority.
local-priority priority

4.4.6 Configuring mapping from local priority to DSCP


Configure mapping from local priority to DSCP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#policy-map Create traffic policy and enter traffic
policy-map-name policy pmap configuration mode.
3 Raisecom(config-pmap)#class- Bind traffic classification with traffic
map class-map-name policy, and apply traffic policy to those
packets that match traffic classification.
4 Raisecom(config-pmap-c)#set Configure local priority in pcmp-c
local-priority priority mode, and return to global configuration
Raisecom(config-pmap-c)#exit mode.
Raisecom(config-pmap)#exit
5 Raisecom(config)#mls qos Create mapping from local priority to
mapping local-priority DSCP.
priority to dscp dscp-value

4.4.7 Configuring all-traffic modification on interface


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mls qos Enable mapping from local priority to
mapping local-priority to dscp DSCP.
enable
3 Raisecom(config)#mls qos non- Configure the port list for disabling all-
modify port port-list traffic modification.

4.4.8 Configuring specific-traffic modification


Configure the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 111


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#policy-map Create traffic policy and enter traffic
policy-map-name policy pmap configuration mode.
3 Raisecom(config-pmap)#class- Bind traffic classification with traffic
map class-map-name policy, and apply traffic policy to those
packets that match traffic classification.
4 Raisecom(config-pmap-c)#modify Enable specific-traffic modification.
enable

4.4.9 Configuring CoS copying


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- (Optional) enable basic QinQ functions.
port)#switchport qinq dot1q-
tunnel
4 Raisecom(config- (Optional) enable selective QinQ
port)#switchport vlan-mapping functions.
vlan-id add-outer vlan-id
5 Raisecom(config- (Optional) enable VLAN mapping.
port)#switchport vlan-mapping
ingress vlan-id translate
vlan-id
6 Raisecom(config-port)#exit Return to global configuration mode.
7 Raisecom(config)#mls qos cos- Enable CoS copying.
remark enable

4.4.10 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show mls qos Show global QoS status.
2 Raisecom#show mls qos port Show interface QoS priority, and trust
[ port-id ] mode information.
3 Raisecom#show mls qos mapping Show information about mapping from
cos CoS to local priority.

Raisecom Technology Co., Ltd. 112


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

No. Command Description


4 Raisecom#show mls qos mapping Show information about mapping from
dscp DSCP to local priority.
5 Raisecom#show mls qos mapping Show information about mapping from
localpriority local priority to queue.
6 Raisecom#show mls qos Show information about mapping from
localpriority-to-dscp local priority to DSCP.

4.5 Configuring congestion management


4.5.1 Preparing for configurations

Scenario
When the network is congested, you can configure queue scheduling if you intend to:
 Balance delay and delay jitter of various packets, preferentially process packets of key
services (like video and voice).
 Fairly process packets of secondary services (like E-mail) with identical priority.
 Process packets of different priorities according to respective weight values.
To choose what scheduling algorithm depends on the current service condition and customer
requirements.

Prerequisite
Enable global QoS.

4.5.2 Default configurations of congestion management


Default configurations of congestion management are as below.

Function Default value


Queue scheduling mode SP
Queue weight WRR weight for scheduling 8 queues is 1.

4.5.3 Configuring SP scheduling


Configure SP scheduling on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 113


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Step Command Description


2 Raisecom(config)#mls qos Configure interface queue scheduling
queue scheduler sp mode as SP.

4.5.4 Configuring WRR or SP+WRR scheduling


Configure WRR or SP+WRR scheduling on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mls qos Configure interface queue scheduling
queue scheduler wrr mode as WRR.
3 Raisecom(config-port)#mls Configure weight for each queue.
qos queue wrr weigh1 weight2
weight3…weight8 Perform SP scheduling when the priority
of a queue is 0.

4.5.5 Configuring queue transmission rate


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config-port)#mls qos Configure interface-based queue
queue-rate [ queue-list transmission rate.
queue-list ] min rate-limit
max rate-limit

4.5.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show mls qos port Show QoS priority and trust mode on the
[ port-id ] interface.
2 Raisecom#show mls qos queue Show queue weight information.
3 Raisecom#show mls qos Show interface-based queue transmission
queue-rate [ port-list rate.
port-list ]

Raisecom Technology Co., Ltd. 114


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

4.6 Configuring rate limiting based on interface and VLAN


4.6.1 Preparing for configurations

Scenario
When the network is congested, you can configure rate limiting based on the interface or
VLAN if you intend to restrict the burst flow on a specified interface or VLAN to make
packets be sent at a well-proportioned rate and relieve the congestion.

Prerequisite
Create the related VLAN before configuring rate limiting based on VLAN or QinQ.

4.6.2 Configuring rate limiting based on interface


Configure rate limiting based on interface on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global
configuration mode.
2 Raisecom(config)#rate-limit port-list { all Configure rate limiting
| port-list } { egress | ingress } rate- based on interface.
value [ burst-value ]
Raisecom(config)#rate-limit port-list { all
| port-list } both rate-value

4.6.3 Configuring rate limiting based on VLAN


Configure rate limiting based on VLAN on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#rate-limit vlan (Optional) configure rate limiting
vlan-id rate-value burst-value based on VLAN.
[ statistics ]

4.6.4 Configuring rate limiting based on QinQ


Configure rate limiting based on QinQ on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 115


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Step Command Description


2 Raisecom(config)#rate-limit double- (Optional) configure rate limiting
tagging-vlan outer { outer-vlan-id based on QinQ.
| any } inner { inner-vlan-id |
any } rate-value burst-value
[ statistics ]

4.6.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show rate-limit port-list Show configurations of rate
[ port-list ] limiting on specified interfaces.
2 Raisecom#show rate-limit vlan Show configurations of rate
limiting based on VLAN.

4.6.6 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear rate-limit Clear statistics of packet loss due to
statistics vlan [ vlan-id ] rate limiting based on VLAN.

4.7 Configuring examples


4.7.1 Example for configuring congestion management

Networking requirements
As shown below, the user uses voice, video, and data services.
CoS priority of the voice service is 5; CoS priority of the video service is 4; CoS priority of
the data service is 2. CoS priorities 5, 4, and 2 of these three kinds of services are mapped to
local priorities 6, 5, and 2 respectively.
It is easy for Switch A to have congestion. To reduce network congestion, you need to make
following rules according to different services types:
 For voice services, perform SP scheduling to make sure that this part of flow passes
through in priority.
 For video services, perform WRR scheduling, with the weight value of 50.

Raisecom Technology Co., Ltd. 116


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

 For data services, perform WRR scheduling, with the weight value of 20.

Figure 4-8 Queue scheduling networking

Configuration steps
Step 1 Configure interface priority trust mode.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#mls qos enable
SwitchA(config)#interface port 2
SwitchA(config-port)#mls qos trust cos
SwitchA(config-port)#quit

Step 2 Configure mapping profile between CoS priority and local priority.

SwitchA(config)#mls qos mapping cos 5 to local-priority 6


SwitchA(config)#mls qos mapping cos 4 to local-priority 5
SwitchA(config)#mls qos mapping cos 2 to local-priority 2

Step 3 Configure to perform SP+WRR scheduling on Port 1 in egress direction.

SwitchA(config)#mls qos queue wrr 1 1 20 1 1 50 0 0

Checking results
Show interface priority trust mode.

SwitchA#show mls qos port 2


Port Priority Trust Flow Modify
-----------------------------------------------------------
2 0 Cos Enable

Raisecom Technology Co., Ltd. 117


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Check whether mapping relationship between Cos priority and local priority is correctly
configured.

SwitchA#show mls qos mapping cos


CoS-LocalPriority Mapping:

CoS: 0 1 2 3 4 5 6 7
----------------------------------------------
LocalPriority: 0 1 2 3 5 6 6 7

SwitchA#show mls qos mapping localpriority


LocalPriority-Queue Mapping:
LocalPriority: 0 1 2 3 4 5 6 7
----------------------------------------------------
Queue: 1 2 3 4 5 6 7 8

Check whether queue scheduling is correctly configured on the interface.

SwitchA#show mls qos queue


Queue Weight(WRR)
-------------------------
1 1
2 1
3 20
4 1
5 1
6 50
7 0
8 0

4.7.2 Example for configuring rate limiting based on interface

Networking requirements
As shown below, User A, User B, and User C are respectively connected to the Switch,
namely, the ISCOM2828F, through the Switch A, Switch B, and Switch C.
User A requires voice and video services; User B requires voice, video, and data services;
User C requires video and data services.
According to service requirements, user needs to make rules as below:
 For User A, provide 25 Mbit/s assured bandwidth, permitting burst flow 100 KB and
discarding redundant flow.
 For User B, provide 35 Mbit/s assured bandwidth, permitting burst flow 100 KB and
discarding redundant flow.
 For User C, provide 30 Mbit/s assured bandwidth, permitting burst flow 100 KB and
discarding redundant flow.

Raisecom Technology Co., Ltd. 118


Raisecom
ISCOM2828F (D) Configuration Guide 4 QoS

Figure 4-9 Configuring rate limiting based on interface

Configuration steps
Step 1 Configure rate limiting based on interface.

Raisecom#config
Raisecom(config)#rate-limit port-list 2 ingress 25000 100
Raisecom(config)#rate-limit port-list 3 ingress 35000 100
Raisecom(config)#rate-limit port-list 4 ingress 30000 100

Checking results
Use the show rate-limit interface-type interface-number command to show rate limiting
configurations based on the interface.

Raisecom#show rate-limit port-list 2-4


I-Rate: Ingress Rate
I-Burst: Ingress Burst
E-Rate: Egress Rate
E-Burst: Egress Burst

Port I-Rate(kbps) I-Burst(kB) E-Rate(kbps) E-Burst(kB)


----------------------------------------------------------------
2 24992 100 0 0
3 34976 100 0 0
4 29984 100 0 0

Raisecom Technology Co., Ltd. 119


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

5 Multicast

This chapter introduces basic principle and configuration of multicast and provides related
configuration examples, including the following sections:
 Overview
 Configuring IGMP Snooping
 Configuring MVR
 Configuring MVR Proxy
 Configuring IGMP filtering
 Maintenance
 Configuration examples

5.1 Overview
With the continuous development of Internet, various interacting network data, voice, and
video will become more and more. On the other hand, the emerging e-commerce, online
meetings, online auctions, Video on Demand (VoD), distance learning, and other services also
rise gradually. These services come up with higher requirements for network bandwidth,
information security, and costs. Traditional unicast and broadcast cannot meet these
requirements well, while multicast has met them timely.
Multicast is a point to multipoint data transmission method. The method can effectively solve
the single point sending and multipoint receiving problems. During the network packet
transmission, it can save network resources and improve information security.

Basic concepts in multicast


 Multicast group
Multicast group refers to the recipient set using the same IP multicast address identification.
Any user host (or other receiving device) will become a member of the group after joining the
multicast group. They can identify and receive multicast data with the destination address of
IP multicast address.
 Multicast group members

Raisecom Technology Co., Ltd. 120


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

All hosts joined a multicast group will become a member of the multicast group. Multicast
group members are dynamic, hosts can join or leave multicast group at any time. Group
members may be widely distributed in any part of the network.
 Multicast source
Multicast source refers to a server which regards multicast group address as the destination
address to send IP packet. A multicast source can send data to multiple multicast groups;
multiple multicast sources can send to a multicast group.
 Multicast router
The router that supports Layer 3 multicast is called the multicast router. Multicast router can
achieve multicast routing, guide multicast packet forwarding and provide multicast group
management function to distal network segment connecting with users.
 Router interface
The router interface is also called source interface. It refers to the interface toward multicast
router between multicast router and the host. The ISCOM2828F receives multicast packets
from this interface.
 Member interface
Known as the receiving interface, the member interface is the interface toward host between
multicast router and the host. The ISCOM2828F sends multicast packets from this interface.

Multicast address
In order to make multicast source and multicast group members communicate across the
Internet, you need to provide network-layer multicast address and link-layer multicast address,
i.e. IP multicast address and multicast MAC address. Note: multicast address only can be
destination address, but not source address.
 IP multicast address
IANA (Internet Assigned Numbers Authority) assigns Class D address space to IPv4 multicast;
the range of IPv4 multicast address is from 224.0.0.0 to 239.255.255.255.
 Multicast MAC address
When Ethernet transmits unicast IP packet, the destination MAC address will use the recipient
MAC address. However, when multicast packets are in transmission, the destination is no
longer a specific receiver, but a group with uncertain member, so it needs to use multicast
MAC address.
Multicast MAC address for link layer identifies the receiver of the same multicast group.
According to IANA, the high 24-bit of multicast MAC address are 0x01005E, the 25-bit is
fixed 0, the 23-bit corresponds to the low 23-bit of IPv4 multicast address.
The mapping relation between IP multicast address and MAC address is shown below.

Raisecom Technology Co., Ltd. 121


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Figure 5-1 Mapping relation between IPv4 multicast address and multicast MAC address
Since the first 4 bits of IP multicast address are 1110, indicating multicast identification. In the
last 28bits, only 23 bits are mapped to the multicast MAC address. And the missing 5 bits
information will make 32 IP multicast addresses map to the same multicast MAC address.
Therefore, in Layer 2, the ISCOM2828F may receive some other data out of IPv4 multicast
group, and these extra multicast data need to be filtered by the upper device.

Supported multicast features


The ISCOM2828F supports the following multicast features:
 Internet Group Management Protocol Snooping (IGMP) Snooping
 Multicast VLAN Registration (MVR)
 MVR Proxy
 IGMP filtering

 MVR Proxy is usually used with MVR.


 IGMP filtering can be used with IGMP Snooping or MVR.

5.1.2 IGMP Snooping


Internet Group Management Protocol Snooping (IGMP Snooping) is multicast constraining
mechanism running on Layer-2 devices, used for multicast group management and control
and achieve Layer 2 multicast.
IGMP Snooping allows a Layer 2 device to monitor IGMP session between hosts and
multicast routers. When monitoring a group of IGMP Report from host, the Layer 2 device
will add host-connected interface to the forwarding entry of this group. Similarly, when
forwarding entry reaches aging time, the Layer 2 device deletes host-connected interface from
forwarding entry.
IGMP Snooping forwards multicast data by Layer 2 multicast forwarding entry. When
receiving multicast data, the Layer 2 device forwards them directly according to the
corresponding receiver interface of multicast forwarding entry, but not flood to all interfaces,
so as to save the switch bandwidth effectively.
IGMP Snooping establishes Layer 2 multicast forwarding entry, which can be learnt
dynamically or configured manually.

Raisecom Technology Co., Ltd. 122


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Currently, the switch supports up to 1024 Layer 2 multicast entries.

5.1.3 MVR
MVR is a multicast constraining mechanism running on Layer 2 devices, used for managing
and controlling multicast groups and achieving Layer 2 multicastst.
MVR adds member interfaces belonging to different user VLANs on the Layer device to
multicast VLAN by configuring multicast VLAN and makes different VLAN user use one
common multicast VLAN, then the multicast data will be transmitted only in one multicast
VLAN without copying one for each user VLAN, thus saving bandwidth. At the same time,
multicast VLAN and user VLAN are completely isolated, which also increases the security.
Both MVR and IGMP Snooping can achieve Layer 2 multicast, but the difference is that
multicast VLAN in IGMP Snooping is the same with the user VLAN, while multicast VLAN
in MVR can be different from the user VLAN.

One switch can be configured with up to 10 multicast VLANs and at least one
multicast VLAN as well as the multicat address set. It supports up to 1024 multicast
groups.

5.1.4 MVR Proxy


MVR Proxy is a MVR protocol proxy mechanism. It runs on Layer 2 devices to assist in
managing and controlling multicast groups. MVR Proxy can terminate IGMP packets. It
works as a host for upstream devices and as a multicast router for downstream devices.
The Layer 2 network device after the MVR Proxy feature is enabled has two identities:
 On the user side, it is a query builder and undertakes the role of Server, sending Query
packets to periodically check user information, and dealing with the Report and Leave
packets sent from users.
 On the network routing side, it is a host and undertakes the role of Client, responding the
multicast router Query packets and sending Report and Leave packets. It also sends the
current user information to the network when needed.
The proxy mechanism can control and access user information effectively, and reduce the
network side protocol packets and network load at the same time.
MVR Proxy establishes the multicast forwarding table by blocking IGMP packets between
users and the multicast router.

MVR Proxy is usually used with MVR.


The following concepts are related to MVR Proxy.
 IGMP packet suppression
IGMP packet suppression refers that the Layer 2 device filters identical Report packets. When
receiving Report packets from a multicast group member in a query interval, the Layer 2

Raisecom Technology Co., Ltd. 123


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

device sends the first Report packet to the multicast router only rather than other identical
Report packets, to reduce packet quantity on the network.

When MVR is enabled, IGMP packet suppression can be enabled or disabled


respectively.
 IGMP Querier
If a Layer 2 device is enabled with this function, it can actively send IGMP query packets to
query information about multicast members on the interface. If it is disabled with this function,
it only forwards IGMP query packets from routers.

When IGMP Snooping is enabled, IGMP Querier can be enabled or disabled


respectively.
 Source IP address of query packets sent by IGMP Querier
IGMP querier sends the source IP address of query packets. By default, the IP address of IP
interface 0 is used. If the IP address is not configured, 0.0.0.0 is used. When receiving query
packets with IP address of 0.0.0.0, some hosts take it illegal and do not respond. Thus,
specifying the IP address for the query packet is recommended.
 Query interval
It is the query interval for common groups. The query message of common group is
periodically sent by the Layer 2 device in multicast mode to all hosts in the shared network
segment, to query which multicast groups have members.
 Maximum response time for query packets
The maximum response time for query packets is used to control the deadline for reporting
member relations by a host. When the host receives query packets, it starts a timer for each
added multicast group. The value of the timer is between 0 and maximum response time.
When the timer expires, the host sends the Report packet to the multicast group.
 Interval for last member to send query packets
It is also called the specified group query interval. It is the interval for the Layer 2 device
continues to send query packets for the specified group when receiving IGMP Leave packet
for a specified group by a host.
The query packet for the specified multicast group is sent to query whether the group has
members on the interface. If yes, the members must send Report packets within the maximum
response time; after the Layer 2 device receives Report packets in a specie period, it continues
to maintain multicast forwarding entries of the group; If the members fail to send Report
packets within the maximum response time, the switch judges that the last member of the
multicast group has left and thus deletes multicast forwarding entries.

5.1.5 IGMP filtering


To control user access, you can set IGMP filtering. IGMP filtering contains the range of
accessible multicast groups passing filtering rules and the maximum number of groups.
 IGMP filtering rules

Raisecom Technology Co., Ltd. 124


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

To ensure information security, the administrator needs to limit the multicast users, such as
what multicast data are allowed to receive and what are not.
Configure IGMP Profile filtering rules to control the interface. One IGMP Profile can be set
one or more multicast group access control restrictions and access the multicast group
according to the restriction rules (permit and deny). If a rejected IGMP Profile filter profile is
applied to the interface, the interface will discard the IGMP report packet from this group
directly once receiving it and does not allow receiving this group of multicast data.
IGMP filtering rules can be configured on interface or VLAN.
IGMP Profile only applies to dynamic multicast groups, but not static ones.
 Limit to the maximum number of multicast group
The maximum allowed adding number of multicast group and the maximum group limitation
rule can be set on interface or interface+VLAN.
The maximum group limitation rule sets the actions for reaching the maximum number of
multicast group users added, which can be no longer allowing user adding groups, or covering
the original adding group.

IGMP filtering is usually used with MVR.

5.2 Configuring IGMP Snooping


5.2.1 Preparing for configurations

Scenario
Multiple hosts belonging to the same VLAN receive data from the multicast source. Enable
IGMP Snooping on the Layer 2 device that connects the multicast router and hosts. By
listening IGMP packets transmitted between the multicast router and hosts, creating and
maintaining the multicast forwarding table, you can implement Layer 2 multicast.

Prerequisite
Create a VLAN, and add related interfaces to the VLAN.

5.2.2 Default configurations of IGMP Snooping


Default configurations of IGMP Snooping are as below.

Function Default value


Global IGMP Snooping status Disable
VLAN IGMP Snooping status Disable
Aging time of router interface and multicast 300s
forwarding entry in IGMP Snooping

Raisecom Technology Co., Ltd. 125


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

5.2.3 Enabling global IGMP Snooping


Enable global IGMP Snooping as below.

Step Command Default value


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip igmp Enable global IGMP Snooping.
snooping

5.2.4 (Optional) enabling IGMP Snooping on VLANs


When global IGMP Snooping is enabled, IGMP Snooping is enabled on all VLANs by default.
In this situation, you can disable or re-enable IGMP Snooping on a VLAN in VLAN
configuration mode.
When global IGMP Snooping is disabled, IGMP Snooping is disabled on all VLANs by
default. In this situation, you cannot enable IGMP Snooping on a VLAN.

Configuring IGMP Snooping in VLAN configuration mode


In VLAN configuration mode, you can enable IGMP Snooping on only one VLAN at one
time.

Step Command Default value


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#vlan vlan-id Enable VLAN configuration
mode.
3 Raisecom(config-vlan)#ip igmp Enable IGMP Snooping on a
snooping VLAN.

Configuring IGMP Snooping in global configuration mode


In VLAN configuration mode, you can enable IGMP Snooping on multiple VLANs at one
time.

Step Command Default value


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip igmp snooping Enable IGMP Snooping on
vlan-list vlan-list VLANs.

5.2.5 Configuring multicast router interface


Configure the multicast router interface as below.

Raisecom Technology Co., Ltd. 126


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Step Command Default value


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip igmp snooping Configure the multicast router
mrouter vlan vlan-id port-list interface of the specified VLAN.
port-list

 IGMP Snooping can dynamically learn router interfaces (on the condition that the
multicast router is enabled with multicast route protocol, and through IGMP query
packets), or you can manually configure dynamic learning so that downstream
multicast report and leaving packets can be forwarded to the router interface.
 There is aging time for the router interface dynamically learnt and no aging time
for manually configured router interface.

5.2.6 (Optional) configuring aging time of IGMP Snooping


For IGMP Snooping, each dynamically learnt router interface initiates a timer, of which the
expiration time is the aging time of IGMP Snooping. When the timer expires, the route
interface will no longer be a router interface if it has not received IGMP Query packet, or it
updates the aging time if it receives IGMP Query packet.
Each multicast forwarding entry initiates a timer which contains the aging time of a multicast
member. The expiration time of the timer is the aging time of IGMP Snooping. When the
timer expires, the multicast member will be deleted if it has not received IGMP Report packet,
or it updates the aging time if it receives IGMP Report packet.
Configure aging time of IGMP Snooping as below.

Step Command Default value


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip igmp Configure the aging time of router
snooping timeout { period | interface and multicast forwarding entry of
infinite } IGMP Snooping.

The aging time of IGMP Snooping configured by the previous command takes effects
on all dynamically learnt router interfaces and multicast forwarding entries on the
ISCOM2828F.

5.2.7 (Optional) configuring immediate leave


For IGMP Snooping, when a user sends a Leave packet, the ISCOM2828F does not
immediately delete the corresponding multicast forwarding entry, but deletes it until the aging
time of the entry expires. when there are a great number of downstream users, and they join or
leave the network frequently, you can configure this function to immediately delete
corresponding multicast forwarding entries.

Raisecom Technology Co., Ltd. 127


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Configuring immediate leave in VLAN configuration mode


In VLAN configuration mode, you can enable immediate leave on only one VLAN at one
time.

Step Command Default value


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#vlan vlan-id Enable VLAN configuration
mode.
3 Raisecom(config-vlan)#ip igmp Configure immediate leave on the
snooping immediate-leave VLAN.

Configuring IGMP Snooping in global configuration mode


In VLAN configuration mode, you can configure immediate leave on multiple VLANs at one
time.

Step Command Default value


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip igmp snooping Configure immediate leave on
vlan-list vlan-list immediate- VLANs.
leave

5.2.8 (Optional) configuring static multicast forwarding table


An interface is added to the multicast group through the IGMP Report packet sent by a host.
Or you can manually add an interface to a multicast group.

Step Command Default value


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#mac-address-table Add interfaces to the static
static multicast mac-address vlan multicast group.
vlan-id port-list port-list

5.2.9 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ip igmp snooping Show configurations of IGMP
[ vlan vlan-id ] Snooping.

Raisecom Technology Co., Ltd. 128


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

No. Command Description


2 Raisecom#show ip igmp snooping Show information about multicast
mrouter [ vlan vlan-id ] router interface of IGMP Snooping.
3 Raisecom#show mac-address-table Show information about Layer 2
multicast [ vlan vlan-id ] multicast MAC address table.
[ count ]

5.3 Configuring MVR


5.3.1 Preparing for configurations

Scenario
Multiple hosts receive data from the multicast sources. These hosts and the multicast router
belong to different VLANs. Enable MVR on Switch A, and configure multicast VLAN. In this
way, users in different VLANs can share a multicast VLAN to receive the same multicast data,
and reduce bandwidth waste.

Prerequisite
Create VLANs and add related interfaces to VLANs.

5.3.2 Default configurations of MVR


Default configurations of MVR are as below.

Function Default value


Global MVR status Disable
Interface MVR status Disable
Multicast VLAN and group address set Null
Aging time of MVR multicast entity 600s
MVR operation mode Dynamic
Immediate leave status of MVR interface Disable

5.3.3 Configuring MVR basic information


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 129


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Step Command Description


2 Raisecom(config)#mvr Enable global MVR.
enable
3 Raisecom(config)#mvr (Optional) configure the aging time of MVR
timeout period multicast entities.
4 Raisecom(config)#mvr Configure MVR multicast VLAN.
vlan vlan-id
5 Raisecom(config)#mvr Configure group address set for multicast VLAN.
vlan vlan-id group
ip-address [ count ]

The mvr vlan vlan-id group ip-address


[ count ] command is used to configure group
address set for multicast VLAN.
If the received IGMP Report packet does not
belong to group address set of any VLAN, it
is not processed and the user cannot make
multicast traffic on demand.
6 Raisecom(config)#mvr (Optional) configure MVR operation mode.
mode { compatible |
dynamic } Wherein, the dynamic mode allows source
interfaces to dynamically join the multicast group;
the compatible mode does not allow source
interfaces to dynamically join the multicast group.
Only when the receiving interface has a member
which joins the multicast group, the source interface
can join the multicast group.

5.3.4 Configuring MVR interface information

We do not recommend configuring immediate leave on the RX interface on the


aggregation device. If multiple users are connected to the RX interface configured
with the immediate leave feature through another device, the aggregation device will
delete the RX interface when one user sends the Leave packet. As a result, other
users that are still connected to the RX interface cannot receive the multicast traffic.
Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mv Enable global MVR.
r enable
3 Raisecom(config)#in Enter physical layer interface configuration mode.
terface interface-
type interface-
number
4 Raisecom(config- (Optional) enable interface MVR.
port)#mvr

Raisecom Technology Co., Ltd. 130


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Step Command Description


5 Raisecom(config- Configure the type of interface MVR. By default, the
port)#mvr type type is non-MVR.
{ receiver |
source } To configure it, set the uplink interface to the source
interface to receive multicast data. Users cannot be
directly connected to the source interface; all source
interfaces must be in the multicast VLAN; set the
interface directly connected to the user to the
receiving interface and it cannot belong to the
multicast VLAN.
6 Raisecom(config- (Optional) configure immediate leave on the MVR
port)#mvr immediate interface.
This function can be applied to the receiving interface
directly connected to the user.

After global MVR is enabled, iMVR on the interface is enabled as well.

5.3.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show mvr Show configurations of MVR.
2 Raisecom#show mvr vlan group Show MVR multicast VLAN and group
[ vlan vlan-6.3id ] address set.
3 Raisecom#show mvr vlan vlan- Show information about MVR
id member multicast member.

5.4 Configuring MVR Proxy


5.4.1 Preparing for configurations

Scenario
In a network with multicast routing protocol widely applied, there are multiple hosts and
client subnets receiving multicast information. Enable IGMP Proxy on the Layer 2 device that
connects the multicast router and hosts, to block IGMP packets between hosts and the
multicast router and relieve the network load.
Configure IGMP Proxy to relive configuration and management of client subnet for the
multicast router and to implement multicast connection with the client subnet.

Raisecom Technology Co., Ltd. 131


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Prerequisite
 Enable MVR.
 Configure multicast VLAN and group address set.
 Configure the source interface and the receiving interface, and add related interfaces to
the corresponding VLANs.

5.4.2 Default configurations of IGMP Proxy


Default configurations of IGMP Proxy are as below.

Function Default value


IGMP Proxy status Disable
IGMP packet suppression status Disable
IGMP Querier status Disable
Source IP address for IGMP Querier and IGMP Use the IP address of IP interface 0.
Proxy to send packets If IP interface 0 is not configured, use
0.0.0.0.
IGMP query interval 60s
Maximum response time to send Query packets 10s
Interval for last member to send Query packets 1s

5.4.3 Configuring IGMP Proxy


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mvr Enable IGMP Proxy.
proxy

After global MVR Proxy is enabled, MVR


packet suppression and IGMP querier are
enabled as well.
3 Raisecom(config)#mvr Enable IGMP packet suppression.
proxy suppression
IGMP packet suppression can be enabled or
disabled when MVR is enabled.
4 Raisecom(config)#ip (Optional) enable IGMP querier.
igmp querier enable
IGMP querier can be enabled or disabled when
IGMP Snooping or MVR is enabled.
5 Raisecom(config)#mvr (Optional) configure the source IP address for the
proxy source-ip ip- IGMP querier to send query packets.
address

Raisecom Technology Co., Ltd. 132


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Step Command Description


6 Raisecom(config)#ip (Optional) configure IGMP query interval.
igmp querier query-
interval period
7 Raisecom(config)#mvr (Optional) configure the maximum response time
proxy query-max- to send query packets.
response-time period
8 Raisecom(config)#mvr (Optional) configure the interval for last member
proxy last-member- to send query packets.
query period

When IGMP Proxy is disabled, the following parameters of MVR Proxy can be
configured: source IP address, query interval, maximum response time to send
Query packets, and interval for last member to send Query packets. After IGMP
Proxy is enabled, these configurations will take effect immediately.

5.4.4 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show mvr proxy Show configurations of IGMP Proxy.
2 Raisecom#show ip igmp Show user VLAN information to be queried.
querier vlan

5.5 Configuring IGMP filtering


5.5.1 Preparing for configurations

Scenario
The different users in the same multicast group receive different multicast requirements and
permissions, and allow configuring filtering rules on the switch which connects multicast
router and user host so as to restrict multicast users. The maximum number of multicast
groups allowed for users to join can be set.

Prerequisite
 Enable MVR.
 Configure multicast VLAN and group address set.
 Configure the source interface and receiving interfaces, and add the related interfaces to
the responding VLANs.

Raisecom Technology Co., Ltd. 133


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

5.5.2 Default configurations of IGMP filtering


Default configurations of IGMP filtering are as below.

Function Default value


Global IGMP filtering Disable
IGMP filter profile Profile Null
IGMP filter profile action Deny
IGMP filtering under interface No maximum group limitation. The largest group
action is drop, and no application filter profile.
IGMP filtering under No maximum group limitation. The largest group
interface+VLAN action is drop, and no application filter profile.

5.5.3 Enabling global IGMP filtering


Enable global IGMP filtering as below.

Step Command Description


1 Raisecom#config Enter global configuration mode
2 Raisecom(config)#ip igmp filter Enable global IGMP filtering.

Before configuring IGMP filter profile or the maximum group limitation, use the ip
igmp filter command to enable global IGMP filtering.

5.5.4 Configuring IGMP filtering rules


Configure IGMP filter profile as below.

Step Command Description


1 Raisecom#config Enter global configuration mode
2 Raisecom(config)#ip igmp Create an IGMP profile, and enter profile
profile profile-number configuration mode.
3 Raisecom(config-igmp- Configure IGMP profile action.
profile)#{ permit | deny }
4 Raisecom(config-igmp- Configure the IP multicast address or range
profile)#range start-ip- to be controlled for access.
address [ end-ip-address ]

Raisecom Technology Co., Ltd. 134


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

5.5.5 Applying IGMP filtering rules


Configure IGMP filter profile as below.

Step Command Description


1 Raisecom#config Enter global configuration mode
2 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
3 Raisecom(config-port)#ip (Optional) applying IGMP profile filtering
igmp filter profile-number rules on the interface.
An IGMP profile can be applied to multiple
interfaces, but each interface can be
configured with only one IGMP profile.
4 Raisecom(config-port)#exit (Optional) applying IGMP profile filtering
Raisecom(config)#ip igmp rules in the VLAN.
filter profile-number vlan
vlan-id

5.5.6 Configuring maximum number of multicast groups


The maximum number configuration of multicast groups can be applied to interface or VLAN.

Configuring maximum number of multicast groups on interface


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode
2 Raisecom(config)#interface Enter physical layer interface configuration
interface-type interface- mode.
number
3 Raisecom(config-port)#ip Configure the maximum number of multicast
igmp max-groups group- groups allowed on the interface.
number
4 Raisecom(config-port)#ip (Optional) configure the action when the
igmp max-groups action number of groups exceeds the maximum
{ deny | replace } number of multicast groups allowed on the
interface.

Configuring maximum number of multicast groups in VLAN


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode

Raisecom Technology Co., Ltd. 135


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Step Command Description


2 Raisecom(config)#ip igmp Configure the maximum number of multicast
max-group max-group vlan groups allowed in the VLAN.
vlan-id
3 Raisecom(config)#ip igmp (Optional) configure the action when the
max-group action { deny | number of groups exceeds the maximum
replace } vlan vlan-id number of multicast groups allowed in the
VLAN.

By default, there is no limit for the multicast group number. The action for the
maximum multicast group is deny.

5.5.7 Checking configurations


Check configuration result by the following commands.

No. Command Description


1 Raisecom#show ip igmp filter Show application information
[ interface-type interface-number | about IGMP filtering.
vlan [ vlan-id ] ]
2 Raisecom#show ip igmp profile Show configurations of IGMP
[ profile-number ] profile filtering rules.

5.6 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear mvr interface- Clear MVR statistics on the
type [ interface-number ] statistics interface.

Raisecom Technology Co., Ltd. 136


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

5.7 Configuration examples


5.7.1 Example for configuring IGMP Snooping

Networking requirements
As shown below, Port 1 on the switch is connected with the multicast router; Port 2 and Port 3
connect users. All multicast users belong to the same VLAN 10; you need to configure IGMP
Snooping on the switch to receive multicast data with the address 234.5.6.7.

Figure 5-2 IGMP Snooping application networking

Configuration steps
Step 1 Create VLAN and add interface to VLAN.

Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 10
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport access vlan 10
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#switchport access vlan 10
Raisecom(config-port)#exit

Step 2 Enable IGMP Snooping.

Raisecom Technology Co., Ltd. 137


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Raisecom(config)#igmp snooping
Raisecom(config)#igmp snooping vlan-list 10

Step 3 Configure the multicast router interface.

Raisecom(config)#ip igmp snooping mrouter vlan 1 port 1

Checking results
Check whether IGMP Snooping configuration is correct.

Raisecom#show ip igmp snooping


IGMP snooping: Enable
IGMP querier: Disable
IGMP snooping aging time: 300s
IGMP snooping active VLAN: 1-4094
IGMP snooping immediate-leave active VLAN: --

5.7.2 Example for configuring MVR and MVR Proxy

Networking requirements
As shown below, Port 1 of the switch connects with the multicast router, and Port 2 and Port 3
connect with users in different VLANs to receive data from multicast 234.5.6.7 and 225.1.1.1.
Configure MVR on the switch to designate VLAN 3 as a multicast VLAN, and then the
multicast data can only be copied one time in the multicast VLAN instead of copying for each
user VLAN, thus saving bandwidth.
Enabling MVR Proxy on the switch reduces communication between hosts and the multicast
router without implementing multicast functions.
When the PC and set-top box are added into the same multicast group, the switch receives two
IGMP Report packets and only sends one of them to the multicast router. The IGMP Query
packet sent by multicast will no longer be forwarded downstream, but the switch transmits
IGMP Query packet periodically.

Raisecom Technology Co., Ltd. 138


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Figure 5-3 MVR application networking

Configuration steps
Step 1 Create VLANs on the switch A and add interfaces to them.

Raisecom(config)#config
Raisecom(config)#creat vlan 3,12,13 active
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 3
Raisecom(config-port)#switchport trunk untagged vlan 12,13
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 12
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 13
Raisecom(config-port)#switchport trunk untagged vlan 3

Step 2 Configure MVR on the switch.

Raisecom(config)#mvr enable
Raisecom(config)#interface port 2
Raisecom(config-port)#mvr
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#mvr

Raisecom Technology Co., Ltd. 139


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Step 3 Specify the multicast VLAN and group address set.

Raisecom(config)#mvr vlan 3
Raisecom(config)#mvr vlan 3 group 234.5.6.7
Raisecom(config)#mvr vlan 3 group 225.1.1.1

Step 4 Enable MVR Proxy.

Raisecom(config)#mvr proxy
Raisecom(config)#mvr proxy suppression
Raisecom(config)#ip igmp querier enable
Raisecom(config)#mvr proxy source-ip 192.168.1.2

Step 5 Configure source interface information.

Raisecom(config)#interface port 1
Raisecom(config-port)#mvr type source
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 3
Raisecom(config-port)#switchport trunk untagged vlan 12,13

Step 6 Configure receiving interface information.

Raisecom(config)#interface port 2
Raisecom(config-port)#mvr type receiver
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 12
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#mvr type receiver
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 13
Raisecom(config-port)#switchport trunk untagged vlan 3

Checking results
Check MVR configurations on the switch.

Raisecom#show mvr
MVR Running: Enable
MVR Multicast VLAN(ref):3(2)
MVR Max Multicast Groups: 3840

Raisecom Technology Co., Ltd. 140


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

MVR Current Multicast Groups: 2


MVR Timeout: 600 (second)
MVR Mode: Dynamic
Mvr general query translate vlan: 0

Check information about the multicast VLAN and group address.

Raisecom#show mvr vlan group


Vlan Group Address
-----------------------------
3 225.1.1.1
3 234.5.6.7

Group address entries for all Vlans: 2

Check IGMP Proxy configurations.

Raisecom#show mvr proxy


Mvr Proxy Suppression Status: Enable
Ip Igmp Querier Status: Enable
Mvr Proxy Source Ip: 192.168.1.2
Mvr Proxy Version: V2
Ip Igmp Query Interval(s): 60
Query Response Interval(s): 10
Last Member Query Interval(s): 1
Next IGMP General Query(s): 60

5.7.3 Example for applying IGMP filtering and maximum multicast


group number to interface

Networking requirements
Enable IGMP filtering on the switch. Add filtering rules on the interface to filter multicast
users.
As shown below,
 Create an IGMP filtering rule Profile 1, set the action to pass for the multicast group
ranging from 234.5.6.7 to 234.5.6.10.
 Apply filtering IGMP filtering rule Profile 1 on Port 2, allow the Set Top Box (STB) to
join the 234.5.6.7 multicast group, forbid it to join the 234.5.6.11 multicast group.
 Apply no filtering rule on Port 3, and allow PCs to join the 234.5.6.11 multicast group.
Configure the maximum multicast group number on Port 2. After the STB is added to the
234.5.6.7 multicast group, add it to the 234.5.6.8 multicast group. Then, it quits the 234.5.6.7
multicast group.

Raisecom Technology Co., Ltd. 141


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Figure 5-4 Applying IGMP filtering on the interface

Configuration steps
Step 1 Create VLANs, and create IGMP filtering rules.

Raisecom#config
Raisecom(config)#creat vlan 3,12,13 active
Raisecom(config)#ip igmp profile 1
Raisecom(config-igmp-profile)#range 234.5.6.7 234.5.6.10
Raisecom(config-igmp-profile)#permit

Step 2 Enable MVR and IGMP filtering.

Raisecom(config)#mvr enable
Raisecom(config)#mvr vlan 3
Raisecom(config)#mvr vlan 3 group 234.5.6.7 5
Raisecom(config)#ip igmp filter

Step 3 Configure the source interface.

Raisecom(config)#interface port 1
Raisecom(config-port)#mvr type source
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 3
Raisecom(config-port)#switchport trunk untagged vlan 12,13

Step 4 Configure the RX interface on the STB, and apply IGMP filtering rule and set the maximum
multicast group number.

Raisecom Technology Co., Ltd. 142


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Raisecom(config)#interface port 2
Raisecom(config-port)#mvr type receiver
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 12
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#ip igmp filter 1
Raisecom(config-port)#ip igmp max-groups 1
Raisecom(config-port)#ip igmp max-groups action replace

Step 5 Configure the receiving interface on the PC.

Raisecom(config)#interface port 3
Raisecom(config-port)#mvr type receiver
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 13
Raisecom(config-port)#switchport trunk untagged vlan 3

Checking results
Check whether IGMP filtering is correctly configured on the interface.

Raisecom#show ip igmp filter port 2


IGMP Filter: 1
Max Groups: 1
Current groups: 0
Action: Replace

5.7.4 Example for applying IGMP filtering and maximum multicast


group number to VLAN

Networking requirements
Enable IGMP filtering on the switch. Add filtering rules in the VLAN to filter multicast users.
As shown below,
 Create an IGMP filtering rule Profile 1, set the action to pass for the multicast group
ranging from 234.5.6.7 to 234.5.6.10.
 Apply filtering IGMP filtering rule Profile 1 on VLAN 12, allow the STB to join the
234.5.6.7 multicast group, forbid it to join the 234.5.6.11 multicast group.
 Apply no filtering rule on VLAN 3, and allow PCs to join the 234.5.6.11 multicast group.
Configure the maximum multicast group number in VLAN 12. After the STB is added to the
234.5.6.7 multicast group, add it to the 234.5.6.8 multicast group. Then, it quits the 234.5.6.7
multicast group.

Raisecom Technology Co., Ltd. 143


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Figure 5-5 Applying IGMP filtering in the VLAN

Configuration steps
Step 1 Create a VLAN, and create IGMP filtering rules.

Raisecom#config
Raisecom(config)#creat vlan 3,12,13 active
Raisecom(config)#ip igmp profile 1
Raisecom(config-igmp-profile)#range 234.5.6.7 234.5.6.10
Raisecom(config-igmp-profile)#permit

Step 2 Enable MVR and IGMP filtering.

Raisecom(config)#mvr enable
Raisecom(config)#mvr vlan 3
Raisecom(config)#mvr vlan 3 group 234.5.6.7 5
Raisecom(config)#ip igmp filter

Step 3 Configure the source interface.

Raisecom(config)#ip igmp filter 1 vlan 12


Raisecom(config)#ip igmp max-group 1 vlan 12
Raisecom(config)#ip igmp max-group action replace vlan 12

Step 4 Configure the receiving interface on the STB, and apply IGMP filtering rule and set the
maximum multicast group number.

Raisecom Technology Co., Ltd. 144


Raisecom
ISCOM2828F (D) Configuration Guide 5 Multicast

Raisecom(config)#interface port 1
Raisecom(config-port)#mvr type source
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 3
Raisecom(config-port)#switchport trunk untagged vlan 12,13

Step 5 Configure the receiving interface on the PC.

Raisecom(config)#interface port 2
Raisecom(config-port)#mvr type receiver
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 12
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#mvr type receiver
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 13
Raisecom(config-port)#switchport trunk untagged vlan 3

Checking results
Check whether IGMP filtering is correctly configured in the VLAN.

Raisecom#show ip igmp filter vlan 12


VLAN Filter Max Groups Current Groups Action
---------------------------------------------------------------------
12 1 1 0 Replace

Raisecom Technology Co., Ltd. 145


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6 Security

This chapter introduces basic principle and configuration of security and provides related
configuration examples, including the following sections:
 ACL
 Secure MAC address
 Dynamic ARP inspection
 RADIUS
 TACACS+
 Storm control
 802.1x
 IP Source Guard
 PPPoE+
 Loopback detection
 Line detection

6.1 ACL
6.1.1 Introduction
Access Control List (ACL) is a set of ordered rules, which can control the ISCOM2828F to
receive or discard some data packets, thus prevent illegal packets from impacting network
performance.
ACL is composed of permit | deny sentences. The rules are described by the
source/destination MAC address, source/destination IP address, and port ID of data packets.
The ISCOM2828F judges whether to receive or discard packets according to these rules.

6.1.2 Preparing for configurations

Scenario
ACL can help the network device recognize and filter specified data packtes. Only after the
device recognizes the specified packets, it can permit/deny corresponding packets to pass
according to the configured policy.

Raisecom Technology Co., Ltd. 146


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

ACL includes the following types:


 IP ACL: make classification rules according to the source or destination address taken by
the IP head, port ID used by TCP or UDP, and other attributes of packets.
 MAC ACL: make classification rules according to the source MAC address, destination
MAC address, and Layer 2 protocol type taken by the Layer 2 frame head, etc.
 MAP ACL: MAP ACL can define more protocols and more detailed protocol fields than
IP ACL and MAC ACL. It also can match with any byte of the first 64 bytes of the Layer
2 data frame according to user's definition.
There are 3 kinds of ACL application according to different application scenarioes: device-
based ACL, interface-based ACL, and VLAN-based ACL.

Prerequisite
N/A

6.1.3 Default configurations of ACL


Default configurations of ACL are as below.

Function Default value


Function status of filter Disable
Message type of non-fragment packet Mismatch
Message type of ICMP packet Mismatch
Effective status of filter Take effect
Matching rules of MAC address Mismatch
Matching rules of CoS value Mismatch

Matching rules of Ethernet frame type Mismatch

Matching rules of ARP protocol type Mismatch

Matching rules of ARP packet and MAC/IP address Mismatch

IP packet address, DSCP, priority, and matching rules between Mismatch


priority and ToS
Matching rules between port ID and protocol tag bit of TCP Mismatch
packets
Port ID matching rules of UDP packets Mismatch

Matching rules of IGMP packet message type Mismatch

Matching rules of IPv6 packet Mismatch

Raisecom Technology Co., Ltd. 147


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.1.4 Configuring IP ACL


Configure IP ACL for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global
configuration mode.
2 Raisecom(config)#ip-access-list acl-id { deny Configure IP ACL.
| permit } { protocol-id | icmp | igmp | ip }
{ source-address mask | any} { destination-
address mask | any }
Raisecom(config)#ip-access-list acl-number
{ deny | permit } { tcp | udp } { source-ip-
address ip-mask | any } [ source-protocol-
port ] { destination-ip-address ip-mask |
any } [ destination-protocol-port ]
3 Raisecom(config)#interface ip if-number Apply ACL on the
Raisecom(config-ip)#ip ip-access-list { list- ISCOM2828F.
number | all } [ port-list port-list ]

6.1.5 Configuring MAC ACL


Configure MAC ACL for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global
configuration
mode.
2 Raisecom(config)#mac-access-list acl-id { deny | Configure MAC
permit} [ protocol-id | arp | ip | rarp | any ] ACL.
{ source-mac-address [ src-mask src-mask ] |
any } { destination-mac-address [ dst-mask dst-
mask ] | any }

6.1.6 Configuring MAP ACL


Configure MAP ACL for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#access-list- Create MAP ACL list and enter
map acl-id { deny | permit } ACLMAP configuration mode.
3 Raisecom(config-aclmap)#match
(Optional) define match rules for source
mac { destination | source }
or destination MAC address.
mac-address

Raisecom Technology Co., Ltd. 148


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


4 Raisecom(config-aclmap)#match (Optional) define match rules for Cos
cos cos-value value.
5 Raisecom(config-aclmap)#match
(Optional) define match rules for
ethertype ethertype
Ethernet frame type.
[ ethertype-mask ]
6 Raisecom(config-aclmap)#match (Optional) define match rules for upper
{ arp | eapol | flowcontrol | layer protocol type carried by laryer-2
ip | ipv6 | loopback | mpls | packets head.
mpls-mcast | pppoe | pppoedisc
| x25 | x75 }
7 Raisecom(config-aclmap)#match (Optional) define match rules for ARP
arp opcode { reply| request } protocol type (reply packet/request
packet).
8 Raisecom(config-aclmap)#match
(Optional) define match rules for MAC
arp { sender-mac | target-
address of ARP packet.
mac } mac-address
9 Raisecom(config-aclmap)#match
(Optional) define match rules for IP
arp { sender-ip | target-ip }
address of ARP packet.
ip-address [ ip-address-mask ]
10 Raisecom(config-aclmap)#match
ip { destination-address | (Optional) define match rules for source
source-address } ip-address or destination IP address.
[ ip-address-mask ]
11 Raisecom(config-aclmap)#match (Optional) define match rules for IP
ip precedence { precedence- packet priority.
value | critical | flash |
flash-override | immediate|
internet | network | priority
| routine }
12 Raisecom(config-aclmap)#match (Optional) define match rules for ToS
ip tos { tos-value | max- value of IP packet priority.
reliability | max-throughput |
min-delay | min-monetary-cost
| normal }
13 Raisecom(config-aclmap)#match (Optional) define match rules for DSCP
ip dscp { dscp-value | af11 | value of IP packet.
af12 | af13 | af21 | af22 |
af23 | af31 | af32 | af33 |
af41| af42 |af43 | cs1 | cs2 |
cs3 | cs4 | cs5 | cs6 | cs7|
default | ef }
14 Raisecom(config-aclmap)#match (Optional) define match rules for
ip protocol protocol-id protocol value of IP packet.

Raisecom Technology Co., Ltd. 149


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


15 Raisecom(config-aclmap)#match (Optional) define match rules for port
ip tcp { destination-port | ID of TCP packet.
source-port } { port-id | bgp
| domain | echo | exec |
finger | ftp | ftp-data |
gopher | hostname | ident |
irc | klogin | kshell | login
| lpd | nntp | pim-auto-rp |
pop2 | pop3 | smtp | sunrpc |
syslog | tacacs | talk |
telnet | time | uucp | whois |
www }
16 Raisecom(config-aclmap)#match (Optional) define match rules for TCP
ip tcp { ack | fin | psh | rst protocol tag.
| syn | urg }
17 Raisecom(config-aclmap)#match (Optional) define match rules for port
ip udp { destination-port | ID of UDP packet.
source-port } { port-id| biff
| bootpc | bootps | domain |
echo | mobile-ip | netbios-dgm
| netbios-ns | netbios-ss |
ntp | pim-auto-rp | rip | snmp
| snmptrap | sunrpc | syslog |
tacacs | talk | tftp | time |
who }
18 Raisecom(config-aclmap)#match (Optional) define match rules for
ip icmp icmp-type-id [ icmp- message type of ICMP packet.
code ]
19 Raisecom(config-aclmap)#match (Optional) define match rules for
ip no-fragments message type of non-fragment packets.
20 Raisecom(config-aclmap)#match (Optional) define match rules for
ip igmp { igmp-type-id | dvmrp message type of IGMP packets.
| leave-v2| pim-v1 | query |
report-v1 | report-v2 |report-
v3 }

Raisecom Technology Co., Ltd. 150


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


21 Raisecom(config-aclmap)#match (Optional) configure match rules for
user-define rule-string rule- user-defined field, that is, two
mask offset parameters of rule mask and offset take
any byte from bytes 23 to 63 of the first
64 bytes, then comparing with user-
defined rule to filter out matched data
frame for processing.
For example, if you want to filter all
TCP packets, you can define:
 Rule: 06
 Rule mask: FF
 Offset: 27

The rule mask and offset value work


together to filter out content of TCP
protocol ID field, then comparing with
rule and match with all TCP packets.

The rule must be an even number


of hex digital. The offset includes
field 802.1q VLAN Tag regardless
that the ISCOM2828F receives
Untag packets.

6.1.7 Applying ACL

ACL cannot take effect until it is added into a filter. Multiple ACL match rules can be
added into the filter to form multiple filtering rules. When you configure the filter, the
order to add ACL match rules decides priority of the rule. The later the rules are
added, the higher the priority is. If the multiple rules are conflicted in matching
calculation, take the higher priority rule as standard. Pay attention to the order of
rules to filter packets correctly.

Applying ACL to whole device


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#filter { ip- Configure filtering for the whole device.
access-list | mac-access-list If the parameter of statistics is
| access-list-map } { acl- configured, the system will statically
list | all } [ statistics ] account according to the filtering rule.

Raisecom Technology Co., Ltd. 151


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


3 Raisecom(config)#filter Enable filter and rules. Enable filter
enable cannot only active the filter rules, but
also make the filter rules set later
become effective.

Applying ACL to physical interface


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#filter Configure ACL on the interface. If
{ access-list-map | ip-access- you configure the parameter
list | mac-access-list } { all | statistics, the system takes statistics
acl-list } ingress interface- according to filtering rules.
type interface-list
[ statistics ]
3 Raisecom(config)#filter access- (Optional) enable interface-based
list-mac { all | acl-list } filtering.
ingress interface-type
interface-list valid Use the filter { access-list-map | ip-
access-list | mac-access-list } { all |
acl-list } ingress interface-type
interface-list invalid command to
disable filter function.
4 Raisecom(config)#filter enable Enable filter and the rules. Enabling
filter not only activates the filter
rules, but also makes the filter rules
set later become effective.

Applying ACL to VLAN


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#filter{ ip- Configure ACL on interface. If
access-list| mac-access-list | you configure the parameter
access-list-map } { acl-list | statistics, the system takes
all } vlan vlan-id [ double- statistics according to filtering
tagging inner ] [ statistics ] rules.

Raisecom Technology Co., Ltd. 152


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


3 Raisecom(config)#filter enable Enable filter and the rules.
Enabling filter not only activates
the filter rules, but also makes the
filter rules set later become
effective.

6.1.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ip-access-list Show IP ACL configurations.
[ list-number ]
2 Raisecom#show mac-access-list Show MAC ACL configurations.
[ list-number ]
3 Raisecom#show access-list-map Show MAP ACL configurations.
[ list-number]
4 Raisecom#show filter [ filter- Show filter configurations.
number-list]
5 Raisecom#show interface ip ip- Show configurations of the filter on
access-list the Layer 3 interface.

6.1.9 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear filter statistics Clear filter statistics.

6.2 Secure MAC address


6.2.1 Introduction
Port security MAC is mainly used for the switching device on the edge of the network user
side, which can ensure the security of accessed data on some interfaces, control the input
packets according to source MAC address.
You can enable port security MAC to limit and distinguish users who can access the network
through the secure port. Only packets from the secure MAC addresses can access the network,
and unsecure MAC addresses will be processed according to the configured violation mode
for interface access.

Raisecom Technology Co., Ltd. 153


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Secure MAC address classification


Secure MAC addresses supported by the ISCOM2828F are divided into the following three
categories:
 Static secure MAC address
Static secure MAC address is configured by users manually on the secure interface. This
MAC address will take effect when port security MAC is enabled. Static secure MAC address
does not age and supports loading configurations.
 Dynamic secure MAC address
The dynamic secure MAC address is learnt by the device. You can set the learnt MAC address
to secure MAC address in the range of the maximum number of learnt MAC address. The
dynamic secure MAC address ages and does not support loading configurations.
Dynamic secure MAC address can be converted to the sticky secure MAC address if needed,
so as not to be age and support loading configurations.
 Sticky secure MAC address
Sticky secure MAC address is manually configured by users on the secure interface or
converted from the dynamic secure MAC address. Different from the static secure MAC
address, the sticky secure MAC address needs to be used in conjunction with sticky learning:
– When sticky learning is enabled, sticky secure MAC address will take effect and this
address will not age and support loading configurations.
– When sticky learning is disabled, sticky secure MAC address will lose effectiveness
and be saved only in the system.

 When sticky learning is enabled, all dynamic secure MAC addresses learnt from
an interface will be converted to sticky secure MAC addresses.
 When sticky learning is disabled, all sticky secure MAC addresses on an interface
will be converted to dynamic secure MAC addresses.

Processing mode for security violations


When the number of secure MAC addresses has already reached the maximum number, the
strange source MAC address packets inputting will be regarded as violation operation. For the
illegal user access, there are different processing modes to configure the switch according to
the secure MAC violation policy:
 Protect mode: for illegal users, the secure interface will discard the user's packets directly.
 Restrict mode: for illegal users, the secure interface will discard the user's packets, and
the console will print Syslog information and send alarms to the network management
system.
 Shutdown mode: for illegal users, the secure interface will discard the user's packets, and
the console will print Syslog information and send alarms to the network management
system and then shut down the secure interface.

Raisecom Technology Co., Ltd. 154


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

When the MAC address is in drift, that is, the secure interface A receives one user
access corresponding a secure MAC address on secure interface B, secure interface
A will process it as a security violation.

6.2.2 Preparing for configurations

Scenario
In order to ensure the security of data accessed by the interface of the switch, you can control
the input packets according to the source MAC address. With port security MAC, you can
configure permitting specified users to access the interface, or permitting specified number of
users to access through this interface only. However, when the number of users exceeds the
limit, accessed packets will be processed according to the secure MAC violation policy.

Prerequisite
N/A

6.2.3 Default configurations of port security MAC


Default configurations of port security MAC are as below.

Function Default value


Port security MAC Disable
Aging time of dynamic secure MAC address 30min
Dynamic secure MAC sticky learning feature Disable
Port security MAC Trap feature Disable
Port security MAC violation processing mode Protect
The maximum number of port security MAC 1

6.2.4 Configuring basic functions of port security MAC

 We do not recommend you to enable port security MAC on member interfaces of


the link aggregation group.
 We do not recommend you to use MAC address management function to
configure static MAC addresses when port security MAC is enabled.
 Port security MAC and Dot1x are mutually exclusive. We do not recommend
configuring them concurrently.
 Port security MAC and interface-based MAC address limit are mutually exclusive.
We do not recommend configuring them concurrently.
 Port security MAC and MAC address limit based on interface+VLAN are mutually
exclusive. We do not recommend configuring them concurrently.

Raisecom Technology Co., Ltd. 155


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Configure basic functions of port security MAC for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config- Enable port security MAC.
port)#switchport port-security
4 Raisecom(config- (Optional) configure the
port)#switchport port-security maximum number of secure MAC
maximum maximum addresses.
5 Raisecom(config- (Optional) configure port security
port)#switchport port-security MAC violation mode.
violation { protect | restrict
| shutdown }
6 Raisecom(config-port)#no port- (Optional) re-enable the interface
security shutdown which is shut down due to
violating the secure MAC address.

 When the secure MAC violation policy is in Shutdown mode, you can use this
command to re-enable the interface which is shut down due to violating port
security MAC.
 When the interface is Up, the configured port security MAC violation mode will
continue to be valid.

6.2.5 Configuring static secure MAC address


Configure static secure MAC address for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- Configure static secure MAC addresses
port)#switchport port- on the interface.
security mac-address mac-
address vlan vlan-id
4 Raisecom(config- Enable port security MAC.
port)#switchport port-
security

6.2.6 Configuring dynamic secure MAC address


Configure dynamic secure MAC address for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 156


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#port- (Optional) configure the aging time of
security aging-time dynamic secure MAC address.
period
3 Raisecom(config)#inter Enter physical layer interface configuration
face port port-id mode.
4 Raisecom(config- Enable dynamic secure MAC learning.
port)#switchport port-
security
5 Raisecom(config- (Optional) enable port security MAC Trap
port)#switchport port- feature.
security trap enable

Use the switchport port-security command to enable port security MAC and
dynamic secure MAC learning at the same time.

6.2.7 Configuring sticky secure MAC address


Configure sticky secure MAC address for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#switchport (Optional) enable port security
port-security MAC.
4 Raisecom(config-port)#switchport Manually configure sticky secure
port-security mac-address sticky MAC learning.
mac-address vlan vlan-id
5 Raisecom(config-port)#switchport (Optional) manually configure
port-security mac-address sticky sticky secure MAC addresses.

After sticky secure MAC


address learning is enabled,
the dynamic secure MAC
address is translated into the
sticky secure MAC address;
the manually configured sticky
secure MAC addresses will
take effect.

Raisecom Technology Co., Ltd. 157


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.2.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show port-security Show interface configurations of port
[ port-list port-list ] security MAC.
2 Raisecom#show port-security Show secure MAC address and secure
mac-address [ port-list MAC address learning configurations.
port-list ]

6.2.9 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config-port)#clear port- Clear secure MAC addresses of a specified
security { all | configured | type on a specified interface.
dynamic | sticky }

6.2.10 Example for configuring port security MAC

Networking requirements
As shown below, the switch connects 3 user networks. To ensure the security of switch
interface access data, the configuration is as below.
 Port 1 permits 3 users to access network at most. The MAC address of one user is
specified to 0000.0000.0001. The other 2 users dynamically learn the MAC addresses;
the NView NNM system will receive Trap information once the user learns a MAC
address. Violation mode is set to Protect and the aging time of the two learned MAC
addresses is set 10min.
 Port 2 permits 2 users to access network at most. The 2 user MAC addresses are
confirmed through learning; once they are confirmed, they will not age. Violation mode
is set to Restrict mode.
 Port 3 permits 1 user to access network at most. The specified user MAC address is
0000.0000.0002. The user MAC address can be controlled whether to age. Violation
mode adopts Shutdown mode.

Raisecom Technology Co., Ltd. 158


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Figure 6-1 Port security MAC networking

Configuration steps
Step 1 Configure the secure MAC address of Port 1.

Raisecom#config
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport port-security
Raisecom(config-port)#switchport port-security maximum 3
Raisecom(config-port)#switchport port-security mac-address 0000.0000.0001
vlan 1
Raisecom(config-port)#switchport port-security violation protect
Raisecom(config-port)#switchport port-security trap enable
Raisecom(config-port)#exit
Raisecom(config)#port-security aging-time 10

Step 2 Configure the secure MAC address of Port 2.

Raisecom(config)#interface port 2
Raisecom(config-port)#switchport port-security
Raisecom(config-port)#switchport port-security maximum 2
Raisecom(config-port)#switchport port-security mac-address sticky
Raisecom(config-port)#switchport port-security violation restrict
Raisecom(config-port)#exit

Step 3 Configure the secure MAC address of Port 3.

Raisecom(config)#interface port 3
Raisecom(config-port)#switchport port-security
Raisecom(config-port)#switchport port-security maximum 1
Raisecom(config-port)#switchport port-security mac-address sticky
0000.0000.0002 vlan 1
Raisecom(config-port)#switchport port-security mac-address sticky

Raisecom Technology Co., Ltd. 159


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Raisecom(config-port)#switchport port-security violation shutdown

Checking results
Use the show port-security [ port-list port-list ] command to show port security MAC
configurations.

Raisecom#show port-security port-list 1-3


Port security aging time:10 (mins)
port status Max-Num Cur-Num His-Num vio-Count vio-action Dynamic-Trap
-------------------------------------------------------------------------
1 Enable 3 1 0 0 protect Enable
2 Enable 2 0 0 0 restrict Disable
3 Enable 1 1 0 0 shutdown Disable

Use the show port-security mac-address command to show secure MAC address and secure
MAC address learning configurations on an interface.

Raisecom#show port-security mac-address


VLAN Security-MAC-Address Flag Port Age(min)
-------------------------------------------------
2 0000.0000.0001 static 1 --
2 0000.0000.0002 sticky 3 --

6.3 Dynamic ARP inspection


6.3.1 Introduction
Dynamic ARP inspection is used to performing ARP protection for unsecure interfaces and
preventing from responding ARP packets which do not meet the requirements, thus
preventing ARP spoofing attacks on the network.
There are 2 modes for dynamic ARP inspection:
 Static binding mode: set the binding relationship manually.
 Dynamic binding mode: in cooperation with the DHCP snooping to generate dynamic
binding relationship. When DHCP Snooping entry is changed, the dynamic ARP
inspection will also update dynamic binding entry synchronously.
The ARP inspection table, which is used for preventing ARP attacks, consists of DHCP
snooping entries and statically configured ARP inspection rules, including IP address, MAC
address, and VLAN binding information. In addition, the ARP inspection table associates this
information with specific interfaces. Dynamic ARP inspection binding table supports the
combination of following entries:
 Interface+IP

Raisecom Technology Co., Ltd. 160


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

 Interface+IP+MAC
 Interface+IP+VLAN
 Interface+IP+MAC+VLAN
Dynamic ARP inspection interfaces are divided into the following two kinds according to
trust status:
 Trusted interface: the interface will stop ARP inspection, which means taking no ARP
protection on the interface. All ARP packets are allowed to pass.
 Untrusted interface: the interface takes ARP protection. Only ARP packets that match the
binding table rules are allowed to pass. Otherwise, they are discarded.

Figure 6-2 Principle of dynamic ARP inspection


Figure 6-2 shows the principle of dynamic ARP inspection. When the ISCOM2828F receives
an ARP packet, it compares the source IP address, source MAC address, interface ID, and
VLAN information of the ARP packet with the DHCP Snooping entry information. If matched,
it indicates that it is a legal user and the ARP packets are permitted to pass. Otherwise, it is an
ARP attack and the ARP packet is discarded.
Dynamic ARP inspection also provides ARP packet rate limiting to prevent unauthorized
users from attacking the device by sending a large number of ARP packets to the
ISCOM2828F.
 When the number of ARP packets received by an interface every second exceeds the
threshold, the system will regard that the interface receives an ARP attack, and then
discard all received ARP packets to avoid the attack.
 The system provides auto-recovery and supports configuring the recovery time. The
interfaces, where the number of received ARP packets is greater than the threshold, will
recover to normal Rx/Tx status automatically after the recovery time expires.
Dynamic ARP inspection can also protect the specified VLAN. After configuring protection
VLAN, the ARP packets in specified VLAN on an untrusted interface will be protected. Only
the ARP packets, which meet binding table rules, are permitted to pass. Other packets are
discarded.

6.3.2 Preparing for configurations

Scenario
Dynamic ARP inspection is used to prevent the common ARP spoofing attacks on the network,
which isolates the ARP packets with unsafe sources. Trust status of an interface depends on

Raisecom Technology Co., Ltd. 161


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

whether trust ARP packets. However, the binding table decides whether the ARP packets meet
requirement.

Prerequisite
Enable DHCP Snooping if there is a DHCP user.

6.3.3 Default configurations of dynamic ARP inspection


Default configurations of dynamic ARP inspection are as below.

Function Default value


Dynamic ARP inspection interface trust status Untrusted
Dynamic ARP inspection static binding Disable
Binding status of dynamic ARP inspection and dynamic DHCP Disable
Snooping
Binding status of dynamic ARP inspection and dynamic DHCP Relay Disable
Dynamic ARP inspection static binding table Null
Dynamic ARP inspection protection VLAN All VLANs
Interface ARP packets rate limiting Disable
Interface ARP packets rate limiting 100pps
ARP packets rate limiting recovery Disable
ARP packets rate limiting recovery time 30s

6.3.4 Configuring trusted interfaces of dynamic ARP inspection


Configure trusted interfaces of dynamic ARP inspection for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config-port)#ip arp- Set the interface to a trusted interface.
inspection trust

6.3.5 Configuring static binding of dynamic ARP inspection


Configure static binding of dynamic ARP inspection for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 162


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


2 Raisecom(config)#ip arp- Enable global static ARP binding.
inspection static-config
3 Raisecom(config)#ip arp- Configure the static binding
inspection binding ip-address relationship.
[ mac-address ] [ vlan vlan-
id ] port port-id

6.3.6 Configuring dynamic binding of dynamic ARP inspection

Before enabling dynamic binding of dynamic ARP inspection, you need to use the ip
dhcp snooping command to enable DHCP Snooping.
Configure dynamic binding of dynamic ARP inspection for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip arp- Enable global dynamic ARP binding.
inspection { dhcp-snooping |
dhcp-relay }

6.3.7 Configuring protection VLAN of dynamic ARP inspection


Configure protection VLAN of dynamic ARP inspection for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip arp- Enable global dynamic ARP binding.
inspection { dhcp-snooping |
dhcp-relay }
3 Raisecom(config)#ip arp- Configure protection VLAN of
inspection vlan vlan-list dynamic ARP inspection.

6.3.8 Configuring rate limiting on ARP packets on interface


Configure rate limiting on ARP packets on the interface for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.

Raisecom Technology Co., Ltd. 163


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


3 Raisecom(config-port)#ip arp- Enable interface ARP packet rate
rate-limit enable limiting.
4 Raisecom(config-port)#ip arp- Configure rate limiting on ARP
rate-limit rate rate-value packets on the interface.

6.3.9 Configuring global ARP packet rate limiting auto-recovery


time
Configure ARP packet rate limiting auto-recovery time for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip arp-rate- Enable ARP packet rate limiting auto-
limit recover enable recovery.
3 Raisecom(config)#ip arp-rate- Configure ARP packet rate limiting
limit recover time time auto-recovery time.

6.3.10 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ip arp- Show dynamic ARP inspection
inspection configurations.
2 Raisecom#show ip arp- Show dynamic ARP inspection binding
inspection binding [ port table information.
port-id ]
3 Raisecom#show ip arp-rate- Show ARP packet rate limiting
limit configurations.

6.3.11 Example for configuring dynamic ARP inspection

Networking requirements
To prevent ARP attacks, you need to configure dynamic ARP inspection function on Switch A,
as shown in Figure 6-3.
 Uplink Port 3 permits all ARP packets to pass.
 Downlink Port 1 permits ARP packets with specified IP address 10.10.10.1 to pass.
 Other interfaces permit ARP packets complying with dynamic binding learnt by DHCP
snooping to pass.

Raisecom Technology Co., Ltd. 164


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

 Downlink Port 2 configures ARP packets rate limiting. The rate threshold is set to 20 pps
and rate limiting recovery time is set to 15s.

Figure 6-3 Configuring dynamic ARP inspection

Configuration steps
Step 1 Set Port 3 to the trusted interface.

Raisecom#config
Raisecom(config)#interface port 3
Raisecom(config-port)#ip arp-inspection trust
Raisecom(config-port)#exit

Step 2 Configure the static binding relationship.

Raisecom(config)#ip arp-inspection static-config


Raisecom(config)#ip arp-inspection binding 10.10.10.1 port 1

Step 3 Enable binding between dynamic ARP inspection and dynamic DHCP Snooping.

Raisecom(config)#ip dhcp snooping


Raisecom(config)#ip arp-inspection dhcp-snooping

Step 4 Configure ARP packet rate limiting on an interface.

Raisecom(config)#interface port 2
Raisecom(config-port)#ip arp-rate-limit rate 20
Raisecom(config-port)#ip arp-rate-limit enable
Raisecom(config-port)#exit

Raisecom Technology Co., Ltd. 165


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step 5 Configure ARP packet rate limiting auto-recovery.

Raisecom(config)#ip arp-rate-limit recover time 15


Raisecom(config)#ip arp-rate-limit recover enable

Checking results
Use the show ip arp-inspection command to show interface trust status configurations and
static/dynamic ARP binding configurations.

Raisecom#show ip arp-inspection
Static Config ARP Inspection: Enable
DHCP Snooping ARP Inspection: Enable
DHCP Relay ARP Inspection: Disable
ARP Inspection Protect Vlan : 1-4094
Bind Rule Num : 1
Vlan Acl Num : 0
Remained Acl Num : 512
Port Trust
-------------
1 no
2 no
3 yes
4 no

Use the show ip arp-inspection binding command to show dynamic ARP binding table
information.

Raisecom#show ip arp-inspection binding


Ip Address Mac Address VLAN Port Type Inhw
---------------------------------------------------------------------
10.10.10.1 -- -- 1 static yes
Current Rules Num: 1
History Max Rules Num: 1

Use the show ip arp-rate-limit command to show interface rate limiting configurations and
rate limiting auto-recovery time configurations.

Raisecom#show ip arp-rate-limit
arp rate limit auto recover: enable
arp rate limit auto recover time: 15 second
Port Enable-Status Rate(Num/Sec) Overload
--------------------------------------------------
1 Disabled 100 No

Raisecom Technology Co., Ltd. 166


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

2 Enabled 20 No
3 Disabled 100 No
4 Disabled 100 No

6.4 RADIUS
6.4.1 Introduction
Remote Authentication Dial In User Service (RADIUS) is a standard communication protocol
that provides centralized Authentication, Authorization, and Accounting (AAA) management
for remote users. RADIUS uses the User Datagram Protocol (UDP) as the transport protocol
(port 1812/1813) and has good instantaneity. In addition, RADIUS supports re-transmission
mechanism and backup server mechanism. Therefore, it provides good reliability.

RADIUS authentication function


RADIUS works in client/server mode. Network devices are clients of the RADIUS server.
RADIUS server is responsible for receiving users' connection requests, authenticating uses,
and replying configurations required by all clients to provide services for users. This mode
can control users accessing devices and network to improve network security.
Clients and the RADIUS server communicate with each other through the shared key. The
shared key is not transmitted through the network. In addition, any user password needs to be
encapsulated when it is transmitted through clients and RADIUS. This helps prevent getting
the user password by sniffing unsecure network.

RADIUS accounting
RADIUS accounting is designed for RADIUS authenticated users. When a user logs in to the
device, the device sends an accounting packet to the RADIUS accounting server to begin
accounting. During login, the device sends accounting update packets to the RADIUS
accounting server. When the user exits from the device, no accounting packet is sent to the
RADIUS accounting server. These packets contain the login time. With these packets, the
RADIUS accounting server can record the access time and operation of each user.

6.4.2 Preparing for configurations

Scenario
You can deploy the RADIUS server on the network to conduct authentication and accounting
to control users to access to the ISCOM2828F and network. The ISCOM2828F can be used as
agent of the RADIUS server, which authorizes user to access according to feedback from
RADIUS.

Prerequisite
N/A

Raisecom Technology Co., Ltd. 167


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.4.3 Default configurations of RADIUS


Default configurations of RADIUS are as below.

Function Default value


RADIUS accounting Disable
IP address of RADIUS server 0.0.0.0
IP address of RADIUS accounting server 0.0.0.0
Port ID of RADIUS authentication server 1812
Port ID of RADIUS accounting server 1813
Shared key used for communicating with RADIUS accounting server Null

Policy to deal with failed accounting Online


Update packet transmission period 0

6.4.4 Configuring RADIUS authentication


Configure RADIUS authentication for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface ip Enter Layer 3 interface configuration
if-number mode.
3 Raisecom(config-ip)#ip Configure an IPv4 address.
address ip-address [ ip-
mask ] [ vlan-list ]
4 Raisecom(config-ip)#end Return to privileged EXEC mode.
5 Raisecom#radius [ backup ] Assign IP address and port ID for
ip-address [ auth-port port- RADIUS authentication server.
number ] Configure the backup parameter to
assign the backup RADIUS
authentication server.
6 Raisecom#radius-key string Configure the shared key for RADIUS
authentication.
7 Raisecom#user login { local- Configure user login to be authenticated
radius | local-user | radius- by RADIUS.
local | radius-user | local-
tacacs | tacacs-local |
tacacs-user }

Raisecom Technology Co., Ltd. 168


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


8 Raisecom#enable login Configure RADIUS authentication mode
{ local-radius | local-user | for users to enter privileged EXEC mode.
radius-local | radius-user |
local-tacacs | tacacs-local |
tacacs-user }

6.4.5 Configuring RADIUS accounting


Configure RADIUS accounting for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter Layer 3 interface configuration
ip if-number mode.
3 Raisecom(config-ip)#ip Configure an IPv4 address.
address ip-address [ sub ]
[ ip-mask ] [ vlan-list ]
4 Raisecom(config-ip)#end Return to privileged EXEC mode.
5 Raisecom#aaa accounting Enable RADIUS accounting.
login enable
6 Raisecom#radius [ backup ] Assign IP address and UDP port ID for
accounting-server ip- RADIUS accounting server.
address [ account-port ]
7 Raisecom#radius accounting- Configure the shared key to communicate
server key string with the RADIUS accounting server.

The shared key must be identical to


the one configured on the RADIUS
accounting server. Otherwise,
accounting fails.
8 Raisecom#aaa accounting Configure the processing policy for
fail { offline | online } accounting failure.
9 Raisecom#aaa accounting Configure the period for sending
update period accounting update packets. If configured as
0, no accounting update packet is sent.

The RADIUS accounting server can


record access time and operation for
each user through accounting
starting packets, update packets and
accounting end packets.

Raisecom Technology Co., Ltd. 169


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.4.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show radius- Show configurations on the RADIUS server.
server
2 Raisecom#show aaa Show configurations of global accounting.
accounting

6.4.7 Example for configuring RADIUS

Networking requirements
As shown in Figure 6-4, you need to configure RADIUS authentication and accounting on
switch A to authenticate login users and record their operations. The period for sending update
packets is 2min. The user will be offline if the accounting fails.

Figure 6-4 Configuring RADIUS

Configuration steps
Step 1 Authenticate login users through RADIUS.

Raisecom#radius 192.168.1.1
Raisecom#radius-key raisecom
Raisecom#user login radius-user
Raisecom#enable login local-radius

Step 2 Account login users through RADIUS.

Raisecom Technology Co., Ltd. 170


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Raisecom#aaa accounting login enable


Raisecom#radius accounting-server 192.168.1.1
Raisecom#radius accounting-server key raisecom
Raisecom#aaa accounting fail offline
Raisecom#aaa accounting update 2

Checking results
Use the show radius-server command to show RADIUS server configurations.

Raisecom#show radius-server
Authentication server IP: 192.168.1.1 port:1812
Backup authentication server IP:0.0.0.0 port:1812
Authentication server key: raisecom
Accounting server IP: 192.168.1.1 port:1813
Backup accounting server IP: 0.0.0.0 port:1813
Accounting server key: raisecom

Use the show aaa accounting command to show RADIUS accounting configurations.

Raisecom#show aaa accounting


Accounting login: enable
Accounting update interval: 2
Accounting fail policy: offline

6.5 TACACS+
6.5.1 Introduction
Terminal Access Controller Access Control System (TACACS+) is a network access
authentication protocol similar to RADIUS. Compared with RADIUS, TACACS+ has the
following features:
 Use TCP port 49, providing the higher transmission reliability. RADIUS uses a UDP port.
 Encapsulate the whole standard TACACS+ packet but for the TACACS+ header, a field
in the header indicates whether the packet is encapsulated. Compared with RADIUS
which encapsulates the user password only, TACACS+ provides higher security.
 Separate TACACS+ authentication from TACACS+ authorization and TACACS+
accounting, providing a more flexible deployment mode.
Therefore, compared with RADIUS, TACACS+ is more secure and reliable. However, as an
open protocol, RADIUS is more widely used.

Raisecom Technology Co., Ltd. 171


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.5.2 Preparing for configurations

Scenario
You can authenticate and account on users by deploying a TACACS+ server on the network to
control user to access the ISCOM2828F and network. TACACS+ is safer and more reliable
than RADIUS. The ISCOM2828F can be used as an agent of the TACACS+ server, and
authorize users access according to feedback result from the TACACS+ server.

Prerequisite
N/A

6.5.3 Default configurations of TACACS+


Default configurations of TACACS+ are as below.

Function Default value


TACACS+ status Disable
Login mode local-user
IP address of TACACS+ authentication server 0.0.0.0, shown as "--"
IP address of TACACS+ accounting server 0.0.0.0, shown as "--"
Shared key used for communicating with TACACS+ accounting Null
server
Policy for processing failed accounting Online
Period for sending update packets 0

6.5.4 Configuring TACACS+ authentication


Configure TACACS+ authentication for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter Layer 3 interface configuration mode.
ip if-number
3 Raisecom(config-ip)#ip Configure an IPv4 address.
address ip-address [ ip-
mask ] [ vlan-list ]
4 Raisecom(config-ip)#end Return to privileged EXEC mode.
5 Raisecom#tacacs-server Assign IP address and port ID for TACACS+
[ backup ] ip-address authentication server. Configure the backup
parameter to assign the backup TACACS+
authentication server.

Raisecom Technology Co., Ltd. 172


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


6 Raisecom#tacacs-server key Configure the shared key for TACACS+
string authentication.
7 Raisecom#user login Configure user login to be authenticated by
{ local-tacacs | local- TACACS+.
user | tacacs-local
[ server-no-response ] |
tacacs-user }
8 Raisecom#enable login Configure TACACS+ authentication mode for
{ local-tacacs | local- user to enter privileged EXEC mode.
user | tacacs-local
[ server-no-response ] |
tacacs-user }

6.5.5 Configuring TACACS+ accounting


Configure TACACS+ accounting for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter Layer 3 interface configuration mode.
ip if-number
3 Raisecom(config-ip)#ip Configure an IPv4 address.
address ip-address [ ip-
mask ] [ vlan-list ]
4 Raisecom(config-ip)#end Return to privileged EXEC mode.
5 Raisecom#aaa accounting Enable TACACS+ accounting.
login enable
6 Raisecom#tacacs [ backup ] Assign IP address and UDP port ID for
accounting-server ip- TACACS+ accounting server.
address
7 Raisecom#tacacs-server key Configure the shared key to communicate
string with the TACACS+ accounting server.
8 Raisecom#aaa accounting Configure the policy for processing failed
fail { offline | online } accounting.
9 Raisecom#aaa accounting Configure the period for sending accounting
update period update packets. If configured as 0, no
accounting update packet is sent.

6.5.6 Configuring TACACS+ authorization


Configure the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 173


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


1 Raisecom#tacacs Enable TACACS+ authorization server.
authorization enable

6.5.7 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show Show configurations on the TACACS+ authentication server.
tacacs-server
2 Raisecom#show Show configurations on the TACACS+ accounting server.
radius-server

Use the show radius-server command to show


TACACS+ and RADIUS accounting configurations. By
default, the authentication information is RADIUS
authentication configuration.

6.5.8 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom#clear tacacs statistics Clear TACACS+ statistics.

6.5.9 Example for configuring TACACS+

Networking requirements
As shown in Figure 6-5, you need to configure TACACS+ authentication on Switch A to
authenticate users who log in to the ISCOM2828F.

Raisecom Technology Co., Ltd. 174


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Figure 6-5 Configuring TACACS+

Configuration steps
Step 1 Authenticate login users through TACACS+.

Raisecom#tacacs-server 192.168.1.1
Raisecom#tacacs-server key raisecom
Raisecom#user login tacacs-user
Raisecom#enable login local-tacacs

Checking results
Use the show tacacs-server command to show TACACS+ configurations.

Raisecom#show tacacs-server
Server Address: 192.168.1.1
Backup Server Address: --
Sever Shared Key: raisecom
Total Packet Sent: 0
Total Packet Recv: 0
Accounting server Address: --
Backup Accounting server Address: --

6.6 Storm control


In most scenarios of the Layer 2 network, unicast traffic is much larger than broadcast traffic.
If the rate for broadcast traffic is not limited, a number of bandwidth will be occupied when a

Raisecom Technology Co., Ltd. 175


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

broadcast storm is generated. Therefore, network performance is reduced and forwarding of


normal unicast packets is seriously affected. Moreover, communication between devices may
be interrupted.
Configuring storm control on Layer 2 devices can prevent broadcast storm occurring when
broadcast packets increase sharply on the network. Therefore, it makes sure that unicast
packets can be properly forwarded.
Storm control enables the interface to filter broadcast packets. After storm control is enabled,
when the packets received by an interface are accumulated to a preconfigured threshold, the
interface will automatically discard received broadcast packets. If storm control is disabled or
broadcast packets have not reached the preconfigured threshold, the broadcast packets are
broadcast to other interfaces of the switch normally.

6.6.1 Preparing for configurations

Scenario
Configuring storm control on Layer 2 devices can prevent broadcast storm occurring when
broadcast packets increase sharply on the network. Therefore, it makes sure that unicast
packets can be properly forwarded.
The following forms of traffic may cause broadcast traffic, so you need to limit the bandwidth
for them on Layer 2 devices.
 Unknown unicast traffic: the unicast traffic whose MAC destination address is not in
MAC address table. It is broadcasted by Layer 2 devices.
 Unknown multicast traffic: the multicast traffic whose MAC destination address is not in
MAC address table. Generally, it is broadcasted by Layer 2 devices.
 Broadcast traffic: the traffic whose MAC destination address is a broadcast MAC
address. It is broadcasted by Layer 2 devices.

Prerequisite
To configure storm control, you need to:
 Connect the interface and configure its physical parameters.
 Make the physical layer of the interface Up.

6.6.2 Default configurations of storm control


Default configurations of storm control are as below.

Function Default value


Storm control status of broadcast traffic Enable
Storm control status of multicast and unknown unicast traffic Disable
Allowed bytes per second 64 Kbit/s
DLF packet forwarding status Enable

Raisecom Technology Co., Ltd. 176


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.6.3 Configuring storm control


Configure storm control for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#storm- Enable storm control on broadcast traffic,
control { all | broadcast multicast traffic and unknown unicast
| dlf | multicast } enable traffic.
port-list port-list
3 Raisecom(config)#storm- (Optional) configure the number of bytes
control bps value that are allowed to pass every second.

6.6.4 Configuring DLF packet forwarding


Configure DLF packet forwarding for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#dlf- Enable DLF packet forwarding on the interface.
forwarding enable

6.6.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show storm-control Show configurations of storm
[ interface-type interface- control.
number ]
2 Raisecom#show dlf-forwarding Show DLF packet forwarding status.

6.6.6 Example for configuring storm control

Networking requirements
As shown in Figure 6-6, to restrict influence on Switch A caused by broadcast storm, you
need to configure storm control on Switch A to control broadcast packets and unknown
unicast packets. The control threshold is set to 640 Kbit/s, and burst is set to 80 KBytes.

Raisecom Technology Co., Ltd. 177


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Figure 6-6 Configuring storm control

Configuration steps
Step 1 Configure storm control on Switch A.

Raisecom#config
Raisecom(config)#storm-control broadcast enable port 1-2
Raisecom(config)#storm-control dlf enable port 1-2
Raisecom(config)#storm-control bps 640 80

Checking results
Use the show storm-control command to show storm control configurations.

Raisecom#show storm-control
Threshold: 640 kbps
Burst: 80 kB
Port Broadcast Multicast DLF_Unicast
-----------------------------------------------------------
1 Enable Disable Enable
2 Enable Disable Enable
3 Enable Disable Disable

6.7 802.1x
6.7.1 Introduction
802.1x, based on IEEE 802.1x, is a VLAN-based network access control technology. It is
mainly used to solve authentication and security problems of LAN users.

Raisecom Technology Co., Ltd. 178


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

It is used to authenticate and control access devices at the physical layer of the network device.
It defines a point-to-point connection mode between the device interface and user devices.
User devices, connected to the interface, can access resources in the LAN if they are
authenticated. Otherwise, they cannot access resources in the LAN through the switch.

802.1x structure
As shown in Figure 6-7, 802.1x authentication uses the Client/Server mode, including the
following 3 parts:
 Supplicant: a user-side device installed with the 802.1x client software (such as Windows
XP 802.1x client), such as a PC
 Authenticator: an access control device supporting 802.1x authentication, such as a
switch
 Authentication Server: a device used for authenticating, authorizing, and accounting
users. In general, the RADIUS server is taken as the 802.1x authentication server.

Figure 6-7 802.1x structure

Interface access control modes


The authenticator uses the authentication server to authenticate clients that need to access the
LAN and controls interface authorized/ unauthorized status through the authentication results.
You can control the access status of an interface by configuring access control modes on the
interface. 802.1x authentication supports the following 3 interface access control modes:
 Auto mode: the protocol state machine decides the authorization and authentication
results. Before clients are successfully authenticated, only EAPoL packets are allowed to
be received and sent. Users are not allowed to access network resources and services
provided by the switch. If clients are authorized, the interface is switched to the
authorized status, allowing users to access network resources and services provided by
the switch.
 Authorized-force mode: the interface is in authorized status, allowing users to access
network resources and services provided by the switch without being authorized and
authenticated.
 Unauthorized-force mode: the interface is in unauthorized status. Users are not allowed
to access network resources and services provided by the switch, that is, users are not
allowed to be authenticated.

802.1x authentication procedure


The supplicant and the authentication server exchange information through the Extensible
Authentication Protocol (EAP) packet while the supplicant and the authenticator exchange
information through the EAP over LAN (EAPoL) packet. The EAP packet is encapsulated
with authentication data. This authentication data will be encapsulated into the RADIUS
protocol packet to be transmitted to the authentication server through a complex network.

Raisecom Technology Co., Ltd. 179


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Both the authenticator and the suppliant can initiate the 802.1x authentication procedure. This
guide takes the suppliant for an example, as shown below:
Step 1 The user enters the user name and password. The supplicant sends an EAPoL-Start packet to
the authenticator to start the 802.1x authentication.
Step 2 The authenticator sends an EAP-Request/Identity to the suppliant, asking the user name of the
suppliant.
Step 3 The suppliant replies an EAP-Response/Identity packet to the authenticator, which includes
the user name.
Step 4 The authenticator encapsulates the EAP-Response/Identity packet to the RADIUS protocol
packet and sends the RADIUS protocol packet to the authentication server.
Step 5 The authentication server compares with received encrypted password with the one generated
by itself.
If identical, the authenticator modifies the interface state to authorized state, allowing users to
access the network through the interface and sends an EAP-Success packet to the suppliant.
Otherwise, the interface is in unauthorized state and sends an EAP-Failure packet to the
suppliant.

802.1x timers
During 802.1x authentication, the following 5 timers are involved:
 Reauth-period: re-authorization t timer. After the period is exceeded, the ISCOM2828F
re-initiates authorization.
 Quiet-period: quiet timer. When user authorization fails, the ISCOM2828F needs to keep
quiet for a period. After the period is exceeded, the ISCOM2828F re-initiates
authorization. During the quiet time, the ISCOM2828F does not process authorization
packets.
 Tx-period: transmission timeout timer. When the ISCOM2828F sends a Request/Identity
packet to users, the ISCOM2828F will initiate the timer. If users do not send an
authorization response packet during the tx-period, the ISCOM2828F will re-send an
authorization request packet. The ISCOM2828F sends this packet three times in total.
 Supp-timeout: Supplicant authorization timeout timer. When the ISCOM2828F sends a
Request/Challenge packet to users, the ISCOM2828F will initiate supp-timeout timer. If
users do not send an authorization response packet during the supp-timeout, the
ISCOM2828F will re-send the Request/Challenge packet. The ISCOM2828F sends this
packet twice in total.
 Server-timeout: Authentication server timeout timer. The timer defines the total timeout
period of sessions between authorizer and the RADIUS server. When the configured time
is exceeded, the authenticator will end the session with RADIUS server and start a new
authorization process.

6.7.2 Preparing for configruations

Scenario
To realize access authentication on LAN users and ensure access user security, you need to
configure 802.1x authentication on the ISCOM2828F.

Raisecom Technology Co., Ltd. 180


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

If users are authenticated, they are allowed to access network resources. Otherwise, they
cannot access network resources. By performing authentication control on user access
interface, you can manage the users.

Prerequisite
If RADIUS authentication server is needed during 802.1x authentication, you need to perform
following operations:
 Configure the IP address of the RADIUS server and the RADIUS shared key.
 The ISCOM2828F can ping through the RADIUS server successfully.

6.7.3 Default configurations of 802.1x


Default configurations of 802.1x are as below.

Function Default value


Global 802.1x Disable
Interface 802.1x Disable
Interface access control mode auto
802.1x authentication method chap
Interface access control mode of 802.1x authentication portbase
RADIUS server timout timer time 100s
802.1x re-authentication Disable
802.1x re-authentication timer 3600s
802.1x quiet timer time 60s
Request packet retransmission timer timeout 30s
Supplicant authorization timer timout 30s

6.7.4 Configuring basic functions of 802.1x

 802.1x and STP are exclusive on the same interface. You cannot enable them
concurrently.
 Only one user authentication request is processed on an interface at one time.
Configure basic functions of 802.1x for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#dot1x enable Enable global 802.1x.

Raisecom Technology Co., Ltd. 181


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


3 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
4 Raisecom(config-port)#dot1x Configure 802.1x protocol
authentication-method { chap | authentication mode.
eap | pap }
5 Raisecom(config-port)#dot1x Enable 802.1x on the interface.
enable
6 Raisecom(config-port)#dot1x Configure interface access control
auth-control { auto | mode.
authorized-force |
unauthorized-force }
7 Raisecom(config-port)#dot1x Configure interface access control
auth-method { macbased | mode of 802.1x authentication.
portbased }

To configure EAP relay authentication mode, ensure that the RADIUS server
supports EAP attributes.
If 802.1x is disabled in global/interface configuration mode, the interface access
control mode of 802.1x is set to authorized-force mode.

6.7.5 Configuring 802.1x re-authentication


Configure 802.1x re-authentication for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#dot1x Enable 802.1x re-authentication.
reauthentication enable

Re-authentication is initiated for authorized users. Before enabling re-authentication,


you must ensure that global/interface 802.1x is enabled. Authorized interfaces are
still in this mode during re-authentication. If re-authentication fails, the interfaces are
in unauthorized status.

6.7.6 Configuring 802.1x timers


Configure 802.1x timers for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 182


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#dot1x Configure the time of the re-
timer reauth-period reauth- authentication timer.
period
4 Raisecom(config-port)#dot1x Configure the time of the quiet
timer quiet-period quiet-period timer.
5 Raisecom(config-port)#dot1x Configure the time of the
timer tx-period tx-period transmission timeout timer.
6 Raisecom(config-port)#dot1x Configure the time of the supplicant
timer supp-timeout supp-timeout authorization timeout timer.
7 Raisecom(config-port)#dot1x Configure the time of the
timer server-timeout server- Authentication server timeout timer.
timeout

6.7.7 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show dot1x port-list Show 802.1x configurations on the
port-list interface.
2 Raisecom#show dot1x port-list Show i 802.1x statistics on the
port-list statistics interface.
3 Raisecom#show dot1x port-list Show user information of 802.1x
port-list user authentication on the interface.

6.7.8 Maintenance
Maintain the ISCOM2828F as below.

Command Description

Raisecom(config)#clear dot1x port-list Clear 802.1x statistics on the


port-list statistics interface.

Raisecom Technology Co., Ltd. 183


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.7.9 Example for configuring 802.1x

Networking requirements
To make users access external network, you need to configure 802.1x authentication on the
switch, as shown in Figure 6-8.
 Configure the switch.
− IP address: 10.10.0.1
− Subnet mask: 255.255.0.0
− Default gateway address: 10.10.0.2
 Perform authorization and authentication through the RADIUS server.
− IP address of the RADIUS server: 192.168.0.1
− Password of the RADIUS server: raisecom
 Set the interface access control mode to protocol authorized mode.
 After authorized successfully, the user can initiate re-authentication in 600s.

Figure 6-8 Configuring 802.1x

Configuration steps
Step 1 Configure the IP addresses of the switch and RADIUS server.

Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 10.10.0.1 255.255.0.0 1
Raisecom(config-ip)#exit
Raisecom(config)#ip default-gateway 10.10.0.2
Raisecom(config)#exit
Raisecom#radius 192.168.0.1
Raisecom#radius-key raisecom

Step 2 Enable global 802.1x and interface 802.1x.

Raisecom#config
Raisecom(config)#dot1x enable
Raisecom(config)#interface port 1

Raisecom Technology Co., Ltd. 184


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Raisecom(config-port)#dot1x enable

Step 3 Set the authorization mote to protocol authorization mode.

Raisecom(config-port)#dot1x auth-control auto

Step 4 Enable re-authentication and set the re-authentication time to 600s.

Raisecom(config-port)#dot1x reauthentication enable


Raisecom(config-port)#dot1x timer reauth-period 600

Checking results
Use the show dot1x port-list port-list command to show 802.1x configurations.

Raisecom#show dot1x port-list 1


802.1x Global Admin State: Enable
802.1x Authentication Method: Chap
Port 1
--------------------------------------------------------
802.1X Port Admin State: Enable
PAE: Authenticator
PortMethod: Portbased
PortControl: Auto
PortStatus: Authorized
Authenticator PAE State: Initialize
Backend Authenticator State: Initialize
ReAuthentication: Disable
QuietPeriod: 60(s)
ServerTimeout: 100(s)
SuppTimeout: 30(s)
ReAuthPeriod: 3600(s)
TxPeriod: 30(s)

6.8 IP Source Guard


6.8.1 Introduction
IP Source Guard uses a binding table to defend against IP Source spoofing and solve IP
address embezzlement without identity authentication. IP Source Guard can cooperate with
DHCP Snooping to generate dynamic binding relationship. In addition, you can configure
static binding relationship manually. DHCP Snooping filters untrusted DHCP packets by
establishing and maintaining the DHCP binding database.

Raisecom Technology Co., Ltd. 185


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

IP Source Guard binding entry


IP Source Guard is used to match packet characteristics, including source IP address, source
MAC address, and VLAN tags, and can support the interface to combine with the following
characteristics (hereinafter referred to as binding entries):
 Interface+IP
 Interface+IP+MAC
 Interface+IP+VLAN
 Interface+IP+MAC+VLAN
According to the generation mode of binding entries, IP Source Guard can be divided into
static binding and dynamic binding:
 Static binding: configure binding information manually and generate binding entry to
complete the interface control, which fits for the case where the number of hosts is small
or where you need to perform separate binding on a single host.
 Dynamic binding: obtain binding information automatically from DHCP Snooping to
complete the interface control, which fits for the case where there are many hosts and
you need to adopt DHCP to perform dynamic host configurations. Dynamic binding can
effectively prevent IP address conflict and embezzlement.

IP Source Guard principle


The basic principle of IP Source Guard is to build an IP source binding table within the
ISCOM2828F. The IP source binding table is taken as the basis for each interface to test
received data packets. Figure 6-9 shows IP Source Guard principle.
 If the received IP packets meet the relationship of Port/IP/MAC/VLAN binding entries
in IP source binding table, forward these packets.
 If the received IP packets are DHCP data packets, forward these packets.
 Otherwise, discard these packets.

Figure 6-9 IP Source Guard principle


Before forwarding IP packets, the ISCOM2828F compares the source IP address, source
MAC address, interface ID, and VLAN ID of the IP packets with binding table information. If
the information matches, it indicates that the user is legal and the packets are permitted to
forward normally. Otherwise, the user is an attacker and the IP packets are discarded.

Raisecom Technology Co., Ltd. 186


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.8.2 Preparing for configurations

Scenario
There are often some IP source spoofing attacks in network. For example, the attacker
pretends legal users to send IP packets to the server, or the attacker forges the source IP
address of another user to communicate. This makes the legitimate users cannot get network
services normally.
With IP Source Guard binding, you can filter and control packets forwarded by the interface,
prevent the illegal packets passing through the interface, thus to restrict the illegal use of
network resources and improve the interface security.

Prerequisite
Enable DHCP Snooping/DHCP Relay if there is a DHCP user.

6.8.3 Default configurations of IP Source Guard


Default configurations of IP Source Guard are as below.

Function Default value


IP Source Guide static binding Disable
IP Source Guide dynamic binding Disable
Interface trust status Untrusted

6.8.4 Configuring interface trust status of IP Source Guard


Configure interface trust status of IP Source Guard for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
3 Raisecom(config-port)#ip Configure the interface to a trusted interface.
verify source trust

6.8.5 Configuring IP Source Guide binding

Configuring static IP Source Guide binding


Configure IP Source Guide static binding for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 187


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip verify source Enable static IP Source Guide
binding.
3 Raisecom(config)#ip source binding Configure static binding
ip-address [ mac-address ] [ vlan relationship.
vlan-id ] port port-id

 The configured static binding relationship does not take effect when global static
binding is disabled. Only when global static binding is enabled, the static binding
relationship takes effect.
 For an identical IP address, the manually-configured static binding relationship will
cover the dynamic binding relationship. However, it cannot cover the existing
static binding relationship. When the static binding relationship is deleted, the
system will recover the covered dynamic binding relationship automatically.

Configuring dynamic IP Source Guide binding


Configure IP Source Guide dynamic binding for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip verify source Enable IP Source Guide dynamic
{ dhcp-snooping | dhcp-relay } binding.

 The dynamic binding relationship learnt through DHCP Snooping does not take
effect when global dynamic binding is disabled. Only when global dynamic binding
is enabled, the dynamic binding relationship takes effect.
 If an IP address exists in the static binding table, the dynamic binding relationship
does not take effect. In addition, it cannot cover the existing static binding
relationship.

Configuring binding relationship translation


Configure binding relationship translation for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ip Enable IP Source Guide dynamic binding.
verify source { dhcp-
snooping | dhcp-relay }

Raisecom Technology Co., Ltd. 188


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


3 Raisecom(config)#ip Translate the dynamic binding relationship to the
source binding { dhcp- dynamic binding relationship.
snooping | dhcp-relay }
static
4 Raisecom(config)#ip (Optional) enable auto-translation. After it is
source binding auto- enabled, dynamic binding entries learned through
update DHCP Snooping are directly translated into static
binding entries.

6.8.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ip Show global binding status and interface trust
verify source status.
2 Raisecom#show ip Show configurations of IP Source Guard binding,
source binding [ port interface trust status, and binding relationship table.
port-id ]

6.8.7 Example for configuring IP Source Guard

Networking requirements
As shown in Figure 6-10, to prevent IP address embezzlement, you need to configure IP
Source Guard on the switch.
 The switch permits all IP packets on Port 1 to pass.
 Port 2 permits IP packets with specified the IP address 10.10.10.1 and subnet mask
255.255.255.0 and the IP packets meeting DHCP Snooping learnt dynamic binding
relationship to pass.
 Other interfaces only permit the packets meeting DHCP Snooping learnt dynamic
binding relationship to pass.

Raisecom Technology Co., Ltd. 189


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Figure 6-10 Configuring IP Source Guard

Configuration steps
Step 1 Set Port 1 to a trusted interface.

Raisecom#config
Raisecom(config)#interface port 1
Raisecom(config-port)#ip verify source trust
Raisecom(config-port)#exit

Step 2 Configure the static binding relationship.

Raisecom(config)#ip verify source


Raisecom(config)#ip source binding 10.10.10.1 port 2

Step 3 Enable global dynamic IP Source Guard binding.

Raisecom(config)#ip verify source dhcp-snooping

Checking results
Use the show ip source binding command to show static binding table configurations.

Raisecom#show ip source binding


History Max Entry Num: 1

Raisecom Technology Co., Ltd. 190


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Current Entry Num: 1


Ip Address Mac Address VLAN Port Type Inhw
----------------------------------------------------------------------
10.10.10.1 -- -- 2 static yes

Use the show ip verify source command to show interface trust status and IP Source Guard
static/dynamic binding configurations.

Raisecom#show ip verify source


Static Bind: Enable
Dhcp-Snooping Bind: Enable
Dhcp-Relay Bind: Disable
Port Trust
--------------------
1 yes
2 no
3 no

6.9 PPPoE+
6.9.1 Introduction
PPPoE Intermediate Agent (PPPoE+) is used in processing of authentication packet. PPPoE+
adds device information into the authentication packet to bind account and access device so
that the account is not shared and stolen, and the carrier's and users' interests are protected.
This will give the server enough information to identify users, avoiding account sharing and
theft and ensuring the network security.
With PPPoE dial-up mode, you can access the network through various interfaces of the
device only when one authentication is successfully. However, the server cannot accurately
differentiate users just by the authentication information, which contains the user name and
password. With PPPoE+, besides the user name and the password, other information, such as
the interface ID, is included in the authentication packet for authentication. If the interface ID
identified by the authentication server cannot match with the configured one, authentication
fails. This helps prevent illegal users from stealing accounts of other legal users for accessing
the network.
The PPPoE protocol adopts Client/Server mode, as shown in Figure 6-11. The switch acts as a
relay agent. Users access the network through PPPoE authentication. If the PPPoE server
needs to locate users, more information should be contained in the authentication packet.

Raisecom Technology Co., Ltd. 191


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Figure 6-11 Accessing the network through PPPoE authentication


To access the network through PPPoE authentication, you need to pass through the following
2 stages: discovery stage (authentication stage) and session stage. PPPoE+ is used to process
packets at the discovery stage. The following steps show the whole discovery stage.
 To access the network through PPPoE authentication, the client sends a broadcast packet
PPPoE Active Discovery Initiation (PADI). This packet is used to query the
authentications server.
 After receiving the PADI packet, the authentication server replies a unicast packet
PPPoE Active Discovery Offer (PADO).
 If multiple authentication servers reply PADO packets, the client selects one from them
and then sends a unicast PPPoE Active Discovery Request (PADR) to the authentication
server.
 After receiving the PADR packet, if the authentication server believes that the user is
legal, it sends a unicast packet PPPoE Active Discovery Session-confirmation (PADS) to
the client.
PPPoE is mainly used to add user identification information in to PADI and PADR. Therefore,
the server can identify whether the user identification information is identical to the user
account for assigning resources.

6.9.2 Preparing for configurations

Scenario
To prevent illegal client from accessing the network during PPPoE authentication, you need to
configure PPPoE+ to add additional user identification information in PPPoE packets for
network security.
Because the added user identification information is related to the specified switch and
interface, the authentication server can bind the user with the switch and interface to
effectively prevent account sharing and theft. In addition, this helps locate users to ensure
network security.

Prerequisite
N/A

Raisecom Technology Co., Ltd. 192


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.9.3 Default configurations of PPPoE+


Default configurations of I PPPoE+ are as below.

Function Default value


Global PPPoE Disable
Interface PPPoE Disable
Padding mode of Circuit ID Switch
Circuit ID information Interface ID/VLAN ID/attached string
Attached string of Circuit ID hostname
Padded MAC address of Remote ID MAC address of the switch
Padding mode of Remote ID Binary
Interface trust status Untrusted
Tag overriding Disable

By default, PPPoE packet is forwarded without being attached any information.

6.9.4 Configuring basic functions of PPPoE+

PPPoE+ is used to process PADI and PADR packets. It is designed for the PPPoE
client. In general, PPPoE+ is only enabled on interfaces that are connected to the
PPPoE client. Trusted interfaces are interfaces through which the switch is connected
to the PPPoE server. PPPoE+ and trusted interface are exclusive. An interface is
either enabled with PPPoE+ or is a trusted interface.

Enabling PPPoE+
After interface PPPoE+ is enabled, PPPoE authentication packets sent to the interface will be
attached with user information and then are forwarded to the trusted interface.
Enable PPPoE+ for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
3 Raisecom(config- Enable PPPoE+ on the interface.
port)#pppoeagent enable

Raisecom Technology Co., Ltd. 193


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Configuring PPPoE trusted interface


PPPoE trusted interface can be used to prevent PPPoE server from being cheated and avoid
security problems because PPPoE packets are forwarded to other non-service interfaces. In
general, the interface connected to the PPPoE server is set to the trusted interface. PPPoE
packets from the PPPoE client to the PPPoE server are forwarded by the trusted interface only.
In addition, only PPPoE received from the trusted interface can be forwarded to the PPPoE
client.
Configure PPPoE trusted interface for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
3 Raisecom(config- Configure PPPoE trusted interfaces.
port)#pppoeagent trust

Because PPPoE+ is designed for the PPPoE client instead of the PPPoE server,
downlink interfaces of the device cannot receive the PADO and PADS packets. It
means that interfaces, where PPPoE+ is enabled, should not receive PADO and
PADS packet. If there interfaces receive these packets, it indicates that there are
error packets and the packets should be discarded. However, these interfaces can
forward PADO and PADS packets of trusted packet. In addition, PADI and PADR
packets are forwarded to the trusted interface only.

6.9.5 Configuring PPPoE+ packet information


PPPoE is used to process a specified Tag in the PPPoE packet. This Tag contains Circuit ID
and Remote ID.
 Circuit ID: is padded with the VLAN ID, interface ID, and host name of request packets
at the RX client.
 Remote ID: is padded with the MAC address of the client or the switch.

Configuring Circuit ID
The Circuit ID has 2 padding modes: Switch mode and ONU mode. By default, Switch mode
is adopted. In ONU mode, the Circuit ID has a fixed format. The following commands are
used to configure the padding contents of the Circuit ID in Switch mode.
In switch mode, the Circuit ID supports 2 padding modes:
 Default mode: when customized Circuit ID is not configured, the padding content is the
VLAN ID, interface ID, or the attached string. If the attached string is not defined, it is
set to hostname by default.
 Customized mode: when customized Circuit ID is configured, the padding content is the
Circuit IS string.
Configure Circuit ID for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 194


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#pppoeagent Configure the padding mode of the Circuit
circuit-id mode { onu | ID.
switch }
3 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
4 Raisecom(config- (Optional) set the Circuit ID to the
port)#pppoeagent circuit-id customized string.
string

In default mode, the Circuit ID contains an attached string. By default, the attached string is
set to the hostname of the switch. You can set it to a customized string.
Configure the attached string of the Circuit ID for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#pppoeagent (Optional) configure the attached string of
circuit-id attach-string the Circuit ID.
string
If the Circuit ID is in default mode, attached
string configured by this command will be
added to the Circuit ID.

Configuring Remote ID
The Remote ID is padded with a MAC address of the switch or a client. In addition, you can
specify the form (binary/ASCII) of the MAC address.
Configure Remote ID for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- (Optional) configure PPPoE+ Remote ID
port)#pppoeagent remote-id to be padded with the MAC address.
{ client-mac | switch-mac }
4 Raisecom(config- (Optional) configure the padding modes of
port)#pppoeagent remote-id the PPPoE+ Remote ID.
format { ascii | binary }

Raisecom Technology Co., Ltd. 195


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Configuring Tag overriding


Tags of some fields may be forged by the client because of some reasons. The client overrides
the original Tags. After Tag overriding is enabled, if the PPPoE packets contain Tags, these
Tags are overridden. If not, add Tags to these PPPoE packets.
Configure Tag overriding for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#pppoeagent Enable Tag overriding.
vendor-specific-tag overwrite enable

6.9.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show pppoeagent [ port-list Show PPPoE+ configurations.
port-list ]
2 Raisecom#show pppoeagent statistic Show PPPoE+ statistics.
[ port-list port-list ]

6.9.7 Maintenance
You can maintain operating status and configurations on the PPPoE+ feature through the
below command.

Command Description

Raisecom(config)#clear pppoeagent statistic Clear PPPoE+ statistics.


[ port-list port-list ]

6.9.8 Example for configuring PPPoE+

Networking requirements
As shown in Figure 6-12, to prevent illegal access during PPPoE authentication and to control
and monitor users, you need to configure PPPoE+ on the switch.
 Port 1 and Port 2 are connected to Client 1 and Client 2 respectively. Port 3 is connected
to the PPPoE server.
 Enable global PPPoE+ and enable PPPoE+ on Port 1 and Port 2. Set Port 3 to the trusted
interface.

Raisecom Technology Co., Ltd. 196


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

 Set the attached string of the Circuit ID to raisecom. Set the padding content of the
Circuit ID on Port 1 to user01. Set the padding content of the Remote ID on Port 2 to the
MAC address of the client. The padding contents are in ASCII mode.
 Enable Tag overriding on Port 1 and Port 2.

Figure 6-12 Configuring PPPoE+

Configuration steps
Step 1 Set Port 3 to the trusted interface.

Raisecom#config
Raisecom(config)#interface port 3
Raisecom(config-port)#pppoenagent trust
Raisecom(config-port)#exit

Step 2 Configure packet information of Port 1 and Port 2.

Raisecom(config)#pppoeagent circuit-id attach-string raisecom


Raisecom(config)#interface port 1
Raisecom(config-port)#pppoeagent circuit-id user01
Raisecom(config-port)#exit
Raisecom(config-port)#interface port 2
Raisecom(config-port)#pppoeagent remote-id client-mac
Raisecom(config-port)#pppoeagent remote-id format ascii
Raisecom(config-port)#exit

Step 3 Enable Tag overriding on Port 1 and Port 2.

Raisecom(config)#interface port 1
Raisecom(config-port)#pppoeagent vendor-specific-tag overwrite enable
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#pppoeagent vendor-specific-tag overwrite enable
Raisecom(config-port)#exit

Raisecom Technology Co., Ltd. 197


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step 4 Enable PPPoE+ on Port 1 and Port 2.

Raisecom(config)#interface port 1
Raisecom(config-port)#pppoeagent enable
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#pppoeagent enable

Checking results
Use the show pppoeagent [ port-list port-list ] command to show PPPoE+ configurations.

Raisecom#show pppoeagent port-list 1-3


Attach-string: raisecom
Circuit ID padding mode: switch
Port Enable Trust-port Overwrite Remote-ID Format-rules Circuit-ID
----------------------------------------------------------------
1 enable no enable switch-mac binary user01
2 enable no enable client-mac ascii %default%
3 disable yes disable switch-mac binary %default%
**In switch mode, Circuit-ID's default string is: Port\Vlan\Attach-string.
**In onu mode, Circuit-ID's default string is: 0 0/0/0:0.0
0/0/0/0/0/0/MAC 0/0/Port:eth/4096.CVLAN LN.
**Attach-string's default string is the hostname.

6.10 Loopback detection


6.10.1 Introduction
Loopback detection aims to solve problems caused by loops on the network, and improve the
self-checking ability, fault tolerance, and stability of the network.
Procedure of loopback detection:
 Each interface of device sends loopback-detection message by interval (the interval is
configurable, by default: 4s).
 The ISCOM2828F checks source MAC fields for the interface receiving loopback
detection packets, if the source MAC is identical to device MAC, then some interfaces of
the device form a loop; otherwise, discard the message.
 If the packets Tx interface ID is identical to Rx interface ID, shut down the interface;
 If the packets Tx interface ID is not identical to Rx interface ID, shut down the interface
with bigger ID, and leave the smaller interface ID in Up status.
Common loop types are self-loop, internal loop and external loop.
As shown in Figure 6-13, Switch B and Switch C connect user network.

Raisecom Technology Co., Ltd. 198


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

 Self-loop: user loop in the same Ethernet interface on the same device, user network B
has loop itself, which forms self-loop;
 Internal loop: the loop formed in different Ethernet interfaces on the same device, Switch
C interface 1 and interface 3 forms internal loop with the user network A;
 External loop: the loop formed in the Ethernet interface of different devices, Switch A,
Switch B and Switch C form external loop with user network C.

Figure 6-13 Loopback detection networking


In Figure 6-13, if interfaces connected to Switch B and Switch C on the user network are
enabled with loopback detection, processing mechanismes for three types of loops are as
follows:
 Self-loop: when the ID of the interface for receiving and sending packets on Switch B
are the same, shut down Port 2 to remove the self-loop.
 Internal loop: When Switch C receives the loopback detection packets issued by itself
while IDs of interfaces for receiving and sending the packets are different, shut down
Port 3 with a bigger interface ID to remove the internal loop.
 External loop: Switch B and Switch C receive the loopback detection packets sent from
each other. Generally, the external loop is not processed. Switch B and Switch C only
send Trap without blocking the interface. But you can block one of the interfaces
manually, such as, block the interface with a bigger MAC address to remove the external
loop.

6.10.2 Preparing for configurations

Scenario
On the network, hosts or Layer 2 devices under access devices may form loop by network
cable intentionally or involuntary. Enable loopback detection function at downlink interface
of access device to avoid the network jam formed by unlimited copies of data flow caused by
downlink interface loop. Block the loop interface once there is a loop.

Prerequisite
Configure interface physical parameters to make it Up before configuring loopback detection.

6.10.3 Default configurations of loopback detection


Default configurations of loopback detection are as below.

Raisecom Technology Co., Ltd. 199


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Function Default value


Interface loopback detection function status Disable
Automatic recovery time for interface block No automatic recovery
Loop process mode of loopback detection trap-only
Loopback detection period 4s
Loopback detection mode VLAN mode
The automatic open blocked interface time for loopback infinite
detection
Loopback detection VLAN VLAN 1

6.10.4 Configuring loopback detection

 Loopback detection function and STP are exclusive, only one can be enabled at
one time.
 The straight connection device cannot enable loopback detection in both ends
simultaneously; otherwise the interfaces at both ends will be blocked.
Configure loopback detection function as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#loopback- Enable loopback detection on the
detection { enable | disable } interface.
port-list port-list
3 Raisecom(config)#loopback- (Optional) configure the destination
detectiondestination-address MAC address of loopback detection
mac-address packets.

Loopback detection in the entire


topology must be configured the
same; otherwise, loopback
detection may fail.
4 Raisecom(config)#loopback- (Optional) configure loopback
detection vlan vlan-id detection VLAN.
5 Raisecom(config)#loopback- Configure the period for sending
detection hello-time period loopback detection packets.
6 Raisecom(config)#loopback- (Optional) configure process mode
detection error-device when the interface receives loopback
{ discarding | trap-only } port- detection message from other
list port-list devices.

Raisecom Technology Co., Ltd. 200


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Step Command Description


7 Raisecom(config)#loopback- (Optional) configure the automatic
detection down-time { time-value open blocked interface time for
| trap-only | infinite } loopback detection.
8 Raisecom(config)#interface port Enable the interface blocked by
port-id loopback detection.
Raisecom(config-port)#no
loopback-detection discarding

6.10.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show loopback-detection Show interface loopback detection
port-list port-list configuration.
2 Raisecom#show loopback-detection Show statistics of loopback
statistics port-list port-list detection.

6.10.6 Maintenance
Maintain the ISCOM2828F by below commands.

Command Description
Raisecom(config-port)#clear loopback- Clear loopback detection statistics.
detection statistic

6.10.7 Example for configuring loopback detection

Networking requirements
As shown in Figure 6-14, Port 1 of Switch A is connected to core network; Port 2 and Port 3
of Switch A are connected to user network. There is loop in user network. Enable loopback
detection function on Switch A to detect loop in user network and then can block the related
port.

Raisecom Technology Co., Ltd. 201


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Figure 6-14 Loopback detection application

Configuration steps
Step 1 Create VLAN 3 and add Port 2 and Port 3 into VLAN 3.

Raisecom#config
Raisecom(config)#create vlan 3 active
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport access vlan 3
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#switchport access vlan 3
Raisecom(config-port)#exit

Step 2 Enable loopback detection for the specified interface.

Raisecom(config)#loopback-detection enable port-list 2-3


Raisecom(config)#loopback-detection vlan 3
Raisecom(config)#loopback-detection hello-time 3

Checking results
Use the show loopback-detection command to show interface loopback detection status.

Raisecom#show loopback-detection port-list 2-3


Destination address: FFFF.FFFF.FFFF
VLAN:3

Raisecom Technology Co., Ltd. 202


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Period of loopback-detection:3s
Restore time:infinite
Port State Status exloop-act Last Last-Occur Open-Time vlan
Loop-with (ago) (ago)
-------------------------------------------------------------------------
2 Ena no trap-only -- -- -- --
3 Ena no trap-only -- -- -- --

6.11 Line detection


6.11.1 Introduction
Line detection is a module to detect physical lines and provides you with status querying
function, so it can help you analyze fault sources and maintain the network.

6.11.2 Preparing for configurations

Scenario
With this function, you can query status of physical lines between devices, analyze faults, and
maintain the network.

Prerequisite
N/A

6.11.3 Configuring line detection


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#test cable-diagnostics port- Detect physical link status.
list { all | port-list }

6.11.4 Checking configurations


Use the following command to check configuration result.

No. Command Description


1 Raisecom#show cable-diagnostics Show information about line
port-list { all | port-list } detection.

Raisecom Technology Co., Ltd. 203


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

6.11.5 Example for configuring line detection

Networking requirements
As shown in Figure 6-15, to help you analyze fault source, detect lines with the switch.
No line detection is done before.

Figure 6-15 Line detection application networking

Configuration steps
Perform line detection on Ports 1–3 on the ISCOM2828F.

Raisecom#test cable-diagnostics port-list 1-3

Checking results
Use show cable-diagnostics port-list [ all | port-list ] command to check whether Port 1 and
Port 2 on the ISCOM2828F are correctly configured.

Raisecom#show cable-diagnostics port-list 1-2


Port Attribute Time RX Stat RX Len(m) TX Stat TX Len(m) ----
-------------------------------------------------------------------
1 Issued 01/09/2011 08:13:03 Normal 0 Normal 0
2 Issued 01/09/2011 08:13:03 Normal 0 Normal 0

Remove the line that connects PC 1 and the ISCOM2828F from the PC 1, and perform line
detection again. Use the show cable-diagnostics port-list [ all | port-list ] command to check
whether line detection is correctly configured.

Raisecom Technology Co., Ltd. 204


Raisecom
ISCOM2828F (D) Configuration Guide 6 Security

Raisecom#show cable-diagnostics port-list 1-2


Port Attribute Time RX Stat RX Len(m) TX Stat TX Len(m)
-----------------------------------------------------------------------
1 Issued 01/09/2011 08:18:09 Open 3 Open 3
2 Issued 01/09/2011 08:18:09 Normal 0 Normal 0

Raisecom Technology Co., Ltd. 205


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7 Reliability

This chapter introduces basic principle and configuration of reliability, and provides related
configuration examples, including the following sections:
 Link aggregation
 Interface backup
 Failover
 STP
 MSTP
 ERPS
 RRPS

7.1 Link aggregation


7.1.1 Introduction
With link aggregation, multiple physical Ethernet interfaces are combined to form a logical
Link Aggregation Group (LAG). Multiple physical links in one LAG are taken as a logical
link. Link aggregation helps share traffic among members in a LAG. In addition to effectively
improving reliability on links between devices, link aggregation helps gain higher bandwidth
without upgrading hardware.
In general, link aggregation consists of manual link aggregation, static Link Aggregation
Control Protocol (LACP) link aggregation, and dynamic LACP link aggregation.
 Manual link aggregation
Manual link aggregation refers to a process that multiple physical interfaces are aggregated to
a logical interface. Links under a logical interface share loads.
 Static LACP link aggregation
LACP is a protocol based on IEEE802.3ad. LACP communicates with the peer through the
Link Aggregation Control Protocol Data Unit (LACPDU). In addition, you should manually
configure the LAG. After LACP is enabled on an interface, the interface sends a LACPDU to
inform the peer of its system LACP protocol priority, system MAC address, interface LACP
priority, interface ID, and operation Key.

Raisecom Technology Co., Ltd. 206


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

After receiving the LACPDU, the peer compares its information with the one received by
other interfaces to select a selected interface. Therefore, the interface and the peer are in the
same Selected status. The operation key is a configuration combination automatically
generated based on configurations of the interface, such as the rate, duplex mode, and
Up/Down status. In a link aggregation group, interfaces in the Selected status share the
identical operation key.
 Dynamic LACP link aggregation
In dynamic LACP link aggregation, the system automatically creates and deletes the LAG and
member interfaces through LACP. Interfaces cannot be automatically aggregated into a group
unless their basic configurations, rates, duplex modes, connected devices, and the peer
interfaces are identical.
In manual aggregation mode, all member interfaces are in forwarding status, sharing loads. In
static/dynamic LACP mode, there are backup links.
Link aggregation is the most widely-used and simplest Ethernet reliability technology.

The ISCOM2828F supports manual and static link aggregation only.

7.1.2 Preparing for configurations

Scenario
When needing to provide higher bandwidth and reliability for a link between two devices, you
can configure the link aggregation.
With link aggregation, multiple physical Ethernet ports are added to a Trunk group and are
aggregated to a logical link. The link aggregation helps sharing uplink and downlink traffics
among members in one aggregation group. Therefore, the link aggregation helps get higher
bandwidth and helps members in one aggregation group back up data for each other, which
improving the reliability of Ethernet connection.

Prerequisite
Before configuring link aggregation, you need to configure physical parameters on a interface
and make the physical layer Up.

7.1.3 Default configurations of link aggregation


Default configurations of link aggregation are as below.

Function Default value


Link aggregation Enable
Load balancing mode sxordmac
LAG Existing, in manual mode
LACP system priority 32768
LACP interface priority LACP priority without specifying interface

Raisecom Technology Co., Ltd. 207


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Function Default value


Interface dynamic LACP link Disable
aggregation

7.1.4 Configuring manual link aggregation


Configure manual link aggregation for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#trunk group Configure a LAG.
group-id port port-list
3 Raisecom(config)#trunk Enable the LAG feature.
enable
4 Raisecom(config)#trunk (Optional) configure load sharing mode
loading-sharing mode { dip | for link aggregation.
dmac | sip |smac | sxordip |
sxordmac }

In the same LAG, member interfaces that share loads must be identically configured.
These configurations include QoS, QinQ, VLAN, interface properties, and MAC
address learning.
 QoS: traffic policing, rate limit, SP queue, WRR queue scheduling, interface
priority and interface trust mode.
 QinQ: QinQ enabling/disabling status on the interface, added outer VLAN tag,
policies for adding outer VLAN Tags for different inner VLAN IDs.
 VLAN: the allowed VLAN, default VLAN and the link type (Trunk or Access) on
the interface, subnet VLAN configurations, protocol VLAN configurations, and
whether VLAN packets carry Tag.
 Port properties: whether the interface is added to the isolation group, interface
rate, duplex mode, and link Up/Down status.
 MAC address learning: whether enabling the MAC address learning, and
whether the MAC address limit is configured on the interface.

7.1.5 Configuring static LACP link aggregation


Configure static LACP link aggregation for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 208


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


2 Raisecom(config)#lacp (Optional) configure system LACP priority. The
system-priority higher priority end is active end. LACP chooses
system-priority active and backup interfaces according to the
active end configuration. The smaller the number
is, the higher the priority is. The smaller system
MAC address device will be chosen as active end
if devices system LACP priorities are identical.
3 Raisecom(config)#lacp Configure LACP timeout mode.
timeout { fast |
slow }
4 Raisecom(config)#trun Create a static LACP LAG.
k group group-id port
port-list [ lacp-
static ]
5 Raisecom(config)#inte (Optional) enter physical layer interface
rface port port-id configuration mode.
6 Raisecom(config- (Optional) configure LACP priority on the
port)#lacp port- interface. It affects electing the default interface
priority port- of LACP. The smaller the value is, the higher the
priority priority is.
7 Raisecom(config- (Optional) configure LACP mode for member
port)#lacp mode interfaces. If both two ends of a link are in
{ active | passive } passive mode, LACP connection cannot be
established.
8 Raisecom(config- Return to global configuration mode.
port)#exit
9 Raisecom(config)#trun Enable the LAG feature.
k enable
10 Raisecom(config)#trun (Optional) configure load sharing mode for the
k loading-sharing aggregation link.
mode { dip | dmac |
sip |smac | sxordip |
sxordmac }
11 Raisecom(config)#trun (Optional) configure the minimum number of
k group group-id min- active links in a LACP LAG.
active links
threshold

 Interfaces in a static LACP LAG can be in active or standby status. Both active
interfaces and standbys interface can receive/transmit LACP packets, but standby
interfaces cannot forward client packets.
 The system selects a default interface based on the following conditions in order:
whether its neighbour is discovered, maximum interface rate, highest interface
LACP priority, and smallest interface ID. The default interface is in active status.
Interfaces, which have the same rate, peer device, and operation key with the
default interface, are in active status. Other interfaces are in standby status.

Raisecom Technology Co., Ltd. 209


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7.1.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show Show local LACP interface status, tag, interface priority,
lacp internal administration key, operation key, and interface status of
the state machine.
2 Raisecom#show Show the peer LACP information, including tag, interface
lacp neighbor priority, device ID, Age, operation key value, interface
ID, and interface status of the state machine.
3 Raisecom#show Show interface LACP statistics, including total number of
lacp received/sent LACP packets, the number of received/sent
statistics Marker packets, the number of received/sent Marker
Response packets, the number of errored Marker
Response packets,
4 Raisecom#show Show global LACP enabling status of the local system,
lacp sys-id device ID, including system LACP priority and system
MAC address.
5 Raisecom#show Show configurations of all LAGs.
trunk

7.1.7 Example for configuring manual link aggregation

Networking requirements
As shown in Figure 7-1, to improve link reliability between Switch A and Switch B, you
should configure manual link aggregation for the two devices. Add Port 1 and Port 2 into a
LAG to create a logical interface. Member interfaces in the LAG share loads according to the
source MAC address.

Figure 7-1 Configuring manual link aggregation

Raisecom Technology Co., Ltd. 210


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Configuration steps
Step 1 Create a manual LAG.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#trunk group 1 port 1-2

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#trunk group 1 port 1-2

Step 2 Configure the load sharing mode for aggregated links.


Configure Switch A.

SwitchA(config)#trunk loading-sharing mode smac

Configure Switch B.

SwitchB(config)#trunk loading-sharing mode smac

Step 3 Enable link aggregation.


Configure Switch A.

SwitchA(config)#trunk enable

Configure Switch B.

SwitchB(config)#trunk enable

Checking results
Use the show trunk command to show global configurations on manual link aggregation.

Raisecom Technology Co., Ltd. 211


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

SwitchA#show trunk
Trunk: Enable
Loading sharing mode: SMAC
Trunk Group Mode Member Ports Efficient Ports
-----------------------------------------------------------
1 manual 1,2 1,2

7.1.8 Example for configuring static LACP link aggregation

Networking requirements
As shown in Figure 7-2, to improve link reliability between Switch A and Switch B, you can
configure static LACP link aggregation between these 2 devices. Add Port 1 and Port 2 into
one LAG, where Port 1 is used as the current link and Port 2 is the protection link.

Figure 7-2 Configuring static LACP link aggregation

Configuration steps
Step 1 Configure a static LACP LAG on Switch A and set Switch A to the active end.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#truck group 1 port 1-2 lacp-static
SwitchA(config)#lacp system-priority 1000
SwitchA(config)#trunk group 1 min-active links 1
SwitchA(config)#interface port 1
SwitchA(config-port)#lacp port-priority 1000
SwitchA(config-port)#exit
SwitchA(config)#trunk enable

Step 2 Configure a static LACP LAG on Switch B.

Raisecom#hostname SwitchB
SwitchB#config

Raisecom Technology Co., Ltd. 212


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

SwitchB(config)#truck group 1 port 1-2 lacp-static


SwitchB(config)#lacp system-priority 1000
SwitchB(config)#trunk enable

Checking results
Use the show trunk command on Switch A to show global configurations on static LACP
link aggregation.

SwitchA#show trunk
Trunk: Enable
Loading sharing mode: SMAC
Trunk Group Mode Member Ports Efficient Ports
-----------------------------------------------------------
1 static 1,2 --

Use the show lacp internal command on Switch A to show LACP interface status, flag,
interface priority, administration key, operation key, and interface status of the state machine
about the local system.

SwitchA#show lacp internal


Flags:
S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode
P - Device is in Passive mode
Port State Flags Port-Pri Admin-key Oper-key Port-State
---------------------------------------------------------------------
1 down FA 1000 0x1 0x1 0xF
2 down FA 32768 0x1 0x1 0xF

Use the show lacp neighbour command on Switch A to show LACP interface status, flag,
interface priority, administration key, operation key, and interface status of the state machine
about the peer system.

7.2 Interface backup


7.2.1 Introduction
In dual uplink networking, Spanning Tree Protocol (STP) is used to block the redundancy link
and implements backup. Though STP can meet users' backup requirements, but fails to meet
switching requirements. Though Rapid Spanning Tree Protocol (RSTP) is used, the
convergence is second level only. This is not a satisfying performance parameter for high-end
Ethernet switch which is applied to the Carrier-grade network core.

Raisecom Technology Co., Ltd. 213


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Interface backup, targeted for dual uplink networking, implements redundancy backup and
quick switching through working and protection links. It ensures performance and simplifies
configurations.
Interface backup is another solution of STP. When STP is disabled, you can realize basic link
redundancy by manually configuring interfaces. If the switch is enabled with STP, you should
disable interface backup because STP has provided similar functions.

Principles
Interface backup is realized by configuring the interface backup group. Each interface backup
group contains a primary interface and a backup interface. The link, where the primary
interface is, is called a primary link while the link, where the backup interface is, is called the
backup interface. Member interfaces in the interface backup group supports physical
interfaces and link aggregation groups. However, they do not support Layer 3 interfaces.
In the interface backup group, when an interface is in Up status, the other interface is in
Standby statue. At any time, only one interface is in Up status. When the Up interface fails,
the Standby interface is switched to the Up status.

Figure 7-3 Principles of interface backup


As shown in Figure 7-3, Port 1 and Port 2 on Switch A are connected to their uplink devices
respectively. The interface forwarding states are shown as below:
 Under normal conditions, Port 1 is the primary interface while Port 2 is the backup
interface. Port 1 and the uplink device forward packet while Port 2 and the uplink device
do not forward packets.
 When the link between Port 1 and its uplink device fails, the backup Port 2 and its uplink
device forward packets.
 When Port 1 restores normally and keeps Up for a period (restore-delay), Port 1 restores
to forward packets and Port 2 restores standby status.
When a switching between the primary interface and the backup interface occurs, the switch
sends a Trap to the NView NNM system.

Raisecom Technology Co., Ltd. 214


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Application of interface backup in different VLANs


By applying interface backup to different VLANs, you can enable two interfaces to share
service load in different VLANs, as shown in Figure 7-4.

Figure 7-4 Application of interface backup in different VLANs


In different VLANs, the forwarding status is shown as below:
 Under normal conditions, configure Switch A in VLANs 100–150.
 In VLANs 100–150, Port 1 is the primary interface and Port 2 is the backup interface.
 In VLANs 151–200, Port 2 is the primary interface and Port 1 is the backup interface.
 Port 1 forwards traffic of VLANs 100–150, and Port 2 forwards traffic of VLANs 151–
200.
 When Port 1 fails, Port 2 forwards traffic of VLANs 100–200.
 When Port 1 restores normally and keeps Up for a period (restore-delay), Port 1 forwards
traffic of VLANs 100–150, and Port 2 forwards VLANs 151–200.
Interface backup is used share service load in different VLANs without depending on
configurations of uplink switches, thus facilitating users' operation.

7.2.2 Preparing for configurations

Scenario
When STP is disabled, by configuring interface backup, you can realize redundancy backup
and fast switching of primary/backup link, and load sharing between different interfaces.
Compared with STP, interface backup not only ensures millisecond level fast switching, also
simplifies configurations.

Prerequisite
 Create VLANs.
 Add interfaces to VLANs.
 Disable STP.

Raisecom Technology Co., Ltd. 215


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7.2.3 Default configurations of interface backup


Default configurations of interface backup are as below.

Function Default value


Interface backup group Null
Restore-delay 15s
Restoration mode Interface connection mode (port-up)

7.2.4 Configuring basic functions of interface backup


Configure basic functions of interface backup for the ISCOM2828F as below.

Interface backup and STP, loopback detection, Ethernet ring, ELPS, and ERPS may
interfere with each other. Configuring any two of them concurrently on an interface is
not recommended.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config- Configure the interface backup
port)#switchport backup port group.
port-id [ vlanlist vlan-list ]
4 Raisecom(config-port)#exit Return to global configuration mode.
5 Raisecom(config)#switchport (Optional) configure the restore-delay
backup restore-delay period period.
6 Raisecom(config)#switchport (Optional) configure the restoration
backup restore-mode { disable | mode.
neighbor-discover | port-up }

 In an interface backup group, an interface is either a primary interface or a backup


interface.
 In a VLAN, an interface/ a LAG cannot be a member of two interface backup groups
simultaneously.
 If you configure a LAG as a member of a interface backup group, you need to
configure the member with the minimum interface ID in the LAG as the member of
the interface backup group. When the member interface is Up, it indicates that
some interface in the LAG is Up. When the member interface is Down, it indicates
that all interfaces in the LAG are Down.

Raisecom Technology Co., Ltd. 216


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7.2.5 (Optional) configuring FS on interfaces

 After Force switch (FS) is successfully configured, the primary/backup link will be
switched; namely, the current link is switched to the backup link (without considering
Up/Down status of the primary/backup interface). For example, when both the
primary interface and backup interface are in Up status, data are transmitted on the
primary link. In this situation, if you perform FS, the working link changes from the
primary link to the backup link.
 In the command, the backup interface ID is optional. If the primary interface is
configured with multiple interface backup groups, you should input the backup
interface ID.
Configure FS on interfaces for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- Configure FS on the interface.
port)#switchport backup
[ port port-id ] force-switch

7.2.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show Show related status information of interface backup,
switchport backup including restoration delay, restoration mode, and
interface backup groups.

7.2.7 Example for configuring interface backup

Networking requirements
When only link aggregation is configured, all VLAN data comes from only one interface,
where packet discarding occurs and services are impacted. In this situation, you can configure
two link aggregation groups to sharing VLAN data to two interfaces so that load balancing
can work and the protection feature of link aggregation groups can be inherited.
As shown in Figure 7-5, the PC accesses the server through switches. To realize a reliable
remote access from the PC to the server, configure an interface backup group on Switch A and
specify the VLAN list so that the two interfaces concurrently forward services in different
VLANs and share load. Configure Switch A as below:

Raisecom Technology Co., Ltd. 217


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

 Switch A is in VLANs 100–150. Port 1 is the primary interface and Port 2 is the backup
interface.
 Switch A is in VLANs 151–200. Port 2 is the primary interface and Port 1 is the backup
interface.
When Port 1 or its link fails, the system switches to the backup Port 2 to resume the link.
Switch A should support interface backup while Switch B, Switch C, and Switch D do not
need to support interface backup.

Figure 7-5 Configuring interface backup

Configuration steps
Step 1 Create VLANs 100–200 and add Port 1 and Port 2 to VLANs 100–200.

Raisecom#config
Raisecom(config)#create vlan 100-200 active
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm
Raisecom(config-port)#exit

Step 2 Set Port 1 to the primary interface and set Port 2 to the backup interface in VLANs 100–150.

Raisecom(config)#interface port 1
Raisecom(config-port)#switchport backup port 2 vlanlist 100-150
Raisecom(config-port)#exit

Raisecom Technology Co., Ltd. 218


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step 3 Set Port 2 to the primary interface and set Port 1 to the backup interface in VLANs 151–200.

Raisecom(config)#interface port 2
Raisecom(config-port)#switchport backup port 1 vlanlist 151-200

Checking results
Use the show switchport backup command to view status of interface backup under normal
or faulty conditions.
When both Port 1 and Port 2 are Up, Port 1 forwards traffic of VLANs 100–150, and Port 2
forwards traffic of VLANs 151–200.

Raisecom#show switchport backup


Restore delay: 15s.
Restore mode: port-up.
Active Port(State) Backup Port(State) Vlanlist
---------------------------------------------------------
1 (Up) 2 (Standby) 100-150
2 (Up) 1 (Standby) 151-200

Manually disconnect the link between Switch A and Switch B to emulate a fault. Then, Port 1
becomes Down, and Port 2 forwards traffic of VLANs 100–200.

Raisecom#show switchport backup


Restore delay: 15s
Restore mode: port-up
Active Port(State) Backup Port(State) Vlanlist
-----------------------------------------------------------------
1 (Down) 2 (Up) 100-150
2 (Up) 1 (Down) 151-200

When Port 1 resumes and keeps Up for 15s (restore-delay), it forwards traffic of VLANs 100–
150 while Port 2 forwards traffic of VLANs 151–200.

7.3 Failover
7.3.1 Introduction
Failover provides a port linkage scheme to extend the range of link backup. By monitoring
uplinks and synchronizing downlinks, add uplink and downlink interfaces to a failover group.
Therefore, the downlink devices can be informed of faults of uplink devices immediately to
trigger switching. Failover can be used to prevent traffic loss due to uplink failures.

Raisecom Technology Co., Ltd. 219


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Once all uplink interfaces fail, downlink interfaces are in Down status. When at least one
uplink interface recovers, downlink interface recovers to Up status. Therefore, faults of uplink
devices can be transmitted to the downlink devices immediately. Uplink interfaces are not
influenced when downlink interfaces fail.

7.3.2 Preparing for configurations

Scenario
When the uplink on the intermediate device fails, traffic cannot switch to the standby link if
downlink devices are not informed in time, and then the traffic transmission will be
interrupted.
Through failover, you can add the uplink and downlink interfaces on the intermediate device
into a failover group and monitor the uplink interface in real time. When all uplink interfaces
fails, downlink devices will be informed immediately to trigger switching.

Prerequisite
To configure failover, you need to:
 Connect the interface and configure its physical parameters.
 Make the physical layer of the interface Up.

7.3.3 Default configurations of failover


The default configuration of failover is as below.

Function Default value


Failover group Null

7.3.4 Configuring failover


Configure failover for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#lin Create the failover group and enable failover.
k-state-tracking
group group-number
{ upstream cfm-mepid
mep-id }
3 Raisecom(config)#int Enter physical layer interface configuration mode.
erface port port-id

Raisecom Technology Co., Ltd. 220


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


4 Raisecom(config- Configure the failover group of the interface and
port)#link-state- interface type. One interface can only belong to
tracking group one failover group and can be either the uplink
group-number interface or downlink interface.
{ downstream |
upstream } When the failover group is configured with CFM
network or G.8031 network in uplink, the
interface can be set to downlink interface only.

 One failover group can contain several uplink interfaces. Failover will not be
performed when at least one uplink interface is Up. Only when all uplink interfaces
are Down, failover occurs.
 In global configuration mode, use the no link-state-tracking group group-number
command to disable failover. The failover group will be deleted if there is no
interface in it.
 Use the no link-state-tracking group command to delete an interface from the
failover group in physical layer interface configuration mode. If there is no other
interface and failover is disabled, the failover group will be deleted when the
interface is deleted.

7.3.5 Checking configurations


Use the following commands to check configuration results.

Step Command Description


1 Raisecom#show link-state- Show configurations and status of the
tracking group group-number failover group.
2 Raisecom#show link-admin- Show interface Up/Down status
status port port-list configured on each functional module
on the interface.

7.3.6 Example for configuring failover

Networking requirements
As shown in Figure 7-6, to improve network reliability, Link 1 and Link 2 of Switch B are
connected to Switch A and Switch C respectively. Link 1 is the primary link and Link 2 is the
standby link. Link 2 will not be used to forward data until Link 1 is fault.
Switch A and Switch C are connected to the uplink network in link aggregation mode. When
all uplink interfaces of Switch A and Switch C fails, Switch B needs to sense fault in time
switches traffic to the standby link. Therefore, you should deploy failover on Switch A and
Switch C.

Raisecom Technology Co., Ltd. 221


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-6 Configuring failover

Configuration steps
Step 1 Configure failover on Switch A.
Create the failover group.

Raisecom#config
Raisecom(config)#link-state-tracking group 1

Add uplink interfaces to the failover group.

Raisecom(config)#interface port 1
Raisecom(config-port)#link-state-tracking group 1 upstream
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#link-state-tracking group 1 upstream
Raisecom(config-port)#exit

Add downlink interfaces to the failover group.

Raisecom(config)#interface port 3
Raisecom(config-port)#link-state-tracking group 1 downstream

Raisecom Technology Co., Ltd. 222


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step 2 Configure failover on Switch C.


Configurations are identical to the ones on Switch A.

Checking results
This guide takes configurations on Switch A for example.
Use the show link-state-tracking group command to show failover group configurations.

SwitchA#show link-state-tracking group 1


Link State Tracking Group: 1 (Enable)
Status: Normal
Fault type: None
Upsteam Mep: --
Upstream Interfaces:
Port 1(Up) Port 2(Up)
Downstream Interfaces:
Port 3(Up)

After all uplinks of Switch A fail, use the show link-state-tracking group command to show
failover group configurations. In this case, you can see that downlink Port 3 is disabled.

SwitchA#show link-state-tracking group 1


Link State Tracking Group: 1 (Enable)
Status: Failover
Fault type: Port-down
Upstream Mep: --
Upstream Interfaces:
Port 1(Down) Port 2(Down)
Downstream Interfaces:
Port 3(Disable)

7.4 STP
7.4.1 Introduction

STP
With the increasing complexity of network structure and growing number of switches on the
network, Ethernet network loops become the most prominent problem. Because of the packet
broadcast mechanism, network loop will make the network generate network storm, exhaust
network resources, and have serious impact to the normal data forwarding. The network storm
caused by network loops is shown as below.

Raisecom Technology Co., Ltd. 223


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-7 Network storm due to loopback


Spanning Tree Protocol (STP) is compliant to IEEE 802.1d standard and used to remove data
physical loop in data link layer in LAN.
The ISCOM2828F running STP can process Bridge Protocol Data Unit (BPDU) packet with
each other for the election of root switch and selection of root port and designated port. It also
can block loop interface on the ISCOM2828F logically according to the selection results,
eventually trimming the loop network structure to tree network structure without loop which
takes a ISCOM2828F as root, so as to prevent the continuous proliferation and limitless
circulation of packet in loop network from causing broadcast storm and avoid declining
packet processing capacity caused by receiving the same packets repeatedly.
The loop network diagram running STP is shown as below.

Raisecom Technology Co., Ltd. 224


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-8 Loop networking with STP


Although STP can eliminate loop network and prevent broadcast storm well, its shortcomings
are still gradually exposed with thorough application and development of network technology.
The major disadvantage of STP is the slow convergence speed.

RSTP
For improving the slow convergent speed of STP, IEEE 802.1w establishes Rapid Spanning
Tree Protocol (RSTP), which increases the mechanism to change interface blocking state to
forwarding state, speed up the topology convergence rate.
The purpose of STP/RSTP is to simplify a bridge connection LAN to a unitary spanning tree
in logical topology and so as to avoid broadcast storm.
The disadvantages of STP/RSTP are exposed with the rapid development of VLAN
technology. The unitary spanning tree simplified from STP/RSTP leads the below problems:
 The whole switched network has only one spanning tree, which will lead to longer
convergence time in a larger network.
 Waste of bandwidth since a link does not carry any flow after it is blocked;
 Packet of partial VLAN cannot be forwarded when network structure is unsymmetrical.
As shown below, Switch B is the root switch, RSTP blocks the link between Switch A
and Switch C logically and makes that the VLAN 100 packet cannot be transmitted and
Switch A and Switch C cannot communicate.

Raisecom Technology Co., Ltd. 225


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-9 VLAN packet forward failure due to RSTP

7.4.2 Preparation for configuration

Networking situation
In big LANs, multiple devices are concatenated for inter-access among hosts. They need to
enable STP to avoid loop among the devices, MAC address learning fault, and broadcast
storm and network down caused by quick copy and transmission of data frame. STP
calculation can block one interface in a broken loop and make sure that there is only one path
from data flow to destination host, which is also the best path.

Preconditions
Configure interface physical parameters to make it Up before configuring STP.

7.4.3 Default configurations of STP


Default configurations of STP are as below.

Function Default value


Global STP function status Disable
Interface STP function status Enable
STP priority of device 32768
STP priority of interface 128
Interface path cost 0
max-age timer 20s

Raisecom Technology Co., Ltd. 226


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Function Default value


hello-time timer 2s
forward-delay timer 15s

7.4.4 Enabling STP


Configure STP on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Enable STP.
enable

7.4.5 Configuring STP parameters


Configure STP enable for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree (Optional) configure the priority of
priority priority-value the ISCOM2828F.
3 Raisecom(config)#spanning-tree (Optional) configure the
root { primary | secondary } ISCOM2828F as the root or
backup device.
4 Raisecom(config)#interface port (Optional) configure the interface
port-id priority.
Raisecom(config-port)#spanning-
tree priority priority-value
5 Raisecom(config-port)#spanning- (Optional) configure path costs of
tree inter-path-cost cost-value the interface.
Raisecom(config-port)#exit
6 Raisecom(config)#spanning-tree (Optional) configure Hello Time.
hello-time value
7 Raisecom(config)#spanning-tree (Optional) configure maximum
transit-limit value transmission rate of interface.
8 Raisecom(config)#spanning-tree (Optional) configure the
forward-delay value forwarding delay.
9 Raisecom(config)#spanning-tree (Optional) configure the maximum
max-age value age.

Raisecom Technology Co., Ltd. 227


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7.4.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show spanning-tree Show basic configuration
[ detail ] information of STP.
2 Raisecom#show spanning-tree port- Show STP configuration on the
list port-list [ detail ] interface.

7.4.7 Example for configuring STP

Networking requirements
As shown below, Switch A, Switch B, and Switch C forms a ring network, so the loopback
problem must be solved in the situation of a physical ring. Enable STP on them, set the
priority of Switch A to 0, and path cost from Switch B to Switch A to 10.

Figure 7-10 STP application networking

Configuration steps
Step 1 Enable STP on Switch A, Switch B, and Switch C.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#spanning-tree enable
SwitchA(config)#spanning-tree mode stp

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config

Raisecom Technology Co., Ltd. 228


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

SwitchB(config)#spanning-tree enable
SwitchB(config)#spanning-tree mode stp

Configure Switch C.

Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#spanning-tree enable
SwitchC(config)#spanning-tree mode stp

Step 2 Configure interface mode on three switches.


Configure Switch A.

SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit

Configure Switch C.

SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 2
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit

Step 3 Configure priority of spanning tree and interface path cost.


Configure Switch A.

Raisecom Technology Co., Ltd. 229


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

SwitchA(config)#spanning-tree priority 0
SwitchA(config)#interface port 2
SwitchA(config-port)#spanning-tree inter-path-cost 10

Configure Switch B.

SwitchB(config)#interface port 1
SwitchB(config-port)#spanning-tree inter-path-cost 10

Checking results
Use the show spanning-tree command to view bridge status. Take Switch A for example.

SwitchA#show spanning-tree
Spanning-tree Admin State: enable
Spanning-tree protocol Mode: STP
BridgeId: Mac 000E.5E7B.C557 Priority 0
Root: Mac 000E.5E7B.C557 Priority 0 RootCost 0
Operational: HelloTime 2, ForwardDelay 15, MaxAge 20
Configured: HelloTime 2, ForwardDelay 15, MaxAge 20 TransmitLimit 3

Use the show spanning-tree port-list port-list command to view interface status. Take
Switch A for example.

SwitchA#show spanning-tree port-list 1,2


Port1
PortEnable: admin: enable oper: enable
Rootguard: disable
Loopguard: disable
ExternPathCost:10
EdgedPort: admin: auto oper: no BPDU Filter: disable
LinkType: admin: auto oper: point-to-point
Partner STP Mode: stp
Bpdus send: 279 (TCN<0> Config<279> RST<0> MST<0>)
Bpdus received:13 (TCN<13> Config<0> RST<0> MST<0>)
Instance PortState PortRole PortCost(admin/oper) PortPriority
-----------------------------------------------------------------
0 discarding disabled 200000/200000 0

Port2
PortEnable: admin: enable oper: enable
Rootguard: disable
Loopguard: disable
ExternPathCost:200000
EdgedPort: admin: auto oper: no BPDU Filter: disable
LinkType: admin: auto oper: point-to-point
Partner STP Mode: stp

Raisecom Technology Co., Ltd. 230


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Bpdus send: 279 (TCN<0> Config<279> RST<0> MST<0>)


Bpdus received:6 (TCN<6> Config<0> RST<0> MST<0>)
Instance PortState PortRole PortCost(admin/oper) PortPriority
-----------------------------------------------------------------
0 discarding disabled 10/10 0

7.5 MSTP
7.5.1 Introduction
Multiple Spanning Tree Protocol (MSTP) is defined by IEEE 802.1s. Recovering the
disadvantages of STP and RSTP, the MSTP realizes fast convergence and distributes different
VLAN flow following its own path to provide an excellent load sharing mechanism.
MSTP divides a switch network into multiple domains, called MST domain. Each MST
domain contains several spanning trees but the trees are independent one another. Each
spanning tree is called a Multiple Spanning Tree Instance (MSTI).
MSTP protocol introduces Common Spanning Tree (CST) and Internal Spanning Tree (IST)
concepts. CST refers to take MST domain as a whole to calculate and generate a spanning tree.
IST means to generate spanning tree in internal MST domain.
Compared with STP and RSTP, MSTP also introduces total root (CIST Root) and domain root
(MST Region Root) concepts. The total root is a global concept; all switches running
STP/RSTP/MSTP can only have one total root, which is the CIST Root. The domain root is a
local concept, which is relative to an instance in a domain. As shown below, all connected
devices only have one total root, and the number of domain root contained in each domain is
associated with the number of instances.

Raisecom Technology Co., Ltd. 231


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-11 Basic concepts of the MSTI network


There can be different MST instance in each MST domain, which associates VLAN and
MSTI by setting VLAN mapping table (relationship table of VLAN and MSTI). The concept
sketch map of MSTI is shown as below.

Raisecom Technology Co., Ltd. 232


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-12 MSTI concepts

Each VLAN can map to one MSTI; that is to say, data of one VLAN can only be
transmitted in one MSTI while one MSTI may correspond to several VLAN.
Compared with the previous STP and RSTP, MSTP has obvious advantages, including
cognitive ability of VLAN, load balance sharing ability, similar RSTP port status switching
ability as well as binding multiple VLAN to one MST instance to reduce resource occupancy
rate. In addition, MSTP running devices in network are also compatible with the devices
running STP and RSTP.

Raisecom Technology Co., Ltd. 233


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-13 Networking of multiple spanning trees instances in MST domain


Applying MSTP to the network as Figure 3-10 above, after calculation, there are two
spanning trees generated at last (two MST instances):
 MSTI1 takes Switch B as the root switch, forwarding packet of VLAN100.
 MSTI2 takes Switch F as the root switch, forwarding packet of VLAN200.
In this way, all VLANs can communicate at internal, different VLAN packets are forwarded
in different paths to share loading.

7.5.2 Preparation for configuration

Scenario
In big LAN or residential region aggregation, the aggregation devices will make up a ring for
link backup, at the same time avoid loop and realize service load sharing. MSTP can select
different and unique forwarding path for each one or a group of VLAN.

Prerequisite
Configure interface physical parameters to make it Up before configuring MSTP.

7.5.3 Default configurations of MSTP


Default configurations of MSTP are as below.

Raisecom Technology Co., Ltd. 234


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Function Default value


Global MSTP function status Disable
Interface MSTP function status Enable
Maximum hop count of MST domain 20
MSTP priority of device 32768
MSTP priority of interface 128
Path cost of interface 0

Maximum number of packets sent within each Hello time 3


Max Age timer 20s
Hello Time timer 2s
Forward Delay timer 15s
Revision level of MST domain 0

7.5.4 Enabling MSTP


Configure MSTP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Enable global STP.
enable

7.5.5 Configuring MST domain and its maximum hop count


You can set domain information for the ISCOM2828F when it is running in MSTP mode. The
device MST domain is decided by domain name, VLAN mapping table and configuration of
MSTP revision level. You can set current device in a specific MST domain through following
configuration.
MST domain scale is restricted by the maximum hop count. Starting from the root bridge of
spanning tree in the domain, the configuration message (BPDU) reduces 1 hop count once it
is forwarded passing a device; the ISCOM2828F discards the configuration message with hop
count 0. The device out of maximum hop count cannot join spanning tree calculation and then
restrict MST domain scale.
Configure MSTP domain and its maximum hop count for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Enter MST domain configuration
region-Command mode.

Raisecom Technology Co., Ltd. 235


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


3 Raisecom(config-region)#name Configure MST domain name.
name
4 Raisecom(config- Set revision level for MST domain.
region)#revision-level level-
value
5 Raisecom(config- Set mapping relationship from MST
region)#instance instance-id domain VLAN to instance.
vlan vlan-list
Raisecom(config-region)#exit
6 Raisecom(config)#spanning-tree Configure the maximum hop count for
max-hops hops-value MST domain.

The maximum hop count is MST domain maximum hop count if and only if the
configured device is root of the domain; other roots cannot configure this item
effectively.

7.5.6 Configuring root bridge/backup bridge


Two methods for MSTP root selection: one is to configure device priority and calculated by
STP to confirm the STP root bridge or backup bridge; the other is to assign MSTP root
directly by this command. When the root bridge has fault or power off, the backup bridge can
take the place of the root bridge for related instance. In this cast, if user has set new root
bridge, the backup bridge will not become the root bridge. If user has configured several
backup bridges for a spanning tree, once the root bridge stops working, MSTP will choose the
backup root with the smallest MAC address as new root bridge.

We do not recommend modifying the priority of any device on the network if you
adopt the method of directly assigning root bridge method; otherwise, the assigned
root bridge or backup bridge may be invalid.
Configure root bridge or backup bridge for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Set the ISCOM2828F as root
[ instance instance-id ] root bridge or backup bridge for a STP
{ primary | secondary } instance.

 You can confirm the effective instance of the root bridge or backup bridge through
the parameter instance instance-id. The current device will be assigned as the

Raisecom Technology Co., Ltd. 236


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

root bridge or backup bridge of CIST if the instance-id is 0 or parameter instance


instance-id is omitted.
 The roots in device instances are independent mutually, that is, they cannot only
be the root bridge or backup bridge of one instance, but also the root bridge or
backup bridge of other spanning tree instances. However, in the same spanning
tree instance, the same device cannot be used as the root bridge and backup
bridge at the same time.
 You cannot assign two or more root bridges for one spanning tree instance, but
can assign several backup bridges for one spanning tree. Generally speaking, you
had better assign one root bridge and several backup bridges for a spanning tree.

7.5.7 Configuring device interface and system priority


Whether the interface is selected as root interface can be judged by interface priority. Under
the identical condition, the smaller priority interface will be selected as root interface. An
interface may have different priorities and play different roles in different instances.
The device Bridge ID decides whether it can be selected as root of spanning tree. Configuring
smaller priority helps get smaller device Bridge ID and designate the ISCOM2828F as root. If
priority is identical, the ISCOM2828F with smaller MAC address will be selected as root.
Similar to configuring root and backup root, priority is independent mutually in different
instances. You can confirm priority instance through parameter instance instance-id.
Configure bridge priority for CIST if instance-id is 0 or parameter instance instance-id is
omitted.
Configure interface priority and system priority for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning-tree Set interface priority for a STP
[ instance instance-id ] priority instance.
priority-value
Raisecom(config-port)#exit
4 Raisecom(config)#spanning-tree Set system priority for a STP
[ instance instance-id ] priority instance.
priority-value

The value of priority must be multiples of 4096, like 0, 4096, 8192, etc. It is 32768 by
default.

7.5.8 Configuring network diameter for switch network


Network diameter indicates the nodes number on the path has the most device number in
switch network. In MSTP, network diameter is valid only to CIST, and invalid to MSTI
instance. No matter how many nodes in a path in one domain, it is considered as just one node.
Actually, network diameter should be defined as the domain number in the path crossing the
most domains. The network diameter is 1 if there is only one domain in the whole network.

Raisecom Technology Co., Ltd. 237


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

The maximum hop count of MST domain is used to restrict domain scale, while network
diameter is a parameter to denote the whole network scale. The bigger the network diameter is,
the bigger the network scale is.
Similar to the maximum hop count of MST domain, if and only if configuring the
ISCOM2828F as CIST root device, this configuration is effective. MSTP will automatically
set Hello Time, Forward Delay and Max Age parameters to a privileged value by calculation
when configuring network diameter.
Configure network diameter for switch network for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Configure diameter for switch
bridge-diameter bridge-diameter- network.
value

7.5.9 Configuring inner path overhead for interfaces


When selecting root port and designated port, the smaller the interface path cost is, the easier
it is to be selected as root port or designated port. Inner path costs of interface are
independently mutually in different instances. You can configure inner path cost for instance
through parameter instance instance-id. Configure inner path cost of interface for CIST if
instance-id is 0 or parameter instance instance-id is omitted.
By default, interface cost often depends on the physical features:
 10 Mbit/s: 2000000
 100 Mbit/s: 200000
 1000 Mbit/s: 20000
 10 Gbit/s: 2000
Configure inner path cost for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning- Configure inner path cost for
tree [ instance instance-id ] interface.
inter-path-cost cost-value

7.5.10 Configuring external path cost for interface


External path cost is the cost from the device to CIST root, which is equal in the same domain.
Configure external path cost for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 238


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning- Configure external path cost for
tree extern-path-cost cost- interface.
value

7.5.11 Configuring maximum transmission rate for interface


Interface maximum transmission rate means MSTP permitted transmitting maximum BPDU
number in each Hello Time. This parameter is a relative value and no unit. The bigger the
parameter is configured, the more packets are permitted to transmit in a Hello Time, the more
device resource it takes up. The same to time parameter, only root device configuration is
valid.
Configure interface maximum transmission rate for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Configure the transmission rate of
transit-limit value the interface.

7.5.12 Configuring MSTP timer


 Hello Time: the ISCOM2828F sends the time interval of bridge configuration
information (BPDU) regularly to check whether there is failure in detection link of
device. The ISCOM2828F sends hello packets to other devices around in Hello Time to
check if there is fault in the link. The default value is 2 seconds, and user can adjust the
interval value according to network condition. Reduce the interval when network link
changes frequently to enhance the stability of STP; by contrary, increasing interval value
will reduce system CPU resource occupation rate for STP.
 Forward Delay: time parameter to ensure the safe remove of device status. Link fault
leads to network re-calculate spanning tree, but the new configuration message
recalculated cannot be transmitted to the whole network immediately. There may be
temporary loop if the new root port and designated port start transmitting data at once.
This protocol adopts status remove system: before root port and designated interface
starting data forwarding, it needs a medium status (learning status), after delay for the
interval of Forward Delay, it enters forwarding status. The delay guarantees the new
configuration message to be transmitted through whole network. You can adjust the
delay value according to real condition, reduce it when network topology changes
infrequently and increase it in opposite.
 Max Age: the bridge configuration information used by STP has a life time that is used
to judge whether the configuration information is outdated. The ISCOM2828F will
discard outdated information and STP will recalculate spanning tree. The default value is
20 seconds. Too small age value may cause the frequent re-calculation of spanning tree,
while too bigger age value will make STP not adapt network topology change timely.

Raisecom Technology Co., Ltd. 239


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

All devices in the whole switch network adopt the three time parameters on CIST root device,
so only the root device configuration is valid.
Configure timer for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Set Hello Time.
hello-time value
3 Raisecom(config)#spanning-tree Set Forward Delay.
forward-delay value
4 Raisecom(config)#spanning-tree Set Max Age.
max-age value

7.5.13 Configuring edge interface


The edge interface indicates the interface neither direct connects to any devices nor indirect
connect to any device via network.
The edge port can change the interface status to forward quickly without any waiting time.
You had better set the Ethernet interface connected to user client as edge port to make it quick
to change to forward status.
The edge interface attribute depends on actual condition when it is in auto-detection mode;
the real port will change to false edge interface after receiving BPDU when it is in force-true
mode; when the interface is in force-false mode, whether it is true or false edge port in real
operation, it will maintain the force-false mode until the configuration is changed.
By default, all interfaces on the ISCOM2828F are set in auto-detection attribute.
Configure the edge interface for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning-tree Configure RSTP edge port
edged-port { auto | force-true | attributes.
force-false }

7.5.14 Configuring STP/MSTP mode switching


When STP is enabled, three spanning tree modes are supported as below:
 STP compatible mode: the ISCOM2828F does not implement fast switching from the
replacement interface to the root interface and fast forwarding by a specified interface;
instead it sends STP configuration BPDU and STP Topology Change Notification (TCN)
BPDU. After receiving MST BPDU, it discards unidentifiable part.
 MSTP mode: the ISCOM2828F sends MST BPDU. If the peer device runs STP, the
local interface is switched to STP compatible mode. If the peer device runs MSTP, the

Raisecom Technology Co., Ltd. 240


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

local interface remains in RSTP mode, and process packets as external information of
domain.
Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#spanning-tree Configure spanning tree mode.
mode { stp | rstp | mstp }

7.5.15 Configuring link type


The point-to-point link connected interface can quickly changes to forward status by
transmitting synchronization packet. By default, MSTP set interface link type according to
duplex mode. Full-duplex interface is considered as point-to-point link, half-duplex interface
is considered as shared link.
You can configure current Ethernet interface to connect point-to-point link by force, but it
will go wrong if the link is not point-to-point. Generally, user had better set this item in auto
status and the system will automatically detect whether the interface is connected to point-to-
point link.
Configure link type for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning-tree Configure link type for interface.
link-type { auto | point-to-point |
shared }

7.5.16 Configuring root interface protection


Network will select bridge again when it receives packet from higher priority, which will
influent network connectivity and also consume CPU resource. For MSTP network, if
someone sends higher priority BPDU packets, the network may become unstable for the
continuous election. Generally, each bridge priority has already configured in network
programming. The nearer to edge, the lower the bridge priority is. So the down-bound
interface cannot receive the packets higher than bridge priority only if someone attacks. For
these interfaces, user can enable rootguard function to refuse to deal with packet higher than
bridge priority and meanwhile block the interface for a period to prevent other attacks from
attack source to damage the upper layer link.
Configure root interface protection for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 241


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning- Configure root interface protection.
tree rootguard { enable |
disable }

7.5.17 Configuring interface loopguard


The spanning tree has two functions: loopguard and link backup. Loopguard requires carving
up topology network into tree structure. There must be redundant link in topology if requiring
link backup. Spanning tree can avoid loop by blocking the redundant link and enable link
backup function by opening redundant link when the link breaks down.
Spanning tree module exchanges packets periodically, and the link has failed if it has not
received packet in a period. Then select a new link and enable backup interface. In actual
network application, the packet cannot be received not only for link fault, then at this time,
enable backup interface may lead to loop link.
Purpose of loopguard is to keep the original interface status when it cannot receive packet in a
period.
Loopguard and link backup functions are exclusive, loopguard requires disabling link backup
to avoid loop.
Configure interface loop protection for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning- Configure interface loopguard
tree loopguard { enable | attributes.
disable }

7.5.18 Executing mcheck operation


Interface on MSTP device has two working modes: STP compatible mode and MSTP mode.
Suppose the interface of MSTP device in a switch network is connected to the ISCOM2828F
running STP, the interface will change to work in STP compatible mode automatically. But
the interface cannot change to work in MSTP mode if the ISCOM2828F running STP is
removed, i.e. the interface still works in STP compatible mode. You can execute the mcheck
command to force the interface working in MSTP mode. If the interface receives new STP
packet again, it will return to STP compatible mode.
Configure the ISCOM2828F to execute mcheck operation as below.

Raisecom Technology Co., Ltd. 242


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface port Enter physical layer interface
port-id configuration mode.
3 Raisecom(config-port)#spanning- Execute mcheck operation, force to
tree mcheck remove interface to MSTP mode.

7.5.19 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show spanning-tree Show basic configurations of STP.
2 Raisecom#show spanning-tree Show configurations of spanning tree on
[ instance instance-id ] port- the interface.
list port-list [ detail ]
3 Raisecom#show spanning-tree Show MST domain operation
region-operation information.
4 Raisecom(config-region)#show Show MST domain configuration
spanning-tree region-Command information.

7.5.20 Maintenance
Maintain the ISCOM2828F as below.

No. Command Description


1 Raisecom(config-port)#spanning- Clear statistics of spanning tree on
tree clear statistics the interface.

7.5.21 Example for configuring MSTP

Networking requirements
As shown below, three ISCOM2828F devices are connected to form a ring network through
MSTP, with the domain name aaa. Switch B, connected with a PC, belongs to VLAN 3.
Switch C, connected with another PC, belongs to VLAN 4. Instant 3 is related to VLAN 3.
Instant 4 is related to VLAN 4. Configure the path cost of instance 3 on Switch B so that
packets of VLAN 3 and VLAN 4 are forwarded respectively in two paths, which eliminates
loopback and implements load balancing.

Raisecom Technology Co., Ltd. 243


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Figure 7-14 MSTP application networking

Configuration steps
Step 1 Create VLAN 3 and VLAN 4 on Switch A, Switch B, and switch C respectively, and activate
them.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 3-4 active

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 3-4 active

Configure Switch C.

Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#create vlan 3-4 active

Step 2 Configure Port 1 and Port 2 of Switch A to allow all VLAN packets to pass in Trunk mode.
Configure Port 1 and Port 2 of Switch B to allow all VLAN packets to pass in Trunk mode.

Raisecom Technology Co., Ltd. 244


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Configure Port 1 and Port 2 of Switch C to allow all VLAN packets to pass in Trunk mode.
Configure Port 3 and Port 4 of Switch B and Switch C to allow packets of VLAN 3 and
VLAN 4 to pass in Access mode.
Configure Switch A.

SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport access vlan 3
SwitchB(config-port)#exit
SwitchB(config)#interface port 4
SwitchB(config-port)#switchport access vlan 4
SwitchB(config-port)#exit

Configure Switch C.

SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 2
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 3
SwitchC(config-port)#switchport access vlan 3
SwitchC(config-port)#exit
SwitchC(config)#interface port 4
SwitchC(config-port)#switchport access vlan 4
SwitchC(config-port)#exit

Step 3 Set spanning tree mode of Switch A, Switch B, and Switch C to MSTP, and enable STP.
Enter MSTP configuration mode, and set the domain name to aaa, revised version to 0. Map
instance 3 to VLAN 3, and instance 4 to VLAN 4. Exist from MST configuration mode.
Configure Switch A.

Raisecom Technology Co., Ltd. 245


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

SwitchA(config)#spanning-tree mode mstp


SwitchA(config)#spanning-tree enable
SwitchA(config)#spanning-tree region-Command
SwitchA(config-region)#name aaa
SwitchA(config-region)#revision-level 0
SwitchA(config-region)#instance 3 vlan 3
SwitchA(config-region)#instance 4 vlan 4

Configure Switch B.

SwitchB(config)#spanning-tree mode mstp


SwitchB(config)#spanning-tree enable
SwitchB(config)#spanning-tree region-Command
SwitchB(config-region)#name aaa
SwitchB(config-region)#revision-level 0
SwitchB(config-region)#instance 3 vlan 3
SwitchB(config-region)#instance 4 vlan 4
SwitchB(config-region)#exit

Configure Switch C.

SwitchC(config)#spanning-tree mode mstp


SwitchC(config)#spanning-tree enable
SwitchC(config)#spanning-tree region-Command
SwitchC(config-region)#name aaa
SwitchC(config-region)#revision-level 0
SwitchC(config-region)#instance 3 vlan 3
SwitchC(config-region)#instance 4 vlan 4

Step 4 Set the inner path coast of Port 2 of spanning tree instance 3 to 500000 on Switch B.

SwitchB(config)#interface port 1
SwitchB(config-port)#spanning-tree instance 3 inter-path-cost 500000

Checking results
Use the show spanning-tree region-operation command to show configurations of the MST
domain.

Raisecom#show spanning-tree region-operation


Operational Information:
-----------------------------------------------
Name: aaa
Revision level: 0

Raisecom Technology Co., Ltd. 246


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Instances running: 3
Digest: 0X7D28E66FDC1C693C1CC1F6B61C1431C4
Instance Vlans Mapped
-------- ----------------------
0 1,2,5-4094
3 3
4 4

Use the show spanning-tree instance 3 command to check whether basic information about
spanning tree instance 3 is correct.
 Switch A

SwitchA#show spanning-tree instance 3


Spanning-tree admin state: enable
Spanning-tree protocol mode: MSTP
MST ID: 3
-----------------------------------------------------------
BridgeId: Mac 0000.0000.0001 Priority 32768
RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost 0
PortId PortState PortRole PathCost PortPriority LinkType TrunkPort
-------------------------------------------------------------------------
1 forwarding designated 200000 128 point-to-point no
2 forwarding designated 200000 128 point-to-point no

 Switch B

SwitchB#show spanning-tree instance 3


Spanning-tree admin state: enable
Spanning-tree protocol mode: MSTP
MST ID: 3
-----------------------------------------------------------
BridgeId: Mac 0000.0000.0002 Priority 32768
RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost
500000
PortId PortState PortRole PathCost PortPriority LinkType TrunkPort
-------------------------------------------------------------------------
1 discarding alternate 500000 128 point-to-point no
3 forwarding root 200000 128 point-to-point no

 Switch C

SwitchC#show spanning-tree instance 3


Spanning-tree admin state: enable
Spanning-tree protocol mode: MSTP
MST ID: 3
-----------------------------------------------------------

Raisecom Technology Co., Ltd. 247


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

BridgeId: Mac 0000.0000.0003 Priority 32768


RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost
200000
PortId PortState PortRole PathCost PortPriority LinkType TrunkPort
-------------------------------------------------------------------------
2 forwarding root 200000 128 point-to-point no
3 forwarding designated 200000 128 point-to-point no

Use the show spanning-tree instance 4 command to check whether basic information about
spanning tree instance 4 is correct.
 Switch A

SwitchA#show spanning-tree instance 4


Spanning-tree admin state: enable
Spanning-tree protocol mode: MSTP
MST ID: 4
-----------------------------------------------------------
BridgeId: Mac 000E.5E00.0000 Priority 32768
RegionalRoot: Mac 000E.5E00.0000 Priority 32768 InternalRootCost 0
Port PortState PortRole PathCost PortPriority LinkType TrunkPort
-------------------------------------------------------------------------
1 discarding disabled 200000 128 point-to-point yes
2 disabled disabled 200000 128 point-to-point yes

 Switch B

SwitchB#show spanning-tree instance 4


Spanning-tree admin state: enable
Spanning-tree protocol mode: MSTP
MST ID: 4
-----------------------------------------------------------
BridgeId: Mac 0000.0000.0002 Priority 32768
RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost
200000
PortId PortState PortRole PathCost PortPriority LinkType TrunkPort
-------------------------------------------------------------------------
1 forwarding root 200000 128 point-to-point no
3 forwarding designated 200000 128 point-to-point no

 Switch C

SwitchC#show spanning-tree instance 4


Spanning-tree admin state: enable
Spanning-tree protocol mode: MSTP

Raisecom Technology Co., Ltd. 248


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

MST ID: 4
-----------------------------------------------------------
BridgeId: Mac 0000.0000.0003 Priority 32768
RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost
200000
PortId PortState PortRole PathCost PortPriority LinkType TrunkPort
-------------------------------------------------------------------------
2 forwarding root 200000 128 point-to-point no
3 discarding alternate 200000 128 point-to-point no

7.6 ERPS
7.6.1 Introduction
Ethernet Ring Protection Switching (ERPS) is an APS protocol over ITU-T G.8032
recommendation. It is specially used in Ethernet ring link protocol. Generally, ERPS can
avoid broadcast storm caused by data loopback. When Ethernet has loop or device
malfunction, ERPS can switch the link to backup link and ensure service restore quickly.
ERPS takes the control VLAN in ring network to transmit ring network control information
and meanwhile, combining with the topology feature of ring network to discover network
fault quickly and enable backup link to restore service fast.

7.6.2 Preparing for configurations

Scenario
With the development of Ethernet to telecom level network, voice and video multicast
services bring forth higher requirements on Ethernet redundant protection and fault-restore
time. The fault-restore convergent time of current STP system is in second level that is far
away to meet requirement. ERPS can blocks a loop to avoid broadcast storm by defining
different roles in the ring under normal situations. ERPS can switch the service link to backup
link if the ring link or node faults and remove loop, perform fault protection switch and
automatic fault restore, what's more, the protection switching time is lower than 50ms. It
supports single ring, crossed rings and tangent rings networking modes.
ERPS supports fault detection in two modes:
 Fault detection based on physical interface status: to get link fault and switching quickly,
available to neighbor devices
 Fault detection based on CFM: used in unidirectional fault detection or on multiple
devices

Prerequisite
 Connect interface and configure physical parameters for it, the interface is Up at physical
layer.
 Create a VLAN, and add interfaces to the VLAN.

Raisecom Technology Co., Ltd. 249


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

 CFM detection is configured between devices which are set to neighbor relations (for
CFM mode).

7.6.3 Default configurations of ERPS


Default configurations of ERPS are as below.

Function Default value


Protocol VLAN 1
Protection ring Revertive mode
Protocol version 1
Ring WTR timer 5min
Guard timer 500ms
Ring HOLDOFF timer 0
ERPS fault information reported to network management system Disable

Subring virtual path mode in intersecting node with mode

Ring Propagate switch in intersecting node Disable


Fault detection mode Physical interface

7.6.4 Creating ERPS ring

 Only one device can be configured as the RPL (Ring Protection Link) Owner in a
ring, and one device as the RPL Neighbour, other devices can only be configured
as ring forwarding node.
 Tangent ring can be taken as two independent rings in fact, the configuration is
identical to common single ring; intersecting rings has a master ring and a sub-
ring, the configurations please refer to the section 7.6.5 (Optional) creating ERPS
sub-ring.
Configure ERPS for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 250


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


2 Raisecom(config)#ethernet Create a ring and configure a node as the
ring-protection ring-id east RPL Owner.
{ port port-id | port-channel
port-channel-number } west By default, protocol VLAN is 1. The
{ port port-id | port-channel range of the blocked service VLAN is 1-
port-channel-number } [ node- 4094.
type rpl-owner rpl { east | Protection ring changes to non-revertive
west } ] [ not-revertive ] mode if it is configured by the not-
[ protocol-vlan vlan-id ] revertive parameter. Flow is switeched
[ block-vlanlist vlan-list ] back to the working line from the
protection line after the current link fault
restores in revertive mode. However, it
does not switch in non-revertive mode.

The east-bound and western-bound


interface cannot be identical.
Raisecom(config)#ethernet Create a ring and configure a node as the
ring-protection ring-id east RPL Neighbour.
port port-id west port port-
id node-type rpl-neighbour
rpl { east | west} [ not-
revertive ] [ protocol-vlan
vlan-id ] [ block-vlanlist
vlan-list ]
Raisecom(config)#ethernet Create a ring and configure a node as the
ring-protection ring-id east ring forwarding node.
port port-id west port port-
id [ not-revertive ]
[ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
3 Raisecom(config)#ethernet (Optional) configure the name of the
ring-protection ring-id name ring. The length of the name cannot
string exceed 32 strings.
4 Raisecom(config)#ethernet (Optional) configure protocol version.
ring-protection ring-id All nodes in one ring must be consistent,
version { 1 | 2 } version 1 differentiate ring via protocol
VLAN, so different rings need configure
different protocol VLAN, and so do
version 2.
5 Raisecom(config)#ethernet (Optional) during the restore time of the
ring-protection ring-id fault node after configuring Guard timer,
guard-time guard-time APS protocol packets will not be
processed.
In some big ring network, restoring the
network immediately after the fault node
restores may cause fault notice sent from
the neighbor node and the link Down.
Configuring Guard timer can solve this
problem.

Raisecom Technology Co., Ltd. 251


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


6 Raisecom(config)#ethernet (Optional) configure ring WTR timer.
ring-protection ring-id wtr-
time wtr-time In revertive mode, data flow switches to
the working line after the fault restores
only when the WTR timer expires.
7 Raisecom(config)#ethernet ((Optional) system delays the fault report
ring-protection ring-id when the working line fails after
holdoff-time holdoff-time configuring ring HOLDOFF timer, that
is, switch to the protection line after the
delay to avoid too frequent switching due
to the link oscillation.

50ms switching performance will be


affected by HOLDOFF timer value if
it is too big, so it is 0 by default.
8 Raisecom(config)#ethernet (Optional) enable ERPS fault information
ring-protection trap enable to be reported to NMS.

7.6.5 (Optional) creating ERPS sub-ring

 Only the intersecting rings network contains master ring and sub-ring.
 The master ring configuration is identical to the configuration of single ring or
tangent ring. For details, see section 7.6.4 Creating ERPS ring.
 Un-crossed node on sub-ring is identical to configuration of single ring or tangent
ring; see section 7.6.4 Creating ERPS ring for details.
Configure ERPS intersecting rings for ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 252


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


2 Raisecom(config)#ethernet Create a sub-ring and configure a node as RPL
ring-protection ring-id Owner on crossover node.
east { port port-id |
port-channel port- Protection ring changes to non-revertive mode
channel-number } west if it is configured by the not-revertive
{ port port-id | port- parameter. Flow is switched back to the
channel port-channel- working line from the protection line after the
number } [ node-type rpl- current link fault restores in revertive mode.
owner rpl { east | However, it does not switch in non-revertive
west } ] [ not- mode.
revertive ] [ protocol-
vlan vlan-id ] [ block-
vlanlist vlan-list ]
The link between two crossover nodes in
intersecting rings belongs to a master
ring, so either east-bound or wester-
bound interface can be configured for
sub-ring.
Raisecom(config)#ethernet Create a sub-ring and configure a node as RPL
ring-protection ring-id Neighbour on crossover nodes.
east port port-id west
port port-id node-type
rpl-neighbour rpl { east
| west} [ not-revertive ]
[ protocol-vlan vlan-id ]
[ block-vlanlist vlan-
list ]
Raisecom(config)#ethernet Create a sub-ring and configure a node as ring
ring-protection ring-id forwarding node on crossover nodes.
{ east | west } { port
port-id | port-channel
port-channel-number }
[ not-revertive ]
[ protocol-vlan vlan-id ]
[ block-vlanlist vlan-
list ]
3 Raisecom(config)#ethernet (Optional) configure a sub-ring virtual path
ring-protection ring-id mode on the crossover node. Protocol packets
raps-vc { with | transmitting in sub-ring is different from the
without } master ring, including the with mode and
without mode:
 with: the primary ring transmits sub-ring
protocol packets.
 without: the sub-ring protocol VLAN
transmits sub-ring protocol packets, so it
cannot be included in the blocked VLAN list.
Configuration modes of two crossover nodes
must be consistent.

Raisecom Technology Co., Ltd. 253


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


4 Raisecom(config)#ethernet Enable ring Propagate switch on the crossover
ring-protection ring-id node.
propagate enable
Sub-ring data needs to be forwarded by the
master ring, so the sub-ring MAC address table
also exists in master ring device. When sub-
ring has fault, Propagate switch notifies master
ring to refresh MAC address table in time and
avoid flow lost.
By default, disable Propagate switch. The
ethernet ring-protection ring-id propagate
disable command can disable this function.

7.6.6 Configuring ERPS fault detection


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet Configure physical interface fault detection
ring-protection ring-id mode.
{ east | west } failure-
detect physical-link
Raisecom(config)#ethernet Configure Continuity Check (CC) fault
ring-protection ring-id detection mode. The fault detection mode will
{ east | west } failure- not take effect unless CFM is configured. MA
detect cc [ md md-name ] must under md level if MD is configured.
ma ma-name level level mep
local-mep-id remote-mep-id
Raisecom(config)#ethernet Configure fault detection mode as physical
ring-protection ring-id interface or CC. Namely, the system reports
{ east | west } failure- fault either in physical link or CC mode. The
detect physical-link-or-cc fault detection mode will not take effect
[ md md-name] ma ma-name unless CFM is configured. MA must under
level level mep local-mep- md level if MD is configured.
id remote-mep-id

7.6.7 (Optional) configuring ERPS switching control

By default, flow will switch to protection link when current link is fault. Thus ERPS is
needed in some special conditions.
Configure ERPS for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 254


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet Forcibly switch flow on the ring to east or
ring-protection ring-id west.
force-switch { east |
west }
3 Raisecom(config)#ethernet Manually switch flow on the ring to east or
ring-protection ring-id west.
manual-switch { east |
west } It has a lower priority than FS or Automatical
Switch (AS) upon faults on the current link.
4 Raisecom(config)#clear Clear switch control commands, including
ethernet ring-protection force-switch and manual-switch.
ring-id command

7.6.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ethernet ring- Show ERPS ring configuration.
protection
2 Raisecom#show ethernet ring- Show ERPS ring status
protection status information.
3 Raisecom#show ethernet ring- Show ERPS ring statistics.
protection statistics

7.6.9 Maintenance
Maintain the ISCOM2828F as below.

No. Command Description


1 Raisecom(config)#clear ethernet Clear the effect of ring switching
ring-protection ring-id command control commands (force-switch
and manual-switch)
2 Raisecom(config)#clear ethernet Clear protection ring statistic
ring-protection ring-id statistics information.

Raisecom Technology Co., Ltd. 255


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7.7 RRPS
7.7.1 Introduction
With the development of Ethernet to the MAN, voice, video and multicast service has come
up with higher requirements to the Ethernet redundancy protection and fault recovery time.
The fault recovery convergence time of original STP mechanism is in the second level, which
is far to meet the fault recovery time requirements of MAN.
Raisecom Ring Protection Switching (RRPS) technology is RAISECOM independent
research and development protocol, which can ensure that there is data loop in Ethernet by
blocking some interface on the ring. RRPS solves the problems of weak protection to
traditional data network and long time to fault recovery, which, in theory, can provide 50ms
rapid protection features.
As shown below, blocked interface node is the master node, other nodes are transmission
nodes. The master node generates by election. Each node can specify one loop interface as the
first interface, the other as the second interface. The master node usually sends Hello packets
periodically from the first interface and receives Hello packet sent by itself in the second
interface under the circumstance of complete Ethernet ring. Then the master node will block
the first interface immediately to ensure there is no loop when the ring network is in a
complete state. For the other nodes on the RRPS, the first interface No. and the second
interface No. play the same role basically.
RRPS generates master node by the election, so each node needs to collect device information
on RRPS, only the right collection leads to correct election. Topology collection is completed
by Hello packets, which contain all nodes information the node collected from the other
interface. The normal state of RRPS is shown below.

Figure 7-15 RRPS in normal status


According to the interface state of node ring, the ring node state can be divided into three
types:
 Down: At least one of the two RRPS node interfaces is Down, then the node is Down.
 Block: At least one of the two RRPS node interfaces is Block, then the node is Block.
 Two-Forwarding: Both RRPS node interfaces are Forwarding, then the node is Two-
Forwarding.
The election rules of master node are as follows:

Raisecom Technology Co., Ltd. 256


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

 In all nodes on the ring, node with Down state is prior for master node, followed by
Block and Two-Forward.
 If the nodes are in the same state, the node with high-priority Bridge is master node.
 If the nodes have the same state and priority, the node with large MAC address is master
node.
Interface Block rules:
 All Link Down interfaces are Block.
 If the node is not master node, all Link Up ring interfaces are Forwarding.
 If the node is master node, then one of two interfaces is Block, the other is Forwarding.
Rules are as follows:
– Both interfaces are Up, the Block is the first interface;
– If one interface is Down, then Block this interface.
The RRPS link failure is shown below.

Figure 7-16 RRPS in switching status


Once there is link failure (such as link break), the failure adjacent node or interface will check
the fault immediately and send link failure packets to master node. The master node will
enable the first interface once receiving the packets, in the meantime, send packets to notify
other transmission nodes about the link failure and inform them to change transmission
direction. The data flow will be switched to normal link after the transmission nodes updating
forwarding entry.
When the failed link is restored, the failed node does not enable the blocked port immediately
until the new topology collection is stable. The origin node will find itself the master node,
after some delay, it will block his first interface, and send Change packets to notify the failed
node enabling the blocked interface.

Raisecom Technology Co., Ltd. 257


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7.7.2 Preparing for configurations

Scenario
As a Metro Ethernet technology, Ethernet ring solves the problems of weak protection to
traditional data network and long time to fault recovery, which, in theory, can provide 50ms
rapid protection features and is compatible with traditional Ethernet protocol, is an important
technology options and solutions of metro broadband access network optimization
transformation.
RRPS technology is Raisecom independent research and development protocol, which
through simple configuration achieves the elimination of ring loop, fault protection switching,
and automatic fault recovery function and makes the fault protection switching time less than
50ms.
RRPS technology supports both single-ring and tangent ring networking modes, but not
intersecting ring networking. Tangent ring is actually two separate single rings, which has the
same configuration with common single ring.

Preconditions
Before configuring RRPS, configure physical parameters of the interface and make the
interface physical layer Up.

7.7.3 Default configurations of RRPS


Default configurations of of RRPS are as below.

Function Default value


RRPS status Disable
Hello packets transmitting time 1s
Fault recovery delay 5s
RRPS description information Ethernet ring X; X indicates RRPS ID.
Bridge priority 1
Ring interface aging time 15s
Ring protocol packets VLAN 2

7.7.4 Creating RRPS


Create a RRPS as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 258


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode. This interface is the
first interface of ring node.
3 Raisecom(config- Create ring and configure corresponding
port)#ethernet ring ring-id ring interface. This interface is the second
secondary-interface-number interface of ring node.
4 Raisecom(config-port)#exit Enable Ethernet ring.
Raisecom(config)#ethernet
ring ring-id enable

7.7.5 Configuring basic functions of RRPS

 For all devices on a ring, we recommend configuring the fault recovery time,
interval for Hello packets, ring protocol VLAN, and aging time of the ring interface
separately with the same value
 The aging time of interfaces must be twice greater than the Hello time.
Configure the basic function of RRPS on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet (Optional) configure Hello packets
ring ring-id hello-time transmitting time for RRPS.
hello-time
3 Raisecom(config)#ethernet (Optional) configure fault recovery delay for
ring ring-id restore-delay RRPS. The link can be restored to the
delay-time original current link until the recovery delay
expires.
4 Raisecom(config)#ethernet (Optional) configure bridge priority for
ring ring-id priority RRPS.
priority
5 Raisecom(config)#ethernet (Optional) configure ring description
ring ring-id description information. It should be within 32
string characters.
6 Raisecom(config)#ethernet (Optional) configure interface aging time for
ring ring-id hold-time RRPS. If RRPS interface has not received
hold-time Hello packets in aging time, age this
interface and consider that the link circuit on
link ring has fault. If the node interface is in
Block state, it will enable the blocked
interface temporarily to ensure the normal
communication of all nodes on RRPS.

Raisecom Technology Co., Ltd. 259


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

Step Command Description


7 Raisecom(config)#ethernet (Optional) configure RRPS VLAN.
ring ring-id protocol-vlan
vlan-id
8 Raisecom(config)#ethernet (Optional) configure RRPS uplink interface
ring upstream-group group- group.
list

The uplink interface group must be


used with failover. It supports dual
homing topology.
The uplink interface group corresponds
to the failover group in one-to-one
relationship.

Master node election: at the beginning, all nodes consider themselves the master
node, one of two interfaces is Block, so no data loop on the ring; when two interfaces
on the ring node receive the same Hello packets for many times, the node considers
that the ring topology is stable and can elect master node. Other nodes will not
enable the blocked interface, usually only one master node, which ensures only one
blocked interface, and ensures the connectivity of the nodes on the ring.

7.7.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ethernet Show RRPS information.
ring [ ring-id ]
2 Raisecom#show ethernet Show RRPS interface information.
ring port
3 Raisecom#show ethernet Show statistics of RRPS interface packets.
ring port statistic

7.7.7 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear Clear RRPS interface statistics, including RRPS
ethernet ring ring-id ID, ring interface ID, Hello packet, Change
statistics packet, and Flush packet.

Raisecom Technology Co., Ltd. 260


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

7.7.8 Example for configuring Ethernet ring

Networking requirements
As shown below, to improve the reliability of Ethernet, the Switch A, Switch B, Switch C,
Switch D have constituted an Ethernet single ring Ring 1.
The figure shows that the four switches are added to Ring 1 interface. MAC addresses are
Switch A (000E.5E00.000A), Switch B (000E.5E00.000B), Switch C (000E.5E00.000C), and
Switch D (000E.5E00.000D).
The status and priority of four nodes are the same, MAC address of Switch D is biggest, and
therefore, Switch D is the master node of RRPS.

Figure 7-17 RRPS application networking

Configuration steps
Step 1 Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#interface port 1
SwitchA(config-port)#ethernet ring 1 port 2
SwitchA(config-port)#exit
SwitchA(config)#ethernet ring 1 enable

Step 2 Configure Switch B, Switch C, and Switch D. Their configurations are the same as
configurations of Switch A.

Checking results
Check RRPS configuration by using the show ethernet ring command.

Take Switch D for example, when the loop is normal, the first ring interface of master node
Switch D: Port 1 block clears data loop.

Raisecom Technology Co., Ltd. 261


Raisecom
ISCOM2828F (D) Configuration Guide 7 Reliability

SwitchD#show ethernet ring


Ethernet Ring Upstream-Group:--
Ethernet Ring 1:
Ring Admin: Enable
Ring State: Enclosed
Bridge State: Block
Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds
Bridge Priority: 1
Bridge MAC: 000E.5E00.000D
Ring DB State: Block
Ring DB Priority: 1
Ring DB: 000E.5E00.000D
Hello Time: 1
Restore delay: 5
Hold Time: 15
Protocol Vlan: 2

Break link simulation fault between Switch A and Switch B manually, Port 1 of Switch D will
change its status from Block to Forwarding, Port 1 of Switch B will change its status from
Forwarding to Block. Check RRPS status again.

SwitchD#show ethernet ring


Ethernet Ring Upstream-Group:1
Ethernet Ring 1:
Ring Admin: Enable
Ring State: Unenclosed
Bridge State: Two-Forward
Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds
Bridge Priority: 1
Bridge MAC: 000E.5E00.000D
Ring DB State: Forwarding
Ring DB Priority: 1
Ring DB: 000E.5E00.000D
Hello Time: 1
Restore delay: 15
Hold Time: 15
Protocol Vlan: 2

Raisecom Technology Co., Ltd. 262


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

8 OAM

This chapter describes basic principles and configuration procedures of OAM, including the
following sections:
 EFM
 CFM
 SLA

8.1 EFM
8.1.1 Introduction
Initially, Ethernet is designed for LANs. Operation, Administration and Maintenance (OAM)
is weak in performance for its small size and NE-level administrative system. With
continuous development of Ethernet technology, the application scale of Ethernet on the
carrier-grade network becomes wider and wider. Compared with LAN, the carrier-grade
network requires a much longer link length and bigger size. Lack of an effective management
and maintenance mechanism has become the biggest obstacle for the Ethernet to be applied
on the carrier-grade network.
To confirm connectivity of Ethernet virtual connection, effectively detect faults, confirm and
locate faults on the Ethernet layer, balance network utilization, measure network performance,
and provide services according to the Service Level Agreement (SLA), implementing OAM is
a must for widespread use of the carrier-grade Ethernet.
Ethernet OAM is realized in different levels. As show in Figure 8-1, there are two levels:
 Link-level Ethernet OAM: it is applied in Ethernet physical link (that is the first mile)
between Provider Edge (PE) and Customer Edge (CE), which is used to monitor link
state between user network and operator network, and the typical protocol is Ethernet in
the First Mile (EFM) OAM protocol.
 Business-level Ethernet OAM: it is applied in access aggregation layer of network,
which is used to monitor connectivity of the whole network, locate connectivity fault of
network, monitor and control performance of link, and the typical protocol is
Connectivity Fault Management (CFM) OAM protocol.

Raisecom Technology Co., Ltd. 263


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Figure 8-1 OAM classification


Compliant with IEEE 802.3ah protocol, Ethernet in the First Mile (EFM) is a link-level
Ethernet OAM technology. It provides the link connectivity detection, link fault monitor, and
remote fault notification, etc. for a link between two directly connected devices.
"The first mile" in EFM is the connection between the local device of carriers and client
devices. The target is that Ethernet technology will be extended to access network market of
telecom users, to improve network performance, and reduce cost of device and running. EFM
is mainly used in Ethernet link of user access network edge.
The ISCOM2828F provides EFM compliant with the IEEE 802.3ah standard.

8.1.2 Preparing for configurations

Scenario
Deploying EFM between directly connected devices can effectively improve the management
and maintenance capability of Ethernet links and ensure network running smoothly.

Prerequisite
To configure EFM, you need to:

Raisecom Technology Co., Ltd. 264


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

 Connect the interface and configure its physical parameters.


 Make the physical layer of the interface Up.

8.1.3 Default configurations of EFM


Default configurations of EFM are as below.

Function Default value


EFM working mode Passive mode
Sending interval of messages 10 ×100ms
Timeout of links 5s

OAM Disable

Remote OAM event alarm function Disable

EFM remote loopback state Not response

Monitor window of error frame event 1s

Monitor threshold of error event 1 error frame

Monitor window of error frame period event 1000ms

Monitor threshold of error frame period event 1 error frame

Monitor window of link error frame second statistics event 60s

Monitor threshold of link error frame second statistics event 1s

Monitor window of link error coding statistics event 100ms

Monitor threshold of error coding statistic event 1s

Fault indication Enable

Local OAM event alarm Disable

8.1.4 Configuring basic functions of EFM


Configure basic functions of EFM for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 265


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Step Command Description


2 Raisecom(config)#oa Configure work mode for EFM.
m { active |
 Active: the device actively initiates OAM peer
passive }
discovery process. In addition, the device supports
responding to remote loopback command and
variable obtaining request.
 Passive: the device does not initiate OAM peer

discovery process. In addition the device does not


support sending remote loopback command and
variable obtaining request.
3 Raisecom(config)#oa (Optional) OAM link connection is created by
m send-period sending INFO message. Use this command to set
period-number interval of sending messages and control
communication period of link. The unit is 100ms.
4 Raisecom(config)#oa (Optional) Set OAM link timeout.
m timeout period-
number When both ends of OAM link do not receive OAM
message in the interval and the interval is longer than
the timeout, the OAM link breaks down. The unit is
second.
5 Raisecom(config)#in Enter physical layer interface configuration mode.
terface port port-
id
6 Raisecom(config- Enable EFM OAM on an interface.
port)#oam enable

8.1.5 Configuring active functions of EFM


Configure active functions of EFM for the ISCOM2828F as below.

The active EFM must be configured when the ISCOM2828F is in active mode.

(Optional) configuring the ISCOM2828F initiating EFM remote loopback


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#inter Enter physical interface configuration mode.
face port port-id
3 Raisecom(config- Configure initiating EFM remote loopback on an
port)#oam remote- interface.
loopback
The remote loopback can be initiated only when
EFM is connected and configured working in
active mode.
4 Raisecom(config- (Optional) disable remote loopback. After
port)#no oam remote- detection, disable remote loopback immediately.
loopback

Raisecom Technology Co., Ltd. 266


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

You can discover network faults in time by periodically detecting loopbacks. By


detecting loopbacks in segments, you can locate exact areas where faults occur and
you can troubleshoot these faults.
When a link is in loopback status, the ISCOM2828F detects all packets but OAM
packets received by the link. Therefore, disable this function immediately when no
detection is needed.

(Optional) configuring peer OAM event alarm


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#in Enter physical layer interface configuration mode.
terface port port-
id
3 Raisecom(config- Enable peer OAM event trap and then link
port)#oam peer monitoring event can be reported to NMS center in
event trap enable time. By default, device does not report trap to NMS
center through SNMP TRAP when receiving peer
link monitoring event.

(Optional) viewing current variable information about the peer device


Step Command Description
1 Raisecom#show oam peer Get OAM information or variable values
[ link-statistic | oam-info ] about the peer device.
[ port-list port-list ]

By getting the current variable of the peer, you can get status of current link.
IEEE802.3 Clause 30 defines and explains supported variable and its denotation
gotten by OAM in details. The variable takes Object as the maximum unit. Each
object contains Package and Attribute. A package contains several attributes.
Attribute is the minimum unit of a variable. When getting an OAM variable, it defines
object, package, branch and leaf description of attributes by Clause 30 to describe
requesting object, and the branch and leaf are followed by variable to denote object
responds variable request. The ISCOM2828F supports getting OAM information and
interface statistics.
Peer variable cannot be gotten until EFM is connected.

8.1.6 Configuring passive functions of EFM


Configure passive functions of EFM for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 267


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

The passive EFM can be configured regardless the ISCOM2828F is in active or


passive mode.

(Optional) configuring the ISCOM2828F responding to EFM remote loopback


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#inte Enter physical layer interface configuration
rface port port-id mode.
3 Raisecom(config- Configure the ISCOM2828F responding
port)#oam loopback to/ignoring EFM remote loopback.
{ ignore | process }
By default, the ISCOM2828F responds to
OAM remote loopback.

The peer EFM remote loopback will not take effect until the remote loopback
response is configured on the local device.

(Optional) configuring OAM link monitoring


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config-port)#oam Configure the monitor window and
errored-frame window window threshold for an error frame event.
threshold threshold
4 Raisecom(config-port)#oam Configure the monitor window and
errored-frame-period window threshold for an error frame period
window threshold threshold event.
5 Raisecom(config-port)#oam Configure the monitor window and
errored-frame-seconds window threshold for an error frame seconds
window threshold threshold event.
6 Raisecom(config-port)#oam Configure the monitor window and
errored-symbol-period window threshold for an error symbol period
window threshold threshold event.

Raisecom Technology Co., Ltd. 268


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

The OAM link monitoring is used to detect and report link errors in different conditions.
When detecting a fault on a link, the ISCOM2828F provides the peer with the
generated time, window and threshold setting, etc. by OAM event notification packets.
The peer receives event notification and reports it to the NMS center via SNMP Trap.
Besides, the local device can directly report events to the NMS center via SNMP Trap.
By default, the system sets default value for error generated time, window and
threshold setting.

(Optional) configuring OAM fault indication


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interf Enter physical layer interface configuration
ace port port-id mode.
3 Raisecom(config-
Configure OAM fault indication, which is
port)#oam notify
used to inform the peer when the local fails.
{ critical-event | dying- Faults that can be notified to the peer contain
gasp | errored-frame | link-fault, dying-gasp, and critical-event. By
errored-frame-period | default, OAM fault indication is enabled.
errored-frame-seconds | When a fault occurs, the local device notifies
errored-symbol-period } the peer through OAM. The link-fault fault
{ disable | enable } must be notified to the peer while the dying-
gasp and critical-event faults can be disabled
by this command.

(Optional) configuring local OAM event alarm


Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#inter Enter physical layer interface configuration
face port port-id mode.
3 Raisecom(config- Enable local OAM event alarm and then link
port)#oam event trap monitoring event can be reported to NMS
enable center in time.

8.1.7 Checking configurations


Use the following commands to check configuration results.

Step Command Description


1 Raisecom#show oam [ port-list Show EFM basic information.
port-list ]

Raisecom Technology Co., Ltd. 269


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Step Command Description


2 Raisecom#show oam loopback Show EFM remote loopback
[ port-list port-list ] configurations.
3 Raisecom#show oam notify Show OAM link monitoring and fault
[ port-list port-list ] indication configurations.
4 Raisecom#show oam statistics Show OAM statistics.
[ port-list port-list ]
5 Raisecom#show oam trap Show OAM event alarm
[ port-list port-list ] configurations.
6 Raisecom#show oam event Show information about local critical
[ port-list port-list ] faults detected on an interface.
[ critical ]
7 Raisecom#show oam peer event Show information about critical faults
[ port-list port-list ] sent by the peer.
[ critical ]

8.1.8 Maintenance
Maintain the EFM feature as below.

Command Description
Raisecom(config-port)#clear oam Clear EFM OAM interface link statistics.
statistics
Raisecom(config-port)#clear oam Clear EFM OAM interface link event
event information.

8.1.9 Example for configuring EFM

Networking requirements
As shown in Figure 8-2, to improve the management and maintenance capability of the
Ethernet link between Switch A and Switch B, you need to deploy EFM on Switch A. Switch
A works in active mode and is deployed with OAM event alarm function.

Figure 8-2 Configuring EFM

Configuration steps
Step 1 Configure Switch A.

Raisecom Technology Co., Ltd. 270


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#oam active
SwitchA(config)#interface port 1
SwitchA(config-port)#oam enable
SwitchA(config-port)#oam event trap enable
SwitchA(config-port)#oam peer event trap enable

Step 2 Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#interface port 1
SwitchB(config-port)#oam enable

Checking results
Use the show oam command to show EFM configurations on Switch A.

SwitchA#show oam port-list 1


Port: 1
Mode:Active
Administrate state: Enable
Operation state: Operational
Max OAMPDU size: 1518
Send period: 1000 ms
Link timeout : 5 s
Config revision: 1
Supported functions: Loopback, Event, Variable

Use the show oam trap command to show OAM event alarm configurations on Switch A.

SwitchA#show oam trap port-list 1


Port: 1
Event trap: Enable
Peer event trap: Enable
Discovery trap total: 0
Discovery trap timestamp: 0 days, 0 hours, 0 minutes
Lost trap total: 0
Lost trap timestamp: 0 days, 0 hours, 0 minutes

8.2 CFM

Raisecom Technology Co., Ltd. 271


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

8.2.1 Introduction
Connectivity Fault Management (CFM) is a network-level Ethernet OAM technology,
providing end-to-end connectivity fault detection, fault notification, fault judgement, and fault
location. CFM is used to actively diagnose faults for Ethernet Virtual Connection (EVC), and
provide cost-effective network maintenance solutions, and improve network maintenance
through fault management.
The ISCOM2828F provides CFM function compliant wiith ITU-Y.1731 and IEEE802.1ag
recommendations.

CFM Component
CFM consists of following components:
 MD
Maintenance Domain (MD), also called Maintenance Entity Group (MEG), is a network that
runs CFM. It defines network range of OAM management. MD has a level property, with 8
levels (level 0 to level 7). The bigger the number is, the higher the level is and the larger the
MD range is. Protocol packets in a lower-level MD will be discarded after entering a higher-
level MD. If no Maintenance association End Point (MEP) but a Maintenance association
Intermediate Point (MIP) is in a high-level MD, the protocol can traverse the higher-level MD.
However, packets in a higher-level MD can traverse lower-level MDs. In the same VLAN
range, different MDs can be adjacent, embedded, but not crossed.
As shown in Figure 8-3, MD 2 is in MD 1. Packets in MD 1 need to traverse MD 2. Configure
MD 1 to be at level 6, and MD 2 to be at level 3. Then packets in MD 1 can traverse MD 2
and implement connectivity fault management of the whole MD 1. However, packets in MD 2
cannot diffuse into MD 1. MD 2 is a server layer while MD 1 is a client layer.

Figure 8-3 Different MD Levels


 Service instance
The service instance is also called Maintenance Association (MA). It is a part of a MD. One
MD can be divided into one or multiple service instances. One service instance corresponds to
one service and is mapped to a group of VLANs. VLANs of different service instances cannot
cross. Though a service instance can be mapped to multiple VLANs, one service instance can
only use a VLAN for sending or receiving OAM packets. This VLAN is the master VLAN of
the service instance.
 MEP

Raisecom Technology Co., Ltd. 272


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

As shown in Figure 8-4, the MEP is an edge node of a service instance. MEPs can be used to
send and process CFM packets. The service instance and the MD where the MEP locates
decide VLANs and levels of packets received and sent by the MEP.
For any device that runs CFM on the network, the MEP is called local MEP. For MEPs on
other devices of the same service instance, they are called Remote Maintenance association
End Points (RMEP).
Multiple MEPs can be configured in a service instance. Packets sent by MEPs in one instance
take identical S-VLAN TAG, priority, and C-VLAN TAG. A MEP can receive OAM packets
sent by other MEPs in the instance, intercept packets which at the same or lower level, and
forward packets of higher level.

Figure 8-4 Network Sketch Map of MEP and MIP


 MIP
As shown in Figure 8-4, the MIP is the internal node of a service instance, which is
automatically created by the device. MIP cannot actively send CFM packets but can process
and response to LinkTrace Message (LTM) and LoopBack Message (LBM) packets.
 MP
MEP and MIP are Maintenance Points (MPs).

8.2.2 Preparing for configurations

Scenario
To expand application of Ethernet technologies on the carrier-grade network, the Ethernet
must ensure the same QoS as the carrier-grade transport network. CFM solves this problem by
providing overall OAM tools for the carrier-grade Ethernet.
CFM can provide following OAM functions:
 Fault detection (Continuity Check, CC)
The function is realized by periodically sending Continuity Check Messages (CCMs). One
MEP sends CCM and other MEPs in the same service instance can verify the RMEP status
when receiving this packet. If the ISCOM2828F fails or a link is incorrectly configured,
MEPs cannot properly receive or process CCMs sent by RMEPs. If no CCM is received by a
MEP during 3.5 CCM intervals, it is believed that the link fails. Then a fault Trap will be sent
according to configured alarm priority.

Raisecom Technology Co., Ltd. 273


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

 Fault acknowledgement (LoopBack, LB)


This function is used to verify the connectivity between two MPs through the source
MEP sending LoopBack Message (LBM) and the destination MP sending LoopBack
Reply (LBR). The source MEP sends a LBM to a MP who needs to acknowledge a fault.
When receiving the LBM, the MP sends a LBR to the source MEP. If the source MEP
receives this LBR, it is believed that the route is reachable. Otherwise, a connectivity
fault occurs.
 Fault location (LinkTrace, LT)
The source MEP sends LinkTrace Message (LTM) to the destination MP and all MPs on
the LTM transmission route will send a LinkTrace Reply (LTR) to the source MEP. By
recording valid LTR and LTM, this function can be used to locate faults.
In general, CFM is an end-to-end OAM technology at the server layer. It helps reduce
operation and maintenance cost. In addition, it improves the competitiveness of service
providers.

Prerequisite
 Connect the interface and configure physical parameters for it to make it physically Up.
 Create VLANs.
 Add interfaces into VLANs.

8.2.3 Default configurations of CFM


Function Default value
Global CFM function status Disable
CFM function status on interface Enable
MEP status based on service instance Up direction

Aging time of RMEP 100min

Storage time of error CCM packet 100min

MEP sending CCM packet status Not send

MEP sending CCM packet mode Passive mode

CCM packet sending interval 10s

Dynamic import function of service instance Not take effect


RMEP learning
cc check function of RMEP Disable

Priority of CFM OAM packet 6

Layer-2 ping function status The number of sending LBM packets


is 5; the length of packet TLV is 64.
Switch status of fault location data base Disable

Raisecom Technology Co., Ltd. 274


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Function Default value


Storage time of fault location data base 100min

Alarm suppression function status Enable

8.2.4 Enabling CFM


Configure CFM for the ISCOM2828F as below.

CFM fault detection, location function cannot take effect unless enables CFM function
on the ISCOM2828F.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethern Enable global CFM function.
et cfm enable
3 Raisecom(config)#interf Enter physical layer interface configuration
ace port port-id mode.
4 Raisecom(config- Enable CFM on interface.
port)#ethernet cfm
enable
Use the ethernet cfm disable command to
disable this function. After it is disabled, the
interface cannot receive or send CFM packets.

8.2.5 Configuring basic CFM functions


Configure CFM for the ISCOM2828F as below.

Step Command Description


1 Raisecom#confi Enter global configuration mode.
g
2 Raisecom(confi Create maintain domain. Use the parameter md-name to
g)#ethernet assign name for MD in 802.1ag style. MA and CCM
cfm domain packets under MD are both in 802.1ag style; do not assign
[ md-name name, the MD is in Y.1731 style, MA and CCM packets
domain-name ] under this MD are both in Y.1731 style. If user assigns
level level name for MD, the name must be unique in global, or else
MD configuration will be failure.

Level of different MD must be different; otherwise


MD configuration will fail.

Raisecom Technology Co., Ltd. 275


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Step Command Description


3 Raisecom(confi Create service instance and enter instance configuration
g)#service mode (MD name, service instance name). Character string
cisid level is unique in global range. If service instance existed, this
level command will direct lead to service instance configuration
mode.
4 Raisecom(confi
Configure service application VLAN map.
g-
service)#servi VLAN list permits at most 32 VLAN. The smallest VLAN
ce vlan-list will be taken as primary VLAN of service instance. All
vlan-list MEP in service instance transmit and receive packets
through primary VLAN.

Since using primary VLAN to transmit and receive


packets, all of other VLAN in the list are mapped to
primary VLAN. This logical VLAN mapping
relationship is globally; VLAN mapping relationship
of different level can be identical but cannot
crossover. For example: instance 1 mapping to
VLAN 10-20, instance 2 mapping to VLANs 15-30,
the configuration is illegal because VLANs 15-20
are crossed.
5 Raisecom(confi
Configure MEP over service instance.
g-
service)#servi Service instance must map to VLAN when configuring this
ce mep [ up | kind MEP. By default, MEP is Up direction, namely
down ] mpid interface uplink direction detects fault.
mep-id port
port-id

8.2.6 Configuring fault detection


Configure CFM fault detection on the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethe
(Optional) configure RMEP aging time.
rnet cfm remote mep
age-time minute
3 Raisecom(config)#ethe (Optional) configure hold time for error CCM
rnet cfm errors packets. The ISCOM2828F saves all fault
archive-hold-time information of reported by MEP.
minute
By default, hold time for error CCM packets is
100 minutes. It check data in database once
system configures new hold time, clear data
immediately if there is data over time.

Raisecom Technology Co., Ltd. 276


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Step Command Description


4 Raisecom(config)#ethe Configure the mode for all service instances to
rnet cfm mode { slave send CCM packets.
| master }
5 Raisecom(config)#serv Enter service instance configuration mode.
ice cisid level level
6 Raisecom(config- (Optional) configure service instance CCM
service)#service cc packets sending time interval. By default, CCM
interval { 1 | 10 | packets sending time interval is 10 seconds.
100ms | 60 | 600 } Cannot modify CCM packets sending interval
when CCM packets sending function enable.
7 Raisecom(config- Enable MEP sending CCM packets. By default,
service)#service cc MEP does not send CCM packet.
enable mep { mep-list
| all }
8 Raisecom(config- (Optional) configure static RMEP. Used
service)#service cooperated with cc check function.
remote-mep mep-list
9 Raisecom(config- (Optional) configure RMEP learning dynamic
service)#service import function. Service instance transfer
remote-mep learning dynamic RMEP to static RMEP by automation
active every time receiving of CCM packets. By default,
this function does not take effective.
10 Raisecom(config- (Optional) configure RMEP cc check function.
service)#service After this function is enabled, system checks
remote-mep cc-check dynamic learned RMEP ID consistent with static
enable RMEP ID when receiving CCM packets, if not
consistent, the CCM packets are considered as
incorrect.
11 Raisecom(config- (Optional) configure client VLAN of CFM OAM
service)#service packets, just need configure in QinQ networking
cvlan vlan-id environment. By default, CFM OAM packets do
not take C-TAG. After configuring client VLAN
for service instance, all MEP under the instance
send CCM, LTM, LBM, DMM with double
TAG. Hereinto, C-TAG uses this command to
configure client VLAN.
12 Raisecom(config- (Optional) configure CFM OAM packets priority.
service)#service After configuring packets priority, all CCM,
priority priority LBM, LTM, DMM sent by MEP use assigned
priority.

Raisecom Technology Co., Ltd. 277


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Step Command Description


Raisecom(config- (Optional) configure CFM permits sending fault
service)#snmp-server trap type.
trap cfm { all |
ccmerr | macremerr | CC function of CFM can detect fault in 5 levels,
none | remerr | the order from high to low: level 5–cross
xcon } mep { all | connection, level 4-CCM error, level 3-loss of
mep-list } RMEP, level 2-interface status fault, level 1-RDI.
By default, it is macremerr, namely permit fault
trap on level 2-5.

 When CFM detected fault, identical level or


lower level fault will not generate trap again
before removing fault;
 Wait for 10s until the fault status is cleared

after removing CFM fault.

8.2.7 Configuring fault acknowledgement


Configure CFM fault acknowledgement for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#se Enter service instance configuration mode.
rvice cisid level
level
3 Raisecom(config- Execute Layer 2 ping function for acknowledging
service)#ping fault.
{ mac-address |
mep rmep-id } By default, sending LBM packets number is 5,
[ count count ] packets TLV size is 64, search an available source
[ size size ] MEP by automation.
[ source mep-id ] CFM needs to find destination MEP MAC address to
execute ping operation if perform Layer 2 ping
operation by assigning destination MEPID. After
source MEP discovers RMEP and becomes stable, it
saves data information of RMEP in RMEP database,
and then RMEP MAC address can be found from
RMEP database according to MEPID.

 Make sure global CFM function enable before executing this command, otherwise
the command will be executed unsuccessfully;
 If there is no MEP configured in service instance, ping unsuccessfully because of
fail to find source MEP;

Raisecom Technology Co., Ltd. 278


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

 If assigned source MEP is invalid, ping unsuccessfully. For example, assigned


source MEP is not existing or CFM of the source MEP interface is disabled;
 If assigning destination MEP ID to perform ping operation, ping unsuccessfully
when fail to find destination MEP MAC address according to MEPID;
 Operation unsuccessful if other users are using the assigned source MEP to
perform ping operation.

8.2.8 Configuring fault location


Configure CFM fault location for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)# (Optional) enable fault location database function. In
ethernet cfm enable status, system trace route information via database
traceroute cache storing protocol, the show ethernet cfm traceroute
enable cache command can show at any time. In disable status,
result of traceroute will be cleared after executing
traceroute. Disable by default, the ethernet cfm
traceroute cache disable command can disable it.
3 Raisecom(config)# (Optional) configure data hold time for fault location
ethernet cfm database. You can set data hold time when fault location
traceroute cache database function is enabled. Hold time is 100 minutes
hold-time minute
by default.

4 Raisecom(config)# (Optional) configure saved data amount. You can set the
ethernet cfm saved data amount when the function is enabled. It is 100
traceroute cache by default; does not save data if the function is disabled.
size size
5 Raisecom(config)# Enter service instance configuration mode.
service cisid
level level
6 Raisecom(config- Execute Layer 2 Traceroute function for fault locating.
service)#tracerou By default, packets TLV size is 64, search an available
te { mac-address source MEP by automation.
| mep mep-id }
[ ttl ttl ] CFM should find MAC address of destination MEP by
[ source mep-id ] mep-id to complete traceroute operation if Layer 2
traceroute operation is operated by specified destination
mep-id. Users can find the following content by data
base of RMEP: data information of RMEP is saved in
RMEP database in MEP after source MEP found RMEP
and it is stable, you can find MAC address of RMEP
according to mep-id in RMEP database.

 Make sure global CFM function enable before executing this command, otherwise
the command will be executed unsuccessfully;
 If there is no MEP configured in service instance, Traceroute unsuccessfully
because of fail to find source MEP;

Raisecom Technology Co., Ltd. 279


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

 If assigned source MEP is invalid, Traceroute unsuccessfully. For example,


assigned source MEP is not existing or CFM of the source MEP interface is
disabled;
 If assigning destination MEPID to perform Traceroute operation, Traceroute
unsuccessfully when fail to find destination MEP MAC address according to
MEPID;
 If CC function is not effective, configure static RMEP and assign MAC address to
ensure Layer 2 traceroute operating successfully;
 Operation unsuccessful if other users are using the assigned source MEP to
perform Traceroute operation.

8.2.9 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show ethernet cfm Show CFM global configuration.
2 Raisecom#show ethernet cfm Show MD and service instance
domain [ level level ] configuration.
3 Raisecom#show ethernet cfm Show error CCM database information.
errors [ level level ]
4 Raisecom#show ethernet cfm Show Ethernet locked signals.
local-mp [ interface port
port-id | level level ]
5 Raisecom#show ethernet cfm Show local MEP configuration.
remote-mep [ static ]
6 Raisecom#show ethernet cfm Show static RMEP information.
remote-mep [ level level
[ service name [ mpid local-
mep-id ] ] ]
7 Raisecom#show ethernet cfm Show RMEP discovery information.
traceroute-cache
8 Raisecom#show ethernet cfm Show database trace route information.
traceroute-cache

8.2.10 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear ethernet cfm Clear CCM error database
errors [ level level ] information.
Raisecom(config)#clear ethernet cfm Clear RMEP.
remote-mep [ level level ]
Raisecom(config)#clear ethernet cfm Clear traceroute cache database.
traceroute-cache

Raisecom Technology Co., Ltd. 280


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

8.2.11 Example for configuring CFM

Networking requirements
As shown in Figure 8-5, the PC communicates with the server through the network consisting
of by Switch A, Switch B and Switch C. You can deploy CFM feature on Switch Device to
realize active fault detection, acknowledgement and location, then make Ethernet link
between PC and Server achieving telecommunication service level. Switch A and Switch C
are MEP, Switch B is MIP, detecting Ethernet fault from Switch A Port 1 to Switch C Port 2,
maintenance domain level is 3.

Figure 8-5 CFM application

Configuration steps
Step 1 Configure interface adding into VLAN.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 100 active
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport access vlan 100
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 2

Raisecom Technology Co., Ltd. 281


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

SwitchB(config-port)#switchport mode trunk


SwitchB(config-port)#exit

Configure Switch C.

Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#create vlan 100 active
SwitchC(config)#interface port 2
SwitchC(config-port)#switch access vlan 100
SwitchC(config-port)#exit
SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit

Step 2 Configure CFM fault detection function.


Configure Switch A.

SwitchA(config)#ethernet cfm domain level 3


SwitchA(config)#service ma1 level 3
SwitchA(config-service)#service vlan-list 100
SwitchA(config-service)#service mep up mpid 301 port 1
SwitchA(config-service)#service remote-mep 302
SwitchA(config-service)#service cc enable mep all
SwitchA(config-service)#exit
SwitchA(config)#ethernet cfm enable

Configure Switch B.

SwitchB(config)#ethernet cfm domain level 3


SwitchB(config)#service ma1 level 3
SwitchB(config-service)#service vlan-list 100
SwitchB(config-service)#exit
SwitchB(config)#ethernet cfm enable

Configure Switch C.

SwitchC(config)#ethernet cfm domain level 3


SwitchC(config)#service ma1 level 3
SwitchC(config-service)#service vlan-list 100
SwitchC(config-service)#service mep up mpid 302 port 2
SwitchC(config-service)#service remote mep 301
SwitchC(config-service)#service cc enable mep all
SwitchC(config-service)#exit

Raisecom Technology Co., Ltd. 282


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

SwitchC(config)#ethernet cfm enable

Step 3 Execute CFM fault acknowledgement.


Take Switch A for example.

Switch(config)#service ma1 level 3


Switch(config-service)#ping mep 302 source 301
Sending 5 ethernet cfm loopback packets to 000e.5e03.688d, timeout is 2.5
seconds:
!!!!!
Success rate is 100 percent (5/5).
Ping statistics from 000e.5e03.688d:
Received loopback replys:< 5/0/0 > (Total/Out of order/Error)
Ping successfully.

Step 4 Execute CFM fault location.


Take Switch A for example.

SwitchA(config-service)#traceroute mep 302 source 301


TTL: <64>
Tracing the route to 000E.5E00.0002 on level 3, service ma1.
Traceroute send via port1.
-------------------------------------------------------------------------
Hops HostMac Ingress/EgressPort IsForwarded RelayAction NextHop
-------------------------------------------------------------------------
1 000E.5E00.0003 2/1 Yes rlyFdb 000E.5E00.0003
2 000E.5E00.0003 1/2 Yes rlyFdb 000E.5E00.0001
3 000E.5E00.0001 1/- No rlyHit 000E.5E00.0002

Checking results
Use the show ethernet cfm command to show CFM configuration on the switch.
Take Switch A for example.

SwitchA#show ethernet cfm


Global cfm Status: enable
Port CFM Enabled Portlist: 1-10
Archive hold time of error CCMs: 100(Min)
Remote mep aging time: 100(Min)
Device mode: Slave

Raisecom Technology Co., Ltd. 283


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

8.3 SLA
8.3.1 Introduction
SLA is a telecommunication service evaluation standard negotiated by the service provider
and users. It is an agreement in service quality, priority and responsibility, etc.
In technology, SLA is real-time network performance detection and statistic technique for
responding time, network jitter, delay, packet loss rate, etc. SLA can choose different
operations to monitor measurement values for different applications.
The
 Operation
It is a static concept. It is SLA network performance testing task from end to end, including
delay/jitter test (y1731-jitter/y1731-pkt-loss) on the Layer 2 network and delay/jitter test
(ICMP-echo/ICMP-jitter) on the Layer 3 network.
 Test
It is a dynamic concept. It is used to describe an execution of one operation.
 Detection
It is a dynamic concept. It is used to describe a procedure of transmitting-receiving packet in
operation test. According to definition of operation, one operation test can contain multiple
detections (a test only contains only one detection for Echo operation).
 Scheduling
It is a dynamic concept, which is used to describe the scheduling of a specified operation. One
scheduling contains multiple periodical tests.

8.3.2 Preparing for configurations

Scenario
The carrier and users sign SLA protocol to guarantee users can enjoy certain quality network
service. To perform SLA protocol effectively, carrier needs to deploy SLA feature test
performance on the ISCOM2828F and the test result is evidence to ensure user's performance.
SLA feature chooses two testing node, configure SLA operation on one node and schedule
executing it to implement network performance test between the two nodes.
SLA takes statistics of round-trip packet loss rate, round-trip or unidirectional (SD/DS) delay,
jitter, jitter variance, jitter distribution, etc, and informs the upper monitoring software (such
as NMS) of these data, analyse network performance, and provide data required by the user.

Prerequisite
 Deploy CFM between the tested devices.
 Configure IP (scheduling of icmp-echo and icmp-jitter).

8.3.3 Default configurations of SLA


Default configurations of SLA are as below.

Raisecom Technology Co., Ltd. 284


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Function Default value


SLA scheduling status Disable
SLA Layer 2 operation CoS Level 0
SLA jitter operation detection interval 1s
Number of SLA jitter operation detection packets 10
Life period of SLA scheduling operation forever
Test period of SLA scheduling operation 300s

8.3.4 Creating SLA operations


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#sla oper-num Configure SLA y1731-jitter
y1731-echo remote-mep mep-id level operation according to the
level svlan vlan-id [ cvlan vlan- destination MEP ID.
id ] [ cos cos-value ]
3 Raisecom(config)#sla oper-num Configure SLA y1731-jitter
y1731-jitter remote-mep mep-id operation according to the
level level svlan vlan-id [ cvlan destination MEP.
vlan-id ] [ cos cos-value ]
[ interval period ] [ packets
packets-num ]
4 Raisecom(config)#sla oper-num Configure basic information
icmp-echo dest-ipaddr ip-address about SLA icmp-echo
[ dscp dscp-value ] operation.
5 Raisecom(config)#sla oper-num Configure basic information
icmp-jitter dest-ipaddr ip-address about SLA icmp-jitter
[ dscp dscp-value ] [ interval operation.
period ] [ packets packets-num ]
6 Raisecom(config)#sla y1731-echo Quickly create an y1731-echo
quick-input [ level level ] operation.
[ svlan vlan-id ]
7 Raisecom(config)#sla y1731-jitter Quickly create an y1731-jitter
quick-input [ level level] [ svlan operation.
vlan-id ]

 After basic information of an operation (distinguished by operation number) is


configured, the operation cannot be modified or reconfigured. If you need to
modify the operation, delete the operation and then reconfigure it.

Raisecom Technology Co., Ltd. 285


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

 SLA supports at most 100 operations being scheduled at one time, but wait a
schedule to finish (reach schedule life time or stop schedule) before schedule
again or modify schedule information.

8.3.5 Configuring SLA scheduling


Configure SLA scheduling information for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#sla Configure SLA operation scheduling information,
schedule oper-num and enable SLA operation scheduling.
[ life { forever |
life-time } ] By default, SLA operation scheduling is disabled.
[ period period ]
[ begin ]

If you use the begin parameter, the


configuration will be loaded upon device
startup, without actual scheduling
operations. If you does use the begin
parameter, scheduling operations will be
performed.

8.3.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show sla Show SLA configurations.
{ all | oper-num }
Command
2 Raisecom#show sla Show test information of last SLA operation.
{ all | oper-num }
result
3 Raisecom#show sla Show statistics of operation scheduling. The same
{ all | oper-num } operation (distinguished by operation number) can
statistic be taken statistics of for 5 groups. If more groups
have to be taken statistics of, the oldest (according
to start time of scheduling) group will be aged.

8.3.7 Example for configuring SLA

Networking requirements
As shown in Figure 8-6, the PC communicates with the server through the network consisting
of by Switch A, Switch B and Switch C. You can deploy CFM feature on switches to make the
Ethernet link between the server and the PC to reach the telecom-grade level. SLA is

Raisecom Technology Co., Ltd. 286


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

deployed on Switch A to effectively carry out SLA agreement signed with the users. SLA is
periodically scheduled to test the network performance between Switch A and Switch C.
Conduct Layer 2 delay test on Switch A towards Switch C. Configure the y1731-echo
operation on Switch A, with operation number of 2, remote MEP of 2, MD level of 3, VLAN
ID of 100, CoS of 0, life period of scheduling of 20s, and test period of 10s.

Figure 8-6 SLA application networking

Configuration steps
Step 1 Configure CFM on Switches.
For details, see section 8.2.11 Example for configuring CFM.
Step 2 Configure y1731-echo operation on Switch A, and enable operation scheduling.

SwitchA#config
SwitchA(config)#sla 2 y1731-echo remote-mep 302 level 3 svlan 100 cos 0
SwitchA(config)#sla schedule 2 life 20 period 10

Checking results
Use the show sla Command command on Switch B to see whether SLA configurations are
correct.

Switch_B#show sla 1 Command


----------------------------------------------------------
Operation <1>:
Type: y1731-JITTER
Frame Type: Delay Measurement
----------------------------------------------------------
CoS: 0
Service Vlan ID: 3
MD Level: 3
Remote DEST MAC: 000E.5E00.0001
Timeout(sec): 1

Raisecom Technology Co., Ltd. 287


Raisecom
ISCOM2828F (D) Configuration Guide 8 OAM

Jitter Interval(msec): 1000


Measurement interval(sec): 10
Schedule Life(sec): 20
Schedule Status: No Active

Use the show sla Command command on Switch C to see whether SLA configurations are
correct.

Raisecom#show sla 2 Command


------------------------------------------------------------------------
Operation <2>:
Type: Y.1731 echo
pkt Type: lb
Starttime: 0 days, 0:0:0
------------------------------------------------------------------------
Cos: 0
Service Vlan ID: 100
Customer Vlan ID: 0
MD Level: 3
Remote MEP ID: 302
Timeout(sec): 5
Schedule Life(sec): 20
Schedule Period(sec): 10
Schedule Status: Completed!

Raisecom Technology Co., Ltd. 288


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9 System management

This chapter introduces basic principle and configuration of system management and
maintenance, and provides related configuration examples, including the following sections:
 SNMP
 KeepAlive
 RMON
 Cluster management
 LLDP
 Extended OAM
 Optical module DDM
 System log
 Power monitoring
 CPU monitoring
 Ping
 Traceroute

9.1 SNMP
9.1.1 Introduction
Simple Network Management Protocol (SNMP) is designed by the Internet Engineering Task
Force (IETF) to resolve problems in managing network devices connected to the Internet.
Through SNMP, a network management system can manage all network devices that support
SNMP, including monitoring network status, modifying configurations of a network device,
and receiving network alarms. SNMP is the most widely used network management protocol
in TCP/IP networks.

Working mechanism
SNMP is divided into two parts: Agent and NMS. The Agent and NMS communicate by
SNMP packets being sent through UDP. The working system of SNMP is shown in Figure 9-1.

Raisecom Technology Co., Ltd. 289


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Figure 9-1 Working mechanism of SNMP


Raisecom NView NNM system can provide friendly Human Machine Interface (HMI) to
facilitate network management. The below functions can be realized through it:
 Send request packets to the managed device.
 Receive reply packets and Trap packets from the managed device, and show results.
Agent is a program stayed in the managed device, realizing the below functions:
 Receive/Reply request packets from NView NNM system.
 Read/Write packets and generate response packets according to the packet types, and
then return the results to NView NNM system.
 Define trigger conditions according to protocol modules, enter/exit from system or
reboot device when conditions are satisfied; reply module sends Trap packets to NView
NNM system via agent to report current status of the device.

Agent can be configured with several versions. Agent use different versions to
communicate with different Nview NNM systems. However, SNMP version of the
NView NNM system must be consistent with the one on Agent when they are
communicating. Otherwise, they cannot communicate properly.

Protocol versions
Till now, SNMP has three versions: v1, v2c, and v3, described as below.
 SNMP v1 uses community name authentication mechanism. The community name, a
string defined by an agent, acts like a secret. The network management system can visit
the agent only by specifying its community name correctly. If the community name
carried in a SNMP message is not accepted by the ISCOM2828F, the message will be
dropped.
 Compatible with SNMP v1, SNMP v2c also uses community name authentication
mechanism. SNMP V2c supports more operation types, data types, and error codes, and
thus better identifying errors.
 SNMP v3 uses User-based Security Model (USM) and View-based Access Control
Model (VACM) security mechanism. You can configure whether USM authentication is
enabled and whether encryption is enabled to provide higher security. USM
authentication mechanism allows authenticated senders and prevents unauthenticated
senders. Encryption is to encrypt messages transmitted between the network
management system and agents, thus preventing interception.

Raisecom Technology Co., Ltd. 290


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

The ISCOM2828F supports v1, v2c, and v3 of SNMP.

MIB
Management Information Base (MIB) is the collection of all objects managed by NMS. It
defines attributes for the managed objects:
 Name
 Access authority
 Data type
The device-related statistic contents can be reached by accessing data items. Each proxy has
its own MIB. MIB can be taken as an interface between NMS and Agent, through which NMS
can read/write every managed object in Agent to manage and monitor the device.
MIB store information in a tree structure, its root is on the top, without name. Nodes of the
tree are the managed objects, which take a uniquely path starting from root (OID) for
identification. SNMP packets can access network devices by checking the nodes in MIB tree
directory.
The ISCOM2828F supports standard MIB and Raisecom customized MIB.

9.1.2 Preparing for configurations

Scenario
When you need to log in to the ISCOM2828F through NMS, please configure SNMP basic
functions for ISCOM2828F in advance.

Prerequisite
 Configure the IP address of the SNMP interface.
 Configure the routing protocol and ensure that the route between the ISCOM2828F and
NMS is reachable.

9.1.3 Default configurations of SNMP


Default configurations of SNMP are as below.

Function Default value


SNMP view system and internet views (default)
SNMP community public and private communities (default)
Index CommunityName ViewName Permission
1 public internet ro
2 private internet rw
SNMP access group initialnone and initial access groups (default)
SNMP user Null, md5nopriv, and shanopriv users (default)

Raisecom Technology Co., Ltd. 291


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Function Default value


Mapping relationship between Index GroupName UserName SecModel
SNMP user and access group -----------------------------------------------------------
0 initialnone none usm
1 initial md5nopriv usm
2 initial shanopriv usm
Logo and the contact method of [email protected]
administrator
Device physical location world china raisecom
Trap Enable
SNMP target host address Null
SNMP engine ID 800022B603000E5E13D266

9.1.4 Configuring basic functions of SNMP v1/v2c


To protect itself and prevent its MIB from unauthorized access, SNMP Agent proposes the
concept of community. The management station in the same community must use the
community name in all Agent operating. Otherwise, their requests will not be accepted.
The community name uses different SNMP string to identify different groups. Different
communities can have read-only or read-write access authority. Groups with read-only
authority can only query the device information, while groups with read-write authority can
configure the device and query the device information.
SNMP v1/v2c uses the community name authentication scheme, and the SNMP packets which
are inconsistent to the community name will be discarded.
Configure basic functions of SNMP v1/v2c for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#snmp- (Optional) create SNMP view and configure MIB
server view view-name variable range.
oid-tree [ mask ]
{ excluded | The default view is internet view. The MIB
included } variable range contains all MIB variables below
"1.3.6" node of MIB tree.
3 Raisecom(config)#snmp- Create community name and configure the
server community com- corresponding view and authority. Use default
name [ view view- view internet if view view-name option is empty.
name ] { ro | rw }

Raisecom Technology Co., Ltd. 292


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


4 Raisecom(config)#snmp- (Optional) create and configure SNMP v1/v2c
server access group- access group.
name [ read view-
name ] [ write view-
name ] [ notify view-
name ] { v1sm |
v2csm }
5 Raisecom(config)#snmp- (Optional) configure the mapping between users
server group group- and access groups.
name user user-name
{ v1sm | v2csm | usm } SNMP v1/v2c can specify the group for the
community, and configure the security model of
the group. When the security model is v1sm or
v2csm, the security level will automatically
change to noauthnopriv.

9.1.5 Configuring basic functions of SNMP v3


SNMPV3 uses USM mechanism. USM comes up with the concept of access group. One or
more users correspond to one access group. Each access group sets the related read, write, and
notification views. Users in an access group have access authorities of this view. The access
group of users, who send Get and Set requests, must have authorities corresponding to the
requests. Otherwise, the requests will not be accepted.
As shown in Figure 9-2, to access the switch through SNMP v3, you should perform the
following configurations:
 Configure users.
 Configure the access group of users.
 Configure the view authority of the access group.
 Create views.

Raisecom Technology Co., Ltd. 293


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Figure 9-2 SNMP v3 authentication mechanism


Configure basic functions of SNMP v3 for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#snmp-server view (Optional) create SNMP
view-name oid-tree [ mask ] { excluded view and configure MIB
| included } variable range.
3 Raisecom(config)#snmp-server user Create users and configure
user-name [ remote engine-id ] authentication modes.
[ authentication { md5 | sha }
authpassword ]
4 Raisecom(config)#snmp-server user (Optional) modify the
user-name [ remote engine-id ] authentication key and the
[ authkey { md5 | sha } keyword ] encryption key.
5 Raisecom(config)#snmp-server access Create and configure the
group-name [ read view-name ] [ write SNMP v3 access group.
view-name ] [ notify view-name ]
[ context context-name { exact |
prefix } ] usm { authnopriv |
noauthnopriv }
6 Raisecom(config)#snmp-server group Configure the mapping
group-name user user-name { usm | v1sm relationship between users
| v2csm } and the access group.

Raisecom Technology Co., Ltd. 294


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.1.6 Configuring other information of SNMP


Other information of SNMP includes:
 Logo and contact method of the administrator, which is used to identify and contact the
administrator
 Physical location of the device: describes where the device is located
SNMP v1, v2c, and v3 support configuring this information.
Configure other information of SNMP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#snmp- (Optional) configure the logo and contact
server contact contact method of the administrator.

For example, set the E-mail to the logo


and contact method of the
administrator.
3 Raisecom(config)#snmp- (Optional) specify the physical location of
server location location the device.

9.1.7 Configuring Trap

Trap configurations on SNMP v1, v2c, and v3 are identical except for Trap target host
configurations. Please configure Trap as required.
Trap means the device sends unrequested information to NMS automatically, which is used to
report some critical events.
Before configuring Trap, you need to perform the following configurations:
 Configure basic functions of SNMP. SNMP v1 and v2c need to configure the community
name; SNMP v3 needs to configure the user name and SNMP view.
 Configure the routing protocol and ensure that the route between the ISCOM2828F and
NMS is reachable.
Configure Trap of SNMP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter Layer 3 interface configuration mode.
ip if-number
3 Raisecom(config-ip)#ip Configure the IP address of the Layer 3
address ip-address [ ip- interface.
mask ] vlan-list

Raisecom Technology Co., Ltd. 295


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


4 Raisecom(config-ip)#exit Exit from global configuration and enter
privileged EXEC mode.
5 Raisecom(config)#snmp- (Optional) configure SNMP v3-based Trap
server host ip-address target host.
version 3 { authnopriv |
noauthnopriv } user-name
[ udpport port-id ]
Raisecom(config)#snmp- (Optional) configure SNMP v1-/SNMP v2c-
server host ip-address based Trap target host.
version { 1 | 2c } com-
name [ udpport udpport ]
6 Raisecom(config)#snmp- Enable Trap.
server enable traps

9.1.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show Show SNMP access group configurations.
snmp access
2 Raisecom#show Show SNMP community configurations.
snmp community
3 Raisecom#show Show SNMP basic configurations, including local
snmp config SNMP engine ID, ID and contact of the network
management personnel, device location, and Trap switch
status.
4 Raisecom#show Show the mapping relationship between SNMP users
snmp group and the access group.
5 Raisecom#show Show Trap target host information.
snmp host
6 Raisecom#show Show SNMP statistics.
snmp statistics
7 Raisecom#show Show SNMP user information.
snmp user
8 Raisecom#show Show SNMP view information.
snmp view
9 Raisecom#show Show remote Trap configurations of SNMP.
snmp trap remote

Raisecom Technology Co., Ltd. 296


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.1.9 Example for configuring SNMP v1/v2c and Trap

Networking requirements
As shown in Figure 9-3, the route between the NView NNM system and Agent is reachable.
The Nview NNM system can view MIBs in the view of the remote switch through SNMP
v1/v2c. And the switch can automatically send Trap to Nview NNM in emergency.
By default, there is VLAN 1 in the ISCOM2828F and all physical interfaces belong to VLAN
1.

Figure 9-3 Configuring SNMP v1/v2c and Trap

Configuration steps
Step 1 Configure the IP address of the switch.

Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 20.0.0.10 255.255.255.0 1
Raisecom(config-ip)#exit

Step 2 Configure the SNMP v1/v2c view.

Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 included

Step 3 Configure the SNMP v1/v2c community.

Raisecom(config)#snmp-server community raisecom view mib2 ro

Step 4 Configure Trap.

Raisecom(config)#snmp-server enable traps


Raisecom(config)#snmp-server host 20.0.0.221 version 2c raisecom

Raisecom Technology Co., Ltd. 297


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Checking results
Use the show interface ip command to show IP address configurations.

Raisecom#show interface ip
Index Ip Address NetMask Vid Status Mtu
------------------------------------------------------------------------
0 20.0.0.10 255.255.255.0 1 active 1500

Use the show snmp view command to show view configurations.

Raisecom#show snmp view


Index: 0
View Name: mib2
OID Tree: 1.2.6.1.2.1
Mask: --
Type: included

Index: 1
View Name: system
OID Tree: 1.3.6.1.2.1.1
Mask: --
Type: included

Index: 2
View Name: internet
OID Tree: 1.3.6
Mask: --
Type: included

Use the show snmp community command to show community configurations.

Raisecom#show snmp community


Index Community Name View Name Permission
------------------------------------------------------------
1 public internet ro
2 private internet rw
3 raisecom mib2 ro

Use the show snmp host command to show Trap target host configurations.

Raisecom#show snmp host


Index: 0
IP address: 20.0.0.221
Port: 162
User Name: raisecom

Raisecom Technology Co., Ltd. 298


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

SNMP Version: v2c


Security Level: noauthnopriv
TagList: bridge config interface rmon snmp ospf

9.1.10 Example for configuring SNMP v3 and Trap

Networking requirements
As shown in Figure 9-4, the route between the NView NNM system and Agent is reachable.
The Nview NNM system monitors Agent through SNMP v3. And the Agent can automatically
send Trap to Nview NNM in emergency.
By default, there is VLAN 1 in the ISCOM2828F and all physical interfaces belong to VLAN
1.

Figure 9-4 Configuring SNMP v3 and Trap

Configuration steps
Step 1 Configure the IP address of the switch.

Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 20.0.0.10 255.255.255.0 1
Raisecom(config-ip)#exit

Step 2 Configure SNMP v3 access.


Configure access view mib2, including all MIB variables under 1.3.6.x.1.

Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 1.1.1.1.0.1 included

Create user gusterusr1. Adopt md5 authentication algorithm and set the password to raisecom.

Raisecom(config)#snmp-server user guestuser1 authentication md5 raisecom

Create the guestgroup access group. Set the security mode to usm. Set the security level to
authnopriv. Set the name of the read-only view to mib2.

Raisecom Technology Co., Ltd. 299


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Raisecom(config)#snmp-server access guestgroup read mib2 usm authnopriv

Map user gudestuser1 to the access group guestgroup.

Raisecom(config)#snmp-server group guestgroup user guestuser1 usm

Step 3 Configure Trap.

Raisecom(config)#snmp-server enable traps


Raisecom(config)#snmp-server host 20.0.0.221 version 3 authnopriv
guestuser1

Checking results
Use the show snmp access command to show SNMP access group configurations.

Index: 0
Group: initial
Security Model: usm
Security Level: authnopriv
Context Prefix: --
Context Match: exact
Read View: internet
Write View: internet
Notify View: internet

Index: 1
Group: guestgroup
Security Model: usm
Security Level: authnopriv
Context Prefix: --
Context Match: exact
Read View: mib2
Write View: --
Notify View: internet

Index: 2
Group: initialnone
Security Model: usm
Security Level: noauthnopriv
Context Prefix: --
Context Match: exact
Read View: system
Write View: --
Notify View: internet

Raisecom Technology Co., Ltd. 300


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Use the show snmp group command to show the mapping relationship between users and the
access group.

Raisecom#show snmp group


Index GroupName UserName SecModel
-----------------------------------------------------------
0 initialnone none usm
1 initial md5nopriv usm
2 initial shanopriv usm
3 guestgroup guestuser1 usm

Use the show snmp host command to show Trap target host configurations.

Raisecom#show snmp host


Index: 0
IP address: 20.0.0.221
Port: 162
User Name: guestuser1
SNMP Version: v3
Security Level: authnopriv
TagList: bridge config interface rmon snmp ospf

9.2 KeepAlive
9.2.1 Introduction
The keepAlive packet is a kind of KeepAlive mechanism running in High-Level Data Link
Control (HDLC) link layer protocol. The ISCOM2828F will send a KeepAlive packet to
confirm whether the peer is online every several seconds to realize neighbour detection
mechanism.
Trap is the unrequested information sent by the ISCOM2828F actively to NMS, used to report
some urgent and important events.
The ISCOM2828F sends KeepAlive Trap packet actively to the NView NNM system. The
KeepAlive Trap packet includes the basic information of ISCOM2828F, such as the name,
OID, MAC address, and IP address. The Nview NNM system synchronizes device
information based on IP address to discover NEs in a short time. This helps improve working
efficiency and reduce working load of the administrator.

9.2.2 Preparing for configurations

Scenario
The ISCOM2828F sends KeepAlive Trap packet actively to the NView NNM system.
Therefore, the Nview NNM system can discover NEs in a short time. This helps improve
working efficiency and reduce working load of the administrator. You can enable or disable

Raisecom Technology Co., Ltd. 301


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

the KeepAlive Trap and configure the period for sending KeepAlive Trap. When KeepAlive
Trap is enabled, if configured with snmp enable traps and Layer 3 IP address, the
ISCOM2828F will send a KeepAlive Trap to all target hosts with Bridge Trap every
KeepAlive Trap Interval.

Prerequisite
 Configure the IP address of the SNMP interface.
 Configure basic functions of SNMP. SNMP v1 and v2c need to configure the community
name; SNMP v3 needs to configure the user name and SNMP view.
 Configure the routing protocol and ensure that the route between the ISCOM2828F and
NMS is reachable.

9.2.3 Default configurations of KeepAlive


Default configurations of KeepAlive are as below.

Function Default value


KeepAlive Trap Disable
KeepAlive Trap period 300s

9.2.4 Configuring KeepAlive


Configure KeepAlive for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#snmp- Enable KeepAlive Trap.
server keepalive-trap
enable
3 Raisecom(config)#snmp- (Optional) configure the period for
server keepalive-trap sending KeepAlive Trap.
interval period

To avoid multiple devices sending KeepAlive Trap at the same time according to the
same period and causing heavy network management load, the real transmission
period of KeepAlive Trap is timed as period+5s random transmission.

9.2.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show keepalive Show KeepAlive configurations.

Raisecom Technology Co., Ltd. 302


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.2.6 Example for configuring KeepAlive

Networking requirements
Figure 9-5 shows how to configure KeepAlive.
 IP address of the switch: 192.169.1.2
 IP address of the SNMP v2c Trap target host: 192.168.1.1
 Name of the read-write community: public
 SNMP version: SNMP v2c
 Period for sending KeepAlive Trap: 120s
 KeepAlive Trap: enabled

Figure 9-5 Configuring KeepAlive

Configuration steps
Step 1 Configure the management IP address of the switch.

Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 1
Raisecom(config-ip)#exit

Step 2 Configure the IP address of the SNMP Trap target host.

Raisecom(config)#snmp-server host 192.168.1.1 version 2c public

Step 3 Enable KeepAlive Trap.

Raisecom(config)#snmp-server keepalive-trap enable


Raisecom(config)#snmp-server keepalive-trap interval 120

Checking results
Show KeepAlive configurations by using the show keepalive command.

Raisecom Technology Co., Ltd. 303


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Raisecom#show keepalive
Keepalive Admin State:Enable
Keepalive trap interval:120s
Keepalive trap count:1

9.3 RMON
9.3.1 Introduction
Remote Network Monitoring (RMON) is a standard stipulated by IETF (Internet Engineering
Task Force) for network data monitoring through different network Agent and NMS.
RMON is achieved based on SNMP architecture, including the network management center
and the Agent running on network devices. On the foundation of SNMP, increase the subnet
flow, statistics, and analysis to achieve the monitoring to one network segment and the whole
network, while SNMP only can monitor the partial information of a single device and it is
difficult for it to monitor one network segment.
RMON Agent is commonly referred to as the probe program; RMON Probe can take the
communication subnet statistics and performance analysis. Whenever it finds network failure,
RMON Probe can report network management center, and describes the capture information
under unusual circumstances so that the network management center does not need to poll the
device constantly. Compared with SNMP, RMON can monitor remote devices more actively
and more effectively, network administrators can track the network, network segment or
device malfunction more quickly. This approach reduces the data flows between network
management center and Agent, makes it possible to manage large networks simply and
powerfully, and makes up the limitations of SNMP in growing distributed Internet.
RMON Probe data collection methods:
 Distributed RMON: network management center obtains network management
information and controls network resources directly from RMON Probe through
dedicated RMON Probe collection data.
 Embedded RMON: embed RMON Agent directly to network devices (such as switches)
to make them with RMON Probe function. Network management center will collect
network management information through the basic operation of SNMP and the
exchange data information of RMON Agent.
The ISCOM2828F adopts embedded RMON, as shown in Figure 9-6. The ISCOM2828F
implements RMON Agent. Through this function, the management station can obtain the
overall flow, error statistics, and performance statistics of this network segment connected to
the managed network device interface to a monitor the network segment.

Figure 9-6 RMON

Raisecom Technology Co., Ltd. 304


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

RMON MIBs are grouped into 9 groups according to functions. Currently, there are 4 groups
achieved: statistics group, history group, alarm group, and event group.
 Statistics group: collect statistic information on each interface, including number of
received packets and packet size distribution statistics.
 History group: similar with the statistics group, but it only collect statistic information in
an assigned detection period.
 Alarm group: monitor an assigned MIB object, set the upper and lower thresholds in an
assigned time interval, and trigger an event if the monitored object exceeds the threshold.
 Event group: cooperating with the alarm group, when alarm triggers an event, it records
the event, such as sending Trap or writing it into the log, etc.

9.3.2 Preparing for configurations

Scenario
RMON helps monitor and account network traffics.
Compared with SNMP, RMON is a more high-efficient monitoring method. After you
specifying the alarm threshold, the ISCOM2828F actively sends alarms when the threshold is
exceeded without gaining the variable information. This helps reduce the traffic of
management and managed devices and facilitates managing the network.

Prerequisite
The route between the ISCOM2828F and the NView NNM system is reachable.

9.3.3 Default configurations of RMON


Default configurations of RMON are as below.

Function Default value


Statistics group Enabled on all interfaces (including Layer 3 interfaces
and physical interfaces)
History group Disable
Alarm group Null
Event group Null

9.3.4 Configuring RMON statistics


RMON statistics is used to make statistics on an interface, including the number of received
packets, undersized/oversized packets, collision, CRC and errors, discarded packets,
fragments, unicast packets, broadcast packets, and multicast packets, as well as received
packet size.
Configure RMON statistics for the ISCOM2828F as below.

Raisecom Technology Co., Ltd. 305


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#rmon Enable RMON statistics on an interface
statistics { ip if-number and configure related parameters.
| port-list port-list }
[ owner owner-name ] By default, RMON statistics of all
interfaces is enabled.

When using the no rmon statistics{ port-list port-list | ip if-number } command to


disable RMON statistics on an interface, you cannot continue to obtain the interface
statistics, but the interface still can account data.

9.3.5 Configuring RMON historical statistics


Configure RMON historical statistics for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#rmon history { ip if- Enable RMON historical
number | port-list port-list } statistics on an interface
[ shortinterval short-period ] and configure related
[ longinterval long-period ] [ buckets parameters.
buckets-number ] [ owner owner-name ]

When using the no rmon history{ ip if-number | port-list port-list } command to


disable RMON historical statistics on an interface, the interface will not account data
and clear all historical data collected previously.

9.3.6 Configuring RMON alarm group


You can monitor a MIB variable (mibvar) by setting a RMON alarm group instance (alarm-
id). An alarm event is generated when the value of the monitored data exceeds the defined
threshold. And then record the log or send Trap to the NView NNM system according to the
definition of alarm events.
The monitored MIB variable must be real, and the data value type is correct.
 If the setting variable does not exist or value type variable is incorrect, return error.
 For the successfully-set alarm, if the variable cannot be collected later, close the alarm.
Reset it if you need to monitor the variable again.
By default, the triggered event ID is 0, which indicates no event is triggered. If the number is
not set to 0 and there is no event configured in the event group, the event is not successfully

Raisecom Technology Co., Ltd. 306


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

triggered when the monitored variable is abnormal. The event cannot be successfully trigged
unless the event is established.
The alarm will be triggered as long as the upper or lower threshold of the event in the event
table is matched. The alarm is not generated even when alarm conditions are matched if the
event related to the upper/lower threshold (rising-event-id or falling-event-id) is not
configured in the event table.
Configure RMON alarm group for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#rmon alarm alarm- Add alarm instances to the
id mibvar [ interval period ] RMON alarm group and
{ absolute | delta } rising- configure related parameters.
threshold rising-value [ rising-
event-id ] falling-threshold
falling-value [ falling-event-id ]
[ owner owner-name ]

9.3.7 Configuring RMON event group


Configure RMON event group for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#rmon event event- Add events to the RMON event
id [ log ] [ trap ] [ description group and configure processing
string ] [ owner owner-name ] modes of events.

9.3.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show rmon Show RMON configurations.
2 Raisecom#show rmon alarms Show RMON alarm group information.
3 Raisecom#show rmon events Show RMON event group information.
4 Raisecom#show rmon Show RMON statistics group information.
statistics [ port port-id
| ip if-number ]
5 Raisecom#show rmon history Show RMON history group information.
{ port port-id | ip if-
number }

Raisecom Technology Co., Ltd. 307


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.3.9 Maintenance
Maintain the ISCOM2828F as below.

Command Description

Raisecom(config)#clear rmon Clear all RMON configurations.

9.3.10 Example for configuring RMON alarm group

Networking requirements
As shown in Figure 9-7, the ISCOM2828F is Agent, connecting to terminal through Console
interface, connecting to remote NNM system through Internet. Enable RMON statistics and
perform performance statistics on Port 3. When the number of packets received by Port 2
exceeds the threshold in a period, the ISCOM2828F record logs and sends Trap alarm to the
NView NNM system.

Figure 9-7 Configuring RMON alarm group

Configuration steps
Step 1 Create event 1. Event 1 is used to record and send the log information which contains the
string High-ifOutErrors. The owner of the log information is set to system.

Raisecom#config
Raisecom(config)#rmon event 1 log description High-ifOutErrors owner
system

Step 2 Create alarm 10. Alarm 10 is used to monitor the MIB variable (1.3.6.1.2.1.2.2.1.20.1) every
20 seconds. If the value of the variable is added by 15 or greater, a Trap is triggered. The
owner of the Trap is also set to system.

Raisecom(config)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 interval 20 delta


rising-threshold 15 1 falling-threshold 0 owner system

Raisecom Technology Co., Ltd. 308


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Checking results
Check whether there is event group information on the device by using the show rmon
alarms command.

Raisecom#show rmon alarms


Alarm 10 is active, owned by system
Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds
Taking delta samples, last value was 0
Rising threshold is 15, assigned to event 1
Falling threshold is 0, assigned to event 0
On startup enable rising and falling alarm

Check whether there is alarm group information on the device by using the show rmon
events command.

Raisecom#show rmon events


Event 1 is active, owned by system
Description is: High-ifOuterErrors.
Event generated at 0:0:0
Send TRAP when event is fired.

When an alarm event is triggered, you can view related records at the alarm management
dialog box of the NView NNM system.

9.4 Cluster management


9.4.1 Introduction
Cluster management protocol is used to manage a set of switch equipments to provide users a
new management method.
Users can set up a cluster by master switch so as to achieve the centralized management and
configuration to multiple devices added to the cluster. The main switch is called command
device, the other managed switches are member devices. Command device has a public IP
address, while the member devices do not set the IP address; the management and
maintenance of member devices are often achieved by command device redirection.
The cluster management can reduce the workload of engineering and maintenance, and also
save public IP address resources. Administrators only need to configure public IP address on
one device to achieve the management and maintenance of all cluster equipment without
logging into each device for configuration.
When using cluster management, different manufacturers have different implementations on
the cluster program, generally using proprietary protocols, cluster, which shows that the
cluster management technology has its limitations

Raisecom Technology Co., Ltd. 309


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Cluster roles
According to the different position and function of switches, the cluster has different roles.
You can configure to specify the role of switch. The cluster role can be command device,
member device and candidate device.
 Commander: also known as management device, used to assign public IP address to
provide management interface for all switch in the cluster. Command device manages
member device by command redirection: network management system sends commands
to the command device for processing via the public network. The command device will
forward commands to member device if it finds the commands should be executed on
member device. Command device can discover neighbor information, collect the entire
network topology, manage cluster, maintain cluster state, and support a variety of agent
functions.
 Member: members in cluster; generally do not configure public IP address. You manage
member devices by commands redirection via the command device. Member device can
discover neighbor information, accept command device management, equipment,
execute the commands from command device, and report fault/log. Member device can
be managed through network management system or Telnet mode directly on command
device after activating.
 Candidate: has not joined any clusters but still has cluster ability to become a cluster
member switch. The difference from member device is the topology information of
candidate device has already collected by command device but not yet joined the cluster.
When adding a candidate device to the cluster, the ISCOM2828F will become member
device; when removing a member device from the cluster, the device will recover to
candidate device again.

Figure 9-8 Cluster management


As shown in Figure 9-8, the switch configured IP address is command device, while the
ISCOM2828F managed by command device redirection is member device. The command

Raisecom Technology Co., Ltd. 310


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

device and member device can form a cluster. The device not joined cluster but still had
cluster ability is candidate device.

Working principles of cluster


Cluster management mainly contains three protocols:
 Raisecom Neighbor Discover Protocol (RNDP) is responsible for the neighbor discovery
and information gathering of devices.
 Raisecom Topology Discover Protocol (RTDP) is responsible for the entire network
topology information collection and processing.
 Raisecom Cluster Management Protocol (RCMP) mainly configures to add, activate, and
delete cluster members.
RTDP and RCMP protocols take communication in the cluster VLAN. So, if there are devices
not supporting RAISECOM cluster management function between the two devices for cluster
management, you need to configure the cluster VLAN to ensure the normal communication of
RCMP and RTDP protocols.
Each cluster must specify a command device. After command device is specified, command
device can discover and determine candidate device through neighbour discovery and
topology gathering protocol. Users can add candidate device to the cluster by corresponding
configuration.
Candidate device will become member device after adding to cluster. If you want to manage
the ISCOM2828F through cluster management function, you must activate the switch, or
configure auto-active function on switch.

9.4.2 Preparation for configuration

Scenario
There are a large number of switches needed to be managed in Layer 2 network, but the
usable IP address is limited, cluster management function can use one IP address to manage
multiple devices in one cluster.

Prerequisite
Make sure that the link between command device and member device is reachable before
configuring cluster management.

9.4.3 Default configurations of cluster management


Default configurations of cluster management are as below.

Function Default value


Device cluster role Candidate
Global RNDP of cluster member Enable
Interface RNDP of cluster member Enable
RTDP collection function status of cluster member Disable

Raisecom Technology Co., Ltd. 311


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Function Default value


The maximum collection range for cluster member RTDP 16 hops
Cluster management VLAN VLAN 4093
Cluster management of command device Disable
The maximum member number of command device cluster 128
management
Auto-active of candidate device Disable
MAC address of command device with candidate device auto- 0000.0000.0000
active function

9.4.4 (Optional) configuring RNDP


Configure RNDP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#rndp Enable global RNDP.
enable
3 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
4 Raisecom(config-port)#rndp Enable interface RNDP.
enable

9.4.5 Configuring RTDP

Configuring basic functions of RTDP


Configure basic functions of RTDP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#rtdp Enable global RTDP function.
enable
3 Raisecom(config)#rtdp (Optional) configuration the maximum collection
max-hop max-hop range for RTDP.

Raisecom Technology Co., Ltd. 312


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

(Optional) configuring cluster VLAN

When configuring cluster VLAN, if the ISCOM2828F is a command device or member


device, due to the cluster device has already confirmed cluster VLAN, then cluster
VLAN configuration will lead to conflict and failure, exit cluster and configure
successfully.
Configure cluster VLAN for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#clu Configure cluster VLAN and interface list. The
ster vlan vlan-id VLAN used by cluster protocol packet
port-list port-list communication has limited the range of cluster
management.

9.4.6 Configuring cluster management on command devices

Enabling cluster management

This configuration only applies to the command device.


If the ISCOM2828F is cluster member device, delete it from member devices if you
want to take it as command device. At this time, the ISCOM2828F has become the
command device, but because there is already a command device in network, the
ISCOM2828F still cannot manage other devices.
Configure cluster management on command devices for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)# Configure the ISCOM2828F as command device and
cluster enable cluster management function.
3 Raisecom(config- (Optional) configure the maximum member number of
cluster)#max- cluster management.
member max-number

Adding and activating candidate devices automatically


On the command device, to facilitate adding and activating cluster members, you can use the
same user name and password to add and activate all the candidate devices, or you can
perform add and activation operations on all candidate devices configured by this command.
In addition, you can add or activate candidate devices one by one by following the command
display.

Raisecom Technology Co., Ltd. 313


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Add and activate candidate devices automatically for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#cluster Enter cluster configuration mode.
3 Raisecom(config-cluster)#member Add and activate candidate devices
auto-build [ active user-name automatically.
password [ all ] ]

Adding and activating candidate devices manually


To add and activate candidate devices on command device, you need to add a cluster
management device to cluster and activate it. After adding member device to the cluster,
command device cannot manage member device through cluster management without
activation.
Add and activate candidate devices manually for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#cluster Enable cluster management function and enter
cluster configuration mode.
3 Raisecom(config- Configure to add candidate device to cluster and
cluster)#member mac- activate it. The no member { all | mac-
address [ active user- address } command can delete all or specified
name password ] cluster members. The member { all | mac-
address } suspend command can suspend all or
specified cluster members.

Accessing member devices remotely


Configure accessing member devices remotely for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#cluster Enter cluster configuration mode.
3 Raisecom(config- Log in to the cluster member device. You can
cluster)#rcommand take remote management to the activated
{ hostname [ mac- member devices on the command device.
address ] | mac-
address }

Raisecom Technology Co., Ltd. 314


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.4.7 (Optional) configuring auto-activation for candidate devices


You must set MAC address of the command device after setting auto-activation on candidate
device. And then the candidate device can be activated automatically by its command device
if the command device is configured to add and activate all candidate members to cluster
automatically when connecting the ISCOM2828F to network.
Configure auto-activation for candidate device for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#cluster- Enable auto-activation.
autoactive
3 Raisecom(config)#cluster- Specify the MAC address of the
autoactive commander-mac mac- command device.
address

9.4.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show rndp Show RNDP configurations.
2 Raisecom#show rndp neighbor Show RNDP neighbor information.
3 Raisecom#show cluster Show configurations on candidate and
{ candidate | member [ mac- member devices.
address ] }
4 Raisecom#show rtdp Show RTDP configurations.
5 Raisecom#show cluster Show cluster information.
6 Raisecom#show cluster vlan Show configurations of cluster VLAN.
7 Raisecom#show rtdp device- Show information about RTDP discovery
list [ mac-address | device list.
hostname ] [ detailed ]

9.4.9 Example for providing remote access through cluster


management

Networking requirements
A lot of devices in Layer 2 network need to be managed, but current public IP address
resources are limited. To manage multiple devices through a device, you can configure cluster
management.

Raisecom Technology Co., Ltd. 315


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Cluster management uses one IP address to manage multiple devices in a cluster. Cluster
management can be used to manage all member devices in cluster through command device
and log in to member devices remotely for configuration and maintenance.
As shown in Figure 9-9, Switch A can log in to Switch B and Switch C for remote
management and maintenance. The following table list configurations on Switch A, Switch B,
and Switch C.

Device MAC address Role


Switch A 000E.5E03.5318 Command device
Switch B 000E.5EBD.5951 Member device
Switch C 000E.5E03.023C Member device

Figure 9-9 Providing remote access through cluster management

Configuration steps
Step 1 Enable global RNDP and enable RNDP on interfaces. Enable RTDP on Switch A.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#rndp enable
SwitchA(config)#rtdp enable
SwitchA(config)#interface port 1
SwitchA(config-port)#rndp enable
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#rndp enable

Raisecom Technology Co., Ltd. 316


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

SwitchA(config-port)#exit

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#rndp enable
SwitchB(config)#interface port 3
SwitchB(config-port)#rndp enable
SwitchB(config-port)#exit

Configure Switch C.

Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#rndp enable
SwitchC(config)#interface port 4
SwitchC(config-port)#rndp enable
SwitchC(config-port)#exit

Step 2 Enable cluster management on Switch A and automatically activate all candidate devices.

SwitchA(config)#cluster
SwitchA(config-cluster)#member auto-build active raisecom raisecom all
SwitchA(config-cluster)#exit

Step 3 Log in to Switch B through Switch A.

SwitchA#config
SwitchA(config)#cluster
SwitchA(config-cluster)#rcommand SwitchB
Login:raisecom
Password:
SwitchB>

Step 4 Log in to Switch C through Switch A. Steps are identical to the ones used for logging in to
Switch B.

Checking results
Show cluster information on Switch A by using the show cluster command.

Raisecom Technology Co., Ltd. 317


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

SwitchA#show cluster
Identity:Commander
Current member number:2
Max member number:128

Show cluster member information on Switch A by using the show cluster command.

SwitchA#show cluster member


MAC Address ActiveOperationState ActiveManageState Hostname
-------------------------------------------------------------------
000E.5EBD.5951 Up Active SwitchB
000E.5E03.023C Up Active SwitchC

Show cluster information on Switch B by using the show cluster command.

SwitchB#show cluster
Identity:Member
Autoactive:OFF
Autoactive commander mac:0000.0000.0000
Commander mac:000e.5e03.5318

Show cluster information on Switch c by using the show cluster command. Configurations
are identical to the ones on Switch B.

9.5 LLDP
9.5.1 Introduction
With the enlargement of network scale and increase of network devices, the network topology
becomes more and more complex and network management becomes very important. A lot of
network management software adopts "auto-detection" function to trace changes of network
topology, but most of the software can only analyze to the 3rd layer and cannot make sure the
interfaces connect to other devices.
Link Layer Discovery Protocol (LLDP) is based on IEEE 802.1ab standard. Network
management system can fast grip the Layer 2 network topology and changes.
LLDP organizes the local device information in different Type Length Value (TLV) and
encapsulates in Link Layer Discovery Protocol Data Unit (LLDPDU) to transmit to straight-
connected neighbour. It also saves the information from neighbour as standard Management
Information Base (MIB) for network management system querying and judging link
communication.

Basic concepts
LLDP packet is to encapsulate LLDPDU Ethernet packet in data unit and transmitted by
multicast.

Raisecom Technology Co., Ltd. 318


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

LLDPDU is data unit of LLDP. The device encapsulates local information in TLV before
forming LLDPDU, then several TLV fit together in one LLDPDU and encapsulated in
Ethernet data for transmission.
As shown in Figure 9-11, LLDPDU is made by several TLV, including 4 mandatory TLV and
several optional TLV.

Figure 9-10 LLDPDU structure


TLV: unit combining LLDPDU, which refers to the unit describing the object type, length and
information.
As shown in Figure 9-11, each TLV denotes piece of information at local, such as device ID,
interface ID, etc. related Chassis ID TLV, Port ID TLV fixed TLV.

Figure 9-11 Basic TLV structure


TLV type value relationship is shown below; at present only types 0–8 are used.

Table 9-1 TLV type


TLV type Description Optional or required
0 End Of LLDPDU Required
1 Chassis ID Required
2 Port ID Required
3 Time To Live Required
4 Port Description Optional
5 System Name Optional
6 System Description Optional
7 System Capabilities Optional
8 Management Address Optional

Working principles of LLDP


LLDP is a kind of point-to-point one-way issuance protocol, which notifies local device link
status to peer end by sending LLDPDU (or sending LLDPDU when link status changes)
periodically from local to peer end.

Raisecom Technology Co., Ltd. 319


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

The procedure of packet exchange:


 When local device transmits packet, it gets system information required by TLV from
NView NNM (Network Node Management) and gets configuration information from
LLDP MIB to generate TLV and form LLDPDU to transmit to peer.
 The peer receives LLDPDU and analyzes TLV information. If there is any change, the
information will be updated in neighbor MIB table of LLDP and notifies NView NNM
system.
The aging time of Time To Live (TTL) of local device information in the neighbour node can
be adjusted by modifying the parameter values of aging coefficient, sends LLDP packets to
neighbour node, after receiving LLDP packets, neighbour node will adjust the aging time of
its neighbour nodes (sending side) information. Aging time formula, TTL = Min {65535,
(interval × hold-multiplier)}:
 Interval indicates the time period to send LLDP packets from neighbor node.
 Hold-multiplier refers to the aging coefficient of device information in neighbor node.

9.5.2 Preparing for configurations

Scenario
When you obtain connection information between devices through NView NNM system for
topology discovery, the ISCOM2828F needs to enable LLDP, notify their information to the
neighbours mutually, and store neighbour information to facilitate the NView NNM system
queries.

Prerequisite
N/A

9.5.3 Default configurations of LLDP


Default configurations of LLDP are as below.

Function Default value


Global LLDP status Disable
Interface LLDP status Enable
Delay timer 2s
Period timer 30s
Aging coefficient 4
Restart timer 2s
LLDP alarm function status Enable
Alarm notification timer 5s

Raisecom Technology Co., Ltd. 320


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.5.4 Enabling global LLDP

After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP
cannot be enabled unless the restart timer times out.
When you obtain connection information between devices through NView NNM system for
topology discovery, the ISCOM2828F needs to enable LLDP, notify their information to the
neighbours mutually, and store neighbour information to facilitate the NView NNM system
queries.
Enable global LLDP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#lldp Enable global LLDP.
enable
After global LLDP is enabled, use the lldp
disable command to disable this function.

9.5.5 Enabling interface LLDP


Enable interface LLDP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interfac Enter physical layer interface configuration
e port port-id mode.
3 Raisecom(config- Enable LLDP on an interface.
port)#lldp enable
Use the lldp disable command to disable this
function.

9.5.6 Configuring basic functions of LLDP

When configuring the delay timer and period timer, the value of the delay timer
should be smaller than or equal to a quarter of the period timer value.
Configure basic functions of LLDP for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 321


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


2 Raisecom(config)#lldp (Optional) configure the period timer of the
message-transmission LLDP packet.
interval period
3 Raisecom(config)#lldp (Optional) configure the delay timer of the LLDP
message-transmission packet.
delay period
4 Raisecom(config)#lldp (Optional) configure the aging coefficient of the
message-transmission LLDP packet.
hold-multiplier hold-
multiplier
5 Raisecom(config)#lldp (Optional) restart the timer. When configuring the
restart-delay period delay timer and period timer, the value of the
delay timer should be smaller than or equal to a
quarter of the period timer value.

9.5.7 Configuring LLDP alarm


When the network changes, you need to enable LLDP alarm notification function to send
topology update alarm to the NView NNM system immediately.
Configure LLDP alarm for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#snmp Enable LLDP alarm.
-server lldp-trap
enable
3 Raisecom(config)#lldp (Optional) configure the period timer of LLDP
trap-interval period alarm Trap.

After being enabled with LLDP alarm, the ISCOM2828F sends Traps upon detecting
aged neighbours, newly-added neighbours, and changed neighbour information.

9.5.8 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show lldp local Show LLDP local configurations.
config
2 Raisecom#show lldp local Show LLDP local system information.
system-data [ port-list port-
id ]

Raisecom Technology Co., Ltd. 322


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

No. Command Description


3 Raisecom#show lldp remote Show LLDP neighbor information.
[ port-list port-id ]
[ detail ]
4 Raisecom#show lldp statistic Show LLDP packet statistics.
[ port-list port-id ]

9.5.9 Maintenance
Maintain the ISCOM2828F as below.

No. Command Description


1 Raisecom(config)#clear lldp statistic Clear LLDP statistics.
[ port-list port-id ]
2 Raisecom(config)#clear lldp remote- Clear LLDP neighbor
table [ port-list port-id ] information.

9.5.10 Example for configuring basic functions of LLDP

Networking requirements
As shown in Figure 9-12, switches are connected to the NView NNM system. Enable LLDP
on links between Switch A and Switch B. And then you can query the Layer 2 link changes
through the NView NNM system. If the neighbour is aged, the neighbour is added, or the
neighbour information changes, Switch A and Switch B sends LLDP alarm to the NView
NNM system.

Figure 9-12 Configuring basic functions of LLDP

Raisecom Technology Co., Ltd. 323


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Configuration steps
Step 1 Enable LLDP globally and enable LLDP alarm.
Configure Switch A.

Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#lldp enable
SwitchA(config)#snmp-server lldp-trap enable

Configure Switch B.

Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#lldp enable
SwitchB(config)#snmp-server lldp-trap enable

Step 2 Configure management IP addresses.


Configure Switch A.

SwitchA(config)#create vlan 1024 active


SwitchA(config)#interface port 1
SwitchA(config-port)#switchport access vlan 1024
SwitchA(config-port)#exit
SwitchA(config)#interface ip 1
SwitchA(config-ip)#ip address 10.10.10.1 1024
SwitchA(config-ip)#exit

Configure Switch B.

SwitchB(config)#create vlan 1024 active


SwitchB(config)#interface port-list 1
SwitchB(config-port)#switchport access vlan 1024
SwitchB(config)#interface ip 1
SwitchB(config-ip)#ip address 10.10.10.2 1024
SwitchB(config-ip)#exit

Step 3 Configure LLDP properties.


Configure Switch A.

SwitchA(config)#lldp message-transmission interval 60

Raisecom Technology Co., Ltd. 324


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

SwitchA(config)#lldp message-transmission delay 9


SwitchA(config)#lldp trap-interval 10

Configure Switch B.

SwitchB(config)#lldp message-transmission interval 60


SwitchB(config)#lldp message-transmission delay 9
SwitchB(config)#lldp trap-interval 10

Checking results
Use the show lldp local config command to show local LLDP configurations.

SwitchA#show lldp local config


System configuration:
-------------------------------------------------------------------------
LLDP enable status: enable (default is disabled)
LLDP enable ports: 1-10
LldpMsgTxInterval: 60 (default is 30s)
LldpMsgTxHoldMultiplier:4 (default is 4)
LldpReinitDelay: 2 (default is 2s)
LldpTxDelay: 9 (default is 2s)
LldpNotificationInterval: 10 (default is 5s)
LldpNotificationEnable: enable (default is enabled)

SwitchB#show lldp local config


System configuration:
-------------------------------------------------------------------------
LLDP enable status: enable (default is disabled)
LLDP enable ports: 1
LldpMsgTxInterval: 60 (default is 30s)
LldpMsgTxHoldMultiplier:4 (default is 4)
LldpReinitDelay: 2 (default is 2s)
LldpTxDelay: 9 (default is 2s)
LldpNotificationInterval: 10 (default is 5s)
LldpNotificationEnable: enable (default is enabled)

Use the show lldp remote command to show LLDP neighbour informations.

SwitchA#show lldp remote


Port ChassisId PortId SysName MgtAddress ExpiredTime
-------------------------------------------------------------------------
port1 000E.5E02.B010 port 1 SwitchB 10.10.10.2 106
……
SwitchB#show lldp remote
Port ChassisId PortId SysName MgtAddress ExpiredTime
-------------------------------------------------------------------------

Raisecom Technology Co., Ltd. 325


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

port1 000E.5E12.F120 port 1 SwitchA 10.10.10.1 106

9.6 Extended OAM


9.6.1 Introduction
Extended OAM is based on IEEE 802.3ah OAM links. Based on standard OAM extendibility,
it enhances OAM functions, including remote configurations and monitoring.
As shown in Figure 9-13, establish an extended OAM link between the remote switch A and
Central Office (CO) Switch B directly connected to the NView NNM system, to enable
Switch B to manage Switch A.

Figure 9-13 Extended OAM application networking


Extended OAM functions including remote configurations and monitoring, with details as
below:
 Obtain attributes of the remote device: the CO device can obtain attributes,
configurations, and statistics of the remote device through extended OAM.
 Configure basic functions for the remote device: through extended OAM, the CO device
can configure some functions for the remote device, including host name, interface
enabling/disabling status, rate, duplex mode, bandwidth, and failover status.
 Configure network management parameters for the remote device: the CO device can
configure network management parameters for remote SNMP-supportive devices, such
as IP address, gateway, management IP address, and read/write community, and then
implement overall network management through SNMP.
 Support remote Trap: when an interface on a remote device is Up or Down, it sends an
extended OAM notification to the CO device which will then send Trap message of the
remote device to the NMS.
 Reboot the remote device: the CO device can send a command to reboot the remote
device.
 Support other remote management functions: as the remote functions increase, the CO
device can manage more remote functions through extended OAM protocols, such as
SFP and QinQ.

Raisecom Technology Co., Ltd. 326


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

When the ISCOM2828F works as the CO device, different remote devices may
support different extended OAM functions. Whether an extended OAM function is
supported depends on the remote device. For details, see the corresponding
manuals.
For example, the remote device is the RC551E, which supports to be configured with the
following extended OAM functions:
 Configure the IP address (including the default gateway and IP address of the out-of-
band interface).
 Configure the name of the remote host.
 Configure network management of the remote device.
 Manage configuration files of the remote device.
 Reboot the remote device.
 Clear statistics of extended OAM links.
 Show extended OAM capabilities of the remote device.
 Show basic information about the remote device.
 Show interface information about the remote device.
 Show Trap function status of the remote device.
 Show extended OAM link status.

9.6.2 Preparation for configuration

Scenario
Extended OAM is mainly used to establish connection between Central Office (CO) device
and remote device so as to achieve remote management.

Prerequisite
You need to complete the following tasks before configure extended OAM:
 Establish OAM link between devices to establish extended OAM link.
The following configurations take ISCOM2828F as the CO device. For different remote
devices, the extended OAM networking situation and configuration commands may be
different; please take configuration according to the specific remote networking situation.

9.6.3 Default configurations of extended OAM


Default configurations of extended OAM are as below.

Function Default value


OAM function status Disable
OAM working mode passive
Remote Trap function status Enable

Raisecom Technology Co., Ltd. 327


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.6.4 Establishing OAM link

You need to establish OAM link between devices to establish extended OAM link and
both sides of devices are OAM active mode and passive mode respectively.
Establish OAM link on CO device and remote device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#oam Configure OAM working mode.
{ active | passive }
Establish both sides of OAM link; configure
CO device as active mode and remote device
as passive mode.
3 Raisecom(config)#interf Enter physical layer interface configuration
ace interface-type mode.
interface-number
4 Raisecom(config- Enable interface OAM function.
port)#oam enable

9.6.5 Configure extended OAM protocols


Configure the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#extended- Enable power-on configuration request.
oam config-request enable
3 Raisecom(config)#extended- Enable sending extended OAM
oam notification enable notification packet.

9.6.6 Entering remote configuration mode

The interface can enter remote configuration mode only when OAM link is
established between CO device and remote device.
Take the following configuration on CO device.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface-number configuration mode.

Raisecom Technology Co., Ltd. 328


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


3 Raisecom(config-port)#remote- Enter remote configuration mode.
device
4 Raisecom(config- (Optional) enter remote interface
remote)#interface client configuration mode.
client-id
Raisecom(config-remoteport)#

9.6.7 (Optional) showing remote extended OAM capacity

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
On the CO device, you can use the show oam capability command to show remote device
extended OAM capacity, and then take configuration according to the specific device.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config- Show remote device extended OAM
remote)#show oam capability management capacity.

9.6.8 Configuring remote host name

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device

Raisecom Technology Co., Ltd. 329


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


4 Raisecom(config- Configure remote host name.
remote)#hostname hostname

9.6.9 Configuring MTU for remote device

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
Configure the remote device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config- Configure MTU for the remote device.
remote)#system mtu size

9.6.10 Configuring IP address of remote device

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
Configure the remote device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interf Enter physical layer interface configuration
ace interface-type mode.
interface-number
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device

Raisecom Technology Co., Ltd. 330


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


4 Raisecom(config- Configure remote device IP address.
remote)#ip address ip-
address [ ip-mask ] Set the IP address of IP interface 0 on the
vlan-list remote device to take effect.
IP address configuration needs to specify
management VLAN, if this VLAN does not
exist, create VLAN and take all interfaces as
member interface by default; if associated
VLAN exists, do not modify the member
interface configuration.
5 Raisecom(config- (Optional) configure remote device default
remote)#ip default- gateway. The default gateway and
gateway ip-address configured IP address of IP interface 0 need
to be in the same network segment.

9.6.11 Configuring interface parameters on remote device

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
Configure different remote interface parameters in different mode:
 In remote interface configuration mode, configure remote interface Up/Down, rate, and
working mode, etc.
 In remote configuration mode, configure remote interface auto-negotiation, interface
bandwidth, and failover, etc.

Configuring interface parameters in remote interface configuration mode


In remote interface configuration mode, configure remote interface Up/Down, rate, and
working mode, etc.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interf Enter physical layer interface configuration
ace interface-type mode.
interface-number
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config- Enter remote interface configuration mode.
remote)#interface
client client-id
5 Raisecom(config- (Optional) shut down the remote interface.
remoteport)#shutdown

Raisecom Technology Co., Ltd. 331


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


6 Raisecom(config- (Optional) configure the rate of Client interface
remoteport)#speed for the remote device.
{ auto | 10| 100 }
7 Raisecom(config- (Optional) configure the duplex mode of Client
remoteport)#duplex interface for the remote device.
{ full | half }

The OAM link maybe disconnected after


you configure the duplex mode for the
remote interface.
8 Raisecom(config- (Optional) enable/disable flow control on the
remoteport)#flowcontrol user interface of the remote device.
{ on | off }

Configuring interface parameters in remote configuration mode


In remote configuration mode, configure remote interface auto-negotiation, interface
bandwidth, and failover, etc.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interf Enter physical layer interface configuration
ace interface-type mode.
interface-number
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config- (Optional) configure description of the
remote)#description interface on the remote device.
{ line line-id | client
client-id } string
5 Raisecom(config- (Optional) configure rate auto-negotiation on
remote)#line-speed auto the Line interface of the remote device.
You can configure the optical interface with
auto-negotiation when the interface connecting
remote device and CO device is 1000 Mbit/s
optical port.
6 Raisecom(config- (Optional) configure remote ingress interface
remote)#rate-limit bandwidth.
interface-type
interface-number
ingress rate
7 Raisecom(config- (Optional) enable remote failover.
remote)#fault-pass
enable The fault optical interface on the remote device
changes to electrical port after being enabled
with remote failover.

Raisecom Technology Co., Ltd. 332


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


8 Raisecom(config- (Optional) enable inner loopback on the optical
remote)#inside-loopback interface on the remote device.
[ crc-recalculate ]
9 Raisecom(config- Conduct virtual line detection on the remote
remote)#test cable- device.
diagnostics

For the above interface configuration in remote configuration mode:


 If the command line provides specified interface parameters, the corresponding
configuration will take effect on specified interface;
 If the command line does not provide specified interface parameters, the
corresponding configuration will take effect on all interfaces of the corresponding
type on the remote device.

9.6.12 Uploading and downloading files on remote device

Downloading files from server to remote device


The system bootstrap file, system startup file, configuration files, and FPGA file can be
forwarded from the CO device to the remote device, which can be initiated by the CO device
or the remote device. If the CO device initiates this, it can upgrade multiple remote devices.
On the CO device, download files from the FTP/TFTP server to the remote device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config-port)#remote- Enter remote configuration mode.
device
4 Raisecom(config- On the CO device, download files from
remote)#download { bootstrap the FTP/TFTP server to the remote
| startup-config | system- device.
boot | fpga } { ftp ip-
address user-name password
file-name | tftp ip-address
file-name }

On the remote device, download files from the FTP/TFTP server to the remote device as
below.

Step Command Description


1 Raisecom#config Enter global configuration mode.

Raisecom Technology Co., Ltd. 333


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config- On the remote device, download files
port)#download { bootstrap | from the FTP/TFTP server to the
startup-config | system-boot remote device.
| fpga } { ftp ip-address
user-name password file-name
| tftp ip-address file-name }

Uploading files from remote device to server


The system bootstrap file, system startup file, configuration files, and FPGA file can be
forwarded from the remote device to the server, which can be initiated by the CO device or
the remote device. If the CO device initiates this, it cannot upgrade multiple remote devices.
On the CO device, upload files from the remote device to the server as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config-port)#remote- Enter remote configuration mode.
device
4 Raisecom(config- On the CO device, upload files from the
remote)#upload { startup- remote device to the server.
config | system-boot } { ftp
ip-address user-name password
file-name | tftp ip-address
file-name }

On the remote device, upload files from the remote device to the server as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config-port)#upload On the remote device, upload files from
{ startup-config | system- the remote device to the server.
boot } { ftp ip-address user-
name password file-name |
tftp ip-address file-name }

Raisecom Technology Co., Ltd. 334


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Downloading remote device files from server to CO device


The system bootstrap file, system startup file, configuration files, and FPGA file of the remote
device can be downloaded through FTP or TFTP from the server to the CO device, and saved
with a specified name in the flash of the remote device. This is prepared for further upgrading
of the remote device.
Download remote device files from the server to the CO device as below.

Step Command Description


1 Raisecom#download { remote-bootstrap | Download remote
remote-system-boot | remote-startup-config | device files from the
remote-fpga } { ftp ip-address user-name server to the CO
password file-name local-file-name | tftp device.
ip-address file-name local-file-name }

Uploading remote device files from CO device to server


Upload remote device files from the CO device to the server as below.

Step Command Description


1 Raisecom#upload { remote-bootstrap | remote- Upload remote
system-boot | remote-startup-config | device files from the
remote-fpga } { ftp ip-address user-name CO device to the
password file-name local-file-name | tftp server.
ip-address file-name local-file-name }

Downloading files from CO device to remote device


The remote device files saved in the flash of the CO device can be downloaded to the remote
device through extended OAM protocols, which can be initiated by the CO device or the
remote device. If the CO device initiates this, it can upgrade multiple remote devices.
On the CO device, download files from the CO device to the remote device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config-port)#remote- Enter remote configuration mode.
device
4 Raisecom(config- Download the system bootstrap file,
remote)#download { bootstrap system startup file, and FPGA file from
| system-boot | fpga } file- the CO device to the remote device.
name
5 Raisecom(config- Download configuration files from the
remote)#download startup- CO device to the remote device.
config [ file-name ]

Raisecom Technology Co., Ltd. 335


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

On the remote device, download files from the CO device to the remote device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
interface-type interface- configuration mode.
number
3 Raisecom(config- Download the system bootstrap file,
port)#download { bootstrap | system startup file, and FPGA file from
system-boot | fpga } file- the CO device to the remote device.
name
4 Raisecom(config- Download configuration files from the
port)#download startup-config CO device to the remote device.
[ file-name ]

9.6.13 Configuring remote network management

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.

Configuring remote network management


Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config-port)#remote- Enter remote configuration mode.
device
4 Raisecom(config-remote)#snmp- Configure remote read/write
server community community- community and read/write authority.
name { ro | rw }

Configuring remote Trap


The remote device generates Trap information, which will be sent to CO device through OAM
notification packet and then CO device will send the Trap to network management system.
To configure network management system to accept remote Trap, you need to enable remote
Trap function on CO device and maybe enable to send extended OAM notification function
on remote device.
Configure the CO device as below.

Raisecom Technology Co., Ltd. 336


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#snmp trap Enable remote device to send Trap
remote enable function.

To configure remote Trap, some remote devices need to perform the extended-oam
notification enable command to enable to send extended OAM notification function
in remote configuration mode.

9.6.14 Configuring remote VLAN

 Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
 Different remote devices may have different configuration commands.
You can configure remote VLAN and deal with packets received by the remote device
according to VLAN property configuration, such as set remote VLAN status, VLAN tag
property and create remote VLAN group, etc.
Remote VLAN status:
 dot1q: remote VLAN mode is Dot1q; the packets entering device interface will be
forwarded in accordance with dot1q mode.
 forbid: forbid remote VLAN function; the packets entering device interface will be
forwarded in accordance with transparent transmission mode.
 port: remote VLAN is Port mode.
Enable remote VLAN CoS function, deal with the packets entering device interface according
to VLAN priority, high priority first and low priority second.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface
port port-id configuration mode.
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config-remote)#vlan (Optional) configure remote VLAN
{ dot1q | forbid | port } status.
5 Raisecom(config-remote)#vlan (Optional) enable remote VLAN CoS.
cos enable

Raisecom Technology Co., Ltd. 337


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


6 Raisecom(config-remote)#vlan (Optional) configure remote VLAN tag
{ cable-port | cpu-port | property.
fiber-port } { tag | untag }
priority priority pvid pvid
7 Raisecom(config-remote)#vlan (Optional) create remote VLAN group.
group group-id vid vid
member-list member-list

9.6.15 Configuring remote QinQ

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface configuration
port port-id mode.
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config- (Optional) configure remote device to work
remote)#switch-mode in full transparent transmission mode.
transparent
5 Raisecom(config- (Optional) enable remote device to work
remote)#switch-mode dot1q- single Tag forwarding mode.
vlan native-vlan vlan-id
[ line ]
6 Raisecom(config- (Optional) configure remote device to work
remote)#switch-mode in double Tag forwarding mode.
double-tagged-vlan [ tpid
tpid ] native-vlan vlan-id
[ line ]

 To configure remote device to work in full transparent transmission mode, do not


deal with data packets.
 To configure remote device to work in single Tag mode, after the ISCOM2828F is
configured to single Tag mode, the data packets without Tag from user interface
will be marked with Tag with local VLAN ID; do nothing if there is Tag.
 To configure remote device to work in double Tag mode, after the ISCOM2828F is
configured to double Tag mode, the data packets without Tag from user interface
will be marked with outer Tag with specified TPID and local VLAN ID.

Raisecom Technology Co., Ltd. 338


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.6.16 Managing remote configuration files

Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interf Enter physical layer interface configuration
ace port port-id mode.
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config- (Optional) save remote device configuration
remote)#write files in remote device flash.
5 Raisecom(config- (Optional) save remote device configuration
remote)#write local files in CO device flash.
6 Raisecom(config- (Optional) delete remote device configuration
remote)#erase files.

9.6.17 Rebooting remote device

 During resetting or rebooting remote device, OAM link maybe disconnect and the
CO device will not connect with remote device.
 Whether the remote device supports this function varies with the specific remote
device. For details, see the corresponding manuals.
Configure the CO device as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interfa Enter physical layer interface configuration
ce port port-id mode.
3 Raisecom(config- Enter remote configuration mode.
port)#remote-device
4 Raisecom(config- Reboot remote device.
remote)#reboot

Raisecom Technology Co., Ltd. 339


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.6.18 Checking configurations

Whether the remote device supports the following items varies with the specific
remote device. For details, see the corresponding manuals.
Use the following commands to check configuration results.

No. Command Description


1 Raisecom(config-remote)#show Show basic information about the
remote-device information remote device.
2 Raisecom#show extended-oam status Show extended OAM link status.
[ port-list port-list ]
3 Raisecom(config-remote)#show Show information about the remote
interface port [ detail | device interfaces.
statistics ]
4 Raisecom(config-remote)#show Show information about line
cable-diagnostics diagnosis.
5 Raisecom(config-remote)#show Show loopback status on the
inside-loopback optical interface on the remote
device and loopback parameters.
6 Raisecom(config-remote)#show oam Show OAM capabilities supported
capability by the remote device.
7 Raisecom(config-remote)#show Show basic information about the
remote-device information remote device.
8 Raisecom(config-remote)#show vlan Show basic information about
basic-information VLANs on the remote device.
9 Raisecom(config-remote)#show vlan Show information about VLAN
group-information { all | group- groups on the remote device.
id }
10 Raisecom#show extended-oam Show statistics of extended OAM
statistics [ port-list port- frames.
list ]
11 Raisecom#show snmp trap remote Show Trap enabling status on the
remote device.

9.6.19 Maintenance
Maintain the ISCOM2828F as below.

Command Description
Raisecom(config)#clear extended-oam Clear statistics of extended OAM
statistics [ port-list port-list ] packets.

Raisecom Technology Co., Ltd. 340


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.6.20 Example for configuring extended OAM to manage the


remote device

Networking requirements
As shown below, the RC551E is connected to the switch. Configured with extended OAM,
the switch can remotely manage the RC551E. Configure the host name and IP address of the
RC551E on the switch.

Figure 9-14 Configuring extended OAM to manage the remote device

Configuration steps
Step 1 Establish an OAM link between the RC551E and the switch.
Set the RC551E to work in OAM passive mode, and enable OAM.

Raisecom#hostname RC55x
RC55x#config
RC55x(config)#oam passive
RC55x(config)#interface line 1
RC55x(config-port)#oam enable

Set the switch to work in OAM active mode, and enable OAM.

Raisecom#hostname Switch
Switch#config
Switch(config)#oam active
Switch(config)#interface port 1
Switch(config-port)#oam enable

Step 2 Configure the host name and IP address of the RC551E on the switch.

Switch(config-port)#remote-device
Switch(config-remote)#hostname RC551E
Switch(config-remote)#ip address 192.168.18.100 255.255.255.0 200

Raisecom Technology Co., Ltd. 341


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Checking results
Show configurations of the remote device on the switch.

Raisecom(config-remote)#show remote-device information


Local port:port1
Product Name: RC551E-4GEF
Hostname: RC551E
Operation Software Version: ROS_4.14.1670.RC551E-
4GEF.39.20110914
Hardware Version: Hardware RC551E-4GEF
Main chip id: N/A
Total ports: 6
FPGA chip id: N/A
FPGA soft version: N/A
IP Address/mask: 192.168.18.100/255.255.255.0
IP Interface Vlan: 0
Vlan member Port:
Untag port:
IP Default-gateway: 0.0.0.0
OutBand-port IP/Mask: N/A/N/A
Community Name/Access: N/A/N/A
OAM Notification:
Device current temperature(Celsius): 0(Celsius)
Device voltage: low
Ref. Volt(mv) Current Volt(mv)
3300 0l
2500 0l
1800 0l
1200 0l

9.7 Optical module DDM


9.7.1 Introduction
Digital Diagnostic Monitoring (DDM) on the ISCOM2828F supports diagnosing the Small
Form-factor Pluggable (SFP) module.
SFP DDM provides a method for monitoring performance. By analyzing monitored data
provides by the SFP module, the administrator can predict the lifetime for the SFP module,
isolate system faults, as well as verify the compatibility of the SFP module.
The SFP module offers 5 performance parameters:
 Module temperature
 Internal Power Feeding Voltage (PFV)
 Launched bias current
 Launched optical power
 Received optical power

Raisecom Technology Co., Ltd. 342


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

When SFP performance parameters exceed thresholds or when SFP state changes, related
Trap is generated.

9.7.2 Preparing for configurations

Scenario
SFP DDM provides a method for monitoring performance parameters of the SFP module. By
analyzing monitored data, you can predict the lifetime for the SFP module, isolate system
faults, as well as verify the compatibility of the SFP module.

Prerequisite
N/A

9.7.3 Default configurations of optical module DDM


Default configurations of of optical module DDM are as below.

Function Default value


Optical module DDM Disable
Optical module DDM sending Trap function status Enable

9.7.4 Enabling optical module DDM


Enable optical module DDM for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#transceiver Enable optical module DDM.
digitaldiagnotic enable

9.7.5 Enabling optical module DDM to send Trap messages


Enable optical module DDM to send Trap messages for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#snmp Enable optical module DDM to send Trap
trap transceiver messages.
enable

Raisecom Technology Co., Ltd. 343


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.7.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show interface port Show configurations of optical module
[ port-id ] transceiver DDM.
[ detail ]
2 Raisecom#show interface port Show performance parameters and
[ port-id ] transceiver thresholds of optical module DDM.
[ detail ] threshold-
violations
3 Raisecom#show interface port Show information about the optical
[ port-id ] transceiver module DDM.
information

9.8 System log


9.8.1 Introduction
The system log refers that the device records the system information and debugging
information in a log and sends the log to the specified destination. When the device fails to
work, you can check and locate the fault easily.
The system information and some scheduling output will be sent to the system log to deal
with. According to the configuration, the system will send the log to various destinations. The
destinations that receive the system log are divided into:
 Console: send the log message to the local console through Console interface.
 Host: send the log message to the host.
 Monitor: send the log message to the monitor, such as Telnet terminal.
 File: send the log message to the Flash of the device.
The system log is usually in the following format:

timestamp module-level- Message content

The following is an example of system log content.

FEB-22-2005 14:27:33 CONFIG-7-CONFIG:USER "raisecom" Run "logging on"


FEB-22-2005 06:46:20 CONFIG-6-LINK_D:port 2 Link Down
FEB-22-2005 06:45:56 CONFIG-6-LINK_U:port 2 Link UP

The format for outputting to the logging server is as below:

Raisecom Technology Co., Ltd. 344


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

timestamp module-level- Message content

The following is an example of log content for the logging server.

07-01-2008 11:31:28Local0.Debug 20.0.0.6JAN 01 10:22:15 ISCOM2828F: CONFIG-


7-CONFIG:USER " raisecom " Run " logging on "
07-01-2008 11:27:41Local0.Debug 20.0.0.6JAN 01 10:18:30 ISCOM2828F: CONFIG-
7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 "

According to the severity level, the log is identified by 8 severity levels, as listed in Table 9-2.

Table 9-2 Log level


Severity Level Description
Emergency 0 The system cannot be used.
Alert 1 Immediate processing is required.
Critical 2 Serious status
Error 3 Errored status
Warning 4 Warning status
Notice 5 Normal but important status
Informational 6 Informational event
Debug 7 Debugging information

The severity of output information can be manually set. When you send information
according to the configured severity, you can just send the information whose
severity is less than or equal to that of the configured information. Such as, when the
information is configured with the level 3 (or the severity is errors), the information
whose level ranges from 0 to 3,that is, the severity ranges from emergencies to
errors, can be sent.

9.8.2 Preparing for configurations

Scenario
The ISCOM2828F generates critical information, debugging information, or error information
of the system to system logs and outputs the system logs to log files or transmit them to the
host, Console interface, or monitor for viewing and locating faults.

Raisecom Technology Co., Ltd. 345


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Prerequisite
N/A

9.8.3 Default configurations of system log


Default configurations of system log are as below.

Function Default value


System log Enable
Output log information to Console Enable, the default level is information (6).
Output log information to host Null, the default level is information (6).
Output log information to file Disable, the fixed level is warning (4).
Output log information to monitor Disable, the default level is information (6).
Log Debug level low
Transmitting rate of system log No limit

9.8.4 Configuring basic information of system log


Configure basic information of system log for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#logging (Optional) Enable system log.
on
3 Raisecom(config)#logging (Optional) configure timestamp for system
time-stamp { date-time | log.
null | relative-start }
4 Raisecom(config)#logging (Optional) configure transmitting rate of
rate log-num system log.

9.8.5 Configuring system log output


Configure system log output for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#logging console (Optional) output system
{ log-level | alerts | critical | logs to the Console.
debugging | emergencies | errors |
informational | notifications |
warnings }

Raisecom Technology Co., Ltd. 346


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Step Command Description


3 Raisecom(config)#logging host ip- (Optional) output system
address { local0 | local1 | local2 | logs to the log server.
local3 | local4 | local5 | local6 |
local7 } { log-level | alerts | Up to 10 log servers are
critical | debugging | emergencies | supported.
errors | informational |
notifications | warnings }
4 Raisecom(config)#logging monitor (Optional) output system
{ log-level | alerts | critical | logs to the monitor.
debugging | emergencies | errors |
informational | notifications |
warnings }
5 Raisecom(config)#logging file (Optional) output system
logs to the Flash of the
ISCOM2828F.
Only warning-level logs are
available.

9.8.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show logging Show system log configurations.
2 Raisecom#show logging Show system log contents.
file

9.8.7 Example for outputting system logs to log server

Networking requirements
As shown in Figure 9-15, configure system log to output system logs of the switch to the log
server, facilitating view them at any time.

Figure 9-15 Outputting system logs to log servers

Configuration steps
Step 1 Configure the IP address of the switch.

Raisecom Technology Co., Ltd. 347


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 20.0.0.6 255.0.0.0 1
Raisecom(config-ip)#exit

Step 2 Output system logs to the log server.

Raisecom(config)#logging on
Raisecom(config)#logging time-stamp date-time
Raisecom(config)#logging rate 2
Raisecom(config)#logging host 20.0.0.168 local3 warnings

Checking results
Use the show logging command to show system log configurations.

Raisecom#show logging
Syslog logging:Enable, 0 messages dropped, messages rate-limited 2 per
second
Console logging:Enable, level=informational, 19 Messages logged
Monitor logging:Disable, level=informational, 0 Messages logged
Time-stamp logging messages: date-time

Log host information:


Target Address Level Facility Sent Drop
----------------------------------------------------------------------
20.0.0.168 warnings local3 0 0

9.9 Power monitoring


9.9.1 Introduction
The ISCOM2828F supports monitoring power alarm, namely, Dying Gasp alarm.

9.9.2 Preparing for configurations

Scenario
You can configure the power alarm function to monitor faults. When the power is abnormal,
the system generates the Syslog or sends Trap message, informing you to take actions
accordingly to avoid power failure.

Raisecom Technology Co., Ltd. 348


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

Prerequisite
N/A

9.9.3 Default configurations of power monitoring


Configure the ISCOM2828F as below.

Function Description
Power alarm Trap sending status Enable

9.9.4 Configuring power monitoring alarm


Configure power monitoring alarm for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#alarm Enable sending power alarm Trap.
power

9.9.5 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show alarm power Show power alarm status.

9.10 CPU monitoring


9.10.1 Introduction
The ISCOM2828F supports CPU monitoring. It can monitor state, CPU utilization, and stack
usage in real time. It helps to locate faults.
CPU monitoring can provide the following functions:
 View CPU utilization
It can be used to view CPU unitization in each period (5s, 1 minute, 10 minutes, and 2 hours).
Total CPU unitization in each period can be shown dynamically or statically.
It can be used to view the operating status of all tasks and the detailed running status of
assigned tasks.
It can be used to view history CPU utilization in each period.

Raisecom Technology Co., Ltd. 349


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

It can be used to view death task information.


 CPU unitization threshold alarm
If system CPU utilization changes below lower threshold or above upper threshold in a
specified sampling period, an alarm will be generated and a Trap message will be sent. The
Trap message provides serial number and CPU utilization of 5 tasks whose CPU unitization is
the highest in the latest period (5s, 1 minute, 10 minutes).

9.10.2 Preparing for configurations

Scenario
CPU monitoring can monitor state, CPU utilization, and stack usage in real time, provide
CPU utilization threshold alarm, detect and eliminate hidden dangers, or help administrator
for fault location.

Prerequisite
Before configuring CPU monitoring, you need to perform the following operation:
 When the CPU monitoring alarm needs to be output in Trap mode, configure Trap output
target host address, which is IP address of NView NNM system.

9.10.3 Default configurations of CPU monitoring


Default configurations of CPU monitoring are as below.

Function Default value


CPU utilization rate alarm Trap output Disable
Upper threshold of CPU utilization alarm 100%
Lower threshold of CPU utilization alarm 1%
Sampling period of CPU utilization 60s

9.10.4 Showing CPU monitoring information


Show CPU monitoring information for the ISCOM2828F as below.

Step Command Description


1 Raisecom#show cpu-utilization [ dynamic Show CPU utilization rate.
| history { 10min | 1min | 2hour |
5sec } ]
2 Raisecom#show process [ dead | sorted Show status of all tasks.
{ normal-priority | process-name } |
taskname ]
3 Raisecom#show process cpu [ sorted Show CPU utilization rate
[ 10min | 1min | 5sec | invoked ] ] of all tasks.

Raisecom Technology Co., Ltd. 350


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.10.5 Configuring CPU monitoring alarm


Configure CPU monitoring alarm for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#sn Enable CPU threshold alarm Trap.
mp-server traps
enable cpu-
threshold
3 Raisecom(config)#cp (Optional) configure CPU alarm upper threshold,
u rising-threshold lower threshold, and sampling interval.
rising-threshold-
value [ falling- The upper threshold must be greater than the lower
threshold falling- threshold.
threshold-value ] After CPU threshold alarm Trap is enabled, the
[ interval system will automatically send a Trap message if
interval-value ] the CPU utilization changes below lower threshold
or above upper threshold in a specified sampling
period.

9.10.6 Checking configurations


Use the following commands to check configuration results.

No. Command Description


1 Raisecom#show cpu- Show CPU utilization and related configurations.
utilization

9.11 Ping
Configure Ping for the ISCOM2828F as below.

Step Command Description


1 Raisecom#ping ip-address (Optional) test the connectivity of the IPv4
[ count count ] [ size network by the ping command.
size ] [ waittime period ]

The ISCOM2828F cannot carry out other operations in the process of executing the
ping command. You can perform other operations only after Ping is finished or is
interrupted by pressing Ctrl+C.

Raisecom Technology Co., Ltd. 351


Raisecom
ISCOM2828F (D) Configuration Guide 9 System management

9.12 Traceroute
Before using Traceroute, you should configure the IP address and default gateway of the
ISCOM2828F.
Configure Traceroute for the ISCOM2828F as below.

Step Command Description


1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface ip Enter Layer 3 interface configuration
if-number mode.
3 Raisecom(config-ip)#ip Configure the IP address of the
address ip-address [ ip- interface.
mask ] vlan-id
4 Raisecom(config-ip)#exit Configure the default gateway.
Raisecom(config)#ip default-
gateway ip-address
5 Raisecom(config)#exit Test the connectivity of the IPv4
Raisecom#traceroute ip- network, and show nodes passed by
address [ firstttl first- the packet.
ttl ] [ maxttl max-ttl ]
[ port port-id ] [ waittime
second ] [ count times ]

Raisecom Technology Co., Ltd. 352


Raisecom
ISCOM2828F (D) Configuration Guide 10 Appendix

10 Appendix

This chapter describes terms and abbreviations involved in this guide, including the following
sections:
 Terms
 Abbreviations

10.1 Terms
C
Connectivity Fault Management (CFM) is end to end service-level
Ethernet OAM technology. This function is used to actively diagnose
CFM fault for Ethernet Virtual Connection (EVC) and provide cost-effective
network maintenance solution via fault management function and
improve network maintenance.

E
Ethernet
An APS protocol based on ITU-T G.8031 Recommendation to protect
Linear
an Ethernet link. It is an end-to-end protection technology, including two
Protection
line protection modes: linear 1:1 protection switching and linear 1+1
Switching
protection switching.
(ELPS)
Ethernet Ring An APS protocol based on ITU-T G.8032 Recommendation to provide
Protection backup link protection and recovery switching for Ethernet traffic in a
Switching ring topology and at the same time ensuring that there are no loops
(ERPS) formed at the Ethernet layer.

L
A computer networking term which describes using multiple network
Link cables/ports in parallel to increase the link speed beyond the limits of
aggregation any one single cable or port, and to increase the redundancy for higher
availability.

Raisecom Technology Co., Ltd. 353


Raisecom
ISCOM2828F (D) Configuration Guide 10 Appendix

Q
QinQ is (also called Stacked VLAN or Double VLAN) extended from
802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a
simple Layer 2 VPN tunnel technology, encapsulating outer VLAN Tag
QinQ for client private packets at carrier access end, the packets take double
VLAN Tag passing through trunk network (public network). In public
network, packets only transmit according to outer VLAN Tag, the
private VLAN Tag are transmitted as data in packets.

10.2 Abbreviations
A
ACL Access Control List
APS Automatic Protection Switching

C
CCM Continuity Check Message
CFM Connectivity Fault Management
CoS Class of Service

D
DoS Deny of Service
DRR Deficit Round Robin
DSCP Differentiated Services Code Point

E
EFM Ethernet in the First Mile
ELPS Ethernet Linear Protection Switching
ERPS Ethernet Ring Protection Switching
EVC Ethernet Virtual Connection

F
FTP File Transfer Protocol

Raisecom Technology Co., Ltd. 354


Raisecom
ISCOM2828F (D) Configuration Guide 10 Appendix

G
GARP Generic Attribute Registration Protocol
GPS Global Positioning System
GSM Global System for Mobile Communications
GVRP GARP VLAN Registration Protocol

I
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IP Internet Protocol
International Telecommunications Union - Telecommunication
ITU-T
Standardization Sector

L
LACP Link Aggregation Control Protocol
LBM LoopBack Message
LBR LoopBack Reply
LLDP Link Layer Discovery Protocol
LLDPDU Link Layer Discovery Protocol Data Unit
LTM LinkTrace Message
LTR LinkTrace Reply

M
MA Maintenance Association
MAC Medium Access Control
MD Maintenance Domain
MEG Maintenance Entity Group
MEP Maintenance associations End Point
MIB Management Information Base
MIP Maintenance association Intermediate Point
MSTI Multiple Spanning Tree Instance
MSTP Multiple Spanning Tree Protocol

Raisecom Technology Co., Ltd. 355


Raisecom
ISCOM2828F (D) Configuration Guide 10 Appendix

N
NNM Network Node Management

O
OAM Operation, Administration and Management

P
PC Personal Computer

Q
QoS Quality of Service

R
RADIUS Remote Authentication Dial In User Service
RMON Remote Network Monitoring
RMEP Remote Maintenance association End Point
RSTP Rapid Spanning Tree Protocol

S
SFP Small Form-factor Pluggables
SLA Service Level Agreement
SNMP Simple Network Management Protocol
SNTP Simple Network Time Protocol
SP Strict-Priority
SSHv2 Secure Shell v2
STP Spanning Tree Protocol

T
TACACS+ Terminal Access Controller Access Control System
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TLV Type Length Value
ToS Type of Service

Raisecom Technology Co., Ltd. 356


Raisecom
ISCOM2828F (D) Configuration Guide 10 Appendix

V
VLAN Virtual Local Area Network

W
WRR Weight Round Robin
A
ACL Access Control List
APS Automatic Protection Switching

C
CCM Continuity Check Message
CFM Connectivity Fault Management
CoS Class of Service

D
DoS Deny of Service
DRR Deficit Round Robin
DSCP Differentiated Services Code Point

E
EFM Ethernet in the First Mile
ELPS Ethernet Linear Protection Switching
ERPS Ethernet Ring Protection Switching
EVC Ethernet Virtual Connection

F
FTP File Transfer Protocol

G
GARP Generic Attribute Registration Protocol
GPS Global Positioning System
GSM Global System for Mobile Communications
GVRP GARP VLAN Registration Protocol

Raisecom Technology Co., Ltd. 357


Raisecom
ISCOM2828F (D) Configuration Guide 10 Appendix

I
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IP Internet Protocol
International Telecommunications Union - Telecommunication
ITU-T
Standardization Sector

L
LACP Link Aggregation Control Protocol
LBM LoopBack Message
LBR LoopBack Reply
LLDP Link Layer Discovery Protocol
LLDPDU Link Layer Discovery Protocol Data Unit
LTM LinkTrace Message
LTR LinkTrace Reply

M
MA Maintenance Association
MAC Medium Access Control
MD Maintenance Domain
MEG Maintenance Entity Group
MEP Maintenance associations End Point
MIB Management Information Base
MIP Maintenance association Intermediate Point
MSTI Multiple Spanning Tree Instance
MSTP Multiple Spanning Tree Protocol

N
NNM Network Node Management

O
OAM Operation, Administration and Management

Raisecom Technology Co., Ltd. 358


Raisecom
ISCOM2828F (D) Configuration Guide 10 Appendix

P
PC Personal Computer

Q
QoS Quality of Service

R
RADIUS Remote Authentication Dial In User Service
RMON Remote Network Monitoring
RMEP Remote Maintenance association End Point
RSTP Rapid Spanning Tree Protocol

S
SFP Small Form-factor Pluggables
SLA Service Level Agreement
SNMP Simple Network Management Protocol
SNTP Simple Network Time Protocol
SP Strict-Priority
SSHv2 Secure Shell v2
STP Spanning Tree Protocol
T
TACACS+ Terminal Access Controller Access Control System
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TLV Type Length Value
ToS Type of Service

V
VLAN Virtual Local Area Network

W
WRR Weight Round Robin

Raisecom Technology Co., Ltd. 359


Address: Building 2, No. 28, Shangdi 6thStreet, Haidian District, Beijing, P.R.China.
Postal code: 100085 Tel: +86-10-82883305
Fax: 8610-82883056 http://www.raisecom.com Email: [email protected]

You might also like